Daily NCSC-FI news followup 2020-01-05

Austria: Cyberangriff auf Außenministerium

orf.at/stories/3149769/ Die IT-Systeme des Außenministeriums sind derzeit offenbar Ziel eines schwerwiegenden Cyberangriffs. Der Angriff lief auch am Sonntag weiter, so Außenamtssprecher Peter Guschelbauer. Vonseiten des Ministeriums vermutet man einen Angriff eines staatlichen Akteurs.. Also www.bbc.com/news/world-europe-50997773

US announces AI software export restrictions

www.theverge.com/2020/1/5/21050508/us-export-ban-ai-software-china-geospatial-analysis The ban, which comes into force on Monday, is the first to be applied under a 2018 law known as the Export Control Reform Act or ECRA. This requires the government to examine how it can restrict the export of emerging technologies essential to the national security of the United States including AI. News of the ban was first reported by Reuters.. But the new export ban is extremely narrow. It applies only to software that uses neural networks (a key component in machine learning) to discover points of interest in geospatial imagery; things like houses or vehicles. The ruling, posted by the Bureau of Industry and Security, notes that the restriction only applies to software with a graphical user interface a feature that makes . programs easier for non-technical users to operate.

Russia Takes a Big Step Toward Internet Isolation

www.wired.com/story/russia-internet-control-disconnect-censorship/ According to Russian reports, last week’s government drills actually focused on testing firewalls meant to protect telephony and wireless protocol layers known as SS7 and Diameter that are used for relaying and authenticating data. Mikhail Klimarev, executive director of the Internet Protection Society, a Russian NGO, argues that the tests were largely a propaganda exercise to spread fear about the . extent of the government’s technical prowess.


www.dhs.gov/sites/default/files/ntas/alerts/20_0104_ntas_bulletin.pdf Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States

Researching the Digitime Tech FOTA Backdoors

wuffs.org/blog/digitime-tech-fota-backdoors An investigation into the shady stuff going on behind Digitime Tech’s FOTA (Firmware Over The Air) update service, as seen on Planet Computers’s Android devices and on other low-budget Android hardware.. Planet are only one OEM though and there’s undoubtedly others using Digitime’s services. There is no way I can trust an OTA distributor which moonlights as a malware distributor like this. This isn’t your typical accidental security bug – this is a company that is knowingly and actively putting a malware distribution mechanism on phones through the supply chain, and getting paid for it. Truly . living the dream.

Iranilaiseksi itseään väittävä ryhmä hakkeroi USA:n hallituksen viraston nettisivun

www.iltalehti.fi/ulkomaat/a/37237c4c-36ae-42d2-828b-2eca66dbee7c Virasto, jonka sivuille hakkerit onnistuivat pääsemään on Federal Depository Library Program (FDLP). Se on verrattain vähän tunnettu. FDLP:n tarkoitus on taata se, että kaikilla halukkailla on ilmainen pääsy hallituksen julkaisuihin.

Time for Insider-Threat Programs to Grow Up

www.darkreading.com/threat-intelligence/time-for-insider-threat-programs-to-grow-up/d/d-id/1336713 In a research paper published this week, Forrester Research found that many of the current insider-threat programs may violate new privacy laws and the more draconian programs may undercut employee performance, says Joseph Blankenship, vice president of research for Forrester.

DeathRansom Part II: Attribution

www.fortinet.com/blog/threat-research/death-ransom-attribution.html FortiGuard Labs established a significant connection between the ongoing DeathRansom and Vidar malware campaigns. They share the naming pattern and infrastructure used. We also found evidence that a Vidar sample tried to download the DeathRansom malware.. Based on the evidence left on Russian underground forums, we were able to find a person who seems to likely to be behind these malicious campaigns.

FPGA cards can be abused for faster and more reliable Rowhammer attacks

www.zdnet.com/article/fpga-cards-can-be-abused-for-faster-and-more-reliable-rowhammer-attacks/ Seeing that FPGA-CPU architectures are becoming more common, a team of researchers from the Worcester Polytechnic Institute in the US, the University of Lubeck in Germany, and Intel, have looked into how Rowhammer attacks impact this new cloud setup.. Furthermore, the academic team also found that a JackHammer attack is much more difficult to detect because of the FPGA’s direct access to system resources leaves no traces on the CPU of the FPGA’s memory access operations. Since most anti-Rowhammer detection systems are configured at the CPU level, this opens a new blindspot in CPU and cloud security.

Trump signs law increasing max robocall fine to $10,000

www.theverge.com/2020/1/1/21045369/robocall-traced-act-signed-trump-law-congress-fcc-ajit-pai The Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act) was signed on Monday, after Congress approved the landmark bill earlier this month to give the federal government new abilities to go after illegal robocallers. Fines can now reach $10,000 per call. The law also requires major carriers such as AT&T, Verizon, and T-Mobile to use a new technology called STIR/SHAKEN to . help customers know if theyre being targeted by a robocaller with a spoofed number.

www.linkedin.com/pulse/australian-research-program-inspects-real-scene-between-peter-cassidy/ A population-level survey of Australia would measure the population’s resilience to common spam-based phishing and deliver important insights into any number of factors at the real scene of the cybercrime: between the users ears. With a deeper view of the behavioral aspects of the phishing phenomenon, the research and development communities also come closer to the right questions about how . design of the built computing environment and user experience contributes to the success of the phishers artful deceptions.

‘Do Not Sell My Info’ – U.S. retailers rush to comply with California privacy law

in.reuters.com/article/uk-usa-retail-privacy/do-not-sell-my-info-u-s-retailers-rush-to-comply-with-california-privacy-law-idINKBN1YZ04D U.S. retailers including Walmart Inc will add Do Not Sell My Info links to their websites and signage in stores starting Jan. 1, allowing California shoppers to understand for the first time what personal and other data the retailers collect, sources said.

You might be interested in …

Daily NCSC-FI news followup 2020-01-28

RCE Exploit for Windows RDP Gateway Demoed by Researcher www.bleepingcomputer.com/news/security/rce-exploit-for-windows-rdp-gateway-demoed-by-researcher/ Cisco Webex bug allowed anyone to join a password-protected meeting www.theregister.co.uk/2020/01/27/cisco_webex_bug_let_anyone_join_a_passwordprotected_meeting/ Patched vuln was ‘in active use’, firm reveals. Cisco has confessed to a vulnerability in its Webex Meetings Suite sites and Webex Meetings Online sites that allowed an “unauthenticated” attendee sitting on a workstation […]

Read More

Daily NCSC-FI news followup 2020-02-02

Firefox now shows what telemetry data it’s collecting about you www.zdnet.com/article/firefox-now-shows-what-telemetry-data-its-collecting-about-you/ Users can no go to about:telemetry and see what Mozilla is collecting about their Firefox installs. Poliisin ohje Nivalan Nuorisoseuran täydelle salille ikäihmisiä, miten pitää rahat ja omaisuus varkailta suojassa: “Jos Töllin Keijo soittaa teille, älkää antako tunnuslukua.” www.nivala-lehti.fi/uutinen/588218 Kun sosiaalisessa mediassa kuitenkin ollaan, […]

Read More

Daily NCSC-FI news followup 2019-06-07

A Deep Dive into the Emotet Malware www.fortinet.com/blog/threat-research/deep-dive-into-emotet-malware.html Emotet is a trojan that is primarily spread through spam emails. During its lifecycle, it has gone through a few iterations. Early versions were delivered as a malicious JavaScript file. Later versions evolved to use macro-enabled Office documents to retrieve a malicious payload from a C2 server. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.