Daily NCSC-FI news followup 2020-01-05

Austria: Cyberangriff auf Außenministerium

orf.at/stories/3149769/ Die IT-Systeme des Außenministeriums sind derzeit offenbar Ziel eines schwerwiegenden Cyberangriffs. Der Angriff lief auch am Sonntag weiter, so Außenamtssprecher Peter Guschelbauer. Vonseiten des Ministeriums vermutet man einen Angriff eines staatlichen Akteurs.. Also www.bbc.com/news/world-europe-50997773

US announces AI software export restrictions

www.theverge.com/2020/1/5/21050508/us-export-ban-ai-software-china-geospatial-analysis The ban, which comes into force on Monday, is the first to be applied under a 2018 law known as the Export Control Reform Act or ECRA. This requires the government to examine how it can restrict the export of emerging technologies essential to the national security of the United States including AI. News of the ban was first reported by Reuters.. But the new export ban is extremely narrow. It applies only to software that uses neural networks (a key component in machine learning) to discover points of interest in geospatial imagery; things like houses or vehicles. The ruling, posted by the Bureau of Industry and Security, notes that the restriction only applies to software with a graphical user interface a feature that makes . programs easier for non-technical users to operate.

Russia Takes a Big Step Toward Internet Isolation

www.wired.com/story/russia-internet-control-disconnect-censorship/ According to Russian reports, last week’s government drills actually focused on testing firewalls meant to protect telephony and wireless protocol layers known as SS7 and Diameter that are used for relaying and authenticating data. Mikhail Klimarev, executive director of the Internet Protection Society, a Russian NGO, argues that the tests were largely a propaganda exercise to spread fear about the . extent of the government’s technical prowess.


www.dhs.gov/sites/default/files/ntas/alerts/20_0104_ntas_bulletin.pdf Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States

Researching the Digitime Tech FOTA Backdoors

wuffs.org/blog/digitime-tech-fota-backdoors An investigation into the shady stuff going on behind Digitime Tech’s FOTA (Firmware Over The Air) update service, as seen on Planet Computers’s Android devices and on other low-budget Android hardware.. Planet are only one OEM though and there’s undoubtedly others using Digitime’s services. There is no way I can trust an OTA distributor which moonlights as a malware distributor like this. This isn’t your typical accidental security bug – this is a company that is knowingly and actively putting a malware distribution mechanism on phones through the supply chain, and getting paid for it. Truly . living the dream.

Iranilaiseksi itseään väittävä ryhmä hakkeroi USA:n hallituksen viraston nettisivun

www.iltalehti.fi/ulkomaat/a/37237c4c-36ae-42d2-828b-2eca66dbee7c Virasto, jonka sivuille hakkerit onnistuivat pääsemään on Federal Depository Library Program (FDLP). Se on verrattain vähän tunnettu. FDLP:n tarkoitus on taata se, että kaikilla halukkailla on ilmainen pääsy hallituksen julkaisuihin.

Time for Insider-Threat Programs to Grow Up

www.darkreading.com/threat-intelligence/time-for-insider-threat-programs-to-grow-up/d/d-id/1336713 In a research paper published this week, Forrester Research found that many of the current insider-threat programs may violate new privacy laws and the more draconian programs may undercut employee performance, says Joseph Blankenship, vice president of research for Forrester.

DeathRansom Part II: Attribution

www.fortinet.com/blog/threat-research/death-ransom-attribution.html FortiGuard Labs established a significant connection between the ongoing DeathRansom and Vidar malware campaigns. They share the naming pattern and infrastructure used. We also found evidence that a Vidar sample tried to download the DeathRansom malware.. Based on the evidence left on Russian underground forums, we were able to find a person who seems to likely to be behind these malicious campaigns.

FPGA cards can be abused for faster and more reliable Rowhammer attacks

www.zdnet.com/article/fpga-cards-can-be-abused-for-faster-and-more-reliable-rowhammer-attacks/ Seeing that FPGA-CPU architectures are becoming more common, a team of researchers from the Worcester Polytechnic Institute in the US, the University of Lubeck in Germany, and Intel, have looked into how Rowhammer attacks impact this new cloud setup.. Furthermore, the academic team also found that a JackHammer attack is much more difficult to detect because of the FPGA’s direct access to system resources leaves no traces on the CPU of the FPGA’s memory access operations. Since most anti-Rowhammer detection systems are configured at the CPU level, this opens a new blindspot in CPU and cloud security.

Trump signs law increasing max robocall fine to $10,000

www.theverge.com/2020/1/1/21045369/robocall-traced-act-signed-trump-law-congress-fcc-ajit-pai The Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act) was signed on Monday, after Congress approved the landmark bill earlier this month to give the federal government new abilities to go after illegal robocallers. Fines can now reach $10,000 per call. The law also requires major carriers such as AT&T, Verizon, and T-Mobile to use a new technology called STIR/SHAKEN to . help customers know if theyre being targeted by a robocaller with a spoofed number.

www.linkedin.com/pulse/australian-research-program-inspects-real-scene-between-peter-cassidy/ A population-level survey of Australia would measure the population’s resilience to common spam-based phishing and deliver important insights into any number of factors at the real scene of the cybercrime: between the users ears. With a deeper view of the behavioral aspects of the phishing phenomenon, the research and development communities also come closer to the right questions about how . design of the built computing environment and user experience contributes to the success of the phishers artful deceptions.

‘Do Not Sell My Info’ – U.S. retailers rush to comply with California privacy law

in.reuters.com/article/uk-usa-retail-privacy/do-not-sell-my-info-u-s-retailers-rush-to-comply-with-california-privacy-law-idINKBN1YZ04D U.S. retailers including Walmart Inc will add Do Not Sell My Info links to their websites and signage in stores starting Jan. 1, allowing California shoppers to understand for the first time what personal and other data the retailers collect, sources said.

You might be interested in …

Daily NCSC-FI news followup 2019-10-20

Equifax used ‘admin’ as username and password for sensitive data finance.yahoo.com/news/equifax-password-username-admin-lawsuit-201118316.html The Pixel 4s face unlock works on sleeping, unconscious people arstechnica.com/gadgets/2019/10/the-pixel-4s-face-unlock-works-on-sleeping-unconscious-people/ NordVPN is investigating a potential certificate leak. Unconfirmed as of now. https://twitter.com/NordVPN/status/1185979592374398976 See also https://twitter.com/cryptostorm_is/status/1185976222364438528

Read More

Daily NCSC-FI news followup 2021-08-30

Hackers, tractors, and a few delayed actors. How hacker Sick Codes learned too much about John Deere: Lock and Code S02E16 blog.malwarebytes.com/podcast/2021/08/hackers-tractors-and-a-few-delayed-actors-how-hacker-sick-codes-learned-too-much-about-john-deere-lock-and-code-s02e16/ No one ever wants a group of hackers to say about their company: We had the keys to the kingdom.. But thats exactly what the hacker Sick Codes said on this weeks episode […]

Read More

Daily NCSC-FI news followup 2020-10-29

Why the extortion of Vastaamo matters far beyond Finland and how cyber pros are responding www.cyberscoop.com/finland-vastaamo-hack-response/ Even for veterans of cybercriminal investigations, the recent extortion of a psychotherapy practice in Finland has been unusual and disturbing. Kyberturvallisuusprofessori vaatii kansallista selvitysryhmää penkomaan Vastaamon vuotoa www.tivi.fi/uutiset/tv/cd1d113a-f573-406a-9aa5-ad59bb17c117 Psykoterapiakeskuksen tietomurto ja kansalaisten laaja kiristys ovat kansallinen kriisitilanne, katsoo kyberturvallisuuden […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.