Daily NCSC-FI news followup 2020-01-30

Enterprise Hardware Still Vulnerable to Memory Lane Attacks

www.darkreading.com/vulnerabilities—threats/enterprise-hardware-still-vulnerable-to-memory-lane-attacks/d/d-id/1336921 Most laptops, workstations, and servers are still vulnerable to physical attacks via direct memory access, despite mitigations often being available, report says.. Report:

eclypsium.com/2020/01/30/direct-memory-access-attacks/

Dozens of companies have data dumped online by ransomware ring seeking leverage

arstechnica.com/information-technology/2020/01/dozens-of-companies-have-data-dumped-online-by-ransomware-ring-seeking-leverage/ Maze operators “gift” Pensacola by removing data dump, but others not so lucky.. The Maze ransomware ring has taken extortion to new heights by publicly posting breached data on the Internetand threatening full dumps of stolen data if the ring’s “customers” don’t pay for their files to be unencrypted. But the group appears to be making one exception: the City of Pensacola, which was hit by Maze ransomware in December.

If only 3 in 100,000 cyber-crimes are prosecuted, why not train cops to bring these crooks to justice once and for all, suggests think-tank veep

www.theregister.co.uk/2020/01/30/cops_crime_failure/ ‘We are focusing on defending systems over identifying and pursuing the person behind the cyber-crime’

Varo uutta huijausta: Ilmoitus tekstiviestillä vie kalliiseen ansaan

www.is.fi/digitoday/tietoturva/art-2000006388489.html Saapuvasta paketista kertovassa tekstiviestissä on linkki hämäräsivuille, joiden tärkein tieto on pienellä ja harmaalla kirjoitettu.

Government Report Reveals Its Favorite Way to Hack iPhones, Without Backdoors

www.vice.com/en_us/article/n7jevz/government-report-reveals-its-favorite-way-to-hack-iphones-without-backdoors Feds are once again demanding encryption backdoors, but its own data shows it can extract data from phones without them.

US DOI halts operations for its entire drone fleet over Chinese cybersecurity concerns

www.zdnet.com/article/us-doi-halts-operations-for-its-entire-drone-fleet-over-cybersecurity-concerns/ The US Department of the Interior (DOI) has halted the operations of its entire drone fleet except in emergency situations as the department wants to review whether the drones manufactured by “designated foreign-owned companies” are a threat to national security.

U.N. Hack Stemmed From Microsoft SharePoint Flaw

threatpost.com/un-hack-microsoft-sharepoint-flaw/152378/ Reportedly, the bug wasnt patched, leading to a data breach in July.

Coronavirus Campaigns Spread Emotet, Malware

threatpost.com/coronavirus-propagate-emotet/152404/

Apple wants to standardize the format of SMS OTPs (one-time passcodes)

www.zdnet.com/article/apple-wants-to-standardize-the-format-of-sms-otps-one-time-passcodes/ WebKit team proposal aims to improve the security of one-time passcodes sent to users via SMS.

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers

thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.

An Emotet campaign hits the United Nations

www.pandasecurity.com/mediacenter/news/emotet-united-nations/

Dell, HP Memory-Access Bugs Open Attacker Path to Kernel Privileges

threatpost.com/dell-hp-memory-access-bugskernel-privileges/152369/ The manufacturers have issued BIOS updates to address the issues, but researchers warn DMA attacks are likely possible against a range of laptops and desktops.

Forensics detective says Android phones are now harder to crack than iPhones

www.androidauthority.com/android-encryption-forensics-1078668/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.