Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-02-09

Lock My PC Used By Tech Support Scammers, Dev Offers Free Recovery

www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/ Tech Support scammers are using a free utility called Lock My PC to lock users out of their PCs unless they pay the requested “support” fees. For years telephone scammers pretending to be from Microsoft, Google, and other companies have been convincing people to let them access their computer to fix a “detected” issue. Once the scammers gain access to the computer, though, they would use the Windows Syskey program to lock the user out of Windows with a password unless they paid for the “support” call.

Windows 7 bug prevents users from shutting down or rebooting computers

www.zdnet.com/article/windows-7-bug-prevents-users-from-shutting-down-or-rebooting-computers/ A weird bug of unknown origins has been hitting Windows 7 computers this week, according to multiple reports online. Windows 7 users have been reporting that they are receiving a popup message that reads “You don’t have permission to shut down this computer” every time they attempt to shut down or reboot their systems.

Security in 2020: Revisited

www.schneier.com/blog/archives/2020/02/security_in_202_1.html Ten years ago, I wrote an essay: “Security in 2020.” Well, it’s finally 2020. I think I did pretty well. Here’s what I said back then…

Cybersecurity Priorities Are A Matter Of Perspective

www.forbes.com/sites/tonybradley/2020/02/05/cybersecurity-priorities-are-a-matter-of-perspective/ Youre probably familiar with the phrase, When all you have is a hammer, every problem looks like a nail. That phraseor variations on itare frequently used to describe how teams or individuals often have a myopic approach to addressing challenges based on their unique perspectives and skill sets. The problem is illustrated in a recent report that highlights issues organizations face when it comes to cybersecurity and compliance.

Massive DDoS attack brought down 25% Iranian Internet connectivity

securityaffairs.co/wordpress/97559/breaking-news/iran-internet-access-outage.html Iran infrastructures are under attack, a massive cyberattack brought down a large portion of the Iranian access to the Internet, according to the experts the national connectivity fell to 75%. The NetBlocks internet observatory, which tracks disruptions and shutdowns, observed yesterday (February 8, 2019) a massive outage of the countrys connectivity to the Internet.. Also:

www.forbes.com/sites/daveywinder/2020/02/09/powerful-iran-cyber-attack-takes-down-25-of-national-internet/

Apple iCloud Credential Stealing

www.secjuice.com/apple-icloud-credential-stealing/ In August 2019 I found a vulnerability in Apples iOS (CVE-2020-3841) during a Red Team Assessment. We were trying to lure users into entering their credentials in a Wi-Fi Phishing Attack. In this case iOS/Safari (macOS was also affected) helped us with it’s AutoFill features. It turned out to be somewhat buggy, but let’s have a quick look how and why it worked, and how we exploited it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.