Taiwan High-Tech Ecosystem Targeted by Foreign APT Group:
medium.com/@cycraft_corp/taiwan-high-tech-ecosystem-targeted-by-foreign-apt-group-5473d2ad8730 – From what we found even those who use VPNs are at risk even more so than usual. Read below to see how and what to do about it. The main objective of these attacks was the exfiltration of intellectual property, such as documents on integrated circuits (IC), software development kits (SDKs), IC designs, source code, etc. Full report:
Windows 10 SMBGhost RCE exploit demoed by researchers
www.bleepingcomputer.com/news/security/windows-10-smbghost-rce-exploit-demoed-by-researchers/ A proof-of-concept remote code execution (RCE) exploit for the Windows 10 CVE-2020-0796 ‘wormable’ pre-auth remote code execution vulnerability was developed and demoed today by researchers at Ricerca Security. For the time being though, Ricerca Security has decided not to share their RCE PoC exploit publicly to avoid having it fall in the wrong hands.
5g-mastoja tuhotaan jo Ruotsissakin: 70-metrinen masto nurin
www.tivi.fi/uutiset/tv/2cc1d7d1-8abe-4107-9a44-7a6d3ba2554c 5g-mastojen tuhotyöt ovat nyt levinneet myös Ruotsiin. Länsinaapurissa on tehty kaksi mastoihin kohdistunutta iskua. Örkelljungassa kaadettiin 70 metrinen masto iltahämärissä jo 16. maaliskuuta. Viisi päivää myöhemmin samaa temppua yritettiin myös Skoonen Klippanissa. Masto sai yrityksessä ainoastaan vaurioita.
Huijaustekstareita ja -sähköposteja liikkeellä paljon vedätyksiä esimerkiksi Postin nimissä
Students, university clash over forced installation of remote exam monitoring software on home PCs
www.zdnet.com/article/students-university-clash-over-plans-to-install-remote-exam-monitoring-software-on-home-pcs/ The use of remote spying software to prevent cheating has raised an outcry from students.
Microsoft: Our AI can spot security flaws from just the titles of developers’ bug reports
www.zdnet.com/article/microsoft-our-ai-can-spot-security-flaws-from-just-the-titles-of-developers-bug-reports/ Microsoft’s machine-learning model can speed up the triage process when handling bug reports. Microsoft says its machine-learning model correctly distinguishes between security and non-security bugs 99% of the time. It can also accurately identify critical security bugs 97% of the time.
Separating the Signal from the Noise: How Mandiant Intelligence Rates Vulnerabilities Intelligence for Vulnerability Management, Part Three
Trickbot malware is using these unique ‘macro-laced’ document attachments with a coronavirus theme
www.zdnet.com/article/trickbot-malware-is-using-these-unique-macro-laced-document-attachments-with-a-coronavirus-theme/ Microsoft Security Intelligence warns that there’s been a large uptick in Covid-19 themed lures in phishing attacks by this one malware operation in recent days.
Google rolls out BeyondCorp Remote Access for browser-based apps
www.zdnet.com/article/google-rolls-out-beyondcorp-remote-access-for-browser-based-apps/ Google Cloud on Monday rolled out BeyondCorp Remote Access, a new cloud-based product that allows employees to securely access their company’s internal web apps from any device or any location. Amid the scramble to get employees working remotely through the COVID-19 pandemic, the new product aims to quickly provide secure access to browser-based apps.
Foxit PDF Reader, PhantomPDF Open to Remote Code Execution
threatpost.com/foxit-pdf-reader-phantompdf-remote-code-execution/154942/ Foxit Reader and PhantomPDF are plagued by several high-severity flaws that, if exploited, could enable remote code execution.
Zoom’s Security Woes Were No Secret to Business Partners Like Dropbox
www.nytimes.com/2020/04/20/technology/zoom-security-dropbox-hackers.html Dropbox privately paid top hackers to find bugs in software by the videoconferencing company Zoom, then pressed it to fix them.
267 million Facebook profiles sold for $600 on the dark web
www.bleepingcomputer.com/news/security/267-million-facebook-profiles-sold-for-600-on-the-dark-web/ Threat actors are selling over 267 million Facebook profiles for £500 ($623) on dark web sites and hacker forums. While none of these records include passwords, they do contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials.
Research Grants to support Google VRP Bug Hunters during COVID-19
security.googleblog.com/2020/04/research-grants-to-support-google-vrp_20.html As of today, every Google VRP Bug Hunter who submitted at least two remunerated reports from 2018 through April 2020 will be eligible for a $1, 337 research grant.