Daily NCSC-FI news followup 2020-06-28

Journalist’s phone hacked by new invisible’ technique: All he had to do was visit one website. Any website

www.thestar.com/news/canada/2020/06/21/journalists-phone-hacked-by-new-invisible-technique-all-he-had-to-do-was-visit-one-website-any-website.html The white iPhone with chipped paint that Moroccan journalist Omar Radi used to stay in contact with his sources also allowed his government to spy on him.

Microsoft quietly created a Windows 10 File Recovery tool, how to use

www.bleepingcomputer.com/news/microsoft/microsoft-quietly-created-a-windows-10-file-recovery-tool-how-to-use/ Microsoft has created a Windows 10 File Recovery Tool that recovers deleted files and forgot to tell anyone.

Smells Fishy? The Fish That Prevent Iran From Hacking Israel’s Water System

www.theyeshivaworld.com/news/headlines-breaking-stories/1876329/smells-fishy-the-fish-that-prevent-iran-from-hacking-israels-water-system.html Twelve aquariums filled with drinking water at the Eshkol water purification site in Be’er Sheva each house several fish who happily swim around as fish do. The fish are closely monitored 24/7 to ensure they stay happy and healthy. Even the slightest signs of changes in their behavior are regarded as “fishy” by those responsible for the safety of Israel’s drinking water.

California University Paid $1.14 Million After Ransomware Attack

www.bloomberg.com/news/articles/2020-06-27/california-university-paid-1-14-million-after-ransomware-attack The University of California, San Francisco paid criminal hackers $1.14 million this month to resolve a ransomware attack.

Russian Criminal Group Finds New Target: Americans Working at Home

www.nytimes.com/2020/06/25/us/politics/russia-ransomware-coronavirus-work-home.html?referringSource=articleShare A hacking group calling itself Evil Corp., indicted in December, has shown up in corporate networks with sophisticated ransomware. American officials worry election infrastructure could be next.

Verified Calls for the Google phone app will let you know why a business is calling


Forget Trump And GoogleHuawei Now Has A Critical New Problem In China

www.forbes.com/sites/zakdoffman/2020/06/28/forget-trump-and-google-huawei-now-has-a-critical-new-problem-in-china/ Huawei has always admitted that its technology has been deployd by third parties in Xinjiang, but has denied direct involvement. ASPI claimed that this is not true. “Huawei’s work in Xinjiang is extensive, ” it said, “and includes working directly with the Chinese Government’s public security bureaus in the region.”

A Popular Study Tool Accidentally Exposed Millions Of Student Records

www.forbes.com/sites/leemathews/2020/06/28/oneclass-accidentally-exposed-millions-of-student-records/ An improperly-secured online database has left the private information of more than a million students exposed. Researchers at vpnMentor say the data belonged to OneClass, a tool that lets students share class notes and study guides.

Chinese malware used in attacks against Australian orgs

www.bleepingcomputer.com/news/security/chinese-malware-used-in-attacks-against-australian-orgs/ The Australian government released an advisory late last week about increased cyber activity from a state actor against networks belonging to its agencies and companies in the country.

TikTok and 53 other iOS apps still snoop your sensitive clipboard data

arstechnica.com/gadgets/2020/06/tiktok-and-53-other-ios-apps-still-snoop-your-sensitive-clipboard-data/ Passwords, bitcoin addresses, and anything else in clipboards are free for the taking.

An embattled group of leakers picks up the WikiLeaks mantle

arstechnica.com/information-technology/2020/06/an-embattled-group-of-leakers-picks-up-the-wikileaks-mantle/ DDoSecrets was banned from Twitter after releasing hacked law enforcement files.

Apple declined to implement 16 Web APIs in Safari due to privacy concerns

www.zdnet.com/article/apple-declined-to-implement-16-web-apis-in-safari-due-to-privacy-concerns/ Apple said these 16 new Web APIs add new user fingerprinting opportunities for online advertisers.

IBM Differential Privacy Library: The single line of code that can protect your data

www.ibm.com/blogs/research/2020/06/ibm-differential-privacy-library-the-single-line-of-code-that-can-protect-your-data/ This year for the first time in its 230-year history the US Census will use differential privacy to keep the responses of its citizens confidential when the data is made available. But how does it work?. Differential privacy uses mathematical noise to preserve individuals’ privacy and confidentiality while allowing population statistics to be observed. This concept has a natural extension to machine learning, where we can protect models against privacy attacks, while maintaining overall accuracy.

You might be interested in …

Daily NCSC-FI news followup 2020-09-07

Windows 10 low-effort zero-day in Hyper-V / Windows Sandbox enabled computers www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/ A reverse engineer discovered a new zero-day vulnerability in most Windows 10 editions, which allows creating files in restricted areas of the operating system – e.g. under system32. The researcher told BleepingComputer that the vulnerable component is ‘storvsp.sys’ (Storage VSP – Virtualization Service […]

Read More

Daily NCSC-FI news followup 2020-03-06

Human-operated ransomware attacks: A preventable disaster www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/ Human-operated ransomware campaigns pose a significant and growing threat to businesses and represent one of the most impactful trends in cyberattacks today.. In these hands-on-keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ credential theft and lateral movement methods traditionally associated with targeted […]

Read More

Daily NCSC-FI news followup 2020-03-23

Protecting health care www.kaspersky.com/blog/protecting-healthcare-organizations/34269/ Health-care facilities are struggling with the current coronavirus epidemic, so we must help them with cyberprotection. We are offering free six-month licenses for our core solutions. For the average, law-abiding person, the coronavirus COVID-19 is simply a health hazard. Unfortunately, some cybercriminals perceive the epidemic as an additional opportunity to launch […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.