Daily NCSC-FI news followup 2020-06-28

Journalist’s phone hacked by new invisible’ technique: All he had to do was visit one website. Any website

www.thestar.com/news/canada/2020/06/21/journalists-phone-hacked-by-new-invisible-technique-all-he-had-to-do-was-visit-one-website-any-website.html The white iPhone with chipped paint that Moroccan journalist Omar Radi used to stay in contact with his sources also allowed his government to spy on him.

Microsoft quietly created a Windows 10 File Recovery tool, how to use

www.bleepingcomputer.com/news/microsoft/microsoft-quietly-created-a-windows-10-file-recovery-tool-how-to-use/ Microsoft has created a Windows 10 File Recovery Tool that recovers deleted files and forgot to tell anyone.

Smells Fishy? The Fish That Prevent Iran From Hacking Israel’s Water System

www.theyeshivaworld.com/news/headlines-breaking-stories/1876329/smells-fishy-the-fish-that-prevent-iran-from-hacking-israels-water-system.html Twelve aquariums filled with drinking water at the Eshkol water purification site in Be’er Sheva each house several fish who happily swim around as fish do. The fish are closely monitored 24/7 to ensure they stay happy and healthy. Even the slightest signs of changes in their behavior are regarded as “fishy” by those responsible for the safety of Israel’s drinking water.

California University Paid $1.14 Million After Ransomware Attack

www.bloomberg.com/news/articles/2020-06-27/california-university-paid-1-14-million-after-ransomware-attack The University of California, San Francisco paid criminal hackers $1.14 million this month to resolve a ransomware attack.

Russian Criminal Group Finds New Target: Americans Working at Home

www.nytimes.com/2020/06/25/us/politics/russia-ransomware-coronavirus-work-home.html?referringSource=articleShare A hacking group calling itself Evil Corp., indicted in December, has shown up in corporate networks with sophisticated ransomware. American officials worry election infrastructure could be next.

Verified Calls for the Google phone app will let you know why a business is calling


Forget Trump And GoogleHuawei Now Has A Critical New Problem In China

www.forbes.com/sites/zakdoffman/2020/06/28/forget-trump-and-google-huawei-now-has-a-critical-new-problem-in-china/ Huawei has always admitted that its technology has been deployd by third parties in Xinjiang, but has denied direct involvement. ASPI claimed that this is not true. “Huawei’s work in Xinjiang is extensive, ” it said, “and includes working directly with the Chinese Government’s public security bureaus in the region.”

A Popular Study Tool Accidentally Exposed Millions Of Student Records

www.forbes.com/sites/leemathews/2020/06/28/oneclass-accidentally-exposed-millions-of-student-records/ An improperly-secured online database has left the private information of more than a million students exposed. Researchers at vpnMentor say the data belonged to OneClass, a tool that lets students share class notes and study guides.

Chinese malware used in attacks against Australian orgs

www.bleepingcomputer.com/news/security/chinese-malware-used-in-attacks-against-australian-orgs/ The Australian government released an advisory late last week about increased cyber activity from a state actor against networks belonging to its agencies and companies in the country.

TikTok and 53 other iOS apps still snoop your sensitive clipboard data

arstechnica.com/gadgets/2020/06/tiktok-and-53-other-ios-apps-still-snoop-your-sensitive-clipboard-data/ Passwords, bitcoin addresses, and anything else in clipboards are free for the taking.

An embattled group of leakers picks up the WikiLeaks mantle

arstechnica.com/information-technology/2020/06/an-embattled-group-of-leakers-picks-up-the-wikileaks-mantle/ DDoSecrets was banned from Twitter after releasing hacked law enforcement files.

Apple declined to implement 16 Web APIs in Safari due to privacy concerns

www.zdnet.com/article/apple-declined-to-implement-16-web-apis-in-safari-due-to-privacy-concerns/ Apple said these 16 new Web APIs add new user fingerprinting opportunities for online advertisers.

IBM Differential Privacy Library: The single line of code that can protect your data

www.ibm.com/blogs/research/2020/06/ibm-differential-privacy-library-the-single-line-of-code-that-can-protect-your-data/ This year for the first time in its 230-year history the US Census will use differential privacy to keep the responses of its citizens confidential when the data is made available. But how does it work?. Differential privacy uses mathematical noise to preserve individuals’ privacy and confidentiality while allowing population statistics to be observed. This concept has a natural extension to machine learning, where we can protect models against privacy attacks, while maintaining overall accuracy.

You might be interested in …

Daily NCSC-FI news followup 2019-10-12

These are the 29 countries vulnerable to Simjacker attacks www.zdnet.com/article/these-are-the-29-countries-vulnerable-to-simjacker-attacks/ Adaptive Mobile publishes the list of countries where mobile operators ship SIM cards vulnerable to Simjacker attacks.. Simjacker attacks spotted in Mexico, Colombia and Peru. Nemty 1.6 Ransomware Released and Pushed via RIG Exploit Kit www.bleepingcomputer.com/news/security/nemty-16-ransomware-released-and-pushed-via-rig-exploit-kit/ The RIG exploit kit is now pushing a cocktail […]

Read More

Daily NCSC-FI news followup 2020-05-11

April 2020s Most Wanted Malware: Agent Tesla Remote Access Trojan Spreading Widely In COVID-19 Related Spam Campaigns blog.checkpoint.com/2020/05/11/april-2020s-most-wanted-malware-agent-tesla-remote-access-trojan-spreading-widely-in-covid-19-related-spam-campaigns/ Our latest Global Threat Index for April 2020 has found several COVID-19 related spam campaigns distributing a new variant of the Agent Tesla remote access trojan, moving it up to 3rd place in the Index, impacting 3% […]

Read More

Daily NCSC-FI news followup 2019-10-30

Major vulnerability patched in the EU’s eIDAS authentication system www.zdnet.com/article/major-vulnerability-patched-in-the-eus-eidas-authentication-system/ Vulnerability would have allowed attackers to pose as any EU citizen or business. SEC Consult researchers said they found that current versions of the eIDAS-Node package fail to validate certificates used in eIDAS operations, allowing attackers to fake the certificate of any other eIDAS citizen […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.