Daily NCSC-FI news followup 2020-06-28

Journalist’s phone hacked by new invisible’ technique: All he had to do was visit one website. Any website

www.thestar.com/news/canada/2020/06/21/journalists-phone-hacked-by-new-invisible-technique-all-he-had-to-do-was-visit-one-website-any-website.html The white iPhone with chipped paint that Moroccan journalist Omar Radi used to stay in contact with his sources also allowed his government to spy on him.

Microsoft quietly created a Windows 10 File Recovery tool, how to use

www.bleepingcomputer.com/news/microsoft/microsoft-quietly-created-a-windows-10-file-recovery-tool-how-to-use/ Microsoft has created a Windows 10 File Recovery Tool that recovers deleted files and forgot to tell anyone.

Smells Fishy? The Fish That Prevent Iran From Hacking Israel’s Water System

www.theyeshivaworld.com/news/headlines-breaking-stories/1876329/smells-fishy-the-fish-that-prevent-iran-from-hacking-israels-water-system.html Twelve aquariums filled with drinking water at the Eshkol water purification site in Be’er Sheva each house several fish who happily swim around as fish do. The fish are closely monitored 24/7 to ensure they stay happy and healthy. Even the slightest signs of changes in their behavior are regarded as “fishy” by those responsible for the safety of Israel’s drinking water.

California University Paid $1.14 Million After Ransomware Attack

www.bloomberg.com/news/articles/2020-06-27/california-university-paid-1-14-million-after-ransomware-attack The University of California, San Francisco paid criminal hackers $1.14 million this month to resolve a ransomware attack.

Russian Criminal Group Finds New Target: Americans Working at Home

www.nytimes.com/2020/06/25/us/politics/russia-ransomware-coronavirus-work-home.html?referringSource=articleShare A hacking group calling itself Evil Corp., indicted in December, has shown up in corporate networks with sophisticated ransomware. American officials worry election infrastructure could be next.

Verified Calls for the Google phone app will let you know why a business is calling


Forget Trump And GoogleHuawei Now Has A Critical New Problem In China

www.forbes.com/sites/zakdoffman/2020/06/28/forget-trump-and-google-huawei-now-has-a-critical-new-problem-in-china/ Huawei has always admitted that its technology has been deployd by third parties in Xinjiang, but has denied direct involvement. ASPI claimed that this is not true. “Huawei’s work in Xinjiang is extensive, ” it said, “and includes working directly with the Chinese Government’s public security bureaus in the region.”

A Popular Study Tool Accidentally Exposed Millions Of Student Records

www.forbes.com/sites/leemathews/2020/06/28/oneclass-accidentally-exposed-millions-of-student-records/ An improperly-secured online database has left the private information of more than a million students exposed. Researchers at vpnMentor say the data belonged to OneClass, a tool that lets students share class notes and study guides.

Chinese malware used in attacks against Australian orgs

www.bleepingcomputer.com/news/security/chinese-malware-used-in-attacks-against-australian-orgs/ The Australian government released an advisory late last week about increased cyber activity from a state actor against networks belonging to its agencies and companies in the country.

TikTok and 53 other iOS apps still snoop your sensitive clipboard data

arstechnica.com/gadgets/2020/06/tiktok-and-53-other-ios-apps-still-snoop-your-sensitive-clipboard-data/ Passwords, bitcoin addresses, and anything else in clipboards are free for the taking.

An embattled group of leakers picks up the WikiLeaks mantle

arstechnica.com/information-technology/2020/06/an-embattled-group-of-leakers-picks-up-the-wikileaks-mantle/ DDoSecrets was banned from Twitter after releasing hacked law enforcement files.

Apple declined to implement 16 Web APIs in Safari due to privacy concerns

www.zdnet.com/article/apple-declined-to-implement-16-web-apis-in-safari-due-to-privacy-concerns/ Apple said these 16 new Web APIs add new user fingerprinting opportunities for online advertisers.

IBM Differential Privacy Library: The single line of code that can protect your data

www.ibm.com/blogs/research/2020/06/ibm-differential-privacy-library-the-single-line-of-code-that-can-protect-your-data/ This year for the first time in its 230-year history the US Census will use differential privacy to keep the responses of its citizens confidential when the data is made available. But how does it work?. Differential privacy uses mathematical noise to preserve individuals’ privacy and confidentiality while allowing population statistics to be observed. This concept has a natural extension to machine learning, where we can protect models against privacy attacks, while maintaining overall accuracy.

You might be interested in …

Daily NCSC-FI news followup 2020-07-25

Will Garmin Pay $10m Ransom To End Two-Day Outage? www.forbes.com/sites/barrycollins/2020/07/25/will-garmin-pay-10m-ransom-to-end-two-day-outage/ Garmin is reportedly being asked to pay a $10 million ransom to free its systems from a cyberattack that has taken down many of its services for two days. Lisäksi yle.fi/uutiset/3-11465640 Hackers actively exploit high-severity networking vulnerabilities arstechnica.com/information-technology/2020/07/hackers-actively-exploit-high-severity-networking-vulnerabilities/ Hackers are actively exploiting two unrelated high-severity […]

Read More

Daily NCSC-FI news followup 2020-10-10

US Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world’s largest botnet one used also to drop ransomware, which officials say is one of the […]

Read More

Daily NCSC-FI news followup 2021-05-07

Connected Places: new NCSC security principles for ‘Smart Cities’ www.ncsc.gov.uk/blog-post/connected-places-new-ncsc-security-principles-for-smart-cities NCSC Technical Director warns that ‘Connected Places’ will likely be a target for malicious actors. It wasnt a teenager accidentally taking control of nuclear command and control, or a magic box that can decrypt anything stolen and used by shady Bond villains intent on taking […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.