Daily NCSC-FI news followup 2020-06-28

Journalist’s phone hacked by new invisible’ technique: All he had to do was visit one website. Any website

www.thestar.com/news/canada/2020/06/21/journalists-phone-hacked-by-new-invisible-technique-all-he-had-to-do-was-visit-one-website-any-website.html The white iPhone with chipped paint that Moroccan journalist Omar Radi used to stay in contact with his sources also allowed his government to spy on him.

Microsoft quietly created a Windows 10 File Recovery tool, how to use

www.bleepingcomputer.com/news/microsoft/microsoft-quietly-created-a-windows-10-file-recovery-tool-how-to-use/ Microsoft has created a Windows 10 File Recovery Tool that recovers deleted files and forgot to tell anyone.

Smells Fishy? The Fish That Prevent Iran From Hacking Israel’s Water System

www.theyeshivaworld.com/news/headlines-breaking-stories/1876329/smells-fishy-the-fish-that-prevent-iran-from-hacking-israels-water-system.html Twelve aquariums filled with drinking water at the Eshkol water purification site in Be’er Sheva each house several fish who happily swim around as fish do. The fish are closely monitored 24/7 to ensure they stay happy and healthy. Even the slightest signs of changes in their behavior are regarded as “fishy” by those responsible for the safety of Israel’s drinking water.

California University Paid $1.14 Million After Ransomware Attack

www.bloomberg.com/news/articles/2020-06-27/california-university-paid-1-14-million-after-ransomware-attack The University of California, San Francisco paid criminal hackers $1.14 million this month to resolve a ransomware attack.

Russian Criminal Group Finds New Target: Americans Working at Home

www.nytimes.com/2020/06/25/us/politics/russia-ransomware-coronavirus-work-home.html?referringSource=articleShare A hacking group calling itself Evil Corp., indicted in December, has shown up in corporate networks with sophisticated ransomware. American officials worry election infrastructure could be next.

Verified Calls for the Google phone app will let you know why a business is calling


Forget Trump And GoogleHuawei Now Has A Critical New Problem In China

www.forbes.com/sites/zakdoffman/2020/06/28/forget-trump-and-google-huawei-now-has-a-critical-new-problem-in-china/ Huawei has always admitted that its technology has been deployd by third parties in Xinjiang, but has denied direct involvement. ASPI claimed that this is not true. “Huawei’s work in Xinjiang is extensive, ” it said, “and includes working directly with the Chinese Government’s public security bureaus in the region.”

A Popular Study Tool Accidentally Exposed Millions Of Student Records

www.forbes.com/sites/leemathews/2020/06/28/oneclass-accidentally-exposed-millions-of-student-records/ An improperly-secured online database has left the private information of more than a million students exposed. Researchers at vpnMentor say the data belonged to OneClass, a tool that lets students share class notes and study guides.

Chinese malware used in attacks against Australian orgs

www.bleepingcomputer.com/news/security/chinese-malware-used-in-attacks-against-australian-orgs/ The Australian government released an advisory late last week about increased cyber activity from a state actor against networks belonging to its agencies and companies in the country.

TikTok and 53 other iOS apps still snoop your sensitive clipboard data

arstechnica.com/gadgets/2020/06/tiktok-and-53-other-ios-apps-still-snoop-your-sensitive-clipboard-data/ Passwords, bitcoin addresses, and anything else in clipboards are free for the taking.

An embattled group of leakers picks up the WikiLeaks mantle

arstechnica.com/information-technology/2020/06/an-embattled-group-of-leakers-picks-up-the-wikileaks-mantle/ DDoSecrets was banned from Twitter after releasing hacked law enforcement files.

Apple declined to implement 16 Web APIs in Safari due to privacy concerns

www.zdnet.com/article/apple-declined-to-implement-16-web-apis-in-safari-due-to-privacy-concerns/ Apple said these 16 new Web APIs add new user fingerprinting opportunities for online advertisers.

IBM Differential Privacy Library: The single line of code that can protect your data

www.ibm.com/blogs/research/2020/06/ibm-differential-privacy-library-the-single-line-of-code-that-can-protect-your-data/ This year for the first time in its 230-year history the US Census will use differential privacy to keep the responses of its citizens confidential when the data is made available. But how does it work?. Differential privacy uses mathematical noise to preserve individuals’ privacy and confidentiality while allowing population statistics to be observed. This concept has a natural extension to machine learning, where we can protect models against privacy attacks, while maintaining overall accuracy.

You might be interested in …

Daily NCSC-FI news followup 2020-11-08

Office 365 will let admins review Microsoft Forms phishing attempts www.bleepingcomputer.com/news/security/office-365-will-let-admins-review-microsoft-forms-phishing-attempts/ Microsoft is working on adding a new Microsoft Forms phishing attempt review feature that will allow Office 365 admins to confirm and block forms that try to maliciously harvest sensitive data. Winning hacker team pockets $744, 500 at the Tianfu Cup, China’s top hacking […]

Read More

Daily NCSC-FI news followup 2021-03-30

Älä ole hiljaa: 7 syytä, joiden vuoksi verkkorötöksistä kannattaa tehdä rikosilmoitus www.is.fi/digitoday/tietoturva/art-2000007889042.html Kyberrikokset tulisi ilmoittaa poliisille, uusi Kyberrikollisuus on poliisiasia -opas kertoo. Suuri osa kyberrikoksista jää ilmoittamatta poliisille. Tähän tärkeimmät syyt ovat epäröinti käynnistää prosessi esimerkiksi negatiivisen julkisuuden pelossa, pelko omien virheiden paljastumisesta, sekä hyötyjen ja haittojen punnitseminen, johon kuuluu muun muassa uskomus rikollisen kiinni […]

Read More

Daily NCSC-FI news followup 2020-12-16

SunBurst: the next level of stealth blog.reversinglabs.com/blog/sunburst-the-next-level-of-stealth SolarWinds compromise exploited through sophistication and patience. ReversingLabs’ research into the anatomy of this supply chain attack unveiled conclusive details showing that Orion software build and code signing infrastructure was compromised. The source code of the affected library was directly modified to include malicious backdoor code, which was […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.