Experts: COVID Multiplying Risks To Critical Infrastructure
www.forbes.com/sites/paulfroberts/2020/07/01/experts-covid-multiplying-risks-to-critical-infrastructure/ Former DHS Secretary Michael Chertoff warned on Tuesday that changes wrought by the COVID global pandemic are exacerbating vulnerabilities in the global economy, including the risk of crippling cyber attacks on critical infrastructure like the electric grid.
China’s Software Stalked Uighurs Earlier and More Widely, Researchers Learn
www.nytimes.com/2020/07/01/technology/china-uighurs-hackers-malware-hackers-smartphones.html A new report revealed a broad campaign that targeted Muslims in China and their diaspora in other countries, beginning as early as 2013. Report:
blog.lookout.com/multiyear-surveillance-campaigns-discovered-targeting-uyghurs
Did a Chinese Hack Kill Canada’s Greatest Tech Company?
www.bloomberg.com/news/features/2020-07-01/did-china-steal-canada-s-edge-in-5g-from-nortel Nortel was once a world leader in wireless technology. Then came a hack and the rise of Huawei.
Dozens of US news sites hacked in WastedLocker ransomware attacks
www.bleepingcomputer.com/news/security/dozens-of-us-news-sites-hacked-in-wastedlocker-ransomware-attacks/ The Evil Corp gang hacked into dozens of US newspaper websites owned by the same company to infect the employees of over 30 major US private firms using fake software update alerts displayed by the malicious SocGholish JavaScript-based framework.
A customer allegedly lost $1.9 million due to AT&T’s handling of a number transfer request.
www.zdnet.com/article/at-t-dragged-to-court-again-over-sim-hijacking-and-cryptocurrency-theft/AT&T
Microsoft releases urgent security updates for Windows 10 Codecs bugs
www.bleepingcomputer.com/news/security/microsoft-releases-urgent-security-updates-for-windows-10-codecs-bugs/ Microsoft has released two out-of-band security updates to address remote code execution security vulnerabilities affecting the Microsoft Windows Codecs Library on several Windows 10 and Windows Server versions. Exploitation of these vulnerabilities requires a program to process a specially crafted image file.
After six months of stonewalling by Apple, app dev goes public with macOS privacy protection bypass
www.theregister.com/2020/07/01/apple_macos_privacy_bypass/ So much for preventing malicious software from peeking at sensitive files
EvilQuest ransomware is a file-stealing Mac wiper in disguise
www.bleepingcomputer.com/news/security/evilquest-wiper-uses-ransomware-cover-to-steal-files-from-macs/ A new data wiper and info-stealer called EvilQuest is using ransomware as a decoy to steal files from macOS users. The victims get infected after downloading trojanized installers of popular apps from torrent trackers.
Windows POS malware uses DNS to smuggle stolen credit cards
www.bleepingcomputer.com/news/security/windows-pos-malware-uses-dns-to-smuggle-stolen-credit-cards/ A Windows Point-of-Sale (POS) malware has been discovered using the DNS protocol to smuggle stolen credit cards to a remote server under attacker’s control.
Into the Rabbit Hole Offensive DNS Tunneling Rootkits
www.fortinet.com/blog/threat-research/into-the-rabbit-hole-offensive-dns-tunneling-rootkits
US Govt shares tips on defending against cyberattacks via Tor
www.bleepingcomputer.com/news/security/us-govt-shares-tips-on-defending-against-cyberattacks-via-tor/ The Cybersecurity and Infrastructure Security Agency (CISA) today issued guidance on how to protect against cyberattacks launched from the activity originating from or routed through the Tor anonymity network.
Päivö-myrsky tuhosi sähköverkkoja Suomessa täysin Sähköt poikki 100 000 asiakkaalta
www.tivi.fi/uutiset/tv/8e209f83-b462-449b-8d0c-98284ec803b9 Tiistaina Itä-Suomea riepotellut Päivö-myrsky katkaisi sähköt 100 000 asiakkaalta.
Politico: Skandaalimainen murto Euroopan parlamenttiin kasapäin läppäreitä ja tabletteja lähtenyt varkaiden matkaan
www.tivi.fi/uutiset/tv/0f05fcca-ae98-4a00-b907-a35173ee4436 Varmistamattomien tietojen mukaan jatkuvien varkauksien uhriksi on saattanut joutua jopa 100 europarlamentaarikkoa.
A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC)
blog.fox-it.com/2020/07/01/a-second-look-at-cve-2019-19781-citrix-netscaler-adc/ In this blog post we will revisit CVE-2019-19781, a Remote Code Execution vulnerability affecting Citrix NetScaler / ADC. We will explore how this issue has been widely abused by various actors and how a hacker turf war led to some actors adversary patching the vulnerability in order to prevent secondary compromise by competing adversaries hiding the true number of vulnerable and