Categories
NCSC-FI News followup

Daily NCSC-FI news followup 2020-09-07

Windows 10 low-effort zero-day in Hyper-V / Windows Sandbox enabled computers

www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/ A reverse engineer discovered a new zero-day vulnerability in most Windows 10 editions, which allows creating files in restricted areas of the operating system – e.g. under system32. The researcher told BleepingComputer that the vulnerable component is ‘storvsp.sys’ (Storage VSP – Virtualization Service Provider), a server-side Hyper-V component.

Chilean bank shuts down all branches following ransomware attack

www.zdnet.com/article/chilean-bank-shuts-down-all-branches-following-ransomware-attack/ All BancoEstado branches will remain closed on Monday, September 7, and possibly more days. Details about the attack have not been made public, but a source close to the investigation told ZDNet that the bank’s internal network was infected with the REvil (Sodinokibi) ransomware.

Money from bank hacks rarely gets laundered through cryptocurrencies

www.zdnet.com/article/money-from-bank-hacks-rarely-gets-laundered-through-cryptocurrencies/ Despite being considered a cybercrime haven, cryptocurrencies play a very small role in laundering funds obtained from bank hacks; the SWIFT financial organization said in a report last week. These funds are usually laundered using an assortment of techniques, such as money mules, front companies, cash businesses, cryptocurrencies, and investments back into other forms of crime. Some groups might rely on one technique, while others may combine multiple.

New PIN Verification Bypass Flaw Affects Visa Contactless Payments

thehackernews.com/2020/09/emv-payment-card-pin-hacking.html The research, published by a group of academics from the ETH Zurich, is a PIN bypass attack that allows the adversaries to leverage a victim’s stolen or lost credit card for making high-value purchases without knowledge of the card’s PIN, and even trick a point of sale (PoS) terminal into accepting an unauthentic offline card transaction. This, however, doesn’t impact Mastercard, American Express, and JCB. Research: emvrace.github.io/

FCC estimates it’ll cost $1.8B to remove Huawei, ZTE equipment from US networks

www.cnet.com/news/fcc-estimates-itll-cost-1-8b-to-remove-huawei-zte-equipment-from-us-networks/ The two Chinese tech giants have been designated national security threats.

Samsung scores $6.6bn for 5G at Verizon

www.theregister.com/2020/09/07/samsung_wins_verizon_5g/ Samsung Electronics has won a $6.6bn contract to supply 5G infrastructure to Verizon in the US, beating out more established and traditional telco suppliers Nokia and Ericsson.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.