Daily NCSC-FI news followup 2020-10-10

US Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election

www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world’s largest botnet one used also to drop ransomware, which officials say is one of the top threats to the 2020 election. Myös:

krebsonsecurity.com/2020/10/report-u-s-cyber-command-behind-trickbot-tricks/

CISA and FBI Release Joint Advisory Regarding APT Actors Chaining Vulnerabilities Against Government, Critical Infrastructure, and Elections Organizations

us-cert.cisa.gov/ncas/current-activity/2020/10/09/cisa-and-fbi-release-joint-advisory-regarding-apt-actors-chaining The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint cybersecurity advisory regarding advanced persistent threat (APT) actors chaining vulnerabilities in an attempt to compromise federal and state, local, tribal, and territorial (SLTT) government networks, critical infrastructure, and elections organizations. Report:

us-cert.cisa.gov/ncas/alerts/aa20-283a

Apple’s T2 security chip has an unfixable flaw – Checkm8 vulnerability used to jailbreak iPhones hits Macs as well

arstechnica.com/information-technology/2020/10/apples-t2-security-chip-has-an-unfixable-flaw/ A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple’s trusted T2 security chip and gain deep system access. The flaw is one researchers have also been using for more than a year to jailbreak older models of iPhones. Worst of all, while Apple may be able to slow down potential hackers, the flaw is ultimately unfixable in every Mac that has a T2 inside.

Google adds password breach alerts to Chrome for Android, iOS

www.welivesecurity.com/2020/10/08/chrome-android-ios-can-now-tell-you-if-your-password-has-been-stolen/ Much like with a feature that is already available for Chrome on computers, the browser’s version for mobile platforms will now compare your saved login credentials against a list of login details that are known to have been compromised; if a match is found, it will alert you.

Google boosts malware protection for high-risk accounts

www.bleepingcomputer.com/news/security/google-boosts-malware-protection-for-high-risk-accounts/ Google’s Advanced Protection Program is a free service that aims to protect the accounts of users including but not limited to activists, journalists, business leaders, and political teams who have a higher risk of being targeted by online attacks. APP blocks unauthorized access to enrolled users’ accounts, offers additional protection from harmful downloads, and secures the users’ info.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.