Daily NCSC-FI news followup 2020-11-10

With Great Power comes Great Leakage

platypusattack.com/ With PLATYPUS, we present novel software-based power side-channel attacks on Intel server, desktop and laptop CPUs. We exploit the unprivileged access to the Intel RAPL interface exposing the processor’s power consumption to infer data and extract cryptographic keys. Lisäksi:

www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus. Lisäksi:

arstechnica.com/information-technology/2020/11/intel-sgx-defeated-yet-again-this-time-thanks-to-on-chip-power-meter/. Lisäksi:

www.theregister.com/2020/11/10/intel_sgx_side_channel/

Microsoft Releases November 2020 Security Updates

us-cert.cisa.gov/ncas/current-activity/2020/11/10/microsoft-releases-november-2020-security-updates Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Lisäksi:

msrc.microsoft.com/update-guide/releaseNote/2020-Nov. Lisäksi:

isc.sans.edu/diary/Microsoft+November+2020+Patch+Tuesday/26778. Lisäksi:

www.zdnet.com/article/microsoft-november-2020-patch-tuesday-arrives-with-fix-for-windows-zero-day/

Critical Vulnerability in Windows OS

blog.checkpoint.com/2020/11/09/critical-vulnerability-in-windows-os-check-point-customers-remain-protected/ Only five days after Google disclosed information about a critical vulnerability in the Microsoft Windows operating system (CVE-2020-17087), Check Point has officially released protection to keep its customers completely safe. Early protections against vulnerabilities that are under active attack are crucial.

New APT32 Malware Campaign Targets Cambodian Government

www.recordedfuture.com/apt32-malware-campaign/ Recorded Future’s Insikt Group has discovered a new malware campaign targeting the Cambodian government using an Association of Southeast Asian Nations (ASEAN)-themed spearphish.

New Slipstream NAT bypass attacks to be blocked by browsers

www.bleepingcomputer.com/news/security/new-slipstream-nat-bypass-attacks-to-be-blocked-by-browsers/ Web browser vendors are planning to block a new attack technique that would allow attackers to bypass a victim’s NAT, firewall, or router to gain access to any TCP/UDP service hosted on their devices

Google Chrome to block JavaScript redirects on web page URL clicks

www.bleepingcomputer.com/news/security/google-chrome-to-block-javascript-redirects-on-web-page-url-clicks/ Google Chrome is getting a new feature that increases security when clicking on web page links that open URLs in a new window or tab. Lisäksi:

www.zdnet.com/article/chrome-to-block-tab-nabbing-attacks

Europe is adopting stricter rules on surveillance tech

www.technologyreview.com/2020/11/09/1011837/europe-is-adopting-stricter-rules-on-surveillance-tech/ The European Union has agreed to stricter rules on the sale and export of cyber-surveillance technologies like facial recognition and spyware. After years of negotiations, the new regulation will be announced today in Brussels.

New Cybersecurity Threat Predictions for 2021

www.fortinet.com/blog/threat-research/new-cybersecurity-threat-predictions-for-2021 In FortiGuard Labs’ threat predictions for 2021, we’ve estimated the strategies that we anticipate cybercriminals will leverage in the coming year and beyond.

IQM raises $46 million to commercialize its quantum computers

venturebeat.com/2020/11/10/iqm-raises-46-million-to-commercialize-its-quantum-computers/ The race to develop quantum computers has attracted growing hype in recent years. While it’s hard to know just when this next-generation computing architecture will have a real impact, one European company is preparing to take another significant step forward.

You might be interested in …

Daily NCSC-FI news followup 2020-02-18

Active Exploits Hit Vulnerable WordPress ThemeGrill Plugin threatpost.com/active-exploits-hit-vulnerable-wordpress-themegrill-plugin/152947/ Researchers are urging users of a vulnerable WordPress plugin, ThemeGrill Demo Importer, to update as soon as possible after discovering attackers are actively exploiting a flaw in the plugin. Ole organisaatiosi tietoturvan vahvin lenkki myös matkustaessasi ek.fi/ajankohtaista/uutiset/2020/02/18/ole-organisaatiosi-tietoturvan-vahvin-lenkki-myos-matkustaessasi/ Matkustaessa korostuvat mahdollisuus henkilötiedusteluun, eli ihmisiltä tehtävään tiedonhankintaan, sekä riski […]

Read More

Daily NCSC-FI news followup 2020-11-17

Nordean tietomurrosta kahdelle vankeutta yhden syytteet hylättiin Pohjanmaan käräjäoikeudessa yle.fi/uutiset/3-11652084?origin=rss Rikokset ajoittuivat kesään 2019. Käräjäoikeus määräsi tiistaina tuomitut maksamaan pankille yhteensä yli 276 000 euroa vahingonkorvauksia. Delhin poliisi pidätti 17 ihmistä “Microsoftin palvelukeskuksesta” www.tivi.fi/uutiset/tv/79cbdf6d-9551-46b5-b6ff-06a378686a75 Poliisin antamien tietojen mukaan huijariporukka oli ehtinyt petkuttaa ihmisiä jo runsaan vuoden ajan. Uhrien määräksi kerrotaan 2268 ja saaliiksi runsaat 0, […]

Read More

Daily NCSC-FI news followup 2020-10-08

Saitko tekstiviestin Postin nimissä? Varothan, viesti voi olla huijaus www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/saitko-tekstiviestin-postin-nimissa-varothan-viesti-voi-olla-huijaus Päivitetty 07.10.2020 14:28. Uudessa huijaustyypissä tekstiviestillä lähetetystä linkistä aukeava kalastelusivu muuntautuu päätelaitteesi mukaan: iOS-laitteilta kalastellaan iCloud-tunnuksia, Androideille tarjotaan haitallista sovellusta (.apk-paketti). Android Users Beware: Delete These 240 Malicious Apps Now www.forbes.com/sites/kateoflahertyuk/2020/10/08/android-users-beware-delete-these-240-malicious-apps-now/ Android users need to check their devices today after security researchers revealed 240 malicious […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.