Daily NCSC-FI news followup 2020-11-14

Schools Struggling to Stay Open Get Hit by Ransomware Attacks

www.wsj.com/articles/my-information-is-out-there-hackers-escalate-ransomware-attacks-on-schools-11605279160?mod=djemalertNEWS Districts around the U.S. are fighting a wave of increasingly aggressive hackers, who are publicly posting sensitive student information. Based on searches of hackers’ sites on the dark weba network of websites accessed through special software that gives users anonymityas well as publicly known cases, the Journal has documented nearly three dozen ransomware attacks against school districts since the pandemic began in March. That tally, affecting districts educating more than 700, 000 students, doesn’t include numerous private schools, community colleges and universities that have also come under attack.

Stick a fork in SGX, it’s done: Intel’s cloud-server security defeated by $30 chip and electrical shenanigans

www.theregister.com/2020/11/14/intel_sgx_protection_broken/ Boffins at the University of Birmingham in the UK have developed yet another way to compromise the confidentiality of Intel’s Software Guard Extensions (SGX) secure enclaves, supposed “safe rooms” for sensitive computation. Their technique, named VoltPillager in the tradition of dramatic bug branding, works on SGX systems, even those that have received Intel’s Plundervolt patch (CVE-2019-11157). It involves injecting messages on the Serial Voltage Identification bus between the CPU and the voltage regulator in order to control the voltage in the CPU core.

Hackers can use just-fixed Intel bugs to install malicious firmware on PCs

arstechnica.com/information-technology/2020/11/intel-patches-high-severity-bugs-protecting-lost-stolen-or-confiscated-pcs/ Earlier this week, Intel fixed a series of bugs that made it possible for attackers to install malicious firmware on millions of computers that use its CPUs. The vulnerabilities allowed hackers with physical access to override a protection Intel built into modern CPUs that prevents unauthorized firmware from running during the boot process. Known as Boot Guard, the measure is designed to anchor a chain of trust directly into the silicon to ensure that all firmware that loads is digitally signed by the computer manufacturer. Since CVE-2020-8705 requires physical access, it is harder for an attacker to use than a remote exploit. However, there are a few realistic attack scenarios where it could be used.

You might be interested in …

Daily NCSC-FI news followup 2019-08-20

Guccifer Rising? Months-Long Phishing Campaign on ProtonMail Targets Dozens of Russia-Focused Journalists and NGOs www.bellingcat.com/news/uk-and-europe/2019/08/10/guccifer-rising-months-long-phishing-campaign-on-protonmail-targets-dozens-of-russia-focused-journalists-and-ngos/ A sophisticated phishing campaign targeting Bellingcat and other Russia-focused journalists has been much larger in scope than previously thought, and has lasted at least several months. Bellingcat has identified dozens of targeted individuals across Europe and the US, with the […]

Read More

Daily NCSC-FI news followup 2020-01-15

Hainan Xiandun Technology Company is APT40 intrusiontruth.wordpress.com/2020/01/15/hainan-xiandun-technology-company-is-apt40/ You knew where this was heading. Facebook to notify users of third-party app logins www.zdnet.com/article/facebook-to-notify-users-of-third-party-app-logins/ Facebook launched a new feature this week that will notify users whenever they (or somebody else) logs into a third-party app or website using their Facebook account. Have an iPhone? Use it to […]

Read More

Daily NCSC-FI news followup 2020-11-25

Laser-Based Hacking from Afar Goes Beyond Amazon Alexa threatpost.com/light-based-attacks-digital-home/161583/ They broadened their research to show how light can be used to manipulate a wider range of digital assistantsincluding Amazon Echo 3 but also sensing systems found in medical devices, autonomous vehicles, industrial systems and even space systems. Live Patching Windows API Calls Using PowerShell isc.sans.edu/diary/rss/26826 […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.