Daily NCSC-FI news followup 2020-11-14

Schools Struggling to Stay Open Get Hit by Ransomware Attacks

www.wsj.com/articles/my-information-is-out-there-hackers-escalate-ransomware-attacks-on-schools-11605279160?mod=djemalertNEWS Districts around the U.S. are fighting a wave of increasingly aggressive hackers, who are publicly posting sensitive student information. Based on searches of hackers’ sites on the dark weba network of websites accessed through special software that gives users anonymityas well as publicly known cases, the Journal has documented nearly three dozen ransomware attacks against school districts since the pandemic began in March. That tally, affecting districts educating more than 700, 000 students, doesn’t include numerous private schools, community colleges and universities that have also come under attack.

Stick a fork in SGX, it’s done: Intel’s cloud-server security defeated by $30 chip and electrical shenanigans

www.theregister.com/2020/11/14/intel_sgx_protection_broken/ Boffins at the University of Birmingham in the UK have developed yet another way to compromise the confidentiality of Intel’s Software Guard Extensions (SGX) secure enclaves, supposed “safe rooms” for sensitive computation. Their technique, named VoltPillager in the tradition of dramatic bug branding, works on SGX systems, even those that have received Intel’s Plundervolt patch (CVE-2019-11157). It involves injecting messages on the Serial Voltage Identification bus between the CPU and the voltage regulator in order to control the voltage in the CPU core.

Hackers can use just-fixed Intel bugs to install malicious firmware on PCs

arstechnica.com/information-technology/2020/11/intel-patches-high-severity-bugs-protecting-lost-stolen-or-confiscated-pcs/ Earlier this week, Intel fixed a series of bugs that made it possible for attackers to install malicious firmware on millions of computers that use its CPUs. The vulnerabilities allowed hackers with physical access to override a protection Intel built into modern CPUs that prevents unauthorized firmware from running during the boot process. Known as Boot Guard, the measure is designed to anchor a chain of trust directly into the silicon to ensure that all firmware that loads is digitally signed by the computer manufacturer. Since CVE-2020-8705 requires physical access, it is harder for an attacker to use than a remote exploit. However, there are a few realistic attack scenarios where it could be used.

You might be interested in …

Daily NCSC-FI news followup 2020-08-10

Onko Android-puhelimessasi haittaohjelma? Nämä oireet enteilevät pahaa www.is.fi/digitoday/tietoturva/art-2000006594928.html Haittaohjelmat uhkaavat Android-käyttäjiä jopa virallisessa Google Play -latauskaupassa. Niiden aiheuttamat vahingot voivat näkyä esimerkiksi puhelinlaskussa, mutta haittaohjelman voi usein tunnistaa jo ennen sitä tarkkailemalla puhelimen käytöstä. FBI says an Iranian hacking group is attacking F5 networking devices www.zdnet.com/article/fbi-says-an-iranian-hacking-group-is-attacking-f5-networking-devices/ Sources: Attacks linked to a hacker group known as […]

Read More

Daily NCSC-FI news followup 2020-06-23

Introducing the TypeRefHash (TRH) www.gdatasoftware.com/blog/2020/06/36164-introducing-the-typerefhash-trh We introduce the TypeRefHash (TRH) which is an alternative to the ImpHash that does not work with .NET binaries. Our evaluation shows that it can effectively be used to identify .NET malware families. Zoom 5 moves toward security www.kaspersky.com/blog/zoom-5-security/36001/ Zoom developers have made their service more secure. We review whats […]

Read More

Daily NCSC-FI news followup 2021-07-03

Ruotsin suurimpiin kuuluvan kauppaketjun lähes kaikki liikkeet suljettu kiristyshaittaohjelman seurauksena yle.fi/uutiset/3-12007855 Kauppaketju Coopin arvion mukaan kaupat pysyvät luultavasti kiinni lauantain ajan. Ongelmat kassajärjestelmässä alkoivat perjantai-iltana. Lisäksi: media.visma.se/pressreleases/mjukvaruleverantoeren-kesaya-utsatt-foer-en-global-cyberattack-som-paaverkar-detaljhandeln-3114593. Lisäksi: www.bleepingcomputer.com/news/security/coop-supermarket-closes-500-stores-after-kaseya-ransomware-attack/. Lisäksi (päivittyvä sivu): helpdesk.kaseya.com/hc/en-gb/articles/4403440684689. Lisäksi: www.kauppalehti.fi/uutiset/kansainvalinen-kyberhyokkays-sulki-ruotsalaisketjun-lahes-800-myymalaa-kassajarjestelma-lakkasi-toimimasta/e13e803f-e971-4e05-a236-9545faf94d15. Lisäksi: www.aftonbladet.se/minekonomi/a/86bQQw/coop-butiker-stangs-efter-it-attack. Lisäksi: www.bleepingcomputer.com/news/security/revil-ransomware-hits-200-companies-in-msp-supply-chain-attack/ US chemical distributor shares info on DarkSide ransomware data theft www.bleepingcomputer.com/news/security/us-chemical-distributor-shares-info-on-darkside-ransomware-data-theft/ World-leading chemical distribution company Brenntag […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.