Daily NCSC-FI news followup 2020-11-20

Inside the Cit0Day Breach Collection

www.troyhunt.com/inside-the-cit0day-breach-collection/ It’s increasingly hard to know what to do with data like that from Cit0Day. If that’s an unfamiliar name to you, start with Catalin Cimpanu’s story on the demise of the service followed by the subsequent leaking of the data. . I was curious as to how much of this data had been seen in other breaches before and if there was an obvious trend.. Only 55% of the addresses in the sample set had been seen before (after loading the complete data set into HIBP, that number rose to 65%). There were a bunch of addresses in the Collection #1 incident and also in the 2,844 breach collection I added in Feb 2018, but clearly based on the red “null” results there were also many new addresses.

[translation] RTL Nieuws entered a secret EU defense consultation meeting

www.rtlnieuws.nl/nieuws/buitenland/artikel/5198276/rtl-nieuws-hack-defensie-ministers-europa-overleg-bijleveld RTL News has gained access to a secret consultation between the European defense ministers. This was possible because the Twitter account of Minister Ank Bijleveld briefly contained a photo with the login address and part of the pin code.

Security Pros Push for More Pervasive Threat Modeling

www.darkreading.com/application-security/security-pros-push-for-more-pervasive-threat-modeling/d/d-id/1339506 On Nov. 17, Miller and 14 other security professionals published the “Threat Modeling Manifesto,” a document spelling out the general principles of how best to consider attack vectors on software. As a blueprint, the document uses the style and content of the “Agile Manifesto,” a statement published by 17 developers nearly two decades ago that set out simple and elegant goals for agile software . developers. Manifesto at www.threatmodelingmanifesto.org/

YouTube, Facebook and Twitter align to fight Covid vaccine conspiracies

www.bbc.com/news/technology-55005385 Taking part in the effort alongside Facebook, Google-owned YouTube and Twitter are the UK’s Department for Digital, Culture, Media and Sport; the Reuters Institute for the Study of Journalism; Africa Check; Canada’s Privacy Council Office; and five other international fact-checking organisations.

Microsoft vows to pay users if it discloses their data following a government request that violates Europe’s privacy laws.

www.zdnet.com/article/microsoft-these-are-the-new-privacy-steps-were-taking-to-protect-your-data/ “Today, we’re announcing new protections for our public sector and enterprise customers who need to move their data from the European Union, including a contractual commitment to challenge government requests for data and a monetary commitment to show our conviction,” said [chief privacy officer] Brill.

How Cybercriminals Misuse and Abuse AI and ML

www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/exploiting-ai-how-cybercriminals-misuse-abuse-ai-and-ml We discuss the present state of the malicious uses and abuses of AI and ML and the plausible future scenarios in which cybercriminals might abuse these technologies for ill gain.. Paper at


Robot Vacuums Suck Up Sensitive Audio in LidarPhone Hack

threatpost.com/robot-vacuums-audio-lidarphone-hack/161421/ We develop a system to repurpose the LiDAR sensor to sense acoustic signals in the environment, remotely harvest the data from the cloud and process the raw signal to extract information. We call this eavesdropping system LidarPhone, said the team of researchers from the University of Maryland, College Park and the National University of Singapore, in Wednesday research.. Paper at


German COVID-19 Contact-Tracing Vulnerability Allowed RCE

threatpost.com/german-covid-19-contact-tracing-vulnerability-rce/161419/ There appeared to be a pre-authentication RCE vulnerability in Corona-Warn-App Server, which drives Germanys COVID-19 contact-tracing application infrastructure, according to Muñoz. This vulnerability had the potential to affect the integrity of Germanys COVID-19 response and as such warranted an immediate response from our team.

US Senate approves deepfake bill to defend against manipulated media

www.theregister.com/2020/11/19/us_senate_deepfake/ On Wednesday, proposed US legislation to fund defenses against realistic computer-generated media known as deepfakes was approved by the US Senate and the bill now awaits consideration in the US House of Representatives.

OK Google, Build Me a Phishing Campaign

www.armorblox.com/blog/ok-google-build-me-a-phishing-campaign/ The Armorblox threat research team has seen a sharp uptick in attackers using Google services to help them get emails past binary security filters based on keywords or URLs. In this blog, we will outline five targeted phishing campaigns that weaponize various Google services during their attack flow.

Convicted SIM Swapper Gets 3 Years in Jail

krebsonsecurity.com/2020/11/convicted-sim-swapper-gets-3-years-in-jail/ Conor Freeman of Dublin took part in the theft of more than two million dollars worth of cryptocurrency from different victims throughout 2018. Freeman was named as a member of a group of alleged SIM swappers called The Community charged last year with wire fraud in connection with SIM swapping attacks that netted in excess of $2.4 million.

F-Secure varoittaa yrityksiä uudesta huijauksesta Jos on liikevaihtoa ja rahaa tilillä, olette mahdollinen kiristyskohde

www.tivi.fi/uutiset/tv/7cc3c859-278f-413c-a3fd-ad1d21ecd43c Se on myös hyvä esimerkki tavasta, jolla on helppo huijata vastaanottajaa. Lähetetään aidolta Teams-viestiltä näyttävä sähköposti, jonka linkki viekin haittaohjelman luo, [F-Secure CISO Jukka] Seppänen varoittaa.

Microsoft really doesnt want you to run web browsers with elevated feature

www.windowslatest.com/2020/11/19/microsoft-doesnt-want-web-browsers-with-elevated-feature/ Microsoft will detect when the browser is running elevated in a scenario where executables can be run un-elevated. When detected, Microsoft wants to re-launch the browser through explorer.exe so the browser will run under the same user as the shell and de-elevation will take place.

Facebook offers up first-ever estimate of hate speech prevalence on its platform

www.reuters.com/article/us-facebook-content/facebook-estimates-hate-speech-seen-in-1-out-of-1000-views-on-its-platform-idUSKBN27Z2R0 Facebook Inc for the first time on Thursday disclosed numbers on the prevalence of hate speech on its platform, saying that out of every 10,000 content views in the third quarter, 10 to 11 included hate speech.

Information Leakage in AWS Resource-Based Policy APIs

unit42.paloaltonetworks.com/aws-resource-based-policy-apis/ Unit 42 researchers discovered a class of Amazon Web Services (AWS) APIs that can be abused to leak the AWS Identity and Access Management (IAM) users and roles in arbitrary accounts. Researchers confirmed that 22 APIs across 16 different AWS services could be abused the same way and the exploit works across all three AWS partitions (aws, aws-us-gov or aws-cn). AWS services that can be potentially . abused by attackers include Amazon Simple Storage Service (S3), Amazon Key Management Service (KMS) and Amazon Simple Queue Service (SQS). A malicious actor may obtain the roster of an account, learn the organizations internal structure and launch targeted attacks against individuals.

You might be interested in …

Daily NCSC-FI news followup 2021-08-23

New variant of Konni malware used in campaign targetting Russia blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/ In late July 2021, we [Malwarebytes] identified an ongoing spear phishing campaign pushing Konni Rat to target Russia. Konni was first observed in the wild in 2014 and has been potentially linked to the North Korean APT group named APT37. We [Malwarebytes] discovered two […]

Read More

Daily NCSC-FI news followup 2021-08-16

Indra – Hackers Behind Recent Attacks on Iran research.checkpoint.com/2021/indra-hackers-behind-recent-attacks-on-iran/ These days, when we think of nation-state level damage, we immediately think of the nation-state level actor that must be responsible for it. While most attacks against a nation’s sensitive networks are indeed the work of other governments, the truth is that there is no magic […]

Read More

Daily NCSC-FI news followup 2021-06-17

Black Kingdom ransomware securelist.com/black-kingdom-ransomware/102873/ Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065). The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.