Critical Controls 2021
www.cert.govt.nz/it-specialists/critical-controls/10-critical-controls/ CERT NZs ten critical controls are designed to help you decide where best to spend your time and money. These have been developed based on the data and insights we received from reports and international threat feeds. . The 2021 top ten list includes two new controls:. Provide and use a password manager. Secure internet-exposed services
Malware in Minecraft mods
www.kaspersky.com/blog/minecraft-mod-adware-google-play/37717/ Unfortunately, as with any successful project, cybercriminals are eager for a piece of the action. Since July of this year, we have detected more than 20 apps on Google Play claiming to be modpacks for Minecraft, when in fact their primary purpose is to display ads on smartphones and tablets in an extremely intrusive manner. We explain what these apps are and how to protect Android devices against . such threats.
Researchers Hacked And Stole A Tesla Model X In Just Minutes
www.forbes.com/sites/leemathews/2020/11/23/researchers-hacked-and-stole-a-tesla-model-x-in-just-minutes/ The attack exploits a weakness in the way Bluetooth communication between the vehicle and fob is handled. Remarkably, the equipment required to pull off the attack costs a measly $200. The core components are a Raspberry Pi, a replacement Tesla ECU (engine control unit) and a key fob.. The KU Leuven team disclosed its findings to Tesla and a fix was pushed to vulnerable vehicles via an over-the-air update this summer. Still, its a startling reminder of the capabilities todays skilled hacking teams possess.
Walmart-exclusive router and others sold on Amazon & eBay contain hidden backdoors to control devices
cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/ In a collaboration between CyberNews Sr. Information Security Researcher Mantas Sasnauskas and researchers James Clee and Roni Carta, suspicious backdoors have been discovered in a Chinese-made Jetstream router, sold exclusively at Walmart as their new line of affordable wifi routers. This backdoor would allow an attacker the ability to remotely control not only the routers, but also any . devices connected to that network.
Shop securely online this Black Friday
www.ncsc.gov.uk/blog-post/shop-securely-online-this-black-friday With Black Friday and Cyber Monday fast approaching, it’s likely that shoppers will move online more than ever with most high street stores still closed. We have updated our online shopping guidance this week to give you the most up to date advice on how to stay secure whilst getting the best deals online.
Spotify Users Hit with Rash of Account Takeovers
threatpost.com/spotify-account-takeovers/161495/ vpnMentors research team spotted an open Elasticsearch database containing more than 380 million individual records, including login credentials and other user data, actively being validated against Spotify accounts. The database in question contained over 72 GB of data, including account usernames and passwords verified on Spotify; email addresses; and countries of residence.
Brazilian government recovers from “worst-ever” cyberattack
www.zdnet.com/article/brazilian-government-recovers-from-worst-ever-cyberattack/ After suffering the most severe cyberattack ever orchestrated against a Brazilian public sector institution, the Superior Electoral Court (STJ, in the Portuguese acronym) has managed to get its systems back up and running, after more than two weeks facing disruption.
Joe Biden Campaign Subdomain Down After Hacktivist Defacement
threatpost.com/joe-biden-campaign-website-hacktivist-defacement/161471/ The subdomain, vote.joebiden.com, was part of the official campaign website JoeBiden.com used by the Biden campaign leading up to the 2020 U.S. presidential election. On Nov. 18, the subdomain reportedly began to display a message in Turkish. In the message, the hacker claims to be RootAyy1ld1z, a Turkish And Muslim Defacer who is not a group or organization, but who fights alone.
Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs
www.bleepingcomputer.com/news/security/hacker-posts-exploits-for-over-49-000-vulnerable-fortinet-vpns/ Although the 2018 bug was publicly disclosed over a year ago, researchers have spotted around 50,000 targets that can still be targeted by attackers.
How Industrial IoT Security Can Catch Up With OT/IT Convergence
www.darkreading.com/edge/theedge/how-industrial-iot-security-can-catch-up-with-ot-it-convergence/b/d-id/1339502 In 2019 alone, research indicates attacks on OT targets had skyrocketed by 300%. However, [Darktrace director] Tsonchev points out that most of the attacks are not coming from the sort of nation-state actors that so many companies fear. Rather, they’re coming from garden-variety criminals who now have the tools to take effective aim at OT systems.
Analysis of TTPs employed by Egregor operators
www.group-ib.com/blog/egregor Egregor has been actively distributed since September 2020. In less than 3 months Egregor operators have managed to successfully hit 69 companies around the world with 32 targets in the US, 7 victims in France and Italy each, 6 in Germany, and 4 in the UK. Other victims happened to be from the APAC, Middle East, and Latin America. Egregor’s favorite sectors are Manufacturing (28.9% of victims) and . Retail (14.5%).
October 12 blackout [in Mumbai] was a sabotage
mumbaimirror.indiatimes.com/mumbai/cover-story/oct-12-blackout-was-a-sabotage/articleshow/79312959.cms Last months power outage in the Mumbai Metropolitan Region (MMR) was possibly the result of a sophisticated sabotage attempt involving foreign entities, a probe carried out by the state polices cyber cell has revealed.
Apple-Notarized Malware: What It Is and How It Affects Mac Users
www.tripwire.com/state-of-security/featured/apple-notarized-malware-how-it-affects-mac-users/ Malicious actors are targeting Apple. Although Apple introduced a notarization mechanism to scan and prevent malicious code from running on Apple devices, attackers have found ways to circumvent this process. Such Apple-notarized malware constitutes a threat to macOS users.