Daily NCSC-FI news followup 2021-03-07

Biden administration labels China top tech threat, promises proportionate responses to cyberattacks

www.theregister.com/2021/03/05/bide_administration_interim_national_security_guidance/ That assessment was offered in a new Interim National Security Guidance [PDF] issued on Wednesday, in which the administration also outlines plans to seek more regulation of advanced technologies and an intention to strike back after cyberattacks.. Guidance document at

www.whitehouse.gov/wp-content/uploads/2021/03/NSC-1v2.pdf

AdGuard names 6,000+ web trackers that use CNAME chicanery: Feel free to feed them into your browser’s filter

www.theregister.com/2021/03/04/adguard_cname_tracker/ As privacy barriers have gone up to prevent marketers from gathering data from web users, CNAME manipulation has become more popular. As we reported last week, privacy researchers recently found that the presence of CNAME trackers has increased 21 per cent over the past 22 months and that CNAME trackers show up on almost 10 per cent of the top 10,000 websites. Worse still, 95 per cent of websites . that fiddle with their domain records in this manner leak cookies, which sometimes contain sensitive information.. List at

github.com/AdguardTeam/cname-trackers, paper at

arxiv.org/pdf/2102.09301.pdf

Will Googles Privacy Sandbox take the bite out of tracking cookies?

blog.malwarebytes.com/privacy-2/2021/03/will-googles-privacy-sandbox-take-the-bite-out-of-tracking-cookies/ Third-party cookies have been the lynchpin of online advertising for many years. Plans to phase cookies out forever continue to run at a steady pace, with Google in the driving seat. In 2019, it announced its vision for a Privacy Sandbox.

Microsoft Office 365 gets protection against malicious XLM macros

www.bleepingcomputer.com/news/security/microsoft-office-365-gets-protection-against-malicious-xlm-macros/ Microsoft has added XLM macro protection for Microsoft 365 customers by expanding the runtime defense provided by Office 365’s integration with Antimalware Scan Interface (AMSI) to include Excel 4.0 (XLM) macro scanning. AMSI was introduced in 2015, and it has been adopted by all major antivirus products available for the Windows 10 platform since then. It allows Windows 10 services and apps to communicate with security products and request runtime scans of potentially dangerous data.

Security Researchers Probed 90,194 Amazon Alexa SkillsThe Results Were Shocking

www.forbes.com/sites/daveywinder/2021/03/07/security-researchers-probed-90194-amazon-alexa-skills-the-results-were-shocking/ A research team comprising experts from North Carolina State University (NCSU) and the Ruhr-University Bochum in Germany recently undertook a study of Amazon Alexa skills. What they uncovered was shocking: misleading privacy policies, developers able to claim they were, well, anyone, and multiple skills sharing the same Alexa trigger words, to name just some of the issues.

You might be interested in …

Daily NCSC-FI news followup 2019-10-24

Some ICS Security Incidents Resulted in Injury, Loss of Life: Survey www.securityweek.com/some-ics-security-incidents-resulted-injury-loss-life-survey Some of the recent cybersecurity incidents involving industrial control systems (ICS) have resulted in injury and even loss of life, according to a survey conducted by Control Systems Cyber Security Association International (CS2AI). Cyber chief: The IoT could provide a model for improved […]

Read More

Daily NCSC-FI news followup 2020-02-16

Rikolliset huijasivat 2,6 miljoonaa Puerto Ricon hallitukselta www.tivi.fi/uutiset/tv/be9c0d32-bac0-42b0-ae4d-2ea0bca660cc Puerto Ricossa on paljastunut tapaus, jossa hakkerit ovat onnistuneet saamaan omalle tililleen peräti 2,6 miljoonaa paikallisen hallinnon rahoja. Tarkkaa huijauskeinoa ei ole paljastettu, mutta Softpedian mukaan hakkerit onnistuivat jollakin konstilla vaihtamaan yhden tilinumeron, ja sitä kautta rahat valuivat vääriin käsiin. Israelilaissotilaita houkuteltiin naisten avulla – seksikuvien sijasta […]

Read More

Daily NCSC-FI news followup 2020-03-11

Warning Unpatched Critical ‘Wormable’ Windows SMBv3 Flaw Disclosed thehackernews.com/2020/03/smbv3-wormable-vulnerability.html Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol. Beware of ‘Coronavirus Maps’ It’s a malware […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.