Daily NCSC-FI news followup 2021-07-25

Shortcomings With Financial Market Infrastructure Companies Business Continuity And Cybersecurity Plans Need To Be Resolved

www.forbes.com/sites/mayrarodriguezvalladares/2021/07/25/shortcomings-with-financial-market-infrastructure-companies-business-continuity-and-cybersecurity-plans-need-to-be-resolved/ [A report released this week] shows that it is doubtful that [financial markets infrastructure companies] business continuity plans (BCPs) are designed to ensure that critical information technology (IT) systems can resume operations within two hours following disruptive events and enable the FMI to complete settlement by the end of the day of the disruption, even in case of extreme . circumstances.

First came the ransomware attacks, now come the lawsuits

www.msn.com/en-us/news/us/first-came-the-ransomware-attacks-now-come-the-lawsuits/ar-AAMxd5i [Several] class-action lawsuit […] are popping up in the wake of high-profile ransomware attacks. Another lawsuit filed against Colonial in Georgia in May seeks to get damages for regular consumers who had to pay higher gas prices. A third is in the works, with law firm Chimicles Schwartz Kriner & Donaldson-Smith LLP seeking to mount a similar effort. Colonial isnt the only company thats . been targeted. Another suit was launched in June against the San Diego based hospital system Scripps Health after it was hit by a ransomware attack.

Pegasus Spyware: This New App Says It Can Instantly Check For Pegasus

www.forbes.com/sites/kateoflahertyuk/2021/07/25/pegasus-spyware-this-new-app-says-it-can-instantly-check-for-pegasus/ In a tweet, Ryan Storz, security engineer at the firm Trail of Bits, who leads development of iVerify said: Just released iVerify 20.0, which now tells you if it detects traces of Pegasus.

An Explosive Spyware Report Shows the Limits of iOS Security

www.wired.com/story/nso-group-hacks-ios-android-observability/ “While we understand that persistent logs would be more helpful for forensic uses such as the ones described by Amnesty Internationals researchers, they also would be helpful to attackers, a Google spokesperson said in a statement to WIRED. We continually balance these different needs.. The trick is to strike the right balance between offering more system indicators without inadvertently making attackers jobs too much easier. There is a lot that Apple could be doing in a very safe way to allow observation and imaging of iOS devices in order to catch this type of bad behavior, yet that does not seem to be treated as a priority, says iOS security researcher Will Strafach. . I am sure they have fair policy reasons for this, but its something I dont agree with and would love to see changes in this thinking.. Also

www.theguardian.com/technology/2021/jul/24/officials-who-are-us-allies-among-targets-of-nso-malware-says-whatsapp-chief

The 25 most dangerous software vulnerabilities to watch out for

www.zdnet.com/article/the-25-most-dangerous-software-vulnerabilities-to-watch-out-for/ Top of the list with the highest score by some margin is CWE-787: Out-of-bounds Write, a vulnerability where software writes past the end, or before the beginning, of the intended buffer. . Second in the list is CWE-79: Improper Neutralization of Input During Web Page Generation, a cross-site scripting vulnerability which doesn’t correctly neutralise inputs before being placed as outputs on a website. . Third in the list is CWE-125: Out-of-bounds Read, a vulnerability which can allow attackers read sensitive information from other memory locations or cause a crash.

Twitter reveals surprisingly low two-factor auth (2FA) adoption rate

www.bleepingcomputer.com/news/security/twitter-reveals-surprisingly-low-two-factor-auth-2fa-adoption-rate/ Twitter has revealed in its latest transparency report that only 2.3% of all active accounts have enabled at least one method of two-factor authentication (2FA) between July and December 2020.. Out of the 2.3% of all users who had 2FA enabled over this reporting period, 79.6% used SMS-based, 30.9% a multifactor authentication (MFA) app, and only 0.5% a security key.

It’s time for a Business Logic API Security Testing Approach

thehackernews.com/2021/07/wake-up-identify-api-vulnerabilities.html To do this, you must find ways to simplify and streamline your organization’s API security testing, integrating and enforcing API security testing standards within the development cycle. This way, along with runtime monitoring, the security team can gain visibility into all known vulnerabilities in one place. As a bonus, taking steps to shift-left API security testing will cut costs and accelerate . time to remediation.

Zero trust architecture design principles 1.0 launched.

www.ncsc.gov.uk/blog-post/zero-trust-1-0 The eight principles outlined in our guidance will help you to implement your own zero trust network architecture in an enterprise environment.. The principles are: Know your architecture, including users, devices, services and data. Know your User, Service and Device identities. Assess your user behaviour, device and service health. Use policies to authorise requests. Authenticate & Authorise everywhere. Focus your monitoring on users, devices and services. Don’t trust any network, including your own. Choose services designed for zero . trust.

Everything About Service Principals, Applications, And API Permissions

m365internals.com/2021/07/24/everything-about-service-principals-applications-and-api-permissions/ [Summary:] We started with explaining what Service Principals are and followed-up with a use-case on how they have been abused in real cases. Once we have done that, we started explaining what API permissions are considered sensitive by Microsoft, and how we can audit those permissions with the AzureADIR PowerShell module.

You might be interested in …

Daily NCSC-FI news followup 2019-08-11

Over 40 Windows Hardware Drivers Vulnerable To Privilege Escalation www.bleepingcomputer.com/news/security/over-40-windows-hardware-drivers-vulnerable-to-privilege-escalation/ Researchers analyzing the security of legitimate device drivers found that more than 40 from at least 20 hardware vendors can be abused to achieve privilege escalation. The vendors affected include every major BIOS vendor and big names in the computer hardware business like ASUS, Toshiba, […]

Read More

Daily NCSC-FI news followup 2019-08-04

Extortion Emails on the Rise: A Look at The Different Types www.bleepingcomputer.com/news/security/extortion-emails-on-the-rise-a-look-at-the-different-types/ No matter the theme of an extortion scam, their goal is all the same. To scare you into thinking the attackers have information or video about you so that you make a bitcoin payment to avoid the information from being released.. Below we […]

Read More

Daily NCSC-FI news followup 2021-10-11

Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/ ┬áDEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center (MSTIC) first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technology […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.