News
-
News & Notes: July 30, 2021
Estonia arrests hacker who stole 286K ID scans from govt database. Mozilla Firefox to roll out DNS over HTTPS for Canadian users Windows 11 includes the DNS-over-HTTPS privacy feature – How to use
-
News & Notes: July 29, 2021
U.S. President Joe Biden: Severe cyberattacks could escalate to ‘real shooting war’ with a major global power: “You know, we’ve seen how cyber threats, including ransomware attacks, increasingly are able to cause damage and disruption to the real world,” Biden said during a speech at the National Counterterrorism Center of the Office of the Director of National Intelligence. “I can’t guarantee this, and you’re as informed as I am, but I think it’s more likely we’re going to end up — well, if we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great…
-
News & Notes: July 28, 2021
Twitter will soon let you log in with your Google account. “Twitter has started testing a new feature that allows users to sign up for an account using their existing Google account.” via Bleeping Computer eScan’s Mobile Security Application Capable of Detecting and Blocking Pegasus Spyware. The Global Spyware Market Index Report from Top10VPN.com revealed some startling statistics: 74 countries have bought and/or used invasive spyware technology since 2015. Spyware firms: 86% are based in countries considered full or flawed democracies by the EIU. Suspected customers: 55% are authoritarian or hybrid regimes, with only 7% considered full democracies. FinFisher has the most reported state customers (34), followed by Circles (25),…
-
News & Notes: July 27, 2021
Apple Issues Patches for CVE-2021-30807 Just about a week after Apple issued a series of patches for macOS, iOS & iPadOS devices, yet another series of patches has been released this week. Yea Ching, ISC Handler (Twitter: @poppopretn) posted a diary alerting us to this new bug discovered by an anonymous researcher. The issue revolves around the IOMobileFrameBuffer. ”This update resolves an issue with IOMobileFrameBuffer which could allow an application to execute arbitrary code with kernel privileges. This issue may have bee actively exploited.” For macOS Big Sur 11.5.1: IOMobileFrameBuffer Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is…
-
News & Notes: July 26th, 2021
Wireshark 3.4.7 released. ’PetitePotam’ ADCS Domain Admin Vulnerability This one come from Bojan Zdrnja (@bojanz) and a great diary he posted to ISC about the entire issue. Bojan’s piece is a must-read to wrap your head around everything going on. At the core is NTLM (New Technology LAN Manager) relay, in which an attacker has a “machine-in-the-middle” position and is able to intercept credentials being sent. This gets into Microsoft’s encrypted file system remote protocol, and no further authentication is required, making matters worse. Summed up, Don’t use NTLM for authentication! Particularly, on Active Directory Certificate Services, make sure that IIS is not allowing authentication via NTLM. Mitigation documentation from…
-
News & Notes: July 23, 2021
Cyberattacks on critical infrastructure are dangerous, increasing. And they could soon turn deadly. This is a topic that has been talked about more frequently on various internet channels of when cyberattacks will cross into the physical realm and have deadly consequences. At what point does cyber warfare trigger actual, real-life, kinetic warfare? via ZDNet Over 80 U.S. Municipalities Suffer Data Breach via Misconfigured Amazon S3 buckets “WizCaze uncovered a data breach that affected the residents of over 100 U.S. cities that used a product from PeopleGIS. Over 1000 GB of data and over 1.6 million files were held in 80 misconfigured Amazon S3 buckets. WizCase’s investigation revealed multiple reasons due…
-
Akamai DNS Massive Global Internet Outage Takes Down Major Websites, Online Services
In a System Status, Akamai has acknowledged the incident as an “Edge DNS Service Incident”. Bleeping Computer reported that, “Akamai is investigating an ongoing outage affecting many major websites and online services, including Steam, the PlayStation Network, Newegg, Cloudflare, AWS, Amazon, Google, and Salesforce.” They have mitigated the incident as of July 22, 2021-17:09UTC. According to the System Status on Akamai’s site: “We are aware of an emerging issue with the Edge DNS service. “We are actively investigating the issue. If you have questions or are experiencing impact due to this issue, please contact Akamai Technical Support. In the interest of time, we are providing you the most current information…
You May Also Like
World Cybersecurity Forum (1st Quarterly Clubhouse Edition)
-
News & Notes: July 22, 2021
Microsoft ACL Privilege Vulnerability dubbed “#SummerOfSAM”, this is a permissions-related fiasco for SAM & SYSTEM hives. Dubbed the “Summer of SAM” there is CVE 2021-#36934 issued for incorrect permissions on Windows 10/11 hives. Bojan Zdrnja (@bojanz) posted to the ISC (Internet Storm Center) first alerting the public here. The issue revolves around SAM and SYSTEM hives. SAM is Security Accounts Manager. SYSTEM User Account is like ‘root’ in Linux, as this account has more privileges than even the admin. SYSTEM users: see & do things the admin can’t. it can stop processes the admin can’t. has a higher integrity level that the admin. can bypass most policies. As Microsoft published…
-
What is the NSO Group Pegasus Spyware Software? How Does Pegasus Hack Phones?
There was a flurry of news this morning about NSO Group, an Israeli tech firm, and the Pegasus spyware that produces. Al Jazzeera has some interesting reporting and have been following the story for a while. Back in December they reported about their journalists being hacked. “Based on this, we handed the phone to Citizen Lab, who found that the phone was hacked by spyware called Pegasus, which is developed by NSO, an Israeli company,” said Almisshal. “This hacking was done by a so-called zero-click technique where they can access cameras and track the device. They also found that operators in the UAE and Saudi Arabia were behind this hacking.…
-
News & Notes: July 19th, 2021
A U.S. led coalition including the U.K. and other coutries and organizations including NATO are formally accusing China for cyberattacks worldwide, including the massive Microsoft Exchange email hack. via Financial Times, Bloomberg, CNN, CNBC. NSO Group, an Israeli tech organization, is being accussed of selling spyware used to snoop the devices of executives, journalists, activists and dissidents. NSO Group has a proprietary software technology called Pegasus, intended for tracking terrorists, that reportedly, “allows authorities to listen into conversations using hacked mobile phones microphones, as well as track other data”. via Economist Also, a compelling read from 2019 highlighting NSO Group is here via The Economist, as well. And, still another…
