Jan. 19, 2020
Until recently, Hoan Ton-That’s greatest hits included an obscure iPhone game and an app that let people put Donald Trump’s distinctive yellow hair on their own photos. Then Mr. Ton-That — an Australian techie and onetime model — did something momentous: He invented a tool that could end your ability to walk down the street anonymously, and provided it to hundreds of law enforcement agencies, ranging from local cops in Florida to the F.B.I. and the Department of Homeland Security. His tiny company, Clearview AI, devised a groundbreaking facial recognition app.
Jan. 19, 2020
Smart Lock for iOS uses the iPhone’s Secure Enclave Processor (SEP), which is built into every iOS device with Touch ID or Face ID. That’s the processor that handles data encryption on the device – a processor that oh, so many law enforcement and hacker types spend so much time complaining about… or, as the case may be, cracking for fun, fame and profit. After you set it up, you’ll just need your iPhone or iPad, and your usual password, to use in 2FA when you sign in to Google on a desktop using Chrome.
Jan. 18, 2020
Chinese authorities continue operations against unauthorized VPN services that are very popular in the country. China continues to intensify the monitoring ofthe cyberspace applying and persecution of VPN services that could be used to bypass its censorship system known as theGreat Firewall. TheGreat Firewall projectalready blocked access to more hundreds of the world’s 1,000 top websites, including Google, Facebook, Twitter, and Dropbox.
Jan. 18, 2020
On January 3, the U.S. announced the successful assassination of Qasem Soleimani, Iran’s top general. Dire warnings about retaliation immediately appeared in the news, and it wasn’t long before we began to see headlines claiming that Iran had launched cyberattacks on the U.S. But were these really state actors or sophisticated actors, or or were these just a bunch of kids, skids, or hacktivists?
Jan. 15, 2020
A new national campaign wants to stop facial recognition from invading U.S. college campuses. Over the years, facial recognition technology has appeared in a growing number of places, including weed dispensaries, retails stores, and even churches. Now, the activist group Fight for the Future has joined Students for Sensible Drug Policy to launch a national campaign aimed at banning facial recognition from college campuses across the United States.
Jan. 15, 2020
The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping is also a risk, although efforts to listen in would almost certainly be detectable.
More insidious is the possibility that Beijing could use its access to degrade or disrupt communications services in the event of a larger geopolitical conflict. Since the internet, especially the ‘internet of things,’ is expected to rely heavily on 5G infrastructure, potential Chinese infiltration is a serious national security threat. But keeping untrusted companies like Huawei out of Western infrastructure isn’t enough to secure 5G. Neither is banning Chinese microchips, software, or programmers.
Jan. 15, 2020
In a SIM swapping attack, social engineering is used to convince a wireless services provider to hand over control of the victim’s phone number by modifying the SIM card attached to the phone and mobile account. After hijacking a phone number, attackers can bypass two-factor authentication (2FA), intercept calls and messages or impersonate the victim.
Source: securityweek.com
Jan. 15, 2020
As reported this morning, a US delegation consisting of deputy national security advisor Matt Pottinger, junior foreign minister Chris Ford, special envoy Robert Blair and three others flew into London yesterday to hand unspecified ‘intelligence’ to British officials. The delegation refused to clarify publicly what was so compelling about this intelligence that it would convince the UK to shut out Huawei. One of the delegates did tell the Guardian that ‘Donald Trump is watching closely’, while the officials are also reported to have threatened to reduce intelligence-sharing with the UK if Blighty chooses the Chinese firm for 5G – flatly contradicting domestic spy chief Sir Andrew Parker, who yesterday shrugged his shoulders about the risks.
Oct. 28, 2019
New PHP7 bug CVE-2019-11043 can allow even non-technical attackers to take over servers. A recently patched security flaw in modern versions of the PHP programming language is being exploited in the wild to take over servers, ZDNet has learned from threat intelligence firm Bad Packets. The vulnerability is a remote code execution (RCE) in PHP 7, the newer branch of PHP, the most common programming language used to build websites.
Oct. 5, 2019
Often, when new iOS jailbreaks become public, the event is bittersweet. The exploit allowing people to bypass restrictions Apple puts into the mobile operating system allows hobbyists and researchers to customize their devices and gain valuable insights that may be peeking under the covers. That benefit is countered by the threat that the same jailbreak will give hackers a new way to install malware or unlock iPhones that are lost, stolen, or confiscated by unscrupulous authorities.
Oct. 5, 2019
A rash of supply chain attacks hitting open source software over the past year shows few signs of abating, following the discovery this week of two separate backdoors slipped into a dozen libraries downloaded by hundreds of thousands of server administrators. The first backdoor to come to light was in Webmin, a Web-based administration tool with more than 1 million installations. Sometime around April of last year, according to Webmin developer Jamie Cameron, someone compromised the server used to develop new versions of the program.
Oct. 5, 2019
Mr. Gerstell is the general counsel of the National Security Agency. The National Security Operations Center occupies a large windowless room, bathed in blue light, on the third floor of the National Security Agency’s headquarters outside of Washington. For the past 46 years, around the clock without a single interruption, a team of senior military and intelligence officials has staffed this national security nerve center.
Oct. 5, 2019
All three hospitals that make up the DCH Health System in Alabama were closed to new patients on Tuesday as officials there coped with an attack that paralyzed the health network’s computer system. The hospitals—DCH Regional Medical Center in Tuscaloosa, Northport Medical Center, and Fayette Medical Center—are turning away ‘all but the most critical new patients’ at the time this post was going live. Local ambulances were being instructed to take patients to other hospitals when possible.
Oct. 5, 2019
Google has announced today new privacy-centered updates for three of its services — namely Google Maps, YouTube, and Google Assistant. More specifically, Google Maps will be getting an incognito mode, YouTube is getting a history auto-delete option, and Google Assistant is getting support for voice commands that will help users manage the Assistant’s own privacy settings. In addition, Google also launched a new Password Checkup feature that checks users’ passwords if they’ve been leaked at other online services.
Oct. 5, 2019
A first-of-its-kind research project highlights the connections between nearly 2,000 samples of Russian APT malware. Russia’s state-sponsored hacking groups rarely share code with one another, and when they do, it’s usually within groups managed by the same intelligence service, a new joint report published today reveals. This report, co-authored by Check Point and Intezer Labs, is a first of its kind in its field.
Oct. 5, 2019
Binary Hardening in IoT products
Source: cyber-itl.org
Oct. 5, 2019
Attackers are exploiting a zero-day vulnerability in Google’s Android mobile operating system that can give them full control of at least 18 different phone models, including four different Pixel models, a member of Google’s Project Zero research group said on Thursday night. There’s evidence the vulnerability is being actively exploited, either by exploit developer NSO Group or one of its customers, Project Zero member Maddie Stone said in a post. NSO representatives, meanwhile, said the ‘exploit has nothing to do with NSO.’
Sep. 14, 2019
France and Germany have agreed to block Facebook’s Libra cryptocurrency, the French finance ministry said on Friday. In a joint statement, the two governments affirmed that “no private entity can claim monetary power, which is inherent to the sovereignty of nations”. French Finance Minister Bruno Le Maire said on Thursday that Facebook’s new cryptocurrency should not be allowed to operate in Europe while concerns persist about sovereignty and persistent financial risks.
Sep. 14, 2019
MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo. Unlike many stories here about cloud service providers being extorted by hackers for ransomware payouts, this snafu appears to have been something of an inside job.
Sep. 14, 2019
Cybersecurity researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be exploited by remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS. The SimJacker vulnerability resides in the S@T (SIMalliance Toolbox) Browser dynamic SIM toolkit that is embedded in most SIM cards used by mobile operators in at least 30 countries.