Guidelines for Securing the Internet of Things

This ENISA study defines guidelines for securing the supply chain for IoT. ENISA with the input of IoT experts created security guidelines for the whole lifespan: from requirements and design, to end use delivery and maintenance, as well as disposal. The study is developed to help IoT manufacturers, developers, integrators and all stakeholders that are involved to the supply chain …

Solving the Cryptography Riddle: Post-quantum Computing & Crypto-assets Blockchain Puzzles

The European Union Agency for Cybersecurity releases two reports on cryptography: one on the progress of post-quantum cryptography standardisation, and the other on exploring the technologies under the hood of crypto-assets. Cryptography is a vital part of cybersecurity. Security properties like confidentiality, integrity, authentication, non-repudiation rely on strong cryptographic mechanisms, especially in an always connected, always online world. In addition, …

Cybersecurity Challenges in the Uptake of Artificial Intelligence in Autonomous Driving

A report by the European Union Agency for Cybersecurity (ENISA) and the Joint Research Centre (JRC) looks at cybersecurity risks connected to Artificial Intelligence (AI) in autonomous vehicles and provides recommendations for mitigating them. By removing the most common cause of traffic accidents – the human driver – autonomous vehicles are expected to reduce traffic accidents and fatalities. However, they …

AppleJeus: Analysis of North Korea’s Cryptocurrency Malware

Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber …

Unpatched Android App with 1 Billion Downloads Threatens Spying, Malware

Attackers can exploit SHAREit permissions to execute malicious code through vulnerabilities that remain unpatched three months after app makers were informed. Mit dem Laden des Tweets akzeptieren Sie die Datenschutzerklärung von Twitter.Mehr erfahren Inhalt laden Twitter Tweets immer entsperren    

DDoS attack takes down EXMO cryptocurrency exchange servers

The servers of British cryptocurrency exchange EXMO were taken offline temporarily after being targeted in a distributed denial-of-service (DDoS) attack. https://www.bleepingcomputer.com/news/security/ddos-attack-takes-down-exmo-cryptocurrency-exchange-servers/    

FBI’s alert warns about using Windows 7 and TeamViewer

The FBI issues this week a Private Industry Notification (PIN) alert to warn companies about the risks of using out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. Klicken Sie auf den unteren Button, um den Inhalt von securityaffairs.co zu laden. Inhalt laden    

Singtel Suffers Zero-Day Cyberattack, Damage Unknown

The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform. Mit dem Laden des Tweets akzeptieren Sie die Datenschutzerklärung von Twitter.Mehr erfahren Inhalt laden Twitter Tweets immer entsperren    

DDoS attacks intensify — Driven in part by COVID-19 and 5G

Cybercriminals had a busy year in 2020, with rapidly increasing numbers of distributed denial of service (DDoS) weapons, widespread botnet activity, and some of the largest DDoS attacks ever recorded. As COVID-19 drove an urgent shift online for everything from education and healthcare, to consumer shopping, to office work, hackers had more targets available than ever—many of them under protected …

Hackers ask only $1,500 for access to breached company networks

The number of offers for network access and their median prices on the public posts on hacker forums dropped in the final quarter of last year but the statistics fail to reflect the real size of the initial access market. https://www.bleepingcomputer.com/news/security/hackers-ask-only-1-500-for-access-to-breached-company-networks/  

North Korean hackers stole more than $300 million to pay for nuclear weapons, says confidential UN report

North Korea’s army of hackers stole hundreds of millions of dollars throughout much of 2020 to fund the country’s nuclear and ballistic missile programs in violation of international law, according to a confidential United Nations report. https://www.9news.com.au/world/north-korean-hackers-stole-more-than-300-million-to-pay-for-nuclear-weapons-says-un-report/5e382a51-2501-4990-ae16-fbdd01627661

Mobile Device Security: Corporate-Owned Personally-Enabled

The NCCoE has released the final version of NIST Cybersecurity Practice Guide Special Publication (SP) 1800-21, Mobile Device Security: Corporate-Owned Personally-Enabled (COPE). Use the button below to view this publication in its entirety, or scroll down for links to a specific section. https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/corporate-owned-personally-enabled https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-21.pdf    

Researchers discover new malware from Chinese hacking group

Researchers have discovered new “highly malleable, highly sophisticated” malware from a state-backed Chinese hacker group, according to Palo Alto Network’s Unit 42 threat intelligence team. https://www.axios.com/malware-chinese-hacking-researchers-7c3d1c66-0bea-46c2-bad6-d13f0eb69a5a.html    

Plex Media SSDP (PMSSDP) Reflection/Amplification DDoS Attack Mitigation Recommendations

ASERT Threat Summary Date/Time: February 7, 2020 2200UTC Severity: Warning Distribution: TLP: WHITE Categories: Availability Contributors: Ben Crowther, Ion Schiopu, Jon Belanger, Chris Conrad, Andrew Bartholomew. Changes for Version 1.2 (February 7, 2020):  Added information concerning new Plex Media Server (PMS) update which prevents PMS from being abused to launch reflection/amplification DDoS attacks Added link to Baidu Labs Chinese-language initial disclosure post. Changes for Version 1.1 (February …