This ENISA study defines guidelines for securing the supply chain for IoT. ENISA with the input of IoT experts created security guidelines for the whole lifespan: from requirements and design, to end use delivery and maintenance, as well as disposal. The study is developed to help IoT manufacturers, developers, integrators and all stakeholders that are involved to the supply chain …
The European Union Agency for Cybersecurity releases two reports on cryptography: one on the progress of post-quantum cryptography standardisation, and the other on exploring the technologies under the hood of crypto-assets. Cryptography is a vital part of cybersecurity. Security properties like confidentiality, integrity, authentication, non-repudiation rely on strong cryptographic mechanisms, especially in an always connected, always online world. In addition, …
A report by the European Union Agency for Cybersecurity (ENISA) and the Joint Research Centre (JRC) looks at cybersecurity risks connected to Artificial Intelligence (AI) in autonomous vehicles and provides recommendations for mitigating them. By removing the most common cause of traffic accidents – the human driver – autonomous vehicles are expected to reduce traffic accidents and fatalities. However, they …
Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber …
Destructively minded group has exploited an IT monitoring tool from Centreon. https://arstechnica.com/information-technology/2021/02/france-ties-russias-sandworm-to-a-multiyear-hacking-spree/
Attackers can exploit SHAREit permissions to execute malicious code through vulnerabilities that remain unpatched three months after app makers were informed. Mit dem Laden des Tweets akzeptieren Sie die Datenschutzerklärung von Twitter.Mehr erfahren Inhalt laden Twitter Tweets immer entsperren
The servers of British cryptocurrency exchange EXMO were taken offline temporarily after being targeted in a distributed denial-of-service (DDoS) attack. https://www.bleepingcomputer.com/news/security/ddos-attack-takes-down-exmo-cryptocurrency-exchange-servers/
The FBI issues this week a Private Industry Notification (PIN) alert to warn companies about the risks of using out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. Klicken Sie auf den unteren Button, um den Inhalt von securityaffairs.co zu laden. Inhalt laden
Hackers gained access to the servers of the Dutch research council NWO, halting grant applications for the time being, the council said on Sunday. https://www.dutchnews.nl/news/2021/02/hackers-break-into-research-council-servers-grant-applications-halted/
The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform. Mit dem Laden des Tweets akzeptieren Sie die Datenschutzerklärung von Twitter.Mehr erfahren Inhalt laden Twitter Tweets immer entsperren
Volkswagen AG on Thursday said it will use Microsoft Corp’s cloud computing services to help it streamline its software development efforts for self-driving cars. https://cybernews.com/news/volkswagen-taps-microsofts-cloud-to-develop-self-driving-software/
Cybercriminals had a busy year in 2020, with rapidly increasing numbers of distributed denial of service (DDoS) weapons, widespread botnet activity, and some of the largest DDoS attacks ever recorded. As COVID-19 drove an urgent shift online for everything from education and healthcare, to consumer shopping, to office work, hackers had more targets available than ever—many of them under protected …
The number of offers for network access and their median prices on the public posts on hacker forums dropped in the final quarter of last year but the statistics fail to reflect the real size of the initial access market. https://www.bleepingcomputer.com/news/security/hackers-ask-only-1-500-for-access-to-breached-company-networks/
North Korea’s army of hackers stole hundreds of millions of dollars throughout much of 2020 to fund the country’s nuclear and ballistic missile programs in violation of international law, according to a confidential United Nations report. https://www.9news.com.au/world/north-korean-hackers-stole-more-than-300-million-to-pay-for-nuclear-weapons-says-un-report/5e382a51-2501-4990-ae16-fbdd01627661
The NCCoE has released the final version of NIST Cybersecurity Practice Guide Special Publication (SP) 1800-21, Mobile Device Security: Corporate-Owned Personally-Enabled (COPE). Use the button below to view this publication in its entirety, or scroll down for links to a specific section. https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/corporate-owned-personally-enabled https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-21.pdf
Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications. https://threatpost.com/supply-chain-hack-paypal-microsoft-apple/163814/
Researchers have discovered new “highly malleable, highly sophisticated” malware from a state-backed Chinese hacker group, according to Palo Alto Network’s Unit 42 threat intelligence team. https://www.axios.com/malware-chinese-hacking-researchers-7c3d1c66-0bea-46c2-bad6-d13f0eb69a5a.html
ASERT Threat Summary Date/Time: February 7, 2020 2200UTC Severity: Warning Distribution: TLP: WHITE Categories: Availability Contributors: Ben Crowther, Ion Schiopu, Jon Belanger, Chris Conrad, Andrew Bartholomew. Changes for Version 1.2 (February 7, 2020): Added information concerning new Plex Media Server (PMS) update which prevents PMS from being abused to launch reflection/amplification DDoS attacks Added link to Baidu Labs Chinese-language initial disclosure post. Changes for Version 1.1 (February …
