This ENISA study defines guidelines for securing the supply chain for IoT. ENISA with the input of IoT experts created security guidelines for the whole lifespan: from requirements and design, to end use delivery and maintenance, as well as disposal. The study is developed to help IoT manufacturers, developers, integrators and all stakeholders that are involved to the supply chain …
Solving the Cryptography Riddle: Post-quantum Computing & Crypto-assets Blockchain Puzzles
The European Union Agency for Cybersecurity releases two reports on cryptography: one on the progress of post-quantum cryptography standardisation, and the other on exploring the technologies under the hood of crypto-assets. Cryptography is a vital part of cybersecurity. Security properties like confidentiality, integrity, authentication, non-repudiation rely on strong cryptographic mechanisms, especially in an always connected, always online world. In addition, …
Cybersecurity Challenges in the Uptake of Artificial Intelligence in Autonomous Driving
A report by the European Union Agency for Cybersecurity (ENISA) and the Joint Research Centre (JRC) looks at cybersecurity risks connected to Artificial Intelligence (AI) in autonomous vehicles and provides recommendations for mitigating them. By removing the most common cause of traffic accidents – the human driver – autonomous vehicles are expected to reduce traffic accidents and fatalities. However, they …
AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) to highlight the cyber …
France ties Russia’s Sandworm to a multiyear hacking spree
Destructively minded group has exploited an IT monitoring tool from Centreon. https://arstechnica.com/information-technology/2021/02/france-ties-russias-sandworm-to-a-multiyear-hacking-spree/
Unpatched Android App with 1 Billion Downloads Threatens Spying, Malware
Attackers can exploit SHAREit permissions to execute malicious code through vulnerabilities that remain unpatched three months after app makers were informed. Mit dem Laden des Tweets akzeptieren Sie die Datenschutzerklärung von Twitter.Mehr erfahren Inhalt laden Twitter Tweets immer entsperren
DDoS attack takes down EXMO cryptocurrency exchange servers
The servers of British cryptocurrency exchange EXMO were taken offline temporarily after being targeted in a distributed denial-of-service (DDoS) attack. https://www.bleepingcomputer.com/news/security/ddos-attack-takes-down-exmo-cryptocurrency-exchange-servers/
FBI’s alert warns about using Windows 7 and TeamViewer
The FBI issues this week a Private Industry Notification (PIN) alert to warn companies about the risks of using out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. Klicken Sie auf den unteren Button, um den Inhalt von securityaffairs.co zu laden. Inhalt laden
Hackers break into research council servers, grant applications halted
Hackers gained access to the servers of the Dutch research council NWO, halting grant applications for the time being, the council said on Sunday. https://www.dutchnews.nl/news/2021/02/hackers-break-into-research-council-servers-grant-applications-halted/
Singtel Suffers Zero-Day Cyberattack, Damage Unknown
The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched security bugs in the Accellion legacy file-transfer platform. Mit dem Laden des Tweets akzeptieren Sie die Datenschutzerklärung von Twitter.Mehr erfahren Inhalt laden Twitter Tweets immer entsperren
Volkswagen taps Microsoft’s cloud to develop self-driving software
Volkswagen AG on Thursday said it will use Microsoft Corp’s cloud computing services to help it streamline its software development efforts for self-driving cars. https://cybernews.com/news/volkswagen-taps-microsofts-cloud-to-develop-self-driving-software/
DDoS attacks intensify — Driven in part by COVID-19 and 5G
Cybercriminals had a busy year in 2020, with rapidly increasing numbers of distributed denial of service (DDoS) weapons, widespread botnet activity, and some of the largest DDoS attacks ever recorded. As COVID-19 drove an urgent shift online for everything from education and healthcare, to consumer shopping, to office work, hackers had more targets available than ever—many of them under protected …
Hackers ask only $1,500 for access to breached company networks
The number of offers for network access and their median prices on the public posts on hacker forums dropped in the final quarter of last year but the statistics fail to reflect the real size of the initial access market. https://www.bleepingcomputer.com/news/security/hackers-ask-only-1-500-for-access-to-breached-company-networks/
North Korean hackers stole more than $300 million to pay for nuclear weapons, says confidential UN report
North Korea’s army of hackers stole hundreds of millions of dollars throughout much of 2020 to fund the country’s nuclear and ballistic missile programs in violation of international law, according to a confidential United Nations report. https://www.9news.com.au/world/north-korean-hackers-stole-more-than-300-million-to-pay-for-nuclear-weapons-says-un-report/5e382a51-2501-4990-ae16-fbdd01627661
Mobile Device Security: Corporate-Owned Personally-Enabled
The NCCoE has released the final version of NIST Cybersecurity Practice Guide Special Publication (SP) 1800-21, Mobile Device Security: Corporate-Owned Personally-Enabled (COPE). Use the button below to view this publication in its entirety, or scroll down for links to a specific section. https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/corporate-owned-personally-enabled https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-21.pdf
Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple
Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications. https://threatpost.com/supply-chain-hack-paypal-microsoft-apple/163814/
Researchers discover new malware from Chinese hacking group
Researchers have discovered new “highly malleable, highly sophisticated” malware from a state-backed Chinese hacker group, according to Palo Alto Network’s Unit 42 threat intelligence team. https://www.axios.com/malware-chinese-hacking-researchers-7c3d1c66-0bea-46c2-bad6-d13f0eb69a5a.html
Plex Media SSDP (PMSSDP) Reflection/Amplification DDoS Attack Mitigation Recommendations
ASERT Threat Summary Date/Time: February 7, 2020 2200UTC Severity: Warning Distribution: TLP: WHITE Categories: Availability Contributors: Ben Crowther, Ion Schiopu, Jon Belanger, Chris Conrad, Andrew Bartholomew. Changes for Version 1.2 (February 7, 2020): Added information concerning new Plex Media Server (PMS) update which prevents PMS from being abused to launch reflection/amplification DDoS attacks Added link to Baidu Labs Chinese-language initial disclosure post. Changes for Version 1.1 (February …