• MadIoT botnet attacks could result in power outages and much more
    Cybercriminals may soon be able to launch large-scale coordinated attacks on the power grid, without relying on the Stuxnet worm to infiltrate critical infrastructure.Read More
  • Canada's Police chiefs want new electronic data-sharing treaty with U.S.
    OTTAWA — Canada’s police chiefs are pressing the Trudeau government to sign a new electronic data-sharing agreement with the United States to overcome hurdles in the fight against crimes ranging from fraud to cyberterrorism.But the government and the federal privacy commissioner say more consultation and study are needed to ensure appropriate protection of personal information before taking such a step.The Canadian Association of Chiefs of Police recently passed a resolution urging the federal government to negotiate an updated sharing agreement with the U.S.The say cross-border access to information is one of the most pressing issues for law enforcement agencies.The chiefs see an opportunity for a virtual leap forward following Washington’s passage of the Clarifying Lawful Overseas Use of Data (CLOUD) Act.Read More
  • Aqua Security Launches Open-Source Kube-Hunter Container Security Tool
    Aqua Security has made its new Kube-hunter open-source tool generally available, enabling organizations to conduct penetration tests against Kubernetes container orchestration deployments. Aqua Security is a container security platform vendor that launched its first commercial product in May 2016. While Aqua Security has a commercial platform, it has also built a series of open-source tools that help organizations validate different aspects of container security. Another Aqua Security open-source tool is Kube-bench, which runs a series of tests against the Center for Internet Security (CIS) Kubernetes benchmark. Rice said Kube-hunter doesn't look inside container images for that kind of sensitive data, but it can run tests that probe for data leaks. She noted that additional developers, whether independent, working for other vendors or within end-user organizations, can add more attack vector tests, improve the existing ones, and test the tool on a wider variety of environments and setups.Read More
  • New "Turning Tables" Technique Bypasses All Windows Kernel Mitigations
    Security researchers have discovered a new exploitation technique that they say can bypass the kernel protection measures present in the Windows operating systems. Discovered by security researchers Omri Misgav and Udi Yavo from enSilo, the technique is named Turning Tables, and exploits Windows' page tables. Misgav and Yavo say the Turning Tables technique relies on crafting malicious code that alters these "shared code pages" in a negative way to affect the execution of other processes, some of which have higher privileges. By doing this, the Turning Tables technique allows attackers to elevate the privileges of their code to higher levels, such as SYSTEM. Turning Tables also impacts macOS, Linux Furthermore, since the concept of page tables is also used by Apple and the Linux project, macOS and Linux are, in theory, also vulnerable to this technique, albeit the researchers have not verified such attacks, as of yet. The two enSilo researchers said they informed Microsoft about the Turning Tables technique.Read More
  • 2 undocumented patches from Microsoft may solve the 1803 TLS 1.2 blocking problem
    Microsoft’s KB 4458166, released on Tuesday, explains that the push to Win10 version 1803 has been halted for machines running .Net applications that use the TLS 1.2 security protocol. Presumably, effective Tuesday, if you have a Win10 1709 or 1703 machine that’s running one of those programs (including, notably, QuickBooks Desktop), Microsoft won’t try to push 1803 on it.It isn’t clear if the bug arose from the recent .Net updates to Win10 1803 or if it’s been there all along and Microsoft’s testers took four months to figure out that upgrading to 1803 hoses QuickBooks.Late last night, without fanfare, Microsoft put two “Critical Updates” in the Windows Update Catalog that likely solve the problem. Microsoft Catalog entries, I don’t see any indication what they’re supposed to do. The KB article, in particular, has not been modified to point to the new patches. It still says: Microsoft is working on a resolution, and will provide an update in an upcoming release.Read More
  • .EGG Files in Spam Delivers GandCrab v4.3 Ransomware to South Korean Users
    We discovered spam mails abusing EGG (.egg) files to deliver the GandCrab v4.3 ransomware (detected by Trend Micro as Ransom_GANDCRAB.TIAOBHO). Additionally, the operators behind the spam mails appear to be specifically going after South Korean users, as evidenced by the use of Hangul in the spam mails’ subject, body, and filename attachment. In English, an excerpt from the email body roughly translates to “'Unfair e-commerce notification' has been filed against your head office, I will let you know that I am going to do it.” Meanwhile, the attached EGG file is named “Notification of e-commerce violation.” It’s important to note that files in EGG format can only be decompressed by ALZip. In our analysis of the samples, the attached EGG (TROJ_GANDCRAB.TICABAK) contains three files: two shortcut .lnk files (LNK_GANDCRAB.E) that are disguised to appear as documents, and an .exe file that will disappear once the user decompresses the EGG file. If the user was tricked into decompressing the EGG file and subsequently opens either of the two .doc-disguised .lnk files, the hidden file, which is actually the GandCrab malware, executes.Read More
  • Augusta University Health breach exposes personal records of over 400K patients
    The personal records of approximately 417,000 individuals may have been exposed by two seperate phishing attacks that targeted Georgia-based Augusta University Health.Read More
  • Gmail now lets you send self-destructing 'confidential mode' emails from your phone
    Confidential mode came with the search company's big redesign of Gmail announced earlier this year and became the default for consumer Gmail users in July, while G Suite business customers still have a few months to make the switch. Google promotes the Gmail feature as a way to protect sensitive information by allowing users to set an expiration date for individual messages or revoke access to messages already sent. Google is treading more carefully with the rollout of confidential mode for its G Suite users, despite calling confidential mode an "information rights management" control. In response to recent concerns about third-party developers having access to Gmail users' content, Google stressed that no one at Google reads Gmail messages but noted that it can if it needs to, to investigate a bug or abuse. Google says it doesn't get paid for giving third-party apps access to Gmail and checks them thoroughly.Read More
  • China’s Belt and Road Initiative could trigger increase in cyberespionage activity, researchers warn
    Security researchers at FireEye are warning Malaysian organizations to be on alert for surge in cyberespionage activity. Experts believe that recent political developments related to China’s $1 trillion Belt and Road Initiative (BRI) could cause a rise in cyberespionage activity.Read More
  • Apple yanks 25,000 gambling apps from the App Store in China
    That’s why Apple will remove apps from its Chinese App Store whenever regulators deem them unlawful. “We have already removed many apps and developers for trying to distribute illegal gambling apps on our App Store, and we are vigilant in our efforts to find these and stop them from being on the App Store,” Apple said in a statement. CCTV on Sunday criticized Apple for allowing gambling apps in the App Store, which are banned in China. Apple in the past removed VPN apps from the App Store in China when regulators demanded it. Without access to the App Store, iPhones and iPads sold in China would not have any way of installing any apps, regardless of whether they’re labeled as legal in the country or not. Tags: app store, Apple, China, iPhoneRead More