Wade Mackey
A new vulnerabilities discovered earlier this week implied that companies’ CPUs are exposing to potential attacks from Zombiload. According to Intel, companies have the options to disable the updates to prevent the risk, but also need to make sure the system are away from impact and performance slow down.
The article states serious vulnerabilities which were found in Andriod smartphones using Qualcomm chipsets. Qualcomm’s Secure Execution Environment or QSEE is a hardware-isolated secure area on the main processor that aims to protect sensitive information and provides a separate secure environment (REE) for executing Trusted Applications. According to vulnerabilities, hackers can exploit system to gain credential and private data.
Source: https://thehackernews.com/2019/11/qualcomm-android-hacking.html
The article states that researchers from Bitdefender have found that Amazon’s Ring Video Doorbell Pro device has IT vulnerabilities which attackers are able to exploit the system in order to hack WiFi password and launch a variety of cyberattacks using MitM against other devices connected to the same network. If hackers can gain unauthorized access to the system, they possibly can interact with all devices within the household network, intercept network traffic and run man-in-the-middle attacks, or access all local storage like NAS.
The article states that there are top five places in 2019 where hackers can steal corporate and government data without detection. The details are as follow;
It follows an investigation by The Verge into working conditions and the mental health of employees working at an Arizona moderation center on behalf of the social network.
Cognizant also has workers in India, Europe and Latin America.It is believed its decision will result in around 6,000 job cuts.
The firm told the BBC: “We have determined that certain content work in our digital operations practice is not in line with our strategic vision for the company and we intend to exit this work over time. This work is largely focused on determining whether certain content violates client standards – and can involve objectionable materials.
“Our other content-related work will continue. In the meantime, we will honor our existing obligations to the small number of clients affected and will transition, over time, as those commitments begin to wind down. In some cases, that may happen over 2020, but some contracts may take longer.”
In response, Facebook’s Arun Chandra said: “We respect Cognizant’s decision to exit some of its content review services for social media platforms.
https://www.bbc.com/news/technology-50247540
The Henn na Hotel in Japan has bedside robots that serve as guest assistants. Several weeks ago, a researcher warned HIS Group that the bed-bots were easily accessible because they allowed unsigned code to run simply by tapping an NFC tag to the back of the robot’s head. This allowed a hacker to remotely watch and listen through cameras and microphones in the robot. He released a 0day vulnerability after the researcher had not heard back from the hotel for more than 90 days. The hotel then apologized and fixed the robots.
The researcher’s twitter also makes for a good read.
The report also includes a note from a cybersecurity specialist. Joseph Carson said such a vulnerability is not surprising and anything connected to the internet: a laptop, phone, webcam or hospitality robot, are all exposed to the risk of being hacked and abused.
The article states that there are three main causes of data breaches in 2019 as following;
Therefore, five recommendations are provided;
Source: https://thehackernews.com/2019/10/data-breach-protection.html
This was an interesting read about a recent ransomware attack to hit the Baltimore government. Apparently, the attack resulted in large losses of key/critical data, that was only stored on user’s local computers. There are a few issues here and the article dives into each of them. First, why were users storing critical/key data locally on their computers? This data should have been stored in a centralized location. Second, this obviously was not a one-off situation. For the government to lose a lot of this data, it was not just a few people not following policies. This was a systemic method for storing and manipulating data. Is the IT department to blame for not implementing a workstation backup solution, to address this systemic problem? The data stored centrally was able to recover from the ransomware attack, but the workstation data was not.
The article states about “SimJacker” vulnerability which attackers are able to remotely attack to mobile phone. This involves a SMS containing a specific type of spyware-like code being sent to a mobile phone to exploit the presence of a particular piece of software of S@T Browser on the SIM card. This weakness has spread over 29 countries including North America, South America, Africa, Europe, and Asia. In addition, there is android application like SnoopSnitch to detect the attack according to suspicious binary SMS and the SIMalliance has also improved some updates to S@T browser specifications to increase the security of the SIM toolkits.
Source: https://thehackernews.com/2019/10/simjacker-vulnerability-exploit.html
The article states the vulnerabilities found in the messenger application called “Signal Private Messenger”. Natalie Silvanovich found a logical vulnerability for Andriod which allows a caller to mandate a call to be answered at the destination without requesting receivers’ interaction. “In other words, the flaw could be exploited to turn on the microphone of a targeted Signal user’s device and listen to all surrounding conversations.”
However, this issue was already solved by releasing patch management of “Signal for Android v4.47.7”.
Source: https://thehackernews.com/2019/10/signal-messenger-bug.html