Cybersecurity

US Senate Votes to Reimpose Sanctions on ZTE

US Senate Votes to Reimpose Sanctions on ZTE

The deal struck by the Trump administration to let ZTE resume its business in the US may soon be negated as the Senate passed this week the National Defense Authorization Act, a military funding bill, which includes a provision that would retain sanctions on the Chinese telecom giant. The Senate version of the NDAA, which passed 85 against 10, will now be sent to the conference committee to reconcile differences with a version passed by the House of Representatives last May. However, it is said that the sanctions may still not make it out of the conference period before it […]

New IoT Camera Flaw Can Give Attackers Full Control

Researchers from VDOO recently warned against a newly discovered flaw in IoT cameras that hackers can exploit to gain full control of the device. The researchers further revealed that the bug was found in around 400 internet camera models from one manufacturer, Axis Communications. It is said that the bug can allow hackers full access to the device with just the IP address, even without login credentials.      Axis announced that it had already patched the firmware of all affected products and assured consumers that there was no evidence that the vulnerabilities had been exploited in the field. Source: ZDNet

Lack of APAC Businesses Collaboration Compromising Regional Security

Lack of APAC Businesses Collaboration Compromising Regional Security

Microsoft CSO Michael Montoya recently remarked that the lack of information exchange and breach disclosure between legitimate APAC businesses is affecting the security posture in the region which remains the least mature and most frequently attacked globally. Montoya added that threat actors are actually collaborating more and out-evolving the industry. It was also noted in Microsoft’s latest Security Intelligence Report that Asia, particularly the fast-growing economies of Southeast Asia, is a popular target for threat groups because of its accelerated digital transformation. According to Montoya, the region maintains an archaic defence posture despite its widening the attack surface, which makes […]

Chinese Threat Group Hits National Data Center in Central Asia

Chinese Threat Group Hits National Data Center in Central Asia

Kaspersky Lab researchers recently revealed that Chinese-speaking threat group LuckyMouse have hit a national data center in Central Asia with the aim to cripple government resources. It is said that hitting the target would cause massive problems for a wide range of government resources at one fell swoop. It is said that the group used a watering hole or phishing to compromise employee accounts at the center. Kaspersky added that national data centers are valuable sources of data that can also be abused to compromise official websites, and that the Chinese threat actors may be trying a more stealthier approach […]

Another CPU Security Bug Identified by Intel

Another CPU Security Bug Identified by Intel

Intel announced this week that it has found another flaw in its Core-based processors called Lazy FP state restore which can theoretically be exploited to pull data from even software on computers running any OS. Red Hat Computer Architect Jon Masters said that the speculative execution vulnerability allows the floating point registers to be leaked from another process, even the same registers used for crypto. It does not, however, affect AMD processors. Masters said that the fix, which is currently available on Red Hat Enterprise Linux 7, even improves performance. He added that the flaw’s impact is moderate, in such […]

Congress May Block ZTE’s Bid to Resume US Operations

Congress May Block ZTE’s Bid to Resume US Operations

It is said that in the coming weeks, the US Congress may block the Trump Administration’s move to allow Chinese telecommunications giant ZTE to resume its business in the US when the Senate votes on the measure as part of the National Defense Authorization Act (NDAA). If the defense policy bill passes, it may be possible for the ZTE provision to get thrown out during the negotiations for the final version of the NDAA. The House NDAA includes a separate provision prohibiting the US government agencies from using “risky” technology from ZTE or Huawei, which are considered to be “linked […]

Award-Winning Smart Lock Can be Hacked in Seconds, Researchers Say

Award-Winning Smart Lock Can be Hacked in Seconds, Researchers Say

Security expert Andrew Tierney from Pen Test Partners (PTP) recently revealed in a blog post that he was able to unlock a high-tech fingerprint-secured padlock using a smartphone. Tierney said that it took him 45 minutes to figure out how to hack the Tapplock which he was able to unlock in just 2 seconds. He added that lock’s software was not able to adequately secure the data it broadcasts, leaving it vulnerable to several “trivial” attacks. In response to the discovery, the lock company said that it will be issuing a software update to address the issue and advised customers […]

Hackers with NoKor Ties Hit South Korean Think Tank with Zero-Day Flaw

Hackers with NoKor Ties Hit South Korean Think Tank with Zero-Day Flaw

North Korean hackers had reportedly attacked South Korea’s Sejong Institute with an ActiveX zero-day vulnerability to deliver a backdoor malware on the systems of the non-profit think tank. The flaw was discovered in May on one of the think tank’s website AhnLab, a South Korean cybersecurity company. Researchers say that the attack was carried out by the Andariel Group, an offshoot of Lazarus which is known to have ties with North Korea. The malware was said to have been used to compromise a Taiwanese bank’s SWIFT financial communications system to move funds from an overseas accounts. Source: ZDNet

Australia Funds Pacific Undersea Cable to Block China

Australia Funds Pacific Undersea Cable to Block China

Australia had reportedly agreed last Wednesday to fund the laying of underwater internet cables and a cyber security center for the Solomon Islands, blocking plans by Chinese telecom giant Huawei Technologies Co Ltd. who was originally contracted to complete the project. It is said that Australia deliberately stepped in due to security concerns posed by the involvement of Huawei. Australian Foreign Minister Julie Bishop told the media that while she will not elaborate on the issue, she confirmed that the Solomon Islands had already agreed to their deal which was cheaper. However, a A Huawei spokesperson said that they were […]

74 Email Fraudsters Arrested by FBI

74 Email Fraudsters Arrested by FBI

The US Department of Justice announced last Monday that 74 fraudsters, 42 of which are from the US, have been arrested for conducting “business email compromise” schemes to steal millions from both businesses and individuals. The fraudsters, soma hailing from Nigeria, Canada, Mauritius, and Poland, were caught through Operation Wire Wire where the FBI also seized $2.4 million and blocked and recovered a total of $14 million in fraudulent wire transfers. The operation also involved the efforts of the US Department of Homeland Security, the US Treasury, and the US Postal Inspection Service.   Source: ZDNet