Changes

From Security Weekly Wiki
Jump to navigationJump to search
515 bytes added ,  17:21, 10 December 2019
no edit summary
#[https://www.zdnet.com/article/how-panasonic-is-using-internet-honeypots-to-improve-iot-device-security/ How Panasonic is using internet honeypots to improve IoT device security] - This is really cool: '' in order to ensure development teams have as much information about potential security vulnerabilities in products as possible, both unreleased and on-the-market products are placed in the honeypots, which are monitored to gain insight into how devices are attacked by real-world hackers. "We deploy our real appliances as a honeypot and we collect attacks and malware targeting our devices. We can deploy products under development as well," Osawa explained. The Panasonic IoT threat-intelligence platform has been active for two years and in that time the company has collected information on about 30 million cyberattacks and 4,000 kinds of IoT malware – all attacks that are targeting real devices put through the security tests.''
#[https://www.geekwire.com/2019/new-windows-10-ransomware-threat-examining-claims-potentially-unstoppable-vulnerability/ A new Windows 10 ransomware threat? Examining claims of a potentially unstoppable vulnerability] - Lets clear up the sensational headline, first this is a vulnerability in Microsoft's CFA (Controlled Folder Access): ''The idea behind CFA is simple: if you haven’t prevented malware from executing on the system...CFA can at least provide protection by thwarting the main thing that ransomware does: encrypt key files.''and an example of one of the bypass techniques is as follows: '' in the “RIPlace” technique, malicious code replaces the file with its encrypted version rather than deleting the file first. Based on conversations with Nyotron, this situation occurs due to an error in the way that CFA is monitoring files to protect them.'' Also important to note, Microsoft is not motivated to fix this issue.
#[https://threatpost.com/birth-certificate-data-multiple-states/150948/ Birth Certificate Data Laid Bare on the Web in Multiple States]
#[https://www.bbc.com/news/technology-50686543 'Hackable' karaoke and walkie talkie toys found by Which?]
6,509

edits

Navigation menu