Copy
View this email in your browser

The Weekly Ledger

Week of April 19, 2021

Share Share
Tweet Tweet
Share Share
Forward Forward

Your Cybersecurity News Roundup

Here are some of the must-read cybersecurity stories published in the past week. 

Exploiting Vulnerabilities in Cellebrite UFED & Physical Analyzer (Signal)
Their products have often been linked to the persecution of journalists and activists around the world, but less has been written about what their software actually does.

NATO tests its hand defending against blended cyber-disinfo attacks (Cyber Scoop)
Member nations of NATO have banded together to confront an apparent cyberattack carried out against a NATO member’s critical infrastructure.

FBI moves to remove backdoors from hacked Microsoft Servers (Tech Crunch)
A court in Houston has authorized an FBI operation to “copy and remove” backdoors from hundreds of Microsoft Exchange email servers in the United States

New Clubhouse Security Vulnerabilities Could Happen to Anyone (Luta Security)
"Gather around folks, it's hacker story time, and today I want to tell the tale of how I hacked Clubhouse..."

Data Exploration and Visualization on Leaked Clubhouse Data (Infosec Write-Ups)
3 million scraped Clubhouse user records were made publicly available online, so here is a step-by-step walk-through of the data using Jupyter Notebook and Gephi.

Enough About Data Breaches. Let's Talk About OT Security (Tag Cyber)
When people talk about cybersecurity, they always seem to be talking about data breaches, and never about infrastructure and operational technology (OT).

VTA Hit by Cyberattack, Hackers Threaten To Release Data (Patch)
A cyberattack shut down the Santa Clara Valley Transportation Authority's computer systems, and a group of hackers has claimed responsibility. 

Irish Watchdog Opens Another Facebook Probe, Over Data Dump (AP)
Ireland’s privacy regulator has opened an investigation into Facebook after data on more than 500 million users was reportedly found dumped online.

Hackers move $760 million from the 2016 Bitfinex hack (The Record)
More than $760 million worth of Bitcoin, stolen from cryptocurrency exchange Bitfinex in 2016, were moved on Wednesday to new accounts.

China could 'control the global operating system' of tech (ZDNet)
The West must be prepared to face a world where technology is developed and controlled by states with 'illiberal values' - and to set up cyber defenses accordingly.

Apple AirDrop Flaws Could Let Hackers Take Users' Info (Hot For Security)

Users have long loved the ability to use AirDrop, but researchers have discovered that security weaknesses could allow an attacker to obtain a victim’s information.

ATT&CK Evaluations Carbanak and FIN7 (Mitre-Engenuity)
A guide on how to get started with the results and navigate the new content.

Deere John: Researcher Warns Ag Giant’s Site Provides a Map to Customers, Equipment

Web sites for customers of agricultural equipment maker John Deere contained vulnerabilities that could have allowed a remote attacker to harvest sensitive information on the company’s customers including their names, physical addresses and information on the Deere equipment they own and operate.

The researcher known as “Sick Codes” (@sickcodes) published two advisories on Thursday warning about the flaws in the myjohndeere.com web site and the John Deere Operations Center web site and mobile applications. In a conversation with Security Ledger, the researcher said that a he was able to use VINs (vehicle identification numbers) taken from a farm equipment auction site to identify the name and physical address of the owner. Furthermore, a flaw in the myjohndeere.com website could allow an unauthenticated user to carry out automated attacks against the site, possibly revealing all the user accounts for that site.

Continue reading the article here.

Can Blockchain Solve Data’s Integrity Problem?

Goodness is hard to measure. More so in the field of Cybersecurity. In the physical world, if you possess something, say a $1 bill, you have it. If you spend it, you don’t have it. If someone steals it, you don’t have it, either. The digital world is quite different. Digital copies are the same as the original – exactly the same. Each replicated copy is at least as original as the original original. “Can you send me a copy?” can only be answered, “No, but I can send you an original.”

You know all that.

A non time-sensitive digital asset that could be infinitely replicated was itself of little value. It could be replicated many times and in theory “spent” many times. But of course, there were no buyers. Enter cryptocurrency, Bitcoin for an obvious example. A Bitcoin aspires to be a digital $1 bill that can neither be double-spent nor infinitely replicated. How do those two miracles occur? Blockchain. 

Continue reading the article here.

Join us tomorrow (Tuesday, April 27th) to look at how organizations can secure cloud access with automated reviews of user and API entitlements.

Rapid adoption of SaaS and cloud applications is transforming how business is done. It is also dramatically increasing the security and compliance risks of misconfigured access settings and user permissions.

Today, reviews of cloud user- and API entitlements are becoming an essential component of industry- and government compliance regimes. For regulated firms, however, reviewing these entitlements is a cumbersome, time-consuming and costly process.

Register for this webinar and walk away with the most important strategies to ensure that your cloud services are secure and compliant.    

Register Here!
Share Share
Tweet Tweet
Forward Forward
Copyright © 2021 Box Jump LLC/The Security ledger, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.