Security Leftovers

posted by Roy Schestowitz on Mar 07, 2023

• Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw

• New ATM Malware ‘FiXS’ Emerges

  Metabase Q documents FiXS, a new malware family targeting ATMs in Latin America.

• New Tool Made by Microsoft and Mitre Emulates Attacks on Machine Learning Systems [Ed: Microsoft is pretending to care about security while actively working with the NSA (et al) to facilitate back door access to everything]

  Microsoft and Mitre release Arsenal plugin to help cybersecurity professionals emulate attacks on machine learning (ML) systems.

• As cyber attacks on health care soar, so does the cost of cyber insurance [Ed: The very high cost of Microsoft Windows]

  Health systems buffeted by labor and supply chain costs and broader economic woes have another unwieldy financial problem: the soaring costs of cyber insurance.

  Why it matters: It may not be sexy — or the first thing you think about when cybercriminals wreak havoc on hospital infrastructure. But the sheer scope of the problem, and insurers' reluctance to cover losses stemming from ransomware attacks, is hitting hospitals in a very real way, Moody's Investors Services points out.

• NVD makes up vulnerability severity levels

  When a security vulnerability has been found and confirmed in curl, we request a CVE Id for the issue. This is a global unique identifier for this specific problem. We request the ID from our CVE Numbering Authority (CNA), Hackerone, which once we make the issue public will publish all details about it to MITRE,

• 557 CVEs Added to CISA’s Known Exploited Vulnerabilities Catalog in 2022 [Ed: Many are proprietary software. The vendors refused to patch until it was too late.]

  There are nearly 900 vulnerabilities in CISA's Known Exploited Vulnerabilities (KEV) catalog, including nearly 100 discovered in 2022.

• Cybercrime Marketplace Leaks Over 2.1 Million Payment Cards

  Carding marketplace BidenCash last week released information on more than 2.1 million credit and debit cards.

• Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs

  Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

• Little chance of e-voting in Latvian elections for forseeable future [Ed: Voting must never be done in this way]

  Although electronic or 'e-voting' has been used in Estonia for many years now, the chances of a similar system being adopted in Latvia appear to remain extremely slim, reports Latvian Radio.

• Ransomware Operators Leak Data Allegedly Stolen From City of Oakland

  Play ransomware operators have leaked data allegedly stolen from the City of Oakland last month.

• European Police, FBI Bust International Cybercrime Gang

  Authorities disrupted an international cybercrime gang which has been blackmailing large companies and institutions for years.