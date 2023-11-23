Windows TCO Stories
Security Week ☛ Windows Hello Fingerprint Authentication Bypassed on Popular Laptops
The research was conducted by security engineering and research services provider Blackwing Intelligence and Microsoft’s Offensive Research and Security Engineering (MORSE).
The targets were a Dell Inspiron 15 with a Goodix fingerprint sensor, a Lenovo ThinkPad T14s with the Synaptics sensor, and a Microsoft Surface Pro X, which has an ELAN sensor.
The embedded fingerprint sensors and the host were targeted with software and hardware attacks.
The Register UK ☛ How to give Windows Hello the finger and login as someone on their stolen laptop
The research was carried out by Blackwing Intelligence, primarily Jesse D'Aguanno and Timo Teräs, and was commissioned and sponsored by Microsoft's Offensive Research and Security Engineering group. The pair's findings were presented at the IT giant's BlueHat conference last month, and made public this week. You can watch the duo's talk below, or dive into the details in their write-up here.
Bleeping Computer ☛ Windows Hello auth bypassed on Microsoft, Dell, Lenovo laptops
Security Week ☛ 185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone
AutoZone revealed that cybercriminals have stolen information, including social security numbers, after exploiting a vulnerability in the MOVEit Transfer managed file transfer application. However, the company is not aware of instances where the exposed information has been used for fraud.
Data Breaches ☛ Kansas court officials confirm details of ‘evil, criminal’ international cyberattack
Foreign cybercriminals launched the attack on the Kansas judicial branch’s information system in October and stole records of appellate cases and judicial administration files potentially regarded as confidential under state law, officials said Tuesday.
[Repeat] Kansas Reflector ☛ Kansas court officials confirm details of ‘evil, criminal’ international cyberattack
The release said the judicial branch was the “victim of a sophisticated [sic] foreign cyberattack” and ongoing work by experts would identify the scope of personal information stolen. Once the assessment was completed, court officials said, individuals directly touched by the breach would be contacted.
Data Breaches ☛ British Library: Employee data leaked in cyber attack
The British Library, the UK’s largest library, posted on X, saying: “Following confirmation last week that this was a ransomware attack, we’re aware that some data has been leaked. This appears to be from our internal HR files.”
>[Repeat] BBC ☛ British Library: Employee data leaked in cyber attack
It added: "Ransomware is the key cyber threat facing the UK, and all organisations should take immediate steps to limit risk by following our advice on how to put in place robust defences to protect their networks."
On Monday the Rhysida ransomware group said it was behind the attack and shared an image to its leak site on the dark web showing various documents, some of which appear to be HMRC employment contracts and passports.