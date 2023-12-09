Security Leftovers
Pen Test Partners ☛ Navigate FDA 524b to get your medical cyber device to market
With amendment 524b officially enacted, medical devices across the United States (and the globe) are living under some new rules and procedures.
JURIST ☛ Canada report finds cyber threat activities targeting elections on the rise worldwide
A report from the Canadian Centre for Cyber Security published Wednesday found that cyberattacks targeting elections are increasing worldwide and are now more likely to be seen during Canada’s next ballot. According to the report, the proportion of elections targeted by cyberattacks has increased from 10 percent in 2015 to 26 percent in 2022.
The Strategist ☛ Australia needs to talk more openly about offensive cyber operations
Australia’s 2023 cybersecurity strategy makes clear that most of the things we need to do to protect ourselves in cyberspace are essentially defensive. The strategy is usefully organised according to six ‘shields’.
Security Week ☛ Future Intel, AMD and Arm CPUs Vulnerable to New ‘SLAM’ Attack: Researchers
Security features that major CPU vendors plan on integrating into their future products can increase the surface for certain types of attacks.
Security Week ☛ New ‘Pool Party’ Process Injection Techniques Undetected by EDR Solutions
Pool Party is a new set of eight backdoored Windows process injection techniques that evade endpoint detection and response solutions.
Security Week ☛ Chrome 120 Patches 10 Vulnerabilities
Chrome 120 was released in the stable channel with patches for 10 vulnerabilities, including five externally reported flaws.
SANS ☛ Whose packet is it anyway: a new RFC for attribution of internet probes, (Wed, Dec 6th)
While going through newly published RFCs last week,
SANS ☛ Revealing the Hidden Risks of QR Codes (Guest Diary), (Wed, Dec 6th)
SANS ☛ 5Ghoul: Impacts, Implications and Next Steps, (Thu, Dec 7th)
The introduction of 5G networks has brought increased quality-of-life upgrades such as increased network speeds, the ability to handle concurrent users/network congestion and improved secure communication protocols compared to 4G technology. These benefits are expected to assist sectors such as medical, automation and internet-of-things (IoT) deployments where low-latency network communication is required. Ensuring the fidelity and security of 5G is imperative as organizations and users increasingly adopt it in their lives.
Security Week ☛ Nissan Restoring Systems After Cyberattack
Nissan Oceania says it has been working on restoring its systems after falling victim to a cyberattack.
IT Wire ☛ Nissan reveals incident affecting Australia, New Zealand operations
The company says in a statement on its website that its dealer network is not affected by the incident.
The attack is also affecting Nissan Financial Services, Mitsubishi Motors Financial Services, Renault Financial Services, Skyline Car Finance. RAM Truck Finance and LDV Financial Services.
The Nissan statement said it had notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre.
Silicon Angle ☛ Akamai discovers Active Directory DNS spoofing exploitThe combination of Domain Name System, Active Directory and the Dynamic Host Configuration Protocol is a potential cybersecurity threat, Akamai Technologies Inc. security researcher Ori David warned in a blog post today. The trouble has to do with the way Abusive Monopolist Microsoft Corp. has assembled DHCP DNS Dynamic Updates.
Security Week ☛ Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption [Ed: But Apple works for the NSA; this is more like a PR stunt]
A study commissioned by Fashion Company Apple shows that 2.6 billion personal data records were compromised in breaches in the past two years.
Security Week ☛ Exploitation of Recent Cisco IOS XE Vulnerabilities Spikes
The Shadowserver Foundation warns of an increase in the number of devices hacked via recent Cisco IOS XE vulnerabilities.
WordPress ☛ WordPress 6.4.2 Maintenance & Security Release
WordPress 6.4.2 is now available! This minor release features 7 bug fixes in Core. The fixes include a bug fix for an issue causing stylesheet and theme directories to sometimes return incorrect results.