Information Security 2019/20 fall

Uudised

Siia kogume viiteid olulisematele infoturbe ja küberrünnakutega seotud uudistele. Erilist tähelepanu osutame Eestiga seotud sündmustele ja kirjutistele. Juhul kui te märkate mõnda sündmust või artiklit, mis peaks olema siin nimekirjas, siis kirjutage meile.

• 01.12.2016: Serious security flaws found in several implantable medical devices and pacemakers
  • Fatal flaws in ten pacemakers make for Denial of Life attacks
  • On the (in)security of the Latest Generation Implantable Cardiac Defibrillators and How to Secure Them
• 30.11.2016: A new Android malware campaign
  • 1 million Google accounts compromised by Android malware called Gooligan
  • More Than 1 Million Google Accounts Breached by Gooligan
• 30.11.2016: A new Firefox zero-day in the wild
  • Firefox 0day in the wild is being used to attack Tor users
• 22.11.2016: PoC uses headphones as microphone
  • Great. Now Even Your Headphones Can Spy on You
• 17.11.2016: New surveillance law in UK
  • Britain has passed the 'most extreme surveillance law ever passed in a democracy'
• 16.11.2016: PoisonTap
  • Wickedly Clever USB Stick Installs a Backdoor on Locked PCs
  • PoisonTap - siphons cookies, exposes internal router & installs web backdoor on locked computers
• 15.11.2016: Backdoor was found in some phones in the U.S.
  • Secret Backdoor in Some U.S. Phones Sent Data to China, Analysts Say
• 14.11.2016: Huge amount of accounts breached on an adult dating website
  • Up to 400 million accounts in Adult Friend Finder breach
• 10.11.2016: Poor OAuth 2.0 implementations allowed accounts to be hijacked
  • OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking
• 10.11.2016: Näide Eesti ettevõtte vastu suunatud vahendusründest
  • Tõestisündinud lugu e-posti võltsimise tõttu kaotatud rahast
• 10.11.2016: Targeted phishing attacks after Donald Trump declared victory
  • Russian Hackers Launch Targeted Cyberattacks Hours After Trump’s Win
• 09.11.2016: Hacking group was aggressively using zero-days before they were patched
  • Fancy Bear goes all out to beat Adobe, MSFT zero-day patches
• 25.10.2016: Several security updates released for Apple devices
  • Apple Patches iOS Flaw Exploitable by Malicious JPEG
  • About the security content of iOS 10.1
• 21.10.2016: A huge DDoS attack by IoT devices
  • 'Smart' home devices used as weapons in website attack
  • DDoS on Dyn Impacts Twitter, Spotify, Reddit
  • Blame the Internet of Things for Destroying the Internet Today
  • Dyn Statement on 10/21/2016 DDoS Attack
• 21.10.2016: A security breach in the banking systems in India
  • Millions of Indian debit cards 'compromised' in security breach
• 20.10.2016: A bug was found in Linux kernel
  • Warnings over Dirty Cow Linux bug
  • “Most serious” Linux privilege-escalation bug ever is under active exploit
  • Dirty COW (CVE-2016-5195)
• 20.10.2016: Social engineering attack against John Podesta and Colin Powell
  • How Hackers Broke Into John Podesta and Colin Powell’s Gmail Accounts
• 17.10.2016: Audit of VeraCrypt
  • The QuarksLab audit of VeraCrypt has been completed, and this is the public release of the results.
• 10.10.2016: TV5Monde suffered a major cyber attack in 2015
  • How France's TV5 was almost destroyed by 'Russian hackers'
• 05.10.2016: Cryptosense was able to factor 18 750 weak RSA keys
  • RSA Keytester upgrade – 18 750 new factored keys
• 05.10.2016: FBI arrested a NSA contractor
  • N.S.A. Contractor Arrested in Possible New Theft of Secrets
• 04.10.2016: It is reported that Yahoo scanned emails for US intelligence
  • Yahoo: An Innocent Victim Or A Government Stooge?
  • Yahoo 'secretly scanned emails for US authorities'
  • Yahoo jälgis salaja USA valitsuse heaks kasutajate e-kirju
  • Yahoo Email Surveillance: the Next Front in the Fight Against Mass Surveillance
• 29.09.2016: Lots of vulnerabilities found in D-Link DWR-932B LTE router
  • Vulnerabilities, Backdoor Found in D-Link DWR-932B LTE Router
  • Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...)
• 28.09.2016: Apple logs the iMessage contacts
  • Apple logs your imessage contacts — and may share them with police
• 25.09.2016: Swiss people vote for increased surveillance
  • Swiss endorse new surveillance powers
• 22.09.2016: A popular security blog was hit by a massive DDoS attack
  • KrebsOnSecurity Hit With Record DDoS
  • Krebs Website Hit By 620 Gbps DDoS Attack
  • Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net
  • The Democratization of Censorship
• 22.09.2016: Huge data breach at Yahoo
  • An Important Message About Yahoo User Security
  • Attack on Yahoo hit 500 million users
• 21.09.2016: How the PIN code lock of iPhone 5C can be unlocked
  • The FBI spent $1.3M to crack the iPhone — this hacker spent just $100
• 15.09.2016: How to recover the passcode of iPhone 5C
  • Recovering an iPhone 5c Passcode
  • The bumpy road towards iPhone 5c NAND mirroring
• 15.09.2016: Press release by the Court of Justice of the European Union
  • The operator of a shop who offers a Wi-Fi network free of charge to the public is not liable for copyright infringements committed by users of that network
  • Mait Valberg ja Mirjam Võsu: avaliku wifi pakkuja võib olla kohustatud oma võrku salasõnaga kaitsma
• 14.09.2016: The negative side of encryption backdoors
  • The Case Against a Golden Key
• 08.09.2016: The ruling on hyperlinks by the Court of Justice of the European Union
  • European Copyright Ruling Ushers in New Dark Era for Hyperlinks
  • JUDGMENT OF THE COURT
• 30.08.2016: New net neutrality guidelines for the EU
  • EU's net neutrality guidelines get published
  • Press release- BEREC publishes guidelines on net neutrality
  • BEREC Guidelines on the Implementation by National Regulators of European Net Neutrality Rules
• 29.08.2016: Malware that can jump airgaps
  • Meet USBee, the malware that uses USB drives to covertly jump airgaps
• 29.08.2016: Fake certificates issued by Chinese CA WoSign
  • Chinese CA WoSign faces revocation after issuing fake certificates of Github, Microsoft and Alibaba
• 23.08.2016: An update on the Cisco exploit used by the NSA
  • Snowden documents confirm that leaked hacking tools belong to NSA
  • NSA-linked Cisco exploit poses bigger threat than previously thought
  • Hints suggest an insider helped the NSA “Equation Group” hacking tools leak
  • Completely Wrong
  • NSA Targeted Chinese Firewall Maker Huawei, Leaked Documents Suggest
• 19.08.2016: What kind of information does Facebook store
  • 98 personal data points that Facebook uses to target ads to you
• 19.08.2016: A review of Britain's bulk data acquisition
  • Internet spying powers backed by review
• 15.08.2016: NSA spying tools leaked
  • Hackers Say They Hacked NSA-Linked Group, Want 1 Million Bitcoins to Share More
  • Hackers Claim to Auction Data They Stole From NSA-Linked Spies
  • How the NSA snooped on encrypted Internet traffic for a decade
  • The Shadow Brokers Mess Is What Happens When the NSA Hoards Zero-Days
  • Bugs don't come from the Zero-Day Faerie
• 12.08.2016: A debug mode flaw discovered in Windows
  • Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open
• 10.08.2016: A vulnerability allows to unlock Volkswagen cars
  • A New Wireless Hack Can Unlock 100 Million Volkswagens
• 08.08.2016: Project Sauron revealed
  • Researchers crack open unusually advanced malware that hid for 5 years
  • ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms
  • Strider: Cyberespionage group turns eye of Sauron on targets
  • 'Project Sauron' malware hidden for five years
• 07.08.2016: Ransomware for smart thermostats
  • Hackers Make the First-Ever Ransomware for Smart Thermostats
• 07.08.2016: A new flaw found in Android
  • 'Quadrooter' flaws affect over 900 million Android phones
• 29.07.2016: GPS spoofing and how to protect GPS from spoofing
  • Protecting GPS From Spoofers Is Critical to the Future of Navigation
• 31.07.2016: An attack against Find My iPhone
  • There are limits to 2FA and it can be near-crippling to your digital life
• 30.07.2016: The consequences of the DNC hack
  • Russian government hackers penetrated DNC, stole opposition research on Trump
  • All Signs Point to Russia Being Behind the DNC Hack
  • By November, Russian hackers could target voting machines
  • The NSA Is Likely 'Hacking Back' Russia's Cyber Squads
  • Russia cyber attack: Large hack 'hits government'
  • Is Russia hacking the US election?
• 29.07.2016: How US can intercept Internet traffic
  • America uses stealthy submarines to hack other countries’ systems
• 26.07.2016: New attack bypasses HTTPS
  • New attack bypasses HTTPS protection on Macs, Windows, and Linux
• 14.07.2016: Problems with CloudFlare
  • CloudFlare, We Have A Problem
• 08.07.2016: Increase of security for Facebook Messenger
  • ‘Secret Conversations:’ End-to-End Encryption Comes to Facebook Messenger
• 06.07.2016: EU has a new directive about cybersecurity
  • Cybersecurity: MEPs back rules to help vital services resist online threats
  • EU Parliament Approves New Cybersecurity Rules
• 28.06.2016: Russia introduced a new spy law
  • Russia’s new spy law calls for metadata and content to be stored, plus crypto backdoors

Eelmiste semestrite vältel toimunud olulised infoturbega seotud sündmused leiab siit:

• 2016 aasta kevadsemestri jooksul toimunud sündmused
• 2015 aasta sügissemestri jooksul toimunud sündmused
• 2015 aasta kevadsemestri jooksul toimunud sündmused
• 2014 aasta sügissemestri jooksul toimunud sündmused