JUNE WEEK 3

The finger points at China for a series of high profile hacks targeting the Australian Government.

Australia cyber attacks: PM Morrison warns of ‘sophisticated’ state hack

 

To date, Australia has not blamed China in name for the persistent and highly sophisticated attacks. Russia, Iran, and North Korea are suspected as having the capabilities and motives to carry out such a campaign. More is likely to unfold in the next coming days and weeks.

—————————————————————————————————————————

Stolen master key leads to massive financial consequences for South Africa’s Postbank.

 

$3.2 million from fraudulent transactions. A further $58million in replacing 12 million compromised cards.  

These eye-watering numbers are as a result of the theft of Postbank’s master key, which allows the holder to decrypt and modify financial data as well as generate customer cards. A license to print money.

Postbank has been heavily criticised for not following the underlying security protocol to prevent this. Their actions have been questionable. 

 

Why would one employee have access to the entire key?  

Why was the Security protocol not centralised at the group level?  

What practices were followed in the storing of the key?

 

South African bank to replace 12m cards after employees stole master key

—————————————————————————————————————————

Thanos Ransomware

It took long enough for malicious software to go by the name of Thanos. But does the Ransomware live up to its awesome name?

 

Snap Your Fingers Twice, Thanos Ransomware is Here!

—————————————————————————————————————————

Microsoft follows Amazon and IBM and refuses to sell facial recognition technology to the police force… unless there is legislation in place that will address human rights. This seems to be the common theme amongst all three giants: it’s not no forever – Get your house in order, then we’ll talk.

 

Evidence suggests that facial recognition software is less likely to accurately distinguish the identities of black individuals than individuals of other minorities.

Microsoft Joins Ban on Sale of Facial Recognition Tech to Police

—————————————————————————————————————————

The most massive breach that never was!

 

Earlier this week, the security community was in a frenzy for a few hours with what was described as the biggest cyber attack in US history. As Linked In posts and tweets were deleted to save face, this serves as a reminder that speculation does not make fact.

 

When you’re a hammer… everything looks like a nail.

 

Click here

—————————————————————————————————————————

Anonymous claims responsibility for attacking the Atlanta Police Department site. This was in retaliation for the shooting of an unarmed black suspect 27-year-old Rayshard Brooks on 12th June.  

 

Anonymous tweet claims credit for taking down Atlanta PD website

—————————————————————————————————————————

Ripple20 bug affects millions of connected devices. The flaw affects TCP/IP software library, consequently affecting a vast host of hardware from printers to medical equipment. A stark reminder that the dangers of IoT vulnerabilities can lead to loss of life.

 

‘Ripple20’ Bugs Impact Hundreds of Millions of Connected Devices

—————————————————————————————————————————

Lamphone hack

This latest and most ingenious hack uses vibrations to record and eavesdrop on conversations.  

‘Lamphone’ Hack Uses Lightbulb Vibrations to Eavesdrop on Homes

 

How does it work? Ben Nassi from Ben-Gurion University has put together a nice little video.

View here


Thoughts? Comments? Want more intel? Don’t be shy – reach out: ob@bestmansolutions.com

Other Posts...

Hiscox Readiness Report 2020

Hiscox Readiness Report 2020

26th June 2020
Read More
JUNE WEEK 4

JUNE WEEK 4

25th June 2020
Read More
SANS Cyber Aces: Learn the fundamentals of Cyber Security

SANS Cyber Aces: Learn the fundamentals of Cyber Security

24th June 2020
Read More