BACKGROUND: Security researchers have found a flaw in Microsoft’s implementation of the Microsoft Windows Platform Binary Table (WPBT) mechanism, which can be exploited to compromise computers running Windows 8 and Windows 10 operating systems. Microsoft describes WPBT as a fixed firmware Advanced Configuration and Power Interface (ACPI) table that was introduced with Windows 8 to enable OEMs and vendors to execute programs every time the Windows device boots up. “The Eclypsium research team has identified a weakness in Microsoft’s WPBT capability that can allow an attacker to run malicious code with kernel privileges when a device boots up,” note the researchers.
ISBuzz Team
CISA, the FBI, and the NSA have issued a warning to US organisations around increased attacks from the Conti Ransomware. The agencies have also released new actions and advice to help organisations protect against the threat.
BACKGROUND: The Partnership for Public Service and Deloitte released a report Thursday How Integrating Enterprise Risk Management Can Strengthen Federal Cybersecurity, based on working sessions with ERM and cybersecurity experts in spring of this year. Excerpt: “Participants discussed how agencies can use ERM programs and principles to enhance the effectiveness of cybersecurity initiatives, noting in particular how ERM can help evaluate cybersecurity risks with a strategic lens and bring those risks to the attention of agency leaders. This issue brief summarizes these discussions and highlights several leading practices used by agencies that work at the intersection of ERM and cybersecurity.”
BACKGROUND: As reported by The Guardian, traces of Pegasus spyware were found on the mobile phones of at least five current French cabinet ministers, the investigative website Mediapart has reported, citing multiple anonymous sources and a confidential intelligence dossier.
BACKGROUND: Following news that undisclosed companies are analyzing facial data collected by the NHS app, privacy expert commented below.
BACKGROUND: In a report issued Thursday, Port Houston disclosed that “The Port of Houston Authority (Port Houston) successfully defended itself against a cybersecurity attack in August. Port Houston followed its Facilities Security Plan in doing so, as guided under the Maritime Transportation Security Act (MTSA), and no operational data or systems were impacted as a result.” The report follows on a joint release (AA21-259A) last week by the Cybersecurity and Infrastructure Security Agency, FBI, U.S. Coast Guard Cyber Command and CISA warning of a newly identified vulnerability (CVE-2021-40539) in ManageEngine ADSelfService Plus. U.S. Cybersecurity and Infrastructure Security Agency Director Jen Easterly…
It has been reported that when Apple released iOS 15, a Spanish security researcher disclosed an iPhone lock screen bypass that can be exploited to grant attackers access to a user’s notes. In an interview with The Record, Jose Rodriguez said he published details about the lock screen bypass after Apple downplayed similar lock screen bypass issues he reported to the company earlier this year. “Apple values reports of issues like this with up to $25,000 but for reporting a more serious issue, I was awarded $5,000,” the researcher wrote on Twitter last week. Rodriguez said he was referring to lock…
One year ago this Thursday, NIST released a historic update of its security and privacy controls, NIST SP800-53 Revision 5. This update added a new focus on application security by requiring the use of IAST and RASP technology. How have these new guidelines affected application security over the last year?
ITPro is reporting that a critical flaw in vCenter Server could give hackers infrastructure access. Organizations using VMware in their infrastructure have been warned of a critical vulnerability in the analytics service of vCenter Server. This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server.
BACKGROUND: In a new report “Characterizing Malicious URL Campaigns”, researchers analyzed a data set of 311 M records containing 77 M URLs that had been submitted to the online virus checking website VirusTotal between December 2019 and January 2020. Key findings: 17M unique pieces of content were flaggedAttacks seem rampant in the United States98.27% of all flagged submissions were detected by less than 10 vendorsMajority of submissions were automated, with a large % from a select few vendors58.98% of submissions were unflagged98.27% (125.6M) of all flagged submissions were detected by 10 or fewer vendors.Detection rates fell to just 13.27% when…