KEEP BLUETOOTH OFF AT ALL TIMES! (switch it on when you need it and off when done (file transfer etc))

  • also saves energy on phones
  • does usage of stylish ear bud bluetooth headsets increases security risk? (Bluetooth permanent on)
  • this is especially SCREWED UP in times where governments want to use Bluetooth in Corona-avoidance-and-tracking-Apps X-D

SecurityLab, [22.04.20 08: 15]

The French government has asked Apple to remove some technical restrictions that prevent the development of the “StopCovid mobile app” for tracking the spread of coronavirus infection (COVID-19).

France will not be able to launch the StopCovid app without Apple’s help (https://www.securitylab.ru/news/506936.php)

“Apple’s iPhones normally block access to Bluetooth unless the user is actively running an app. French officials want Apple to change the settings to let their app access Bluetooth in the background, so it is always on. So far, they say, Apple has refused.

“Apple could have helped us make the application work even better on the iPhone. They have not wished to do so,” France’s minister for digital technology, Cedric O, told BFM Business TV.

“I regret this, given that we are in a period where everyone is mobilised to fight against the epidemic, and given that a large company that is doing so well economically is not helping out a government in this crisis.”

“We will remember that when time comes,” the minister added.

A spokesman for Apple in France declined to comment.

The issue of Bluetooth access on iPhones is one of several security-related questions that have arisen as countries try to roll out smartphone apps to fight the coronavirus.

France, along with some other countries, wants to keep contact data in a central database, arguing this would make it easier for the authorities to track suspected coronavirus cases.” (src)

SecurityLab, [19.05.20 08:10]

An international team of researchers including Daniele Antonioli from the Swiss Federal University of technology in Lausanne, Kasper Rasmussen from the Helmholtz center for information security (CISPA) and Nils Ole Tippenhauer from the University of Oxford discovered a

vulnerability in the Bluetooth Protocol

that allows you to gain control of a Bluetooth device.

A dangerous BIAS vulnerability was discovered in Bluetooth (https://www.securitylab.ru/news/508413.php)

SecurityLab, [19.05.20 08: 35]

The Federal Bureau of investigation (FBI) reported that cyber criminals are exploiting a three-year vulnerability (CVE-2017-7391) in THE magmi plug-in (Magento Mass Import) for Magento in order to hack online stores and create a malicious script that can record and steal customers ‘ payment card data.

Cybercriminals exploit a three-year vulnerability in the Magento plugin (https://www.securitylab.ru/news/508414.php)

SecurityLab, [19.05.20 09:10]

The staff of Investigative management of UMVD of Russia across the Astrakhan region have finished investigation of criminal case concerning the inhabitant of Krasnodar territory, intending to “clean out” the accounts of Bank customers in the U.S. and Korea.

Details: “In may 2016, hackers purchased databases of Bank cards over the Internet and used a decoder to record information on a magnetic stripe to produce duplicates.

Money from the “cloned” cards was supposed to be transferred to a specially designated account via a POS terminal under the guise of paying for purchases at a Shoe store.

The group planned to translate so $500 thousand, but did not work because it was stopped by employees of regional government of FSB together with field investigators of Management of economic safety and counteraction of corruption UMVD of Russia across the Astrakhan region.

Hackers were able to make only 29 trial transfers – financial transactions with insignificant amounts to check the health of the scheme.”

A resident of the Krasnodar territory intended to steal $500 thousand from US banks (https://www.securitylab.ru/news/508416.php)

SecurityLab, [19.05.20 10: 00]

Last weekend, Microsoft warned some Office 365 administrators that their organizations might have been accidentally displayed in other companies ‘ internal search results.

Because of a crash, other people’s files were displayed in Office 365 search results (https://www.securitylab.ru/news/508419.php)

SecurityLab, [19.05.20 10: 45]

Israel allegedly carried out a cyber attack on the port of Shahid rajai in the Iranian city of Bandar Abbas, causing a malfunction in the terminals.

The hack may be a response to an attempt by Iranian criminals to attack Israeli water infrastructure, the Washington Post reported.

Israel is suspected of a “destructive” cyber attack on an Iranian port (https://www.securitylab.ru/news/508421.php)

SecurityLab, [19.05.20 11: 40]

The source code of the components of the” smart car ” Mercedez-Benz was published Online.

The data leak was discovered by Swiss software engineer Till Kottmann, who discovered a GitLab server belonging to the German automobile company Daimler AG.

The source code of the Mercedes-Benz on-Board device is published Online (https://www.securitylab.ru/news/508427.php)

X-D

SecurityLab, [19.05.20 12: 06]

In its press release, Fortinet claims the unprecedented speed of the 4200F model at 800 Gbit/s.

https://www.securitylab.ru/blog/personal/Morning/348346.php

SecurityLab, [19.05.20 14:35]

The security service of Ukraine has detained a cybercriminal known under the pseudonym Sanix and possibly involved in the Collection #1 data leak.

The security service of Ukraine caught a hacker Sanix (https://www.securitylab.ru/news/508439.php)

SecurityLab, [19.05.20 14: 45]

The French Prosecutor’s office announced the neutralization of an international cybercrime network, whose participants were engaged in jackpotting ATMs, reported the French news Agency Agence France-Presse (AFP).

Info: “ATM “jackpotting” — a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand” (src)

French police have neutralized a group engaged in jackpotting (https://www.securitylab.ru/news/508440.php)

SecurityLab, [19.05.20 15:45]

Researchers at Ledger, a company specializing in the production of hardware (“cold”) cryptocurrency wallets, demonstrated attacks on the hardware wallets Coinkite and Shapeshift, which allow you to calculate their PIN codes.

Attacks on “cold” cryptocurrency wallets are presented (https://www.securitylab.ru/news/508441.php)

SecurityLab, [19.05.20 15:55]

British budget airline EasyJet was the victim of a cyber attack.

The criminals gained access to the emails and flight information of about 9 million customers of the company, as well as credit card information of more than 2 thousand of them.

Hackers gained access to the personal data of 9 million EasyJet customers (https://www.securitylab.ru/news/508442.php)

SecurityLab, [19.05.20 16:55]

What initially looked like an evacuation to remote operation caused by the COVID-19 pandemic eventually became reminiscent of emigration.

The it and IB services are well aware of the problems that the Christmas holidays bring to them.

Rostelecom-solar invites you to the fifth online event of the “New reality of the IB” series

(https://www.securitylab.ru/news/508443.php)

SecurityLab, [20.05.20 08: 05]

The interior Ministry did not support the proposal to add separate articles to the criminal code for social engineering, phishing and SIM card theft.

This was reported on Tuesday, may 19, by RBC journalists, who had a letter from the acting head of the Department of information technology, communications and information protection of the Ministry of internal Affairs, Yuri Voynov, addressed to the Department of information security of the Ministry of communications.

The Ministry of internal Affairs did not support the proposal to introduce articles for phishing and SIM card theft in the criminal code (https://www.securitylab.ru/news/508462.php)

SecurityLab, [20.05.20 08: 35]

The Federal security service (FSB) will check for threats deployed in the regions of the control system for citizens during the pandemic.

These systems must meet the requirements of the law “on the security of critical information infrastructure (CII)”, the Kommersant newspaper reported.

The FSB will check the security of monitoring systems for Russians (https://www.securitylab.ru/news/508463.php)

SecurityLab, [20.05.20 08:55]

Every day, Apple faces a difficult task-to maintain the security of the iPhone.

Developers of hacking tools, including those that cooperate with law enforcement agencies, tirelessly offer their clients new tools to unlock smartphones seized as evidence.

Until recently, it was believed that they only allow you to crack codes to unlock the iPhone with a length of no more than six characters, but this assumption turned out to be wrong.

Hide UI tool steals iPhone unlock codes (https://www.securitylab.ru/news/508464.php)

SecurityLab, [20.05.20 10:00]

A group of researchers from tel Aviv University and The interdisciplinary center in Herzliya (Israel) discovered a vulnerability in DNS servers that allows DDoS attacks with a gain factor of 1620x.

According to experts, the vulnerability, called NXNSAttack, affects recursive DNS servers and the delegation process.

Vulnerability in DNS servers can increase the power of DDoS attacks by a thousand times (https://www.securitylab.ru/news/508472.php)

SecurityLab, [20.05.20 10: 20]

Security researchers working with Trend Micro’s Zero Day Initiative (ZDI) have published information about five uncorrected vulnerabilities in Microsoft Windows, four of which are dangerous.

Published details about five vulnerabilities in Windows 10 (https://www.securitylab.ru/news/508473.php)

SecurityLab, [20.05.20 11: 45]

Google has released a version of the Google Chrome 83 browser for Linux, Windows and macOS operating systems, which increases the security of users on the Internet.

Chrome 83 now offers advanced security features (https://www.securitylab.ru/news/508478.php)

SecurityLab, [20.05.20 14: 15]

Taiwanese security researcher Henry Huan published details about three vulnerabilities (CVE-2019-7192, CVE-2019-7194, and CVE-2019-7195) in the QNAP network storage (NAS) firmware.

The problems are contained in the Photo album creation app Photo Station, which comes with all the latest versions of QNAP systems.

Exploiting vulnerabilities allows an attacker to take control of devices.

About 450 thousand QNAP network stores are vulnerable to hacking (https://www.securitylab.ru/news/508502.php)

SecurityLab, [20.05.20 14: 20]

Swiss is-company High-Tech Bridge has updated the platform ImmuniWeb Community Edition, which allows organizations and businesses to test the security of their web resources, domains and mobile applications for free.

From now on, using the ImmuniWeb Domain Security Test service, security professionals can also check the availability of their companies ‘ data in the darknet.

A free tool for monitoring the availability of enterprise data in the darknet has been released (https://www.securitylab.ru/news/508503.php)

 

admin