Security

Singapore is setting up a panel comprising global experts to offer advice on safeguarding its operational technology (OT) systems and has unveiled the country's latest cybersecurity blueprint, focusing on digital infrastructures and cyber activities. It also is hoping to rope in other Asean nations to recognise a Cybersecurity Labelling Scheme (CLS) that rates the level of security for smart devices, such as home routers and smart home hubs.

Microsoft said today that it removed 18 Azure Active Directory applications from its Azure portal that were created and abused by a Chinese state-sponsored hacker group.

The 18 Azure AD apps were taken down from the Azure portal earlier this year in April, the Microsoft threat intelligence team said in a report published today.

L33tdawg: Here's video of Tom Tervoort's presentation from #HITBLockdown about this vuln and his presentation sildes are here (PDF).

July 15 was, at first, just another day for Parag Agrawal, the chief technology officer of Twitter. Everything seemed normal on the service: T-Pain’s fans were defending him in a spat with Travis Scott; people were upset that the London Underground had removed artwork by Banksy. Agrawal set up in his home office in the Bay Area, in a room that he shares with his young son.

Passwords have been used for thousands of years as a means of identifying ourselves to others and in more recent times, to computers. It’s a simple concept – a shared piece of information kept secret between individuals and used to “prove” identity.

The virtual job fair, which took place on August 13, attracted more than 3,000 attendees and included recruiters and subject matter experts from 17 government intelligence agencies including the CIA, Defense Intelligence Agency (DIA), NSA, and National Reconnaissance Office (NRO).  

Mozilla has fixed a bug that can be abused to hijack all the Firefox for Android browsers on the same WiFi network and force users to access malicious sites, such as phishing pages.

The bug was discovered by Chris Moberly, an Australian security researcher working for GitLab.

Security firm Check Point said it uncovered an Iranian hacking group that has developed special Android malware capable of intercepting and stealing two-factor authentication (2FA) codes sent via SMS.

The malware was part of an arsenal of hacking tools developed by a hacker group the company has nicknamed Rampant Kitten. Check Point says the group has been active for at least six years and has been engaged in an ongoing surveillance operation against Iranian minorities, anti-regime organizations, and resistance movements such as:

The US government has a major server security headache on its hands. Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has delivered a rare emergency directive (via TechCrunch) urging government agencies to install a patch for a “critical” Windows Server vulnerability known by Secura as Zerologon.

The flaw in the Netlogon Remote Protocol lets attackers with network access “completely compromise” Active Directory services on a network without using a sign-in —a hacker could run amok if they get through.

Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer.

Named BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol.