BU-CERT News

From wired.com

More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks. Apple, Amazon, and Supermicro all vehemently denied the report. The NSA dismissed it as a false alarm. The Defcon hacker conference awarded it two Pwnie Awards, for “most overhyped bug” and “most epic fail.” And no follow-up reporting has yet affirmed its central premise.

Read more…

From meterpreter.org

The well-known remote control software TeamViewer was hacked many years ago, and some of the user computers were controlled by hackers and installed backdoors to steal data. But even now the company does not admit that the server was attacked. On the contrary, the developers said that users were attacked mainly by leaking remote IDs and passwords. However, it is shocking that the security company has once again revealed that TeamViewer has been hacked. The attacker can control all the computers that log in to the software and operate it arbitrarily.

Read more…

From gbhackers.com

A website and online presence are more important for your company now than ever before. Unfortunately, the increased reliance and use of technology by businesses have led to a major increase in data breaches and hacks. There are many different kinds of attacks that hackers can try to pull off, and all can hurt your business.

Thankfully, there are a variety of things you can do, such as using network monitoring software, that can protect your company. However, these methods aren’t always perfect and it is still possible to be compromised. But just what are the negative repercussions your company will face if your site or company is hacked? What will be affected and how will you recover?

Read more…

From cyberdefensemagazine.com

By Etay Bogner, VP, Zero-Trust Products, Proofpoint

Whether you are the IT manager of a growing startup company or a midsize enterprise, you have probably already faced the increasing demand by end-users to remotely access organizational resources.

Naturally, an end user’s main concern is how easy it is to access the services he or she needs, with a user-friendly interface that doesn’t require any technical skills or hands-on configuration. As an IT manager, you are concerned with security; but you’re also concerned about the hard work and the hours of configuration needed to set up and maintain secure remote access for mobile users.

Read more…

From thehackernews.com

Until now, I’m sure you all might have heard of the SimJacker vulnerability disclosed exactly a month ago that affects a wide range of SIM cards and can remotely be exploited to hack into any mobile phone just by sending a specially crafted binary SMS.

If you are unaware, the name “SimJacker” has been given to a class of vulnerabilities that resides due to a lack of authentication and proprietary security mechanisms implemented by dynamic SIM toolkits that come embedded in modern SIM cards.

Read more…

From arstechnica.com

Facebook’s embattled Libra project suffered a major blow on Friday as four payment processors—Stripe, Visa, Mastercard, and Mercado Pago—withdrew from participation in the Libra Association, the Geneva-based group Facebook created to develop the virtual currency. eBay also announced its resignation Friday. eBay’s former subsidiary, PayPal, quit the group last week.

The timing is not a coincidence. The Libra Association is scheduled to hold its first official meeting on Monday. At that meeting, members will be asked to make binding commitments to the project. So for members who weren’t prepared to commit to the project, Friday was a good day to get out.

Read more…

From securityboulevard.com

October is Cybersecurity Awareness Month, and an opportunity to reflect on the state of cybersecurity. Tools are now more sophisticated – and they have to be because of a wide variety of threats. And the sheer weirdness of some hacking never ceases to surprise. With a nod to Clint Eastwood, here’s a roundup of the good, the bad, and the ugly of cybersecurity in 2019.

Read more…