BU-CERT – Bournemouth University Computer Emergency Response Team

OneDrive: Microsoft further “secret room” for storing files

Posted on 26 June 2019

From secnews.gr

Microsoft he said a very interesting and useful feature for one of the products of. It is a “secret place” in OneDrive , which can be used for storing sensitive data. This feature is very useful and will certainly attract a lot of users in cloud storage service.

In this space, users can upload and store sensitive archives , photographs and documents.

Many people are concerned about the protection of the data they store on their computers.

The new feature called OneDrive Personal Vault and users will be able to protect it by various methods, such as by applying two-factor authentication with fingerprint, face recognition, PIN, microsoft Authenticator or password of a user, which is sent via SMS .

Cybercriminals leverage malicious Office docs, Mac malware, web app exploits

Posted on 26 June 2019

From helpnetsecurity.com

There’s been a 62% increase in overall malware detections in Q1 2019 compared to the previous quarter. A new Watchguard report also found that cybercriminals are leveraging a wide array of varied attack techniques, including malicious Microsoft Office documents, Mac malware and web application exploits.

Chinese APT 10 Group Hacked Nearly 10 Telecom Networks and Stealing Users Call Records, PII, Credentials, Email Data and more

Posted on 26 June 2019

From gbhackers.com

Infamous Chinese APT 10 hackers compromised over 10 Telecom networks around the world under the campaign called Operation Soft Cell and stealing various sensitive data including call records, PII, and attempting to steal all data stored in the active directory.

APT 10 Threat actors known as one of the sophisticated hacking group in the world and the group mostly targeting commercial activities including aviation, satellite, and maritime technology, industrial factory automation, finance, telecommunications and consumer electronics, computer processor technology, information technology services.

themis v0.11.2 releases: open-source high-level cryptographic services library

Posted on 26 June 2019

From securityonline.info

Themis is an open-source high-level cryptographic services library for mobile and server platforms, which provides secure data exchange and storage.

Themis provides four important cryptographic services:

Secure Message: a simple encrypted messaging solution for the widest scope of applications. Exchange the keys between the parties and you’re good to go. Two pairs of the underlying crytosystems: ECC + ECDSA / RSA + PSS + PKCS#7.
Secure Session: session-oriented, forward secrecy datagram exchange solution with better security guarantees, but more demanding infrastructure. Secure Session can perfectly function as socket encryption, session security, or (with some additional infrastructure) as a high-level messaging primitive. ECDH key agreement, ECC & AES encryption.
Secure Cell: a multi-mode cryptographic container suitable for storing anything from encrypted files to database records and format-preserved strings. Secure Cell is built around AES in GCM (Token and Seal modes) and CTR (Context imprint mode).
Secure Comparator: a Zero-Knowledge based cryptographic protocol for authentication and comparing secrets.

Raspberry Pi 4 Launched With Faster CPU, Up To 4GB Of RAM For $35

Posted on 25 June 2019

From techworm.net

Raspberry Pi 4 launched with faster CPU, up to 4GB of RAM for $35

Raspberry Pi 4 unveiled with quad 1.5GHz Arm Cortex-A72 CPU cores and up to 4GB RAM

The Raspberry Pi Foundation today announced the much-anticipated upgrade to its predecessor Raspberry Pi 3 – the Raspberry Pi 4.

Advertised as a “complete desktop computer”, the Raspberry Pi 4 Model B offers 3x the processing power and 4x the multimedia performance of the previous generation.

The new and improved Raspberry Pi 4 model uses a Broadcom BCM2711 SoC (a quad-core Cortex-A72 processor running at 1.5GHz), which is a significant upgrade from its predecessor, Raspberry Pi 3 that features Broadcom BCM2837 SoC (4× ARM Cortex-A53 running at 1.2GHz).

Microsoft Warns about the new Campaign that Delivers FlawedAmmyy RAT via Weaponized MS Excel Documents

Posted on 25 June 2019

From gbhackers.com

Microsoft uncovered a new campaign with a sophisticated infection chain delivering notorious FlawedAmmyy RAT as a final payload. The attack starts with an email that contains .XLS attachments and the contents of the email in the Korean language.

Previous campaigns that involve FlawedAmmyy RAT are carried out by TA505 threat actors, upon successful execution of backdoor let an attacker to control the machine remotely, manages the files, captures the screen.

New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched

Posted on 25 June 2019

From thehackernews.com

Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple’s macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month.

Intego team last week discovered four samples of new macOS malware on VirusTotal that leverage the GateKeeper bypass vulnerability to execute untrusted code on macOS without displaying users any warning or asking for their explicit permission.