The FBI and CISA have issued new guidance regarding the potential risks posed by Chinese-made drones to critical infrastructure. The guidance advises companies to ensure that their drones are using up-to-date patches and to treat drones as IoT devices, siloing their network traffic and performing regular log analysis. Researchers have also discovered nine vulnerabilities in the open source UEFI specification TianoCore EDK II that could be used to download malicious firmware to a server by capturing local traffic. On a different note, the leak alert site Have I Been Pwned has added a “statistically significant” dataset to its listings, containing over 70 million unique email addresses with associated plaintext passwords. Additionally, Trail of Bits has reported on vulnerabilities in GPUs that could enable attackers to exfiltrate memory data, warning of a significant potential risk. The Internet Watch Foundation has found that the majority of child sexual abuse imagery is now self-generated rather than being reshared content. However, the IWF has taken this as an opportunity to advocate against end-to-end encryption in the UK, arguing that better detection is the reason behind the increase.
Drone threats, PixieFail firmware, HIBP dataset: a data adventure
Latest from News
City sues dark web researcher over ransomware warning in Columbus
TLDR: Columbus, Ohio experienced a major cyberattack by the Rhysida Group, suspected to be linked to Russia. Dark web expert Connor Goodwolf warned the
WETEX 2024 showcasing cutting-edge cybersecurity tech and trends
TLDR: Key Points: WETEX 2024 will spotlight latest cybersecurity technologies and trends. Top showcases include companies specializing in digital transformation, sustainability, and smart grids.
UK huddles countries to discuss worldwide cybersecurity
TLDR: UK convenes nations for talks on global cybersecurity Talks will focus on strengthening global cybersecurity workforces and developing new professional standards Article Summary:
Deadline approaching: Update your Microsoft Windows by October 1st
TLDR: CISA has mandated that three Windows vulnerabilities be patched before October 1 to protect against active exploitation by threat actors. The vulnerabilities impact
Kawasaki hit by cyber attack, RansomHub tagged as culprits
TLDR: Key Points: Kawasaki Motors Europe (KME) confirms cyber attack in early September, causing temporary disruptions. Ransomware gang RansomHub claims responsibility for the attack,