The FBI and CISA have issued new guidance regarding the potential risks posed by Chinese-made drones to critical infrastructure. The guidance advises companies to ensure that their drones are using up-to-date patches and to treat drones as IoT devices, siloing their network traffic and performing regular log analysis. Researchers have also discovered nine vulnerabilities in the open source UEFI specification TianoCore EDK II that could be used to download malicious firmware to a server by capturing local traffic. On a different note, the leak alert site Have I Been Pwned has added a “statistically significant” dataset to its listings, containing over 70 million unique email addresses with associated plaintext passwords. Additionally, Trail of Bits has reported on vulnerabilities in GPUs that could enable attackers to exfiltrate memory data, warning of a significant potential risk. The Internet Watch Foundation has found that the majority of child sexual abuse imagery is now self-generated rather than being reshared content. However, the IWF has taken this as an opportunity to advocate against end-to-end encryption in the UK, arguing that better detection is the reason behind the increase.
Drone threats, PixieFail firmware, HIBP dataset: a data adventure
Latest from News
New CISA report links cyberattacks on critical infrastructure to Russia
TLDR: New joint advisory from CISA, FBI, and NSA ties recent cyber attacks on critical infrastructure to Russian GRU unit known as Unit 29155.
RansomHub boasts Kawasaki hack, threatens release of stolen information
TLDR: Kawasaki Motors Europe recovering from cyberattack by RansomHub ransomware gang RansomHub threatens to leak stolen data if demands aren’t met Kawasaki Motors Europe
Lazarus Group targets Python devs with fake jobs, coding malware
Summary of North Korean Hackers Targeting Python Devs TLDR: North Korean hackers have been targeting Python developers with malware disguised as coding tests for
AndroidVo1d malware hijacks 13M Android TV Box devices
Article Summary TLDR: Recent cybersecurity analysis has revealed that over 1.3 million Android TV Boxes have been infected by the Android.Vo1d malware, which exploits
Teen arrested for London transport cyber attack
TLDR: British authorities have arrested a 17-year-old male in connection with a cyber attack on Transport for London. The teenager, from Walsall, was detained