Government measures
China Academy of Information and Communications Technology and IMT-2020 (5G) promotion group MediaTek "5G Security Report"
Keywords: 5G Security
Last week, China Academy of Information and Communications Technology and IMT-2020 (5G) promotion group jointly released the "5G Security Report". The report covers many aspects such as the great significance of 5G development, 5G network overview, 5G security concept, 5G security analysis, 5G security ideas and measures, as well as prospects and initiatives. The
report pointed out that the development of 5G can expand new connotations of people's livelihood and well-being. 5G is an important support for improving people's livelihood and well-being. It can meet people's personalized and intelligent service needs, improve people's lifestyles, and improve people's quality of life. 5G promotes better and richer information and communication services to benefit the general public, create more effective supply that adapts to consumption upgrading, reduces the cost of information consumption in the whole society, and effectively bridges the urban-rural digital divide. 5G provides new models such as distance education and smart medical public utilities to achieve accurate matching and effective docking between public service supply and demand, improve public service efficiency, promote high-quality resource sharing, and enhance the people's sense of gain and happiness. (Source: Sina Technology)
The three U.S. departments joined forces to deal with cyberattacks on critical energy infrastructure
Keywords: Critical energy infrastructure
Last week, the U.S. Department of Energy (DoE), Department of Homeland Security (DHS) and Department of Defense (DoD) announced the establishment of a cooperation plan called "The Energy Sector Pathfinder" to enhance its ability to deal with cyberattacks on critical energy infrastructure. It is reported that the plan will conduct stress testing of critical energy infrastructure, increase the sharing of information on cyber attacks, and improve rapid coordination and response capabilities among multiple departments. In addition, the U.S. Department of Defense said the plan will complement the U.S. Department of Defense's cyber strategic goals and is a powerful measure to protect U.S. critical infrastructure from malicious cyber attacks. (Source: MeriTalk website)
Canada demands that the federal court announce Facebook violates the privacy law
Keywords: Privacy law
According to the application notice submitted last Thursday, the Canadian Privacy Commissioner asked the federal court to announce that Facebook violated the federal privacy law in the private sector. According to legal documents released by the Office of the Privacy Commissioner of Canada (OPC), the application also hopes the court orders Facebook to “take effective, specific and accessible measures to obtain and ensure meaningful consent from all users.” A Facebook spokesperson said in an email that OPC still took legal action after “we tried many measures to work with it and provided measures that surpass other companies.”
"We look forward to defending many positive and significant improvements we have made to our platform to better protect people's personal information," Facebook said.
OPC also requests the court to issue an order prohibiting Facebook from further collecting, using and disclosing any user's personal information in any way that violates the country's privacy laws.
Before this, many government agencies have sued or investigated Facebook, including Belgium , Germany, Ireland , Brazil , and US state and federal government agencies. (Source: Sina Technology)
network security incident
Huawei responds to the EU 5G network security toolbox: Don’t be afraid of high standards, just fear of not having standards
Keywords: Huawei responds to the EU standard
Huawei’s chief representative to the EU’s EU agency Liu Kang responds to the 5G network security toolbox just issued by the EU on the 4th, expressing his welcome to the guidance document not targeting any specific supplier or country. At the same time, Huawei “is not afraid of high standards, just fear of not having standards” and hopes that EU member states will follow objective, transparent and quantifiable standards when identifying "high-risk" suppliers.
On the evening of the 4th local time, Huawei held a reception at Brussels to celebrate the 20th anniversary of Huawei's entry into the European market. During this period, Liu Kang said in an interview with China News Service reporter that after the EU issued the 5G network security toolbox on January 29, both the document itself and the EU leadership emphasized that the toolbox is not targeted at any specific supplier or country, and Huawei welcomed this "non-discriminatory" attitude.
According to the timetable listed in the toolbox, EU member states should implement the relevant content before April 30 this year, and before June 30 this year, the European Commission is preparing to draft a report on the implementation of member states. (Source: China News Network)
Facebook , Google and Twitter Fighting the COVID-19 epidemicFalse information
Keywords: Fighting false information
Recently, Facebook, Google and Twitter have announced that they will strictly control the spread of false information from the novel coronavirus pneumonia (NCP). Facebook said it will delete false information and conspiracy theories published by non-World Health Organization (WHO) or local health departments to avoid misleading and harming the public. At the same time, Facebook will strengthen fact verification and content monitoring, and increase authoritative information sources and guidance related to health experts. Google's YouTube said it will optimize the platform algorithm and give authoritative information sources higher priority, and specifically mark the search results from authoritative information sources, such as the World Health Organization (WHO), public health experts, etc. Twitter said a new dedicated search prompt tool will be enabled to ensure that users first access to the most authoritative and reliable sources of information. (Source: CNN website)
Indian hacker organization launched a targeted attack on Chinese medical institutions
Keywords: targeted attack
Recently, 360 Security Brain captured an attack case using topics related to the new crown pneumonia epidemic. The attacker used topics related to the pneumonia epidemic as bait document to launch a targeted threat attack (APT attack) in the medical work field that fights the epidemic. 360 The security brain immediately tracks the vandalism after discovering it has been attacked. After investigation, it was found that this was an APT attack initiated by an Indian hacker group. The attack organization uses spear phishing attack method, delivers it through email, and uses relevant topics such as the current pneumonia epidemic as bait documents. Some related bait documents such as: Wuhan Travel Information Collection Application Form.xlsm, and then induces victims to execute macro commands through relevant prompts. (Source: 360)
Iran partially cut off the Internet, claiming that the infrastructure was attacked by a network
Keywords: Iran's network cut off
Data monitoring shows that on Saturday morning, February 8, Iran's communication network encountered a lasting hours of interruption. The official statement stated that the infrastructure was attacked by a network and the network cut off was to counterattack the attack. Network failures start at 11:45 a.m local time, affecting mobile and wired network operators. Some networks recover after an hour, and some networks recover after an hour. Iranian ICT officials say it repelled a distributed denial of service attack. Iran has had a series of network outages in the past few months, partly due to external factors such as the break of optical cables, and partly to control civil protests. (Source: solidot)
Facebook Twitter and Instagram
Keywords: Hacker attack
According to foreign media reports, last Friday, hackers temporarily took over Facebook's accounts on Twitter and Instagram through third-party platforms, which has caused people to worry about social network security. Now, both accounts have returned to normal. At around 3:50 p.m. local time, hacker organization OurMine posted a tweet on Facebook’s Twitter account.
. Last month, before the Super Bowl, the organization also hijacked Twitter accounts of more than a dozen NFL teams, and also hacked into the accounts of technology giants such as Facebook CEO Mark Zuckerberg , Twitter CEO Jack Dorsey and Google CEO Sundar Pichai.
The group wrote in a now-deleted tweet: "Well, even Facebook may be hacked, but at least their security measures are better than Twitter." A Twitter spokesman confirmed that Facebook accounts were indeed hacked by third-party platforms. Twitter declined to name the third-party platform, but screenshots of the tweets showed that the posts came from social media management tool Khoros. Neither Instagram nor Khoros immediately responded to requests for comment. (Source: cnBeta)
Data statistics
Microsoft detected an average of more than 70,000 active Web Shell
Keywords: Active Wbe Shell
According to a report released by Microsoft, the company detected an average of 77,000 active Web Shells per day, which are distributed on 46,000 infected servers.
Web Shell is code written in web development programming languages (such as ASP, PHP, JSP) that attackers implant on a web server for remote access and execution of code.
detects an average of 77,000 web shells per day, a number that has to make people realize how frequent hackers are.
Microsoft released a report saying: "Microsoft Defender Advanced Threat Protection (ATP) detects 77,000 web shells on an average of 46,000 different computers per month."
"Web shells have many threats, and enterprises should establish a full-face defense for this." Microsoft concluded. "Enhanced server detectability to the Internet is key to discovering and addressing Web Shell threats. Web Shell can be detected by monitoring whether web script files are written into the web application directory. Outlook Web Applications like Access (OWA) rarely change, so you should be wary of scripts that write to such application directories. "(Source: SecurityAffairs)
Vulnerability Express
Hackers use Windows driver vulnerability to shut down antivirus software
Keywords: Driver vulnerability
Security company Sophos warned that the new ransomware attack uses the vulnerable Gigabyte driver, trying to break into the Windows system, and then disable running security software. The attack is based on a security vulnerability discovered in Gigabyte drivers in 2018, which is detailed in CVE-2018-19320.
The driver was deprecated after Gigabyte confirmed the error. It allows malicious attackers to exploit this vulnerability to try to access the device and deploy a second driver with the goal of killing antivirus products in the system. Sophos said the second driver would spare no effort to kill processes and files belonging to endpoint security products, bypassing tamper protection, allowing ransomware to attack without interference. This is the first time that security researchers have observed that ransomware ships a Microsoft-copied third-party driver to patch the Windows kernel in memory to load its own unsigned malicious drivers and remove security applications from kernel space.
Sophos says nothing can help users prevent the vulnerability from being exploited by hackers, besides the common practice of staying secure in ransomware attacks. (Source: cnBeta)
Cisco Discovery Protocol 5 0day vulnerabilities
Keywords: 0day vulnerabilities
Security company Armis discovered 5 0day vulnerabilities in Cisco's private Layer 2 network protocol Cisco Discovery Protocol (CDP), which allows remote attackers to fully control the device without any user interaction. CDP is used to discover information about Cisco devices that are connected locally. Almost all of Cisco's switches, routers, IP phones, and cameras use CDP and enables by default, and vulnerabilities affect millions of devices. Five vulnerabilities are collectively called CDPwn, four of which are remote code execution vulnerabilities and the fifth is denial of service vulnerabilities. Armis reported the vulnerability to Cisco on August 29 last year. (Source: solidot)
Disclaimer: The content and pictures of
Information Security News are non-profit reprints for the purpose of conveying more information.If the intellectual property rights of a certain media or individual inadvertently infringe upon the intellectual property rights, please contact us and we will delete the relevant content immediately. Other media, network or individuals who download and use it from this website are subject to their own legal liability for copyright and other legal liability.
