InfoSec News Nuggets 12/24/2020

FireEye's Mandia on SolarWinds hack: 'This was a sniper round' The foreign espionage operation that breached several U.S. government agencies through SolarWinds software updates was unique in its methods and stealth, according to FireEye CEO Kevin Mandia, whose company discovered the activity. “This was not a drive-by shooting on the information highway. This was a sniper round from somebody a mile away from your house,” Mandia said Sunday morning on CBS’s “Face the Nation.” “This was special…
Read More

InfoSec News Nuggets 7/7/2020

Smartphone Apps Are Now a Weapon in International Disputes IN THE IPHONE age, your smartphone home screen can be a geopolitical battleground. Earlier this month, 20 Indian soldiers died in a skirmish with Chinese troops on the countries’ contested Himalayan border. Monday, India struck a blow in the digital realm of its own citizens’ mobile devices. The country’s Ministry of Information Technology banned 59 mobile apps, all Chinese, for allegedly endangering data security and privacy. They include China’s dominant…
Read More

InfoSec News Nuggets 11/12/2019

1 - BlueKeep Attacks Crash Systems Due to Meltdown Patch The recent attacks exploiting the BlueKeep vulnerability to deliver cryptocurrency miners caused some systems to crash due to a Meltdown patch being deployed on the targeted machines. The BlueKeep vulnerability, officially tracked as CVE-2019-0708, affects Windows Remote Desktop Services (RDS) and it allows an unauthenticated attacker to execute arbitrary code by sending specially crafted Remote Desktop Protocol (RDP) requests. Microsoft released patches, including for unsupported versions of…
Read More