Category Archives: privacy

Singapore health system hit by ‘most serious breach of personal data’ in cyberattack; PM Lee’s data targeted

This is indeed the most serious cybersecurity breach in Singapore so far. 1.5 million records were exfiltrated. If this were to happen to a private company, the fine for breaching PDPA would surely be significant. While cyber attacks are not uncommon or unexpected, having it happen in a way that affects so many people will surely bring pause to many ongoing and upcoming IT projects in the pipeline.

Source: Singapore health system hit by ‘most serious breach of personal data’ in cyberattack; PM Lee’s data targeted

Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack

A heroic effort by the IT team from Maersk. But this just goes to show the huge impact that randomware can have on today’s businesses.

The world’s largest container shipping company —A.P. Møller-Maersk— said it recovered from the NotPetya ransomware incident by reinstalling over 4,000 servers, 45,000 PCs, and 2500 applications over the course of ten days in late June and early July 2017.

Source: Maersk Reinstalled 45,000 PCs and 4,000 Servers to Recover From NotPetya Attack

WDMyCloud Multiple Vulnerabilities

Either terrible security practices or malicious intent. Some security research firm found serious backdoor in a range of Western Digital MyCloud devices aimed at personal home or office users.

Several serious security issues were uncovered during my research. Vulnerabilities such as pre auth remote root code execution, as well as a hardcoded backdoor admin account which can NOT be changed. The backdoor also allows for pre auth remote root code execution on the affected device.

WDMyCloud Multiple Vulnerabilities

Related:

Critical flaws revealed to affect most Intel chips since 1995 | ZDNet

Another huge blow for Intel. The critical flaws in Intel processors allow attackers to gain access to the entire memory space, meaning it could read in-memory contents of running apps like password managers, browsers etc.

Most Intel processors and some ARM chips are confirmed to be vulnerable, putting billions of devices at risk of attacks. One of the security researchers said the bugs are “going to haunt us for years.”

Source: Critical flaws revealed to affect most Intel chips since 1995 | ZDNet

Experts can hack most CPUs since 2008 over USB by triggering Intel Management Engine flaw

Gaining full privileged access to the CPU just by plugging in a USB device? This is as serious as it sounds.

Positive Technologies plans to demonstrate at the next Black Hat conference how to hack over USB into Intel Management Engine of most CPUs since 2008.

Source: Experts can hack most CPUs since 2008 over USB by triggering Intel Management Engine flaw

Key Reinstallation Attacks – Breaking WPA2 by forcing nonce reuse

A serious weakness in WPA2 can cause sensitive information transmitted over Wifi to be read. KRACK attack is especially bad news for Android and Linux users.

This website presents the Key Reinstallation Attack (KRACK). It breaks the WPA2 protocol by forcing nonce reuse in encryption algorithms used by Wi-Fi.

via Key Reinstallation Attacks Breaking WPA2 by forcing nonce reuse

World Wide Web Consortium abandons consensus, standardizes DRM with 58.4% support, EFF resigns

It’s a sad day for the Web. Yes the controversial EME (Encrypted Media Extensions) – basically an implementation of DRM – is now in all major browsers and the writing’s on the wall. But W3C being complicit in this is just wrong. I’m glad that EFF is taking a strong stand on this important issue.

The W3C is a body that ostensibly operates on consensus. Nevertheless, as the coalition in support of a DRM compromise grew and grew — and the large corporate members continued to reject any meaningful compromise — the W3C leadership persisted in treating EME as topic that could be decided by one side of the debate. In essence, a core of EME proponents was able to impose its will on the Consortium, over the wishes of a sizeable group of objectors — and every person who uses the web.

Source: World Wide Web Consortium abandons consensus, standardizes DRM with 58.4% support, EFF resigns