Security daily (01-02-2021)

Amid military coup, Myanmar's internet is partially blacked out

Internet connectivity dropped precipitously in Myanmar on Monday as the military seized power, likely the result of the government shutting down access in a move that drew condemnation from President Joe Biden and digital freedom activists. The Myanmar military detained senior civilian politicians, including President U Win Myint and Nobel laureate Aung San Suu Kyi, whose party won a majority of parliamentary seats in the November elections. A military-owned television network said Commander-in-Chief Senior Gen. Min Aung Hlaing would assume control of the nation for one year following the military’s allegations that the elections were fraudulent. NetBlocks, which tracks digital freedom, said connectivity fell in Myanmar by 50% at one point before later recovering to 75% of ordinary levels. The disruption pattern pointed to a centrally issued blackout order to telecommunications providers, NetBlocks said. The outage accompanied a reported Army order to shutdown state media and the disabling of phone […] The post Amid military coup, Myanmar's internet is partially blacked out appeared first on CyberScoop. (CyberScoop)

Bipartisan bill would help domestic abuse survivors bypass mobile surveillance

A bipartisan group of senators introduced legislation on Friday aimed at helping domestic violence and stalking victims safely extricate themselves from shared phone plans that could enable their partners to spy on them. The bill, called the Safe Connections Act, would set up protections for victims of domestic violence by allowing them to leave shared phone plans without being required to pay any penalties or meet burdensome requirements. The bill, if passed, would also require the Federal Communications Commission (FCC) to work on connecting domestic violence victims with federal government resources to help survivors establish alternative methods of communications inaccessible to abusers’ prying eyes. Domestic violence and digital rights advocates have long been calling for Congress to step in and craft legislation that would help survivors safely leave phone plans that could enable an abuser to continue to control and monitor their every move, such as family phone plans. For […] The post Bipartisan bill would help domestic abuse survivors bypass mobile surveillance appeared first on CyberScoop. (CyberScoop)

Spies target gamers with malware inserted into software updates, ESET says

Gamers are familiar targets for hackers, but those operations often are broadly aimed at stealing data, installing nuisances like adware or disrupting the games themselves. Sometimes, though, attackers have other things in mind. A malware operation in Asia appears to be “highly targeted” toward spying on only a handful of users of a popular piece of gaming software, according to cybersecurity researchers at Slovakia-based ESET. The attackers compromised the update mechanism for NoxPlayer, an emulator program that allows Android games to be played on PCs and Macs, ESET says. It’s a supply-chain attack, not unlike others with much bigger footprints and much larger geopolitical effects. The perpetrators appear to have broken into infrastructure at Hong Kong-based BigNox, which makes NoxPlayer, to add the malware to the updates that go to customers. The details get fuzzy from there. About 150 million people, mostly in Asia, use NoxPlayer. ESET says it discovered […] The post Spies target gamers with malware inserted into software updates, ESET says appeared first on CyberScoop. (CyberScoop)

Naked Security Live – What if my password manager gets hacked?

Our latest Naked Security Live talk - watch now! (Naked Security)

Emotet takedown – Europol attacks “world’s most dangerous malware”

Great news from Europol - if you've heard of Emotet, you'll have a good idea how badly things often end for its victims. (Naked Security)

Malware Inserted Into NoxPlayer Android Emulator

(News ≈ Packet Storm)

Industrial Gear At Risk From Fuji Code Execution Bugs

(News ≈ Packet Storm)

Suspected Hezbollah APT Group Breached 250 Servers

(News ≈ Packet Storm)

How Google Is Toughening Up Android Security

(News ≈ Packet Storm)

Wind River Security Incident Affects SSNs, Passport Numbers

Wind River Systems is warning of a 'security incident' after one or more files was downloaded from its network. (Threatpost)

Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers

Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign. (Threatpost)

SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat

Congress is demanding the National Security Agency come clean on what it knows about the 2015 supply-chain attack against Juniper Networks. (Threatpost)

Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code

The flaw in the free-source library could have been ported to multiple applications. (Threatpost)


/security-daily/ 02-02-2021 23:44:23