25-03-202127-03-2021

Security daily (26-03-2021)

Senator hammers Facebook, Instagram over COVID-19 misinformation

One day after a House panel grilled social media executives about misinformation on their platforms, a top senator blasted Facebook for its “continued amplification of harmful” posts about COVID-19, especially via Facebook-owned Instagram. Senate Intelligence Chairman Mark Warner, D-Va., wrote Facebook CEO Mark Zuckerberg on Friday, saying the company needed to do more to eradicate misinformation about the COVID-19 vaccine than promising action. “Facebook’s enforcement of its own policies is consistently and demonstrably insufficient, a trend we have seen in other areas where Facebook has pledged to address misuse of its products or instances of its products amplifying harmful content,” Warner said in the letter. Warner juxtaposed Facebook’s February update of its policies on medical misinformation with the fact that on the day it announced them, some of the top search results for “COVID vaccine” on Instagram lead to anti-vaccine accounts. In particular, Warner said he was disturbed by a […] The post Senator hammers Facebook, Instagram over COVID-19 misinformation appeared first on CyberScoop. (CyberScoop)

Hackers target German lawmakers in an election year

Hackers have attempted to breach the private email accounts of certain German parliamentarians, a spokesperson for the legislative body confirmed Friday, in the latest example of cyber campaigns aimed at German politicians. German national security officials have briefed the parliament, known as the Bundestag, on the incident, and all the affected lawmakers have been informed, said Frank Bergmann, a Bundestag spokesperson. It was not immediately clear whether the phishing attempts were successful, who was responsible or what their goal was. Spokespeople for the BSI, Germany’s federal cybersecurity agency, and the BfV, the country’s domestic intelligence agency, declined to comment. The attempted intrusions comes six months ahead of Germany’s national elections. The German parliament has been a recurring target for foreign hackers, including a 2015 breach that the European Union blamed on Russia’s military intelligence agency. Since the Russian hack-and-leak operation aimed at the 2016 U.S. election, governments around Europe have […] The post Hackers target German lawmakers in an election year appeared first on CyberScoop. (CyberScoop)

Patching is trucking along on Microsoft flaws, but hackers are still meddling

Over 92% of servers that were vulnerable to recently announced Microsoft flaws have been patched or mitigated around the world, Microsoft announced Thursday. The statistics are no doubt good news, as security researchers have tracked hackers from China exploiting systems and warned of an onslaught of ransomware attackers trying to take vulnerable organizations for a ride and extort them for money. The percentage comes amid a series of other rosy assessments on the number of vulnerable systems that remain. Less than a week ago the White House noted that in the week prior the number of vulnerable machines fell by 45%. But the revelations about high percentages of patching don’t speak to the number of organizations that hackers have already been able to exploit. Patching, while extremely helpful in warding off future hacking, does not evict hackers if they already exploited the vulnerabilities. Already criminal and nation-state hackers have taken […] The post Patching is trucking along on Microsoft flaws, but hackers are still meddling appeared first on CyberScoop. (CyberScoop)

Alan Turing’s £50 banknote officially unveiled

If only he'd been treated like this in his lifetime: the computing pioneer who knew "this is only a foretaste". (Naked Security)

Manufacturing's Cloud Migration Opens Door To Major Cyber Risk

(News ≈ Packet Storm)

OpenSSL Fixes High-Severity Flaw That Allowed DoS

(News ≈ Packet Storm)

Hades Ransomware Operators Are Hunting Big Game In The US

(News ≈ Packet Storm)

Buffer Overruns, License Violations, And Bad Code: FreeBSD 13's Close Call

(News ≈ Packet Storm)

OpenSSL Releases Patches for 2 High-Severity Security Vulnerabilities

The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification. Tracked as CVE-2021-3449 and CVE-2021-3450, both the vulnerabilities have been resolved in an update (version OpenSSL 1.1.1k) released on Thursday. While CVE-2021-3449 affects all OpenSSL (The Hacker News)

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks

New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. AdaptiveMobile shared its findings with the GSM Association (GSMA) on February 4, 2021, following which the weaknesses were (The Hacker News)

Executive Order Would Strengthen Cybersecurity Requirements for Federal Agencies

The post-SolarWinds EO could be issued as soon as next week, according to a report. (Threatpost)

Employee Lockdown Stress May Spark Cybersecurity Risk

Younger employees and caregivers report more stress than other groups-- and more shadow IT usage. (Threatpost)

Insurance Giant CNA Hit with Novel Ransomware Attack

The incident, which forced the company to disconnect its systems, caused significant business disruption. (Threatpost)

25-03-202127-03-2021

/security-daily/ 27-03-2021 23:44:23