Dec 6, 2020

Cybersecurity Tool Kit、米選挙システムへの警告、クラウド脆弱性、Baiduアプリが無断情報収集

Cybersecurity Tool Kit (10/01)

https://securityboulevard.com/2020/10/cybersecurity-tool-kit/

  • Educate About Cybersecurity
  • Test Your Defenses
  • Adopt Proactive Cybersecurity
  • Prioritize, Remediate, Report

手元で動画閲覧不可


Election Systems Under Attack via Microsoft Zerologon Exploits (10/13)

https://threatpost.com/election-systems-attack-microsoft-zerologon/160021/

『While the CISA and FBI’s advisory did not detail what type of elections systems were targeted, it did note that there is no evidence to support that the “integrity of elections data has been compromised.”』

選挙システム以外への侵害シナリオ2020版にも言及した分かりやすい記事。


Palo Alto Networks Report Finds Poor Security Hygiene Leads to Escalating Cloud Vulnerabilities (02/05)

https://www.prnewswire.com/news-releases/palo-alto-networks-report-finds-poor-security-hygiene-leads-to-escalating-cloud-vulnerabilities-300999159.html

  • 199,000+ insecure templates in use: .. 65% of cloud incidents were due to simple misconfigurations ..
  • 43% of cloud databases not encrypted: .. it is a requirement of compliance standards, such as HIPAA
  • 60% of cloud storage services have logging disabled:
  • Cybercrime groups are using the cloud for cryptojacking:


Baidu apps in Google Play Store left users vulnerable to tracking, Palo Alto finds (11/24-25)

https://www.cyberscoop.com/baidu-maps-search-app-data-google/

『both the Baidu Search Box and Baidu Maps applications used a software development kit (SDK) that would collect users’ MAC address, carrier information and international mobile subscriber identity (IMSI) number.

  ..

IMSI numbers, for instance, could allow cybercriminals or state-linked actors to track someone, even if they switch to a new device, as IMSI numbers can be used to uniquely identify a user.』


No comments: