On Wednesday of this week, Eclypsium released a report on a vulnerability in GRUB2 that affects millions of devices with few exceptions. Normally used on a Linux system, GRUB2 accepts control from the UEFI secure boot process and starts bootup programs as well as the computers OS if it has one. This level of control over the system before the OS boots allows GRUB2 and anyone … [Read more...]
US Court Details State Sponsored Hackers From China
According to the indictment from the Eastern District of Washington, for at least the last 10 years hacker’s Li and Dong, sponsored by China, targeted US and international businesses including COVID-19 research and a chat app used by protestors in Hong Kong. In all, these men targeted companies in 11 countries. China won't extradite them, so they might not see any jailtime, but … [Read more...]
UK, Canada and US All Warn of New Attacks on Covid-19 Research
The UK Cyber Security Center (NCSC) and Canada’s Communications Security Establishment (CSE) with the help of the NSA released an advisory today on attacks from APT29 (also known as ‘the Dukes’ or ‘Cozy Bear’), a group with ties to the Russian intelligence services. "APT29 is using custom malware known as ‘WellMess’ and ‘WellMail’ to target a number of organisations … [Read more...]
GDPR Complaints Used as an Extortion Tool in 23,000 Databases
Last week ZDnet reported on a hack affecting 23,000 databases using MongoDB. The hacker, or possibly multiple hackers, ran scripts to automate access to misconfigured databases. In total, ZDnet reported that they hit 47% of open online MongoDBs. This attack likely started around April of this year, but others use the same techniques to attack open mongo databases all the … [Read more...]
New Research Reveals Sexist Tendencies in Facial Recognition Tech
Recently Amazon, Microsoft, and others have taken a step back to review the use of their own face recognition software. Some users of this technology may use only face recognition to identify a person. This idea that you only need the face recognition software to identify a person doesn’t allow for errors in the programming and we all know that programs have errors. Understand … [Read more...]
