Photo by Sergiu Nista on Unsplash
National Security vs. Privacy: Round 3 (Monday)
T he battle between national security and privacy continues as the “Five Eyes”, plus India and Japan, reach out to technology firms pleading for ways to protect public safety. In the face of end-to-end encryption and other technologies nation states increasingly hitting brick walls when criminals use these services putting public safety at risk. This is an ongoing debate, and personally I tend to sit on the side of privacy and the personal protections it affords; however I think everyone recognises the need for public safety to some degree — I doubt this will get resolved any time soon.
Five Eyes nations plus Japan and India call for Big Tech to bake backdoors into everything
US Department of Justice reignites the Battle to Break Encryption
Microsoft Disrupted Botnet Command and Control using Trademark Law (Tuesday)
M icrosoft and the US Cyber Command has used it’s trademarks for good this week by obtaining a court order to take over a number of servers in the internet that both provided Command and Control Infrastructure for the Trickbot Botnet. It’s good to see Microsoft using the tools at it’s disposal to continue the fight against the threat actors.
Microsoft Uses Trademark Law to Disrupt Trickbot Botnet —
Microsoft on the counterattack! Trickbot malware network takes a hit
Microsoft and chums use US trademark law to trash Trickbot malware network
US Cyber Command and Microsoft Are Both Disrupting TrickBot
Bad neighbours may ping you to death (Wednesday)
M icrosoft released a fix to CVE-2020–16898 which hit a 9.8 in terms of CVSS, pretty much as nasty as it gets. Of course security vendors and the media have more delightful names for it such as McAfee’s Bad Neighbour and Sophos’ Ping of Death. Microsoft has released both the patch and a workaround, the workaround in this case is disabling either IPv6 or RDNSS, in addition if you run Network Intrusion Detection/Prevention Systems there are rulesets available.
Managing and Mitigating CVE-2020–16898 (Bad Neighbour/Ping of Death)
Facebook throws a £1m lifeline (Wednesday)
B letchley Park is quite literally the birthplace of GCHQ, modern computer science and cyber security; Facebook recognised this by reaching out a hand in the form of a £1m grant to support the site through Coronavirus:
'Facebook simply would not exist today if not for Bletchley Park,' says social network - but don't…
Intel has created a (more) secure CPU (Thursday)
Processor development is long cycles, so it’s not entirely surprising that six years after Heartbleed Intel started shouting about security features in their new third-gen Xeon Ice Lake CPUs. It’s way more than security fixes though, these CPUs are designed-for-the cloud to enable cloud providers a robust security solution for workloads in-use.
Intel's Ice Lake Beefs Up CPU Security for Cloud Workloads
Intel celebrates security of Ice Lake Xeon processors, so far impervious to any threat due to their…
SANS Released Part II of their Vulnerability Management Maturity Model
Jonathan Risto takes us through an immensely entertaining journey through implementing vulnerability management through using the Vulnerability Management Maturity model. Just commit to reading both Part I and [Part II] (https://www.sans.org/blog/vulnerability-management-maturity-model-part-ii/) at the very least you will smile, and you might just get break the back of vulnerability management within your organisation.
Vulnerability Management Maturity Model Part I
Vulnerability Management Maturity Model Part II
Other News
The British Government found them selves in hot water after a poorly timed advert went out over social channels:
A brief explainer on the government's dystopian Fatima cyber ad
The Irish Government learnt a tough lesson about SMS:
'You've got the old cheeky Corona': Ireland's pandemic advice SMS service can be spoofed, warns…