FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure

Amid renewed tensions between the U.S. and Russia over Ukraine and Kazakhstan, American cybersecurity and intelligence agencies on Tuesday released a joint advisory on how to detect, respond to, and mitigate cyberattacks orchestrated by Russian state-sponsored actors.

Source: FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure


Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries

A study of 16 different Uniform Resource Locator (URL) parsing libraries has unearthed inconsistencies and confusions that could be exploited to bypass validations and open the door to a wide range of attack vectors. In a deep-dive analysis jointly conducted by cybersecurity firms Claroty and Synk, eight security vulnerabilities were identified in as many third-party libraries written in C,

Source: Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries


New Trick Could Let Malware Fake iPhone Shutdown to Spy on Users Secretly

Researchers have disclosed a novel technique by which malware on iOS can achieve persistence on an infected device by faking its shutdown process, making it impossible to physically determine if an iPhone is off or otherwise. The discovery — dubbed “NoReboot” — comes courtesy of mobile security firm ZecOps, which found that it’s possible to block and then simulate an iOS rebooting operation,

Source: New Trick Could Let Malware Fake iPhone Shutdown to Spy on Users Secretly


Cell Infrastructure Vulns

Many telecoms are phasing out older frequencies for re-allocation. But this new exploit does target a newer spectrum (4G/LTE).

https://thehackernews.com/2021/12/new-mobile-network-vulnerabilities.html


Meltdown Log4j

It appears that ‘log4j’ is a thing and it’s melting down the internet but with all things, it’s exaggerated at first and later downplayed.


De-Google Your Phone

Even with Google-based hardware, you can de-bloat your phone and it does not have Google-based tracking. It’s all a matter of the firmware or in this case AOSP.


AWS 5G?

I learned of this while catching up with my old friends at #ITPro.TV. Once I heard of this I was like this could be awesome for security researchers. What a way to possibly reverse engineer at cell network from the ground up.


2FA/MFA, it’s Real intent?

Never use the same email/phone/device on the net. Big Tech is using 2FA/MFA to link you. Once done it can’t be reversed. The data is already loose. Nothing is truly deleted on the interwebs.


Scrub your EXIF Data from Photos

Here is a tutorial of Dave demonstrating what EXIF data is and how to view it and later remove it from your photos before uploading them to the net.


Researches Detail 17 Malicious Frameworks Used to Attack Air-Gapped Networks

Four different malicious frameworks designed to attack air-gapped networks were detected in the first half of 2020 alone, bringing the total number of such toolkits to 17 and offering adversaries a pathway to cyber espionage and exfiltrate classified information. “All frameworks are designed to perform some form of espionage, [and] all the frameworks used USB drives as the physical transmission

Source: Researches Detail 17 Malicious Frameworks Used to Attack Air-Gapped Networks