Latest News Articles

--- TLP:WHITE ---
(https://first.org/tlp/)

########################################################
#### CSIRT-IE End of Week Report ####
########################################################

Date   : Friday 31-05-2019 10:00 ; Friday 07-06-2019 10:00

=====================================
= News =
=====================================
− Unprotected Elasticsearch database belonging to Pyramid
Hotel Group exposes security logs of major hotel chains
The impacted properties include Aloft Sarasota of Marriott
property, Tarrytown House Estate in New York, Carton House Luxury
Hotel in Ireland, Aloft Hotels in Florida, and Temple Bar Hotel in
Ireland. The data relating to multiple devices including hotel
locks, in-room safes, and physical security....

https://cyware.com/news/unprotected-elasticsearch-database-belonging-to
-pyramid-hotel-group-exposes-security-logs-of-major-hotel-chains-59c02536

− Facebook Loses Bid to Block Landmark ECJ Data Security Hearing
Ireland's supreme court on Friday dismissed a bid by Facebook to
block a landmark data security case from progressing to the European
Court of Justice. read more

https://www.securityweek.com/facebook-loses-bid-block-landmark-ecj-
data-security-hearing

− Cricket Ireland hit by 'six-figure' cyber fraud - Independent.ie
Cyber criminals stole a six-figure sum from Cricket Ireland that has
pushed the organisation into a financial crisis. The sporting organisation
was targeted in a sophisticated invoice redirect fraud in which more
than €4.5m has been stolen from several businesses, clubs and individuals
in Ireland this year, according to gardai.

https://www.independent.ie/irish-news/cricket-ireland-hit-by-sixfigure
-cyber-fraud-38171031.html

− #Infosec19: “We Can Build Safe 5G Networks Irrespective of Supplier” – NCSC
Governments and industry need to “focus on fixes, not fear,” and work out how
to build safer 5G networks rather than obsessing about national security concerns
leveled at suppliers, according to the National Cyber Security Centre (NCSC).
NCSC boss, Ciaran Martin, told attendees on day three of....

https://www.infosecurity-magazine.com/news/infosec19-we-can-build-safe-5g-1/

− Many iOS Developers Don’t Use Encryption: Report
Many developers who are creating applications for Apple's iOS do not use
encryption in their software, a report from  security startup Wandera shows.
read more

https://www.securityweek.com/many-ios-developers-don%E2%80%99t
-use-encryption-report

− The clever cryptography behind Apple’s “Find My” feature
You can track down your stolen MacBook, but no one else can—not even Apple.

https://arstechnica.com/information-technology/2019/06/the-clever
-cryptography-behind-apples-find-my-feature/

− FAI hit by cyber attack as computer servers are targeted - Independent.ie
Members of the Garda National Cyber Crime Bureau are currently looking into
the incident, while the Data Protection Commission is also investigating.
A spokesperson for the DPC told Independent.ie it was notified of the breach
earlier this week. "We are examining it at present," the statement said.

https://www.independent.ie/irish-news/garda-and-data-protection-commission
-investigating-as-fai-headquarters-targeted-by-hackers-38186389.html

=====================================
= Vulnerabilites =
=====================================

− Sen. Van Hollen: Government sees no EternalBlue in Baltimore ransomware attack
Written by Jun 4, 2019 | CYBERSCOOP. Shannon Vavra A second lawmaker from Maryland
now says it doesn’t appear that the ransomware attack in Baltimore relied on a
stolen National Security Agency exploit, EternalBlue. “It’s the federal government’s
view that EternalBlue was not involved in the ransomware attack in Baltimore City,”
Democratic Sen.

https://www.cyberscoop.com/sen-van-hollen-government-sees-no-eternalblue
-baltimore-ransomware-attack/

− Vuln: Microsoft Windows CVE-2019-9510 Lock Screen Local Security Bypass Vulnerability
Microsoft Windows CVE-2019-9510 Lock Screen Local Security Bypass
Vulnerability Joe Tammariello of Carnegie Mellon University Software Engineering
Institute (SEI) Microsoft Windows Server 2019 0 Microsoft Windows 10
Version 1803 for x64-based Systems 0 Microsoft Windows 10 Version
1803 for 32-bit....

https://www.securityfocus.com/bid/108562

− NSA Warns Windows Users to Upgrade, STAT
Threat of cyber-attacks lingers from BlueKeep vulnerability.

https://www.infosecurity-magazine.com:443/news/nsa-warns-windows-users-to-upgrade/


=====================================
= Community News =
=====================================
− Is AI fundamental to the future of cybersecurity?
While a significant proportion of SMEs believe in their current approach to
security, they are struggling when it comes to allocation of budget, according
to a Senseon research project. There is increasing uncertainty on whether
the investment into the security solutions they’re currently using is worth the cost.

https://www.helpnetsecurity.com/2019/06/04/ai-future-of-cybersecurity/

− Apple Unveils Privacy-Focused Authentication System
Apple announced on Monday at its 2019 Worldwide Developers Conference (WWDC)
a new authentication system that should provide better privacy protections
compared to similar products from Facebook and Google. read more

https://www.securityweek.com/apple-unveils-privacy-focused-authentication-system

− Chinese Military Wants to Develop Custom OS
Citing security concerns, the Chinese military wants to replace Windows with
its own custom operating system : Thanks to the Snowden, Shadow Brokers, and
Vault7 leaks, Beijing officials are well aware of the US' hefty arsenal of
hacking tools, available for anything from smart TVs to Linux servers, and
from routers to common desktop operating systems, such as Windows and Mac.
Since these leaks have revealed that the US can hack into almost anything,
the Chinese government's plan is ...

https://www.schneier.com/blog/archives/2019/06/chinese_militar.html

− Data Storage Security: Best Practices for Security Teams
Data storage security involves protecting storage resources and the data
stored on them both on-premises and in external data centers and the cloud
from accidental or deliberate damage or destruction and from unauthorized
users and uses. It's an area that is of critical importance to enterprises....

https://www.esecurityplanet.com/cloud/data-storage-security.html

− Healthcare Orgs Hit with Destructive Attacks
Attacks on healthcare industry are increasingly more targeted, report says.

https://www.infosecurity-magazine.com/news/healthcare-orgs-hit-with-1/


--- TLP:WHITE ---