AMESIA:33 IoT device vulnerabilities. Mexican police alleged to pass spyware to cartels. The US NDAA nears passage. Hacking lockers. – The CyberWire

Researchers at Forescout this morning released a report on a set of TCP/IP vulnerabilities theyre calling AMNESIA:33, the 33 referring to the number of vulnerabilities theyve found. Four they consider critical, and in general the issues are believed to broadly and deeply affect Internet-of-things devices. SC Magazine says that the US Department of Homeland Security is expected to release a report on the vulnerabilities soon, perhaps as early as today.

Both Haaretz and the Guardian are reporting on Forbidden Stories Cartel Project, which describes the ways in which Mexican police, users of NSO Groups lawful intercept products, have allegedly been reselling that technology to drug cartels, which in turn have used the spyware to monitor journalists and other third-parties. Some of the allegations are attributed to sources in the US Drug Enforcement Agency.

According to the Washington Post, despite the prospect of a Presidential veto, the US House appears ready to pass the National Defense Authorization Act (NDAA). CyberScoop summarizes the significant cybersecurity measures the NDAA ("biggest cyber bill ever") includes.

ZDNet reports that 2,732 PickPoint package delivery lockers across Moscow were opened by a criminal who hacked the PickPoint app. Landlords and guards responded quickly to keep an eye on obviously malfunctioning lockers. Russian security organizations (and by implication law enforcement organizations) take a lot of stick in these pages (see, for example, yesterdays warning from NSA that Russian intelligence services are actively exploiting a VMware bug), but this is one case where we wish the Militia good hunting.

View original post here:
AMESIA:33 IoT device vulnerabilities. Mexican police alleged to pass spyware to cartels. The US NDAA nears passage. Hacking lockers. - The CyberWire

Related Posts

Comments are closed.