Discover

Our Directors of Cyber Security discuss plans for the Scandinavian cyber security landscape.

The cyber security firm SentinelOne has discovered a high severity flaw that affected the HP OMEN driver software. This flaw has left millions of gaming computers open to an array of attacks. Taking advantage of this vulnerability, threat actors can escalate privileges to kernel mode without administrator permissions, which can let them disable security products, overwrite system components, and corrupt the operating system.

After the Kaseya attack, the REvil gang went offline leaving the victims who paid the ransomware without the key to recover their system. Bitdefender a Romanian based cybersecurity firm has released the decryptor key. The cybersecurity firm claims that the victims can use this key to restore their system

Microsoft has released fixes for 66 vulnerabilities for September 2021. Among 66, 3 are classified as critical 62 as important and 1 as moderate. Among 66 vulnerabilities, 74% of the vulnerabilities are locally exploitable and 20% are remotely exploitable

The University of Michigan, University of Adelaide, Georgia Institute of Technology, and Tel Aviv University has budded the attack as Spook.js which is a JavaScript-based line of attack. An attacker who has control over the browser can know the website the user is browsing, retrieve sensitive data and can even recover login details

Google introduced Android’s Private compute core Android 12 beta. It is an open-source, secure environment that is private by design, which stores personal information safe, private, and local on the phone. This creates more transparency, which allows users to know which apps are accessing their data and can take more control of the amount of data shared with apps

REvil Ransomware gang went off the grid after the attack on the technology service provider Kaseya. Now, after two months they are back online. It is also noticed that their Happy Blog data leak site and its payment/negotiation site has resurfaced online. It is not confirmed that if they are back in business

Recent research from Singapore university has revealed more than a dozen of vulnerabilities in Bluetooth classic [BR/EDR] protocol. These vulnerabilities can be utilized to implement various malicious actions to execute arbitrary code and take control of vulnerable systems. This vulnerability has affected the SoCs of several companies which include Intel, Qualcomm, Texas Instruments, Infineon (Cypress), and Silicon Labs

O.MG data cables were the first release in Defcon 2019. These cables look like other cables available in the market but pose a security risk. The new cables come with upgraded features. The Geofencing feature allows users to trigger or block payloads, changing keyboard mappings and forge USB devices identities. When connected to a device they can record keystrokes and send the data to attackers over a mile’s distance

The instant messaging company WhatsApp which is now owned by Facebook has violated the actual General Data Protection Regulation (GDPR). The Irish data protection commission has now fined €225 million on WhatsApp for the lack of transparency on how it shares the European union’s user data with other Facebook companies

Security researchers from vpnMentor discovered that the Chinese mobile gaming company suffered a data breach that has affected more than 1 million android gamers. Exposed data includes IP addresses, IMEI numbers, Mobile application package doing the tracking, Device screen size – whether a device is ‘rooted’, Device model, Phone number (if any), Platform (Android/iOS), Net Type (Wi-Fi or cellular), Events (open, log in, level-up, etc).

Security researchers from Kaspersky discovered a new WhatsApp Mod named “FMWhatsapp” which spies on you and steals your data. The mod drops a Triada Trojan, which gathers device information such as MAC addresses, subscribers’ IDs, Devices IDs, SMS information and automatically signs to a premium subscription

Hao Kuo Chi, 40, of La Puente pleaded guilty to a hacker-for-hire scam. He disguised himself as an Apple customer support technician, and stole the iCloud passwords. More than 62,000 private photos and videos were stolen by him