April 27, 2020
David Redekop

This Week In Nerd News – April 27, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to:

Hackers target oil producers as they struggle with a record glut of crude.

As the world’s top oil producers prepared for a weeklong meeting earlier this month to plan a response to slumping prices of crude, espionage hackers commenced a sophisticated spearphishing campaign that was concentrated on US-based energy companies. The goal: install a notorious trojan that siphoned their most sensitive communications and data.

Setting the campaign apart, the emails were mostly free of the typos, broken grammar, and other sloppiness that are typical phishes. The emails also reflected a sender who was well-acquainted with the business of energy production. A barrage of emails that started on March 31, for instance, purported to come from Engineering for Petroleum and Process Industries, a real Egyptian state oil company.

 

Read More: Hackers target oil producers as they struggle with a record glut of crude

 

Ministers plan to give more UK public bodies power to access phone data.

Ministers want to expand the scope of UK surveillance laws to give more public authorities – including a pensions watchdog and the Environment Agency – the power to access vast databases of personal phone and computer data.

Five additional public bodies are to be allowed to obtain communications data under the Investigatory Powers Act – frequently dubbed the snooper’s charter – as they are “increasingly unable to rely on local police forces to investigate crimes on their behalf”, according to documents published by the government.

The US whistleblower Edward Snowden once described the act as the “most extreme surveillance in the history of western democracy”.

 

Read More: Ministers plan to give more UK public bodies power to access phone data

 

Israel halts police phone tracking over privacy concerns.

The government had approved the use of such data for a limited time, to make sure those ordered to self-isolate were doing so.

But now an oversight group in Israel’s parliament blocked an attempt to extend the emergency measures past this week.

A committee member said the harm done to privacy outweighed the benefits.

 

Read More: Coronavirus: Israel halts police phone tracking over privacy concerns

 

A single line of Windows kernel code change, allows Browser sandbox escape.

Microsoft has already fixed it.

The Chromium sandbox on Windows has stood the test of time. It’s considered one of the better sandboxing mechanisms deployed at scale without requiring elevated privileges to function. For all the good, it does have its weaknesses. The main one being the sandbox’s implementation is reliant on the security of the Windows OS. Changing the behavior of Windows is out of the control of the Chromium development team. If a bug is found in the security enforcement mechanisms of Windows then the sandbox can break.

 

Read More: Project Zero 

 

The CFAA will soon have its day before the Supreme Court.

This may legitimize more security researchers.

The future of a long-controversial federal law could come down to how the U.S. Supreme Court interprets the way that a local police officer looked up information on an exotic dancer in a law enforcement database.

 

Read More: The CFAA will soon have its day before the Supreme Court

 

Did you know?

Out of the CIS20 standard controls, adam:ONE plays an important role in 10 of them. I did a video on the weekend if you’re interested (~12 minutes)

Need an IT professional? Request service today.