Atlantic Council, 2019 Poland Cyber Security Conference, Day Two →
Atlantic Council, 2019 Poland Cyber Security Conference, Day One →
BSides Vancouver 2019, Day 1 Track 2 →
Microsoft Warns Of A 'New Wannacry': Newly Discovered 'Wormable' Exploit In The Wild
Good News for organized crime, and other criminal, system attackers: Microsoft Corporation (NASDAQ: MSFT) has coughed up another furball of coding incompetence (aka CVE-2019-0708): Microsoft's Security Response Center's Director of Incident Response - Simon Pope, has announced a newly discovered 'wormable' exploit (a pre-user-authentication) attack, that is). More good work from the company helmed by Satya 'The Miracle Worker' Nadella (who, in reality is a superb leader of the Leviathan of Redmond (so ignore my gentle snark - if you are a fan). Today's Must Read.
"Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware." - via Microsoft Corporation's MSRC Director of Incident Response - Simon Pope
BSides Vancouver 2019 Day 1, Track 1 →
First Rule Of Antivirus Companies - Don't Succumb To Malware
via Ionut Ilascu - reporting for Bleeping Computer, comes a story that all anti-malware companies (should/must) dread: Don't become victimized by the very malware you are detecting... Today's Must Read.
Facial Recognition Ban Moves To City and County of San Francisco Commissioner Vote On May 14th
via Slate author April Glaser, comes word of the coming vote by the Commisionsers of the City and County of San Francisco targeting the curtailment and prohibition of human facial computational recognition systems and surveillance (including many other forms of computational image analysis, eg. automated license plate readers - and other types of surveillance by automated and non-automatedmeans) in the City and County of San Francisco, California. Now, if they can only figure out how to teach folks not to defecate on the sidewalks and to safely dispose of the accumulated detritus of intravenous drugs, it might be a great city to live in...
"Beyond prohibiting face surveillance, the bill also requires all other types of surveillance technologies—like automatic license plate readers, predictive policing software, and cell phone surveillance towers—to only be adopted by city agencies following a public notice and vote by the Board of Supervisors. The bill also requires clear policies for how surveillance technologies will be used by the city government. via April Glaser writing at Slate