Thursday, March 23, 2023

Short Takes – 3-23-23

Remote hacking of Samsung, Google and Vivo smartphones: the problem and the solution. Kaspersky.com blog post. Pull quote: “Since the BRP handles all communication with the cellular network, malicious code can be used for a whole range of spying purposes: from tracking the victim’s geolocation to listening in on calls or stealing data from the smartphone memory. At the same time, because it’s a black box, the BRP is virtually impossible to diagnose or disinfect, except by reflashing.”

The pressing threat of Chinese-made drones flying above U.S. critical infrastructure. CyberScoop.com article. Pull quote: “The urgency around this threat could not be greater given the mission-critical roles of infrastructure owners and operators and public safety organizations. We therefore ask lawmakers and policymakers not only to revisit the issue, as Sens. Mark Warner, D. Va., Marsha Blackburn, R. Tenn., and a bi-partisan group of their colleagues urged in a letter to CISA last week, but also to work with industry, as well as state, local, tribal and territorial governments, to outline and implement a comprehensive approach to enable the elimination of all drones manufactured by companies with ties to the Chinese Communist Party from critical infrastructure and public safety inventories and supply chains.”

Preventing the Improper Use of CHIPS Act Funding. Federal Register NIST NPRM.  Pull quote: “To protect national security and the resiliency of supply chains, CHIPS Incentives Program funds may not be provided to a foreign entity of concern, such as an entity that is owned by, controlled by, or subject to the jurisdiction or direction of a country that is engaged in conduct that is detrimental to the national security of the United States. This proposed rule incudes a detailed explanation of what is meant by foreign entities of concern, as well as a definition of “owned by, controlled by, or subject to the jurisdiction or direction of.”” Comments to be submitted by May 22nd, 2023.

Advisory Committee for Cyberinfrastructure; Notice of Meeting. Federal Register NSF meeting notice. 2-day meeting April 17th/18th, 2023. Purpose of Meeting: “To advise NSF on the impact of its policies, programs and activities in the OAC [Office of Advance Cyberinfrastructure] community. To provide advice to the Director/NSF on issues related to long-range planning.”

Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs. CISA.gov blog post. Neat new term – ‘Pre-Ransomware Notification’. Pull quote: “Although we’re in the early days, we’re already seeing material results: since the start of 2023, we’ve notified over 60 entities across the energy, healthcare, water/wastewater, education, and other sectors about potential pre-ransomware intrusions, and we’ve confirmed that many of them identified and remediated the intrusion before encryption or exfiltration occurred.”

Chinese firm invents lockdown-inspired kissing machine for remote lovers. Reuters.com article. Okay, this is just gross. Pull quote: “The MUA - named after the sound people commonly make when blowing a kiss - also captures and replays sound and warms up slightly during kissing, making the experience more authentic, said Beijing-based Siweifushe.”

Periodic Graphics: The chemistry of plant flowering. CEN.ACS.org graphic. A look at the chemicals of spring.

No comments:

 
/* Use this with templates/template-twocol.html */