January 16, 2018
Armed Raid on Nuclear Workers' Housing Raises Fears Over Two Reactors – Brazil
About 10 men held security guard’s hostage at around 3am on Monday, robbed guests at a party in a private club then escaped in a waiting speedboat from the Praia Brava condominium for workers at the Angra 1 and 2 nuclear reactors, run by state company Electronuclear. It was the second incident in a month: on 9 December, thieves exploded an ATM in the Mambucaba Condominium, another security-controlled workers’ village 15km away from the plants, near Angra dos Reis on the Rio de Janeiro state coastline. While reactors are encased in steel pressure vessels and layers of concrete, high-level radioactive spent nuclear fuel ponds are at greater risk. Older reactors like Angra 1, which began operating in 1982, have less sophisticated safety systems than more modern plants. Police said the gang involved in the December ATM robberies targeted Santander bank cash machines because they have less sophisticated security systems.
Journalist Killed Amid Wave of Violence Against Media – Mexico
A journalist was killed on Saturday in the northern Mexican state of Tamaulipas, adding to a wave of violence in one of the world’s most dangerous countries for media workers. Dominguez was murdered Saturday afternoon in the city of Nuevo Laredo, state officials said in a statement. The attorney general’s office has launched an investigation to determine the circumstances of the killing, including whether it was related to Dominguez’s work as a journalist, the state said. Dominguez was an independent journalist who wrote a political column. In one of his last publications, he lamented the growing political violence that has struck Mexico ahead of the presidential election in July.
Simple Attack Allows Full Remote Access to Most Corporate Laptops – United States
An Evil Maid attack could ultimately give an adversary full remote access to a corporate network without having to write a single line of code. The flaw was discovered by F-Secure senior security consultant Harry Sintonen, and disclosed today. It is unrelated to the "Apocalyptic AMT firmware vulnerability" disclosed in May 2017, or the current Meltdown and Spectre issues. The new flaw is surprising in its simplicity. "It is almost deceptively simple to exploit, but it has incredible destructive potential," explains Sintonen. "In practice, it can give an attacker complete control over an individual's work laptop, despite even the most extensive security measures." The problem is that setting a BIOS password (standard procedure) does not usually prevent access to the AMT BIOS extension -- the Intel Management Engine BIOS Extension (MEBx). Unless this separate password is changed, and usually it is not, the default 'admin' password will give the attacker access to AMT. If attackers have physical access to such a device, one need only boot up the device pressing CTRL-P during the process, and log in to MEBx with 'admin'. "By changing the default password, enabling remote access and setting AMT's user opt-in to "None", a quick-fingered cybercriminal has effectively compromised the machine," writes F-Secure. The device itself might be considered secure, with a strong BIOS password, TPM Pin, BitLocker and login credentials -- but these can be bypassed remotely if the attackers are able to insert themselves onto the same network segment with the victim. "In certain cases," warns F-Secure, "the assailant can also program AMT to connect to their own server, which negates the necessity of being in the same network segment as the victim." Once such an attack has succeeded, the target device is fully compromised, and the attacker has remote ability to read and modify all data and applications available to the authorized user. Although physical access is required for the attack, the speed with which it can be accomplished makes the Evil Maid attack (so-called because such attacks can be exploited in a hotel room if a device is left unattended for a brief period) a viable threat.
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, as well as regular intelligence and risk updates and news, click here to subscribe!