Cyber Security November 2018

This posting is here to collect security alert news in September 2018.

I post links to security vulnerability news to comments of this article.

You are also free to post related links.

558 Comments

  1. Tomi Engdahl says:

    TV report: Israel silent as Iran hit by computer virus more violent than Stuxnet
    https://www.timesofisrael.com/tv-report-israel-silent-as-iran-hit-by-computer-virus-more-violent-than-stuxnet/amp/

    Tehran strategic networks attacked, Hadashot TV says, hours after Israel revealed it tipped off Denmark about Iran murder plot, and days after Rouhani’s phone was found bugged

    Iranian infrastructure and strategic networks have come under attack in the last few days by a computer virus similar to Stuxnet but “more violent, more advanced and more sophisticated,” and Israeli officials are refusing to discuss what role, if any, they may have had in the operation, an Israeli TV report said Wednesday.

    The report came hours after Israel said its Mossad intelligence agency had thwarted an Iranian murder plot in Denmark, and two days after Iran acknowledged that President Hassan Rouhani’s mobile phone had been bugged.

    “Remember Stuxnet, the virus that penetrated the computers of the Iranian nuclear industry?” the report on Israel’s Hadashot news asked. Iran “has admitted in the past few days that it is again facing a similar attack, from a more violent, more advanced and more sophisticated virus than before, that has hit infrastructure and strategic networks.”

    Reply
  2. Tomi Engdahl says:

    92% of External Web Apps Have Exploitable Security Flaws or Weaknesses: Report
    https://www.securityweek.com/92-external-web-apps-have-exploitable-security-flaws-or-weaknesses-report

    According to new research, 98% of leading companies across the U.S. and Europe are vulnerable to cybercriminals through their web applications. While this figure may seem high, it will surprise neither the companies themselves nor independent security experts.

    The purpose of this research from High-Tech Bridge (HTB) is designed to show that the problem is far bigger and less acceptable than most companies imagine. It was prompted, at least in part, by HTB’s experience with one particular U.S. government agency client.

    https://www.htbridge.com/blog/FT500-application-security.html

    Reply
  3. Tomi Engdahl says:

    Nearly three-quarters of employees are forced to install work software on their personal devices
    http://www.itpro.co.uk/mobile/32241/nearly-three-quarters-of-employees-are-forced-to-install-work-software

    The majority of those using their personal mobiles for work object to their employer’s demands

    Almost three-quarters of employees are being forced to install work-based applications onto their personal mobile phones so they can carry out their jobs, a report by CCS Insight has revealed.

    Although 74% of employees admit they resent the idea of using work applications on their personal devices due to fears their employers can track them, two-thirds said they do trust their employers with their privacy.

    Other concerns expressed by employees in the survey included a fear that artificial intelligence will result in job losses over time.

    Reply
  4. Tomi Engdahl says:

    North Korea continues to hack computers to mine cryptocurrency
    https://www.upi.com/Top_News/World-News/2018/10/31/North-Korea-continues-to-hack-computers-to-mine-cryptocurrency/7231540971126/

    North Korea is hacking computers to mine cryptocurrency to bring extra cash into the country, according to South Korea’s intelligence service.

    North Korean hackers also continue to hack computers in South Korea and abroad to steal confidential information, the state intelligence agency said in a parliamentary audit on Wednesday, Yonhap News reported.

    A U.S. cybersecurity firm revealed in January that it found computers installed with malware, suspected to have been implanted by North Korean hackers, to mine for cryptocurrency Monero and send it to Kim Il Sung University in Pyongyang, according to Chosun Ilbo.

    South Korea: North Korea is still hacking our computers to mine cryptocurrency
    https://thenextweb.com/hardfork/2018/10/31/north-korea-hacking-mine-cryptocurrency/

    According to South Korea’s intelligence service, North Korea is purportedly still hacking computers to mine cryptocurrency as a revenue stream for the country’s government, United Press International (UPI) reports.

    The malware appears to be hi-jakcing host computers to mine – you guessed it – Monero. As ever, XMR remains the choice for crypto-jacking bandits around the globe.

    Not only that, the Monero is then sent back to Kim II Sung University in Pyongyang, according to another local news outlet, Chosun Ilbo.

    North Korea seems to be turning to cryptocurrency as a way to bypass ever increasing international sanctions placed on the country.

    Recently it was reported that a supposedly state-sponsored North Korean hacking outfit stole over $570 million worth of cryptocurrency.

    Reply
  5. Tomi Engdahl says:

    Pentagon Wants to Predict Anti-Trump Protests Using Social Media Surveillance
    https://motherboard.vice.com/en_us/article/7x3g4x/pentagon-wants-to-predict-anti-trump-protests-using-social-media-surveillance

    A series of research projects, patent filings, and policy changes indicate that the Pentagon wants to use social media surveillance to quell domestic insurrection and rebellion.

    Reply
  6. Tomi Engdahl says:

    Complete Works Of Shakespeare Hidden Inside Twitter Thumbnail Image
    https://www.bleepingcomputer.com/news/security/complete-works-of-shakespeare-hidden-inside-twitter-thumbnail-image/

    A security researcher has demonstrated how he could hide the Complete Works of Shakespeare into an image and use Twitter to distribute it using Steganography.

    Steganography is the act of hiding information or messages inside objects that are not themselves secret. This allows people to covertly distribute messages, files, and other types of data in files or data that appear to be non-secretive in nature.

    In a recent experiment, security researcher Dаvіd Вucһаnаn created a JPEG image of Shakespeare that also included a RARed copy of his complete works in HTML format. Buchanan went on to further show that this image could also be uploaded to Twitter, which would create a thumbnail that continued to contain the embedded RAR file.

    Вucһаnаn was able to do this by creating a script that converted the multi-part RAR file into an ICC profile, which was then embedded into a picture of Shakespeare. ICC profiles are data fields in an image that detail the characteristics and color of an input device, so that the colors are displayed properly when outputted.

    “ICC profiles are stored in chunks of approximately 64kb,” Вucһаnаn told BleepingComputer via Twitter direct message. “So I had to split the data into correspondingly sized chunks and a multi-part RAR archive seemed like a good way to do that”

    Reply
  7. Tomi Engdahl says:

    ThreatList: Dead Web Apps Haunt 70 Percent of FT 500 Firms
    https://threatpost.com/threatlist-dead-web-apps-haunt-70-percent-of-ft-500-firms/138659/

    Abandoned web applications used by FT 500 Global Companies have exploitable flaws and weaknesses.

    Reply
  8. Tomi Engdahl says:

    Five ways to make Halloween less cyber-scary for kids
    https://www.welivesecurity.com/2018/10/31/five-ways-halloween-less-cyber-scary-kids/

    How can we help kids avoid security horrors and stay safe from rogue online “neighbors” at Halloween and thereafter?

    Reply
  9. Tomi Engdahl says:

    Major Application Security Oversights You Can’t Afford
    https://securityintelligence.com/major-application-security-oversights-you-cant-afford/

    In many cases, not even a simple network vulnerability scan has been performed, much less in-depth application vulnerability and penetration testing. Source code analysis, which can complement traditional vulnerability and penetration testing, is typically an afterthought at best.
    Why Is Application Security Lacking?

    In many cases, I believe IT and security teams, along with their software development and quality assurance (QA) counterparts, take application security for granted because they assume it’s just an internal application or marketing website that doesn’t process or store critical information assets. Or, they assume that common application flaws, such as cross-site scripting (XSS), unhandled exceptions and web server misconfigurations, are insignificant.

    In reality, these vulnerabilities can amount to a huge gap in security. It’s all about context: I’ve seen situations where critical software flaws were right under the noses of the people in charge, but they didn’t fully understand their own software functionality or didn’t look deeply enough from multiple perspectives.

    Reply
  10. Tomi Engdahl says:

    Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims
    https://securingtomorrow.mcafee.com/mcafee-labs/fallout-exploit-kit-releases-the-kraken-ransomware-on-its-victims/

    Rising from the deep, Kraken Cryptor ransomware has had a notable development path in recent months. The first signs of Kraken came in mid-August on a popular underground forum. In mid-September it was reported that the malware developer had placed the ransomware, masquerading as a security solution, on the website SuperAntiSpyware, infecting systems that tried to download a legitimate version of the antispyware software.

    Reply
  11. Tomi Engdahl says:

    US government charges two Chinese spies over jet engine blueprint theft
    China says case is full of hot air
    https://www.theregister.co.uk/2018/10/31/china_spying_jet_engines/

    FOR IMMEDIATE RELEASE
    Tuesday, October 30, 2018
    Chinese Intelligence Officers and Their Recruited Hackers and Insiders Conspired to Steal Sensitive Commercial Aviation and Technological Data for Years
    https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal

    Reply
  12. Tomi Engdahl says:

    Anatomy of a sextortion scam
    https://blog.talosintelligence.com/2018/10/anatomy-of-sextortion-scam.html

    Since this July, attackers are increasingly spreading sextortion-type attacks across the internet. Cisco Talos has been investigating these campaigns over the past few months. In many cases the spammers harvested email addresses and passwords from a publicly available data breach, and then used this data to facilitate their sextortion attacks. While the attackers do not actually have any compromising videos showing the victim, the emails claim to have explicit videos that they will distribute if the victim doesn’t pay the extortion payment by a certain time. By including the recipient’s password along with their demands for payment, the attackers hope to legitimize their claims about having compromising material concerning the victim.

    Reply
  13. Tomi Engdahl says:

    Qualys Acquires Container Security Firm Layered Insight
    https://www.securityweek.com/qualys-acquires-container-security-firm-layered-insight

    Security and compliance solutions provider Qualys on Tuesday announced the acquisition of Layered Insight, a company that specializes in protecting container-native applications.

    Reply
  14. Tomi Engdahl says:

    Apple Patches Passcode Bypass, FaceTime Flaws in iOS
    https://www.securityweek.com/apple-patches-passcode-bypass-facetime-flaws-ios

    Security updates released by Apple on Tuesday for its macOS, iOS, tvOS, watchOS, Safari, iCloud and iTunes products address tens of new vulnerabilities.

    Reply
  15. Tomi Engdahl says:

    Laziness is a Wonderful Motivator in Security
    https://www.securityweek.com/laziness-wonderful-motivator-security

    Security Teams Are Often Challenged to Run a Proper Security Program With Too Few Resources

    One of my favorite English-language proverbs states: “necessity is the mother of invention.” The Oxford dictionary explains the meaning of this proverb as: “when the need for something becomes imperative, you are forced to find ways of getting or achieving it.” As you might have already guessed, I believe we can learn an important security lesson from this proverb.

    At a high level, our goal in security is to manage, mitigate, and minimize risk. In an ideal world, we would enumerate the list of risks and threats we are concerned about and allocate the necessary resources to properly address them. Of course, we don’t live in an ideal world. Most security teams feel this quite acutely in the form of resource constraints. Whether considering time, money, personnel, or any combination of the three, there just never seem to be enough resources to address the challenges at hand.

    Reply
  16. Tomi Engdahl says:

    Signal Unveils New ‘Sealed Sender’ Feature
    https://www.securityweek.com/signal-unveils-new-sealed-sender-feature

    Open Whisper Systems on Monday announced that the latest beta version of the Signal messaging app includes a new feature that aims to protect the identity of the sender.

    Signal uses end-to-end encryption to protect messages and it avoids storing data such as contacts, conversations, locations, avatars, profile names, and group details. However, current stable versions do rely on the service knowing where a message comes from and where it’s going.

    Signal developers hope to further reduce the amount of data accessible to the messaging service with a new feature, named “sealed sender,” that eliminates the need to know who the sender is.

    Reply
  17. Tomi Engdahl says:

    Proposal for Cybersecurity Civilian Corps Gets Mixed Reception
    https://www.securityweek.com/proposal-cybersecurity-civilian-corps-gets-mixed-reception

    Although the U.S has been engaged in cybersecurity for over a generation, “there continues to be organizational and human gaps that leave the nation insecure.” Few people would disagree. What is less clear is any realistic and effective solution to the problem.

    Reply
  18. Tomi Engdahl says:

    Apple Kernel Code Vulnerability Affected All Devices
    https://hackaday.com/2018/11/01/apple-kernel-code-vulnerability-affects-everything/

    Another day, another vulnerability. Discovered by [Kevin Backhouse], CVE-2018-4407 is a particularly serious problem because it is present all throughout Apple’s product line, from the Macbook to the Apple Watch. The flaw is in the XNU kernel shared by all of these products.

    This is a buffer overflow issue in the error handling for network packets.

    Reply
  19. Tomi Engdahl says:

    LED Stick Person Costume Lights Up the Night
    https://hackaday.com/2018/10/31/led-stick-person-costume-lights-up-the-night/

    Sometimes a simple idea can yield fantastic results. A few runs of LED strips fastened to a black hoody and sweatpants and just like that…a LED stick person costume for Halloween. The creator of the “Glowy Zoey” [Royce] originally put together some glow in the dark stick person suits to stand out when hitting the slopes at night. Now he’s taken that simple idea for a costume and made a small business out of it.

    https://glowyzoey.com/

    Reply
  20. Tomi Engdahl says:

    Streamline delivery with open source, they said. It’s perfectly safe, they said
    Eliminate the risks: Uncover the latest security trends here
    https://www.theregister.co.uk/2018/10/31/webcast_streamline_devops_delivery_with_open_source_while_eliminating_the_risks/

    It has been argued that the future of software development and operations is all about speeding up development and deployment through cloud-based infrastructure and open source software.

    But that can leave security overlooked.

    Reply
  21. Tomi Engdahl says:

    Will ‘Deepfakes’ Disrupt the Midterm Election?
    https://www.wired.com/story/will-deepfakes-disrupt-the-midterm-election/

    Plenty of people are following the final days of the midterm election campaigns. Yale law researcher Rebecca Crootof has a special interest—a small wager. If she wins, victory will be bitter sweet, like the Manhattan cocktail that will be her prize.

    In June, Crootof bet that before 2018 is out an electoral campaign somewhere in the world will be roiled by a deepfake—a video generated by machine learning software that shows someone doing or saying something that in fact they did not do or say. Under the terms of the bet, the video must receive more than 2 million views before being debunked. If she loses, Crootof will owe a sporting tiki drink to Tim Hwang, director of a Harvard-MIT project on ethics and governance of artificial intelligence. If she wins, it will validate the fears of researchers and lawmakers that recent AI advances could be used to undermine democracy.

    The US midterms are seen as a possible target that could prove the pessimists right. Facebook says the elections have already attracted other, more conventional disinformation campaigns.

    Reply
  22. Tomi Engdahl says:

    Red Hat Enterprise Linux 7.6 Released
    https://linux.slashdot.org/story/18/10/30/2235242/red-hat-enterprise-linux-76-released?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

    Fresh on the heels of the IBM purchase announcement, Red Hat released RHEL 7.6

    The release offers improved security, such as support for the Trusted Platform Module (TPM) 2.0 specification for security authentication. It also provides enhanced support for the open-source nftables firewall technology.

    Reply
  23. Tomi Engdahl says:

    Apple’s New T2 Security Chip Will Prevent Hackers From Eavesdropping On Your Microphone
    https://it.slashdot.org/story/18/10/30/222211/apples-new-t2-security-chip-will-prevent-hackers-from-eavesdropping-on-your-microphone?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

    According to its newest published security guide, the chip comes with a hardware microphone disconnect feature that physically cuts the device’s microphone from the rest of the hardware whenever the lid is closed. “This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed,”

    Apple’s new T2 security chip will prevent hackers from eavesdropping on your microphone
    https://techcrunch.com/2018/10/30/apple-t2-security-chip-microphone-eavesdropping/

    Reply
  24. Tomi Engdahl says:

    When Good Software Goes Bad: Malware In Open Source
    https://hackaday.com/2018/10/31/when-good-software-goes-bad-malware-in-open-source/

    Open Source software is always trustworthy, right? [Bertus] broke a story about a malicious Python package called “Colourama”. When used, it secretly installs a VBscript that watches the system clipboard for a Bitcoin address, and replaces that address with a hardcoded one. Essentially this plugin attempts to redirects Bitcoin payments to whoever wrote the “colourama” library.

    Why would anyone install this thing? There is a legitimate package named “Colorama” that takes ANSI color commands, and translates them to the Windows terminal. It’s a fairly popular library, but more importantly, the name contains a word with multiple spellings

    https://medium.com/@bertusk/cryptocurrency-clipboard-hijacker-discovered-in-pypi-repository-b66b8a534a8

    Reply
  25. Tomi Engdahl says:

    SingHealth cyber attack: Senior manager didn’t report suspicious activity, for fear of working ‘non-stop’ to answer for it
    https://www.todayonline.com/singapore/afraid-being-pressed-deliver-answers-senior-ihis-employee-decided-not-report-suspicious?cid=emarsys-today_TODAY%27s%20morning%20briefing%20for%20Nov%201,%202018%20%28ACTIVE%29_newsletter_01112018_today

    At a hearing into the SingHealth cyber attack on Oct 31, 2018, a senior manager said that if he reported what he learnt about a possible breach into the database, he will have many people chasing him for answers and updates.

    Two days after a junior staff member from the Integrated Health Systems (IHiS) informed a senior manager that an attacker had infiltrated SingHealth’s patient database on July 4, the superior still decided against reporting the cyber-security incident to higher management.

    his decision led to “a bottleneck” in the reporting of the breach.

    In his reply to his subordinate on July 6, the senior manager said: “Once we escalate to management, there will be no day and no night… everyone in IHiS will be working non-stop on this case.”

    During the cyber attack, 1.5 million patients had their personal data stolen, and 160,000 of them — including Prime Minister Lee Hsien Loong — also had their outpatient medication data extracted.

    Mr Lee also urged his boss to report the incident to higher-level management.

    Mr Tan said he had thought to himself, “If I report the matter, what do I get?”

    Cybersecurity Agency of Singapore (CSA), IHiS and SingHealth would “put pressure” on his team.

    “it was not confirmed that there had been successful access to any server”.

    NOT REALLY HIS JOB TO RAISE ALARM

    he did not feel a need to report the matter, until he had obtained all the necessary information deemed necessary to classify the attack as a security incident, which would include information about the impact of the attack and the identity of the attacker.

    He added that even if a cyber-security incident had occurred, he did not think that it would be his job to raise the alarm.

    this “bottleneck is not acceptable”, Mr Benedict Tan said

    Mr Chua replied that it may not be wise to involve senior management in all cyber-security threats, as there could be numerous false alarms.

    Adopting the “assume breach” mindset, where it is always assumed that the company’s assets have been compromised

    To this, COI chair Richard Magnus said that cyber-security defence was both an “art and a science”.

    Mr Chua then acknowledged that the tabletop exercises may not fully prepare staff members to identify and respond to security incidents.

    the SCM database itself, which is considered a critical information infrastructure, was not tested for vulnerabilities.

    Reply
  26. Tomi Engdahl says:

    Google Boosts Account Security With New Tools, Protections
    https://www.securityweek.com/google-boosts-account-security-new-tools-protections

    Google on Wednesday announced several new tools and protection mechanisms designed to help users secure their accounts and recover them in case they have been compromised.

    It’s not uncommon for accounts to get hacked after their username and password have been obtained by malicious actors through phishing attacks. Since many users still haven’t enabled two-factor authentication, Google has introduced an additional layer of security during the login process.

    When the username and password are entered on the sign-in page, a risk assessment is run and the login is only successful if nothing is suspicious. However, for the risk assessment to work, Google says users need to have JavaScript enabled.

    Reply
  27. Tomi Engdahl says:

    Top Australia Defence Firm Reports Serious Cyber Breach
    https://www.securityweek.com/top-australia-defence-firm-reports-serious-cyber-breach

    A top Australian defence firm with major US Navy contracts has admitted its personnel files were breached and that it was the subject of an extortion attempt.

    Austral — which among other things makes small, quick ships for warfare close to shore — said its “data management system” had been infiltrated by an “unknown offender”.

    In a statement, the company claimed that there was “no evidence to date” that “information affecting national security nor the commercial operations of the company have been stolen”.

    However it said staff email addresses and mobile phone numbers were accessed and the offender purported to offer materials for sale on the internet and “engage in extortion”.

    Reply
  28. Tomi Engdahl says:

    Law Enforcement Faces Dilemma in Assessing Online Threats
    https://www.securityweek.com/law-enforcement-faces-dilemma-assessing-online-threats

    Their anger is all over social media for the whole world to see, with rants about minorities, relationships gone bad or paranoid delusions about perceived slights.

    The perpetrators of mass shootings often provide a treasure trove of insight into their violent tendencies, but the information is not always seen by law enforcement until after the violence is carried out. In addition, rants and hate speech rarely factor into whether someone passes a background check to buy guns.

    “We can go out on Twitter and there are loads of people saying insane stuff, but how do you know which is the one person? It’s always easy after the fact, to go: ‘That was clear.’ But clearly everyone spouting their mouth doesn’t go and shoot up a synagogue,” said David Chipman, a retired agent of the federal Bureau of Alcohol, Tobacco, Firearms and Explosives and now senior policy adviser for the Giffords Center.

    Reply
  29. Tomi Engdahl says:

    New Bill Proposes Prison for Execs Misusing Consumer Data
    https://www.securityweek.com/new-bill-proposes-prison-execs-misusing-consumer-data

    Democrat Senator Ron Wyden released a draft bill this week that proposes big fines for companies misusing the personal information of American consumers, along with significant prison terms for their executives.

    The new bill, named the Consumer Data Protection Act of 2018, aims to give consumers control over their data, including how it’s sold or shared, and gives the U.S. Federal Trade Commission (FTC) the power to issue fines and other penalties.

    Sen. Wyden is accepting feedback on the bill. In its current form, the legislation empowers the FTC to establish minimum privacy and security standards, issue fines of up to 4% of an offending company’s annual revenue (similar to the EU’s GDPR), and even prison terms ranging between 10 and 20 years for senior executives. The agency would be given the resources necessary to hire 175 individuals to “police” the market for private data.

    Reply
  30. Tomi Engdahl says:

    US Accuses China, Taiwan Firms With Stealing Secrets From Chip Giant Micron
    https://www.securityweek.com/us-accuses-china-taiwan-firms-stealing-secrets-chip-giant-micron

    US Attorney General Jeff Sessions announced charges Thursday against Chinese and Taiwan companies for theft of an estimate $8.75 billion worth of trade secrets from US semiconductor giant Micron.

    Sessions said the case was the latest in a series that are part of a state-backed program by Beijing to steal US industrial and commercial secrets.

    “Taken together, these cases and many others like them paint a grim picture of a country bent on stealing its way up the ladder of economic development and doing so at American expense,” Session said.

    “This behavior is illegal. It is wrong. It is a threat to our national security. And it must stop.”

    Reply
  31. Tomi Engdahl says:

    U.S. Intel Budget Soars Under Trump
    https://www.securityweek.com/us-intel-budget-soars-under-trump

    US spending on intelligence has soared under President Donald Trump, figures released on Tuesday showed, as the government stepped up cyber warfare activities and boosted spying on North Korea, China and Russia.

    Spending on civilian and military intelligence jumped by 11.6 percent to $81.5 billion in fiscal 2018, which ended on September 30, according to the Department of Defense and the Office of the Director of National Intelligence.

    Spending for the National Intelligence Program, which spans some 16 agencies including the Central Intelligence Agency, National Security Agency, some defense operations and reconnaissance from space, rose to $59.4 billion from $54.6 billion in fiscal 2017.

    The Military Intelligence Budget came in at $22.1 billion, up from $18.4 billion in fiscal 2017.

    The Trump administration has sharply increased both military and intelligence outlays, spending more on personnel, equipment and operations.

    Reply
  32. Tomi Engdahl says:

    USB Drives Deliver Dangerous Malware to Industrial Facilities: Honeywell
    https://www.securityweek.com/usb-drives-deliver-dangerous-malware-industrial-facilities-honeywell

    Malware is still being delivered to industrial facilities via USB removable storage devices and some threats can cause significant disruptions, according to a report published on Thursday by Honeywell.

    The industrial giant last year launched SMX, a product designed to protect facilities from USB-born threats, and the company has also been using it to determine the risk posed by USB drives to such organizations.

    Honeywell has analyzed data collected from 50 locations across the United States, South America, Europe and the Middle East. The enterprises whose systems were part of the study represented the energy, oil and gas, chemical manufacturing, pulp and paper, and other sectors.

    Honeywell said its product had blocked at least one suspicious file in 44% of the analyzed locations. Of the neutralized threats, 26% could have caused major disruptions to industrial control systems (ICS), including loss of control or loss of view.

    Furthermore, Honeywell says 16% of the detected malware samples were specifically designed to target ICS or IoT systems, and 15% of the samples belonged to high profile families such as Mirai (6%), Stuxnet (2%), Triton (2%), and WannaCry (1%).

    Reply
  33. Tomi Engdahl says:

    Bluetooth Chip Flaws Expose Enterprises to Remote Attacks
    https://www.securityweek.com/bluetooth-chip-flaws-expose-enterprises-remote-attacks

    Millions of access points and other networking devices used by enterprises around the world may be exposed to remote attacks due to a couple of vulnerabilities discovered by researchers in Bluetooth Low Energy (BLE) chips made by Texas Instruments.

    Bluetooth Low Energy, or Bluetooth 4.0, is designed for applications that do not require exchanging large amounts of data, such as smart home, health and sports devices. BLE stays in sleep mode and is only activated when a connection is initiated, which results in low power consumption. Similar to the classic Bluetooth, BLE works over distances of up to 100 meters (330 feet), but its data transfer rate is typically 1 Mbit/s, compared to 1-3 Mbit/sec in the case of classic Bluetooth.

    Researchers at IoT security company Armis, who in the past discovered the Bluetooth vulnerabilities known as BlueBorne, now claim to have found two serious vulnerabilities in BLE chips made by Texas Instruments. These chips are used in access points and other enterprise networking devices made by Cisco, including Meraki products, and HP-owned Aruba Networks.

    The flaws, dubbed BLEEDINGBIT by Armis, can allow a remote and unauthenticated attacker to take complete control of impacted devices and gain access to the enterprise networks housing them.

    The IoT security firm is in the processes of assessing the full impact of the BLEEDINGBIT vulnerabilities, but so far it determined that they affect several Texas Instruments chips. One of the flaws, tracked as CVE-2018-16986, has been found in CC2640 and CC2650 chips running BLE-STACK 2.2.1 and earlier, and CC2640R2 running version 1.0 or earlier.

    https://armis.com/bleedingbit/

    Reply
  34. Tomi Engdahl says:

    Hackers Gear Up for the Holidays Too
    https://www.securityweek.com/hackers-gear-holidays-too

    November marks the beginning of the holiday shopping season. Consumers are making their shopping lists. Retailers are gearing up for the rush of shoppers. And hackers are honing their skills and using new tools to take advantage of the spike in online transactions. A 2018 survey (PDF) by RetailMeNot shows that consumers are expected to spend an average of $803 holiday shopping during Black Friday weekend, up from an average of $743 last year, with Black Friday and Cyber Monday projected to be the top two desktop and mobile shopping days of the year. While 67 percent of shoppers will go to department stores, 60 percent plan to shop with online-only retailers.

    Reply
  35. Tomi Engdahl says:

    IT Wi-Fi kit bit by TI chip slip: Wireless gateways open to hijacking via BleedingBit chipset vuln
    Firmware security patches hit to fix critical holes in enterprise network access points
    https://www.theregister.co.uk/2018/11/01/it_bit_by_ti_chip_slipup_dubbed_bleedingbit/

    On Thursday, network equipment makers Aruba, Cisco, and Cisco-owned Meraki plan to patch two flaws in Bluetooth Low Energy (BLE) chips made by Texas Instruments (TI) that power their respective enterprise Wi-Fi access points.

    Reply
  36. Tomi Engdahl says:

    aking a page from Apple’s playbook, Nadella was keen to highlight the efforts made by the Microsoft in privacy. Amazon, in its September gadgetfest, famously failed to utter the “P” word once. Nadella, on the other hand, was more forthright, seeing the recently introduced GDPR as a good first step before declaring: “Privacy is a human right.”

    Source: https://www.theregister.co.uk/2018/11/01/satya_nadella_microsoft_future_decoded_keynote/

    Reply
  37. Tomi Engdahl says:

    Cisco firewalls under attack – and there’s no patch: Too many SIPs and they drown in data
    Denial-of-service flaw exploited by miscreants in the wild, networking kit giant warns
    https://www.theregister.co.uk/2018/11/02/cisco_sip_warning/

    Cisco says miscreants are actively exploiting a SIP vulnerability in its networking gear that it disclosed on Wednesday.

    The bug, CVE-2018-15454, lies within code in some Adaptive Security Appliances, and its Firepower Threat Defense software, that handles Session Initiation Protocol (SIP) packets. SIP is the signalling protocol used in IP telephony.

    The advisory warns that an attacker can hose a vulnerable system offline “by sending SIP requests designed to specifically trigger this issue at a high rate.”

    Reply
  38. Tomi Engdahl says:

    Security researchers find flaws in chips used in hospitals, factories and stores
    https://www.cnet.com/news/security-researchers-find-flaws-in-chips-used-in-hospitals-factories-and-stores/?ftag=COS-05-10aaa0b&linkId=59034799

    The vulnerabilities are packed in chips used for Bluetooth connections, and can allow for serious attacks.

    Reply
  39. Tomi Engdahl says:

    Quantum Random Numbers Future-Proof Encryption
    https://semiengineering.com/quantum-random-numbers-future-proof-encryption/

    Three universities chose to build and license quantum random number generators.

    Reply
  40. Tomi Engdahl says:

    Trickbot Shows Off New Trick: Password Grabber Module
    https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-shows-off-new-trick-password-grabber-module/

    Trickbot, which used to be a simple banking trojan, has come a long way. Over time, we’ve seen how cybercriminals continue to add more features to this malware. Last March, Trickbot added a new module that gave it increased detection evasion and a screen-locking feature. This month, we saw that Trickbot (detected by Trend Micro as TSPY_TRICKBOT.THOIBEAI) now has a password grabber module (pwgrab32) that steals access from several applications and browsers, such as Microsoft Outlook, Filezilla, WinSCP, Google Chrome, Mozilla Firefox, Internet Explorer, and Microsoft Edge. Based on our telemetry, we saw that this Trickbot variant has affected users mainly in the United States, Canada, and the Philippines.

    Reply
  41. Tomi Engdahl says:

    New Stuxnet Variant Allegedly Struck Iran
    https://www.bleepingcomputer.com/news/security/new-stuxnet-variant-allegedly-struck-iran/

    A malware similar in nature to Stuxnet but more aggressive and sophisticated allegedly hit the infrastructure and strategic networks in Iran.

    Details about the supposed new attack are superficial at the moment, as there are no details about the supposed attack, the damage it caused or its targets.

    A report on Wednesday from Israeli evening news bulletin Hadashot says that Iran “has admitted in the past few days that it is again facing a [Stuxnet-like] attack, from a more violent, more advanced and more sophisticated virus than before, that has hit infrastructure and strategic networks.”

    TV report: Israel silent as Iran hit by computer virus more violent than Stuxnet
    https://www.timesofisrael.com/tv-report-israel-silent-as-iran-hit-by-computer-virus-more-violent-than-stuxnet/

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*