Cyber Security November 2018

This posting is here to collect security alert news in September 2018.

I post links to security vulnerability news to comments of this article.

You are also free to post related links.

558 Comments

  1. Tomi Engdahl says:

    This is PARODY:

    China Unable To Recruit Hackers Fast Enough To Keep Up With Vulnerabilities In U.S. Security Systems
    https://www.theonion.com/china-unable-to-recruit-hackers-fast-enough-to-keep-up-1819578374

    Reply
  2. Tomi Engdahl says:

    Urban Massage exposed a huge customer database, including sensitive comments on its creepy clients
    https://techcrunch.com/2018/11/27/urban-massage-data-exposed-customers-creepy-clients/?utm_source=tcfbpage&sr_share=facebook

    The London, U.K.-based startup — now known as just Urban — left its Google-hosted ElasticSearch database online without a password, allowing anyone to read hundreds of thousands of customer and staff records. Anyone who knew where to look could access, edit or delete the database.

    Reply
  3. Tomi Engdahl says:

    Dunkin’ Donuts accounts may have been hacked in credential stuffing attack
    https://www.zdnet.com/article/dunkin-donuts-accounts-may-have-been-hacked-in-credential-stuffing-attack/

    Hackers were after user accounts in the company’s rewards points program.

    Reply
  4. Tomi Engdahl says:

    Hackers can exploit this bug in surveillance cameras to tamper with footage
    https://www.zdnet.com/article/hackers-can-exploit-these-bugs-in-surveillance-cameras-to-tamper-with-footage/

    Researchers have uncovered a vulnerability which can be used to completely compromise surveillance cameras and feeds.

    Reply
  5. Tomi Engdahl says:

    GCHQ: We don’t tell tech companies about every software flaw
    https://www.zdnet.com/article/gchq-we-dont-tell-tech-companies-about-every-software-flaw/

    UK intelligence service details when it won’t tell vendors that their software is vulnerable to attack and why that is.

    Reply
  6. Tomi Engdahl says:

    Dell announces security breach
    https://www.zdnet.com/google-amp/article/dell-announces-security-breach/?__twitter_impression=true

    Company says it detected an intrusion at the start of the month, but financial data was not exposed.

    Reply
  7. Tomi Engdahl says:

    Sennheiser discloses monumental blunder that cripples HTTPS on PCs and Macs
    https://arstechnica.com/information-technology/2018/11/sennheiser-discloses-monumental-blunder-that-cripples-https-on-pcs-and-macs/

    Poorly secured certificate lets hackers impersonate any website on the Internet.

    Reply
  8. Tomi Engdahl says:

    Lenovo to pay $7.3m for installing adware in 750,000 laptops
    https://www.hackread.com/lenovo-to-pay-fine-for-installing-adware-in-laptops/

    In 2015, Beijing based laptop manufacturer and seemingly reliable technology company Lenovo made headlines that its 750,000 laptops had pre-installed adware called VisualDiscovery developed by Superfish.

    Reply
  9. Tomi Engdahl says:

    https://www.wired.com/story/russian-hackers-us-power-grid-attacks/

    Russian Hackers Haven’t Stopped Probing the US Power Grid | WIRED

    Reply
  10. Tomi Engdahl says:

    People Who Buy Smart Speakers Have Given Up on Privacy, Researchers Find
    https://motherboard.vice.com/en_us/article/vba7xj/people-who-buy-smart-speakers-have-given-up-on-privacy-researchers-find

    Smart speakers raise a number of privacy questions, which owners are choosing to just shrug off.

    Many devices have a mute button that allows the user to turn off the microphone, for example, but the researchers found most users had never used it.

    It was also rare for users to go through their activity logs, where they can review and delete recordings. Instead of using this feature to protect personal privacy, the researchers found users were actually using it to spy on housesitters and babysitters.

    Reply
  11. Tomi Engdahl says:

    Distributing Malware By Becoming an Admin on an Open-Source Project
    https://www.schneier.com/blog/archives/2018/11/distributing_ma.html

    The module “event-stream” was infected with malware by an anonymous someone who became an admin on the project.

    Cory Doctorow points out that this is a clever new attack vector:

    Many open source projects attain a level of “maturity” where no one really needs any new features and there aren’t a lot of new bugs being found, and the contributors to these projects dwindle, often to a single maintainer who is generally grateful for developers who take an interest in these older projects and offer to share the choresome, intermittent work of keeping the projects alive.

    Malware vector: become an admin on dormant, widely-used open source projects
    https://boingboing.net/2018/11/26/candy-from-strangers.html

    Reply
  12. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    Dell says it detected hackers “attempting to extract Dell.com customer information”, such as customer names, email addresses, and hashed passwords, on Nov. 9

    Dell announces security breach
    https://www.zdnet.com/article/dell-announces-security-breach/

    Company says it detected an intrusion at the start of the month, but financial data was not exposed.

    Reply
  13. Tomi Engdahl says:

    US Senate computers will use disk encryption
    https://www.zdnet.com/article/us-senate-computers-will-use-disk-encryption/

    New security measure is meant to protect sensitive Senate data on stolen Senate laptops and computers.

    Reply
  14. Tomi Engdahl says:

    After Microsoft complaints, Indian police arrest tech support scammers at 26 call centers
    https://www.zdnet.com/article/after-microsoft-complaints-indian-police-arrest-tech-support-scammers-at-26-call-centers/

    Indian police raid 26 call centers, make 63 arrests.

    Reply
  15. Tomi Engdahl says:

    Google Makes Secure LDAP Generally Available
    https://www.securityweek.com/google-makes-secure-ldap-generally-available

    Google this week announced the general availability of secure LDAP, after introducing the capability in October at Next ’18 London.

    Allowing customers to manage access to traditional LDAP-based apps and IT infrastructure, it can be used with either G Suite or Cloud Identity, Google’s managed identity and access management (IAM) platform.

    Secure LDAP, the Internet search giant explains, supports management of access to both software-as-a-service (SaaS) apps and traditional LDAP-based apps/infrastructure, regardless of whether on-premises or in the cloud, via a single IAM platform.

    Secure LDAP enables authentication, authorization, and user/group lookups and, because the same user directory is used for both SaaS and LDAP apps, logging into services like G Suite and other SaaS apps is similar to that for traditional applications.

    Reply
  16. Tomi Engdahl says:

    Zoom Conferencing App Exposes Enterprises to Attacks
    https://www.securityweek.com/zoom-conferencing-app-exposes-enterprises-attacks

    A potentially serious vulnerability discovered by researchers in the Zoom video conferencing application can allow external attackers or malicious insiders to hijack screen controls, spoof chat messages, and remove attendees from a session.

    Reply
  17. Tomi Engdahl says:

    Brazilian Financial Malware Spreads Beyond National Boundaries
    https://www.securityweek.com/brazilian-financial-malware-spreads-beyond-national-boundaries

    Brazilian Actors Expand Financial Malware Campaigns to Attack Spanish-Speaking Countries

    Reply
  18. Tomi Engdahl says:

    Colorado Agency Targeted in Nationwide Ransomware Scheme
    https://www.securityweek.com/colorado-agency-targeted-nationwide-ransomware-scheme

    No money was paid and no information was lost during a ransomware cyberattack that exploited a cloud-based vulnerability in the Colorado Department of Transportation’s computer network last spring, officials said Wednesday.

    CDOT was one of several government agencies across the country targeted by two Iranian computer hackers in the sweeping extortion scheme, according to a grand jury indictment filed in New Jersey federal court on Wednesday.

    Reply
  19. Tomi Engdahl says:

    Indian Police Break Up International Computer Virus Scam
    https://www.securityweek.com/indian-police-break-international-computer-virus-scam

    Indian police said Thursday they have arrested nearly two dozen people on suspicion of defrauding people around the world by sending fake pop-up messages warning them that their computers were infected with a virus and offering to fix the problem at a price.

    Reply
  20. Tomi Engdahl says:

    AWS Security Hub Aggregates Alerts From Third-Party Tools
    https://www.securityweek.com/aws-security-hub-aggregates-alerts-third-party-tools

    Amazon Web Services on Wednesday announced the launch of AWS Security Hub, a service designed to aggregate and prioritize alerts from AWS and third-party security tools.

    Unveiled at the AWS re:Invent 2018 conference, AWS Security Hub provides organizations a comprehensive view of their security status by consuming, aggregating, organizing and prioritizing data from Amazon GuardDuty, Amazon Inspector, Amazon Macie, and tools from AWS partners.

    Reply
  21. Tomi Engdahl says:

    Healthcare billing biz AccuDoc ‘fesses up to breach that blabbed 2.65m people’s data
    https://www.theregister.co.uk/2018/11/29/accudoc_atrium_health_data_breach/

    Names, addresses, social security numbers exposed

    Reply
  22. Tomi Engdahl says:

    ‘Big picture’ platforms boost fight against online terror activity
    https://horizon-magazine.eu/article/big-picture-platforms-boost-fight-against-online-terror-activity.html?utm_source=fb&utm_medium=share

    The fight against terrorism-related content and illegal financing online is speeding up thanks to new platforms that join up different internet-scouring technologies to create a comprehensive picture of terrorist activity.

    Reply
  23. Tomi Engdahl says:

    Middle East, North Africa Cybercrime Ups Its Game
    https://www.darkreading.com/vulnerabilities—threats/middle-east-north-africa-cybercrime-ups-its-game/d/d-id/1333354

    Ransomware, DDoS extortion, and encrypted communications abound as cybercriminals in the region refine their tradecraft.

    Ransomware infections increased by 233% this past year in the Middle East and North Africa as part of a shift toward more savvy and aggressive cybercrime operations in a region where criminals just last year mostly were sharing malware tools, phony documents, and services for free or on the cheap.

    Reply
  24. Tomi Engdahl says:

    Symantec comes out in swinging in bitter legal battle over security bug audit conspiracy claims
    Profit driving NSS claims of industry boycott, antivirus makers swear
    https://www.theregister.co.uk/2018/11/29/symantec_attacks_nss_labs/

    Symantec says the biz that accused it of conspiring with others to avoid independent security audits is “less than honest” and driven by a “thirst for profits.”

    https://regmedia.co.uk/2018/11/28/symantec-nss-labs.pdf

    Reply
  25. Tomi Engdahl says:

    GCHQ opens kimono for infosec world to ogle its vuln disclosure process
    Plus: State-backed hacks now need permission from a judge
    https://www.theregister.co.uk/2018/11/29/gchq_vuln_disclosures_judge_hacking_warrants/

    On the same day that certain types of British state-backed hacking now need a judge-issued warrant to carry out, GCHQ has lifted the veil and given the infosec world a glimpse inside its vuln-hoarding policies.

    The spying agency’s internal Equities Process is the way by which it decides whether or not to tell tech vendors that its snoopers have discovered a hardware or software vulnerability.

    Reply
  26. Tomi Engdahl says:

    OneDrive is broken: Microsoft’s cloudy storage drops from the sky for EU users
    Wonderful, wonderful
    https://www.theregister.co.uk/2018/11/29/microsoft_onedrive_down/

    It is OneDrive’s turn to get a beating with the stick of fail as the service took a tumble this morning.

    Reply
  27. Tomi Engdahl says:

    Marriott says 500 million Starwood guest records stolen in massive data breach
    https://techcrunch.com/2018/11/30/starwood-hotels-says-500-million-guest-records-stolen-in-massive-data-breach/

    Starwood Hotels has confirmed its hotel guest database of about 500 million customers has been stolen in a data breach.

    The hotel and resorts giant said in a statement filed with U.S. regulators that the “unauthorized access” to its guest database was detected on or before September 10 — but may have dated back as far as 2014.

    “Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014,”

    Reply
  28. Tomi Engdahl says:

    UPnProxy: EternalSilence
    https://blogs.akamai.com/sitr/2018/11/upnproxy-eternalsilence.html

    UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign. These injections expose machines living behind the router to the Internet and appear to target the service ports used by SMB.

    https://www.akamai.com/cn/zh/multimedia/documents/white-paper/upnproxy-blackhat-proxies-via-nat-injections-white-paper.pdf

    Reply
  29. Tomi Engdahl says:

    Dell discloses attempted data breach
    We don’t know if it was successful or not.
    https://www.itproportal.com/news/dell-discloses-attempted-data-breach/

    Reply
  30. Tomi Engdahl says:

    Water and Energy Sectors Through the Lens of the Cybercriminal Underground
    https://blog.trendmicro.com/trendlabs-security-intelligence/water-and-energy-sectors-through-the-lens-of-the-cybercriminal-underground/

    In our research Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries, we not only found exposed industrial control system (ICS) human machine interfaces (HMIs) but also pointed out how these systems were at risk. This risk is corroborated by the active interest in water and energy ICSs shown by different kinds of cybercriminal groups.

    Critical Infrastructures Exposed and at Risk: Energy and Water Industries
    https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/exposed-and-vulnerable-critical-infrastructure-the-water-energy-industries

    Securing energy and water should remain top priority in the continuing integration of the industrial internet of things in these critical sectors.

    Reply
  31. Tomi Engdahl says:

    AutoIt-Compiled Worm Spreads Backdoor via Removable Drives
    https://www.securityweek.com/autoit-compiled-worm-spreads-backdoor-removable-drives

    Trend Micro security researchers have discovered an AutoIt-compiled worm that infects removable drives to spread the njRAT backdoor to other machines.

    Also known as Bladabindi, the njRAT remote access Trojan has been around since at least 2013 and is considered one of the most prevalent malware families out there. The threat provides attackers with remote access to the infected machines, can steal passwords and virtual coins, log keystrokes, launch distributed denial of service (DDoS) attacks, and lock the screen.

    Reply
  32. Tomi Engdahl says:

    Industry Reactions to USPS Exposing User Data
    https://www.securityweek.com/industry-reactions-usps-exposing-user-data

    Security blogger Brian Krebs revealed recently that an API used by the United States Postal Service (USPS) had a vulnerability that potentially exposed the data of 60 million customers.

    Reply
  33. Tomi Engdahl says:

    Data Breach Hits 2.6 Million Atrium Health Patients
    https://www.securityweek.com/data-breach-hits-26-million-atrium-health-patients

    Hospital network Atrium Health informed patients on Tuesday that their personal information was compromised following a breach at technology solutions provider AccuDoc.

    Reply
  34. Tomi Engdahl says:

    Cryptocurrency-Stealing Code Distributed via Popular Library
    https://www.securityweek.com/cryptocurrency-stealing-code-distributed-popular-library

    The popular EventStream Node.js library was recently modified to fetch malicious code designed to steal crypto-currencies.

    Designed as a toolkit to make creating and working with streams easy, the JavaScript package has around two million downloads a week, which makes it a valuable resource to application developers and malicious actors alike.

    Reply
  35. Tomi Engdahl says:

    Worried About Facebook Tracking Your Data? A Fake Account Might Help.
    https://m.huffingtonpost.co.uk/entry/facebook-tracker-selling-data-fake-account_us_5bf454a7e4b0c097a8e08b31?fbclid=IwAR0kEHVmRfp7K5NninGJIlNpYQIUA5zU5l2ujWMdKSqjb_PIixiuG-VIlhY

    When it comes to your personal information online, there’s no such thing as “delete.”

    Reply
  36. Tomi Engdahl says:

    This Linux virus is a total jerk, even by malware standards
    No Linux given
    https://www.theinquirer.net/inquirer/news/3066979/this-linux-virus-is-a-total-jerk-even-by-malware-standards

    Comprised of over 1,000 lines of code, Linux.BtcMine.174 (the company is better at identifying malware than giving it a headline-friendly name), is particularly malicious thanks to the number of ways it attacks its host computer.

    Reply
  37. Tomi Engdahl says:

    Mozilla Testing DNS-over-HTTPS in Firefox
    https://www.securityweek.com/mozilla-testing-dns-over-https-firefox

    Mozilla is moving forward with yet another project designed to provide users with increased security: it is now testing DNS-over-HTTPS (DoH) in Firefox stable.

    Only a small group of users will enjoy the feature for now, as it is still in the testing phase, but Mozilla is determined to work with industry players for a larger rollout. When that will happen, however, remains to be seen.

    Mozilla has been already testing DoH in its browser, looking into the time it takes to get a response from Cloudflare’s DoH resolver. With the test results positive, revealing great performance improvements even for the slowest users, the Internet organization has decided to move forward with its plans.

    “A recent test in our Beta channel confirmed that DoH is fast and isn’t causing problems for our users. However, those tests only measure the DNS operation itself, which isn’t the whole story,” Mozilla’s Selena Deckelmann explains.

    Reply
  38. Tomi Engdahl says:

    MITRE Uses ATT&CK Framework to Evaluate Enterprise Security Products
    https://www.securityweek.com/mitre-uses-attck-framework-evaluate-enterprise-security-products

    MITRE Corporation’s ATT&CK framework has been used to evaluate enterprise security products from several vendors to determine how efficient they are in detecting and responding to attacks launched by sophisticated threat groups.

    MITRE is a not-for-profit company involved in federally funded research and development projects in various areas, including cybersecurity. Its Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Matrix is a framework that describes the techniques used by adversaries, including related to persistence, privilege escalation, defense evasion, credential access, discovery, data collection, lateral movement, command and control, and execution.

    In the first round of evaluations performed by Mitre, the threat actor’s tactics and techniques were tested against products from Carbon Black, CrowdStrike, CounterTack, Endgame, Microsoft, RSA and SentinelOne.

    https://attackevals.mitre.org/evaluations.html

    Reply
  39. Tomi Engdahl says:

    New PowerShell Backdoor Resembles “MuddyWater” Malware
    https://www.securityweek.com/new-powershell-backdoor-resembles-muddywater-malware

    A recently discovered PowerShell-based backdoor is strikingly similar to malware employed by the MuddyWater threat actor, Trend Micro reports.

    New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools
    https://blog.trendmicro.com/trendlabs-security-intelligence/new-powershell-based-backdoor-found-in-turkey-strikingly-similar-to-muddywater-tools/

    Reply
  40. Tomi Engdahl says:

    Facebook Mulled Charging for Access to User Data
    https://www.securityweek.com/facebook-mulled-charging-access-user-data

    Facebook on Wednesday said it considered charging application makers to access data at the social network.

    Such a move would have been a major shift away from the policy of not selling Facebook members’ information, which the social network has stressed in the face of criticism alleging it is more interested in making money than protecting privacy.

    “To be clear, Facebook has never sold anyone’s data,” director of developer platforms and programs Konstantinos Papamiltiadis said in response to an AFP inquiry.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*