On November 12th, 2018, between 1:00 PM and 2:23 PM PST, ThousandEyes noticed issues connecting to G Suite, a critical application for our organization. Reviewing ThousandEyes Endpoint Agent stats, we noticed this was impacting all users at the ThousandEyes office. The outage not only affected G Suite, but also Google Search as well as Google Analytics. What caught our attention was that traffic to Google was getting dropped at China Telecom. Why would traffic from a San Francisco office traversing to Google go all the way to China? We also noticed a Russian ISP in the traffic path, which definitely sparked some concerns.
Smartphones are motivating targets for cybercriminals. Mobile devices today hold personal and monetizable data such as login credentials, financial information and company secrets — not to mention spy-friendly sensors such as microphones, cameras and location electronics.
Unsavory actors gain access to phones through breaches, physical access to the device or, increasingly, by hiding code in mobile apps that “phones home” and sends target data back to the perpetrator. This method is especially attractive for criminals because users are in control of app installations and physically carry phones right inside company firewalls.
Cybercriminals have become more and more creative and efficient in their efforts to successfully bypass network security. Reports of unauthorized network intrusions that have compromised enterprise security, resources, and data, plague experts on a day-to-day basis, and will continue to do so if not prevented by a more efficient detection system or method. Currently, attackers use polymorphism, encryption, and obfuscation, among other techniques, to automate and increase variants in an attempt to evade traditional intrusion detection methods such as rule-based techniques.
To address these growing number of network threats and keep abreast with the changing sophistication of network intrusion methods, Trend Micro looked into network flow clustering — a method that leverages the power of machine learning in strengthening current intrusion detection techniques.
Network anomalies can be discovered by examining flow data because they contain information useful for analyzing traffic composition of varying applications and services in the network. To efficiently label and process large amounts of said data through clustering, we used a semi-supervised learning approach. These labels will then be used to discern relationships between different malware families, as well as to know how they differ from one another.
The incident ended over an hour later at 2:35PM, with Google at 3:01PM describing the issue as “Google Cloud IP addresses being erroneously advertised by internet service providers other than Google”.
Throughout the duration of this issue Google services were operating as expected and we believe the root cause of the issue was external to Google. We will conduct an internal investigation of this issue and make appropriate improvements to our systems to help prevent or minimize future recurrence.
According to ThousandEyes, “traffic to certain Google destinations appears to be routed through an ISP in Russia & black-holed at a China Telecom gateway router.” China Telecom, Nigerian-provider MainOne, and Russian network operator TransTelekom were named by the security firm.
The Chinese government doesn’t want children playing games for several hours every day. It said as much in a public notice from August. Now, Tencent is going along with that recommendation. The world’s biggest gaming company started pushing out its new “real name identity system” (RNIS) across China on November 1, according to market intelligence firm Niko Partners.
Content-distribution network Cloudflare has introduced iOS and Android versions of 1.1.1.1, a free service which helps shield you from snoops by replacing your standard DNS with its encrypted (and speedy) alternative.
In the United States and many other countries, there are no legal protections to stop internet service providers–landline or mobile–from tracking where you go online. (A 2017 act of Congress enshrined that right to snoop in the U.S.) They can use the info to market to you directly, or sell the data to other marketing companies. New laws, spearheaded by efforts in the EU and California, may someday prevent that–emphasis on may someday.
Meanwhile, you can throw a wrench in the schemes of ISPs, or snoopy governments or hackers, with a new, incredibly simple, and free app that encrypts the identity of the servers your mobile apps access. That partially obscures not only your web surfing, but also whether Spotify, Instagram, Fox News, MLB, or any other apps are pinging their respective servers.
The new app, from Cloudflare, is called 1.1.1.1–the name of the internet server it uses.
But Cloudflare also operates what’s called a DNS service.
Forgoing the default DNS server that your ISP provides and using an alternate one like Cloudflare’s (or others) makes it a lot harder for your ISP to log all the sites you go to. (They have to dig a lot deeper into your web traffic to get the info.)
A cool feature of Cloudflare’s service, at the IP address 1.1.1.1, is that it supports encryption. So an ISP, government, or hacker also can’t read the requests you send to Cloudflare’s server by trying to intercept the traffic.
Reuters:
Nigerian internet provider Main One Cable Co says it accidentally caused the problem that misrouted some Google traffic through China on Monday — SAN FRANCISCO (Reuters) – Nigerian internet provider Main One Cable Co took responsibility on Tuesday for a glitch that caused some Google traffic …
Chaim Gartenberg / The Verge:
Google’s G Suite Twitter account is the latest to get hacked to promote a crypto scam, joining companies like Target, which had its account hacked this morning
Facebook has fixed a bug that let any website pull information from a user’s profile — including their “likes” and interests — without that user’s knowledge.
A report by England’s children’s commissioner has raised concerns about how kids’ data is being collected and shared across the board, in both the private and public sectors.
In the report, entitled Who knows what about me?, Anne Longfield urges society to “stop and think” about what big data means for children’s lives.
will receive a minimum of 20 years in prison if his plea deal is approved by the judge in the case, the AP reported on Tuesday.
Swatting is a crime in which a party maliciously directs police to a location under the pretense that something very dangerous is occurring
Barriss is most infamous for a 2017 incident in which he allegedly accepted a $1.50 payment over a Call of Duty match to phone in a hoax hostage situation to police, who then arrived to an address belonging to none of the parties involved and killed 28-year-old Wichita, Kansas father of two
Angus Berwick / Reuters:
Investigation shows how ZTE helped Venezuela’s government build a system, used by as many as 18M, similar to China’s national identity card program — TRICKS OF THE TRADE: Critics say China exports tools that help autocratic governments monitor citizens. Venezuelan President Nicolás …
Chinese telecoms giant ZTE is helping Venezuela build a system that monitors citizen behavior through a new identification card. The “fatherland card,” already used by the government to track voting, worries many in Venezuela and beyond.
Customers of the Infowars store are getting scammed every day but this time it’s different. A security researcher discovered a form of malware embedded in the conspiracy site’s checkout process that records credit card details and transmits them to a remote server.
ZDNet interviewed Dutch security researcher Willem de Groot about his discovery of a strain of malware known as Magecart on the Infowars store.
Whichever way your political ideology lies, there’s no doubt that we live in interesting times. A lot of us have opinions on which political figures are qualified to do their jobs — and which definitely aren’t — but we can probably all agree that if you’re going to put someone in charge of, say, cybersecurity, they should probably at least know their way around a computer. Right? Apparently not, if you’re the Japanese prime minister, who has recently appointed Yoshitaka Sakurada, 68, as head of the government’s cybersecurity office, despite him never having used a computer.
The minister in charge of cybersecurity said he doesn’t use computers.
Yoshitaka Sakurada, who just last week was criticized for stumbling over basic questions during Diet deliberations, found himself once again in hot water Wednesday after making it known that he doesn’t use them even though he is a deputy head of the government panel on cybersecurity and is tasked with overseeing policies on such matters.
“The two men are accused of being members of a 36-strong group said to have been behind a dark web forum responsible for more than $530m (£409m) of losses to banks and individuals.”
Tom Spring / Threatpost:
Hackers breach iPhone X, Galaxy S9, and Xiaomi Mi6 and earn $325K for exposing 18 exploits at the Pwn2Own Tokyo 2018 contest — Three major mobile phone models – the Samsung Galaxy S9, iPhone X and the Xiaomi Mi6 – failed to survive the hacker onslaught at this year’s Pwn2Own Tokyo 2018.
Hacker contest earns participants $325,000 based on the discovery of 18 vulnerabilities.
In all, 18 exploits, with some attacks chaining together as many as five exploits, were used to own the three phones and earn hacker teams a collective $325,000 in prize money.
The vulnerability attacks the baseband component of the Galaxy S9 to earn code execution.
“Baseband attacks are especially concerning, since someone can choose not join a Wi-Fi network, but they have no such control when connecting to baseband,” wrote event organizer Zero Day Initiative in a blog post.
When the Xiaomi Mi6 phone connected to a hacker controlled Wi-Fi server, the team was able to force the phone’s default web browser to navigate to a malicious website.
“They then chained additional bugs together to silently install an application via JavaScript, bypass the application white-list and automatically start the [rogue] application,” ZDI wrote.
iPhone X also fell to team Fluoroacetate, which targeted the handset over Wi-Fi.
Individual vulnerability details will be available in 90 days, per the contest’s protocol, which includes vendor notification and OEM patch deployments.
A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.
The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.
Kaul found the exposed server on Shodan
the database — running on Amazon’s Elasticsearch — was configured with a Kibana front-end, making the data within easily readable, browsable and searchable
After an inquiry by TechCrunch, Voxox pulled the database offline.
The exposure to personal information and phone numbers notwithstanding, the ability to access two-factor codes in near-real-time
“My real concern here is the potential that this has already been abused,”
Zack Whittaker / TechCrunch:
Voxox left database unsecured, exposing a near real-time stream of millions of SMS texts including password reset links and 2FA codes from Google, Yahoo, others — A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links …
A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.
The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.
The US House of Representatives has unanimously passed a bipartisan bill that would create a new agency to lead the federal government’s cybersecurity efforts.
The Cybersecurity and Infrastructure Security Agency (CISA) Act, passed earlier this year by the Senate, would overhaul the Department of Homeland Security (DHS)’s National Protection and Programs Directorate to create CISA as a new, stand-alone agency under the umbrella of the DHS.
Adversaries are Increasingly Masterful at Taking Advantage of Seams Between Technologies and Teams to Infiltrate Organizations
“It’s not a matter of if, but when and how you’ll be attacked” has become the security mantra and the industry is using it as a rallying cry as we innovate to reduce the impact of breaches. For years organizations have relied on a defense-in-depth strategy for protection. Yet despite the multiple point products deployed, the volume and velocity of compromises and breaches continue to increase. There are many reasons why this is occurring, stemming from the fact that we have seams in our defenses. Our layers of protection and our security teams are largely unintegrated and operate in silos.
The 2018 Cost of a Data Breach study (PDF) by Ponemon Institute finds the current dwell time has actually increased to 197 days from 191 the year prior. The mean time to contain is now up as well, rising to 69 days from 66. It takes organizations nearly nine months to mitigate risk and get back to business as usual. As timeframes extend, the damage and costs associated with breaches increase.
Leesburg, VA-based anti-phishing firm Cofense (formerly PhishMe) has discovered an uptick in the use of .com file extensions in phishing emails.
The .com file extension designated executable files in DOS and Windows 95, 98 and Me. It has been replaced by .exe in later versions of the operating system
However, for backwards compatibility, Windows will still attempt to execute a file with the .com extension.
Throughout October, Cofense analyzed 132 unique phishing samples with the .com extension. To put this uptick in context, it found only 34 samples in the entire preceding nine months of 2018.
The most popular subject line lures in the new campaign (or campaigns) are ‘payment’ and ‘purchase order’ themes. These two make up 67% of the samples analyzed. Other themes include ‘shipping’, ‘invoice’ and ‘remittance advice’, giving the campaign a strong financial bias. The payload is generally information-stealing malware.
Purchase order subject emails most commonly delivered the Loki Bot information stealer and the Hawkeye keylogger. Those with ‘payment’ subject lines more commonly delivered the AZORult information stealer.
Recent attacks on an engineering company in the United Kingdom were attributed to a China-related cyber-espionage group despite the use of techniques usually associated with Russian threat actors.
As part of this campaign, the group is believed to have reused publicly reported, sophisticated Tactics, Techniques and Procedures (TTPs) from Russian threat groups Dragonfly and APT28. The purpose of the attacks was to gain access to sensitive and proprietary technologies and data, the researchers presume.
The Zero Day Initiative’s Pwn2Own Tokyo hacking competition has come to an end, with participants earning over $300,000 for disclosing vulnerabilities affecting iPhone X, Xiaomi Mi 6 and Samsung Galaxy S9 smartphones.
Adversaries looking for an easy way to mine for cryptocurrency are actively targeting publicly exposed Docker services. They use a malicious script capable to scan the network in search of vulnerable hosts and compromise them.
The point of entry is TCP port 2375 or 2376, the default for reaching the Docker service remotely via REST management APIs, which allow creating, starting and stopping containers. Unless configured otherwise, both ports provide unencrypted and unauthenticated communication.
Mozilla has added a new feature to Firefox to alert users when they visit a website that has been part of a data breach in the past.
Earlier this year, the Internet organization launched Firefox Monitor, a service to inform users if their accounts have been part of data breaches. Enjoying support for Cloudflare, the service uses data from Troy Hunt’s Have I Been Pwned (HIBP) website to keep track of compromised accounts.
The newly announced Firefox alert is the latest improvement Mozilla brings to Firefox Monitor and takes advantage of the very same HIBP data to warn users of breached websites.
Cybersecurity firm Trend Micro and industrial networking solutions provider Moxa on Thursday announced plans to form a joint venture corporation focusing on securing industrial internet of things (IIoT) environments.
The new company, TXOne Networks, will offer security gateways, endpoint agents and network segmentation solutions designed to help organizations secure, control and monitor equipment and operational technology (OT).
A location-tracking smartwatch worn by thousands of children has proven relatively easy to hack.
A security researcher found the devices neither encrypted the data they used nor secured each child’s account.
As a result, he said, he could track children’s movements, surreptitiously listen in to their activities and make spoof calls to the watches that appeared to be from parents.
Experts say the issues are so severe that the product should be discarded.
Sales ban
The Norwegian Consumer Council highlighted other cases of child-targeted smartwatches with security flaws last year.
It said the MiSafes products appeared to be “even more problematic” than the examples it had flagged.
“This is another example of unsecure products that should never have reached the market,” said Gro Mette Moen, the watchdog’s acting director of digital services.
“Our advice is to refrain from buying these smartwatches until the sellers can prove that their features and security standards are satisfactory.”
In the UK, Amazon used to sell the watches but has not had stock for some time.
MiSafes previously made headlines in February when an Austrian cyber-security company discovered several flaws with its Mi-Cam baby monitors.
Microsoft pledges to address issues; has already released a “zero exhaust” Office telemetry setting.
The telemetry data collection mechanism used by Microsoft Office breaks the EU General Data Protection Regulation (GDPR), Dutch authorities said yesterday in a report.
The report raises eight issues that investigators found in ProPlus subscriptions of Office 2016 and Office 365, but also with the web-based version of Office 365.
Investigators said they’ve identified the “large scale and covert collection of personal data” through Office’s built-in telemetry collection capabilities.
They said Microsoft engages in this telemetry collection covertly and without properly informing users.
The Dutch government is extremely worried because sensitive Dutch government-related information that might have been grabbed part of the telemetry collection system may have also ended up on those US servers. The Dutch government runs Office apps on over 300,000 computers, according to the latest public figures.
Ransomware is now more sophisticated than ever. Secureworks’ CTU researchers observed no less than 257 new and distinct ransomware families in 12 months.
A security researcher has disclosed details of a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website.
The vulnerable WordPress plugin in question is “AMP for WP – Accelerated Mobile Pages” that lets websites automatically generate valid accelerated mobile pages for their blog posts and other web pages.
AMP, stands for Accelerated Mobile Pages, is an open-source technology that has been designed by Google to allow websites build and server faster web pages to mobile visitors.
Just last week, an arbitrary file deletion vulnerability was disclosed in the popular WooCommerce plugin that could have allowed a malicious or compromised privileged user to gain full control over the WordPress websites.
The top two executives at Hong Kong carrier Cathay Pacific on Wednesday apologized for the firm’s handling of the world’s biggest airline hack that saw millions of customers’ data breached but denied trying to cover it up.
The CEO and chairman also said the crisis “was one of the most serious” in the embattled firm’s history and would act differently in a similar situation in future.
The pair were summoned to the city’s legislative council to explain to lawmakers why it had taken five months to admit it had been hacked and the data of 9.4 million customers compromised, including passport numbers and credit card details.
Lawmakers slammed the delay as a “blatant attempt” to cover up the incident and thereby deprive customers of months of opportunities to take steps to safeguard their personal data.
However, chairman John Slosar said: “I’d like to make it absolutely clear that there was never any attempt to cover anything up.”
He added: “I see it as one of the most serious crises that our airline has ever faced.”
A congressional advisory panel says the purchase of internet-linked devices manufactured in China leaves the United States vulnerable to security breaches that could put critical infrastructure at risk.
In its annual report on Wednesday, the U.S.-China Economic and Security Review Commission warns of dangers to the U.S. government and private sector from a reliance on global supply chains linked to China, which is the world’s largest manufacturer of information technology equipment.
China’s push to dominate in the high-tech industry by 2025 already is a sore point with Washington and a contributing factor in trade tensions that have seen the world’s two largest economies slap billions of dollars in punitive tariffs on each other’s products this year.
ATM machines are vulnerable to an array of basic attack techniques that would allow hackers to lift thousands in cash.
This according to researchers at Positive Technologies, who studied more than two dozen different models of ATMs and found (PDF) nearly all would be vulnerable to network or local access attacks that would allow raiders to pillage the cash dispensers.
The study, out today, pitted Positive researchers against 26 machines from various manufacturers and service providers. Among the more noteworthy results:
15 were found to be running Windows XP.
22 were vulnerable to a “network spoofing” attack where an attacker connects locally to the machine’s LAN port and conduct fraudulent transactions. Such an attack takes around 15 minutes to complete.
18 were vulnerable to ‘black box’ attacks where an attacker physically connects a device to the machine and tricks it into spitting out cash. Positive notes these attacks can be carried out in about ten minutes with aftermarket compute boards (such as a Raspberry Pi).
20 could be forced to exit out of kiosk mode via a USB or PS/2 connection. From there, an attacker could access the underlying OS of the machine and execute additional commands.
24 had no data encryption in place on the hard drive, allowing an attacker who had access to the drive (see above) to pull any stored data and configuration info from the machine.
Southeast Asia is the most actively attacked region, accordingly to Cyber Security firm, Group-IB. Their annual Hi-Tech Crime Trends Report 2018 advises, “In just one year, 21 state-sponsored groups were detected in this area, which is more than in the United States and Europe.” Although, not only state-sponsored groups are focusing their attention on this region and criminal organisations such as Cobalt have been observed.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
558 Comments
Tomi Engdahl says:
FASTCash: How the Lazarus Group is Emptying Millions from ATMs
Symantec uncovers tool used by Lazarus to carry out ATM attacks.
https://www.symantec.com/blogs/threat-intelligence/fastcash-lazarus-atm-malware
Tomi Engdahl says:
BCMPUPnP_Hunter: A 100k Botnet Turns Home Routers to Email Spammers
https://blog.netlab.360.com/bcmpupnp_hunter-a-100k-botnet-turns-home-routers-to-email-spammers-en/
Tomi Engdahl says:
Internet Vulnerability Takes Down Google
https://blog.thousandeyes.com/internet-vulnerability-takes-down-google/
On November 12th, 2018, between 1:00 PM and 2:23 PM PST, ThousandEyes noticed issues connecting to G Suite, a critical application for our organization. Reviewing ThousandEyes Endpoint Agent stats, we noticed this was impacting all users at the ThousandEyes office. The outage not only affected G Suite, but also Google Search as well as Google Analytics. What caught our attention was that traffic to Google was getting dropped at China Telecom. Why would traffic from a San Francisco office traversing to Google go all the way to China? We also noticed a Russian ISP in the traffic path, which definitely sparked some concerns.
Tomi Engdahl says:
Analyzing the New non-Beta Version of the Kraken Cryptor Ransomware
https://www.fortinet.com/blog/threat-research/analyzing-the-new-non-beta-version-of-the-kraken-cryptor-ransomw.html
Tomi Engdahl says:
How to Stop Mobile Apps That Steal
https://securityintelligence.com/how-to-stop-mobile-apps-that-steal/
Smartphones are motivating targets for cybercriminals. Mobile devices today hold personal and monetizable data such as login credentials, financial information and company secrets — not to mention spy-friendly sensors such as microphones, cameras and location electronics.
Unsavory actors gain access to phones through breaches, physical access to the device or, increasingly, by hiding code in mobile apps that “phones home” and sends target data back to the perpetrator. This method is especially attractive for criminals because users are in control of app installations and physically carry phones right inside company firewalls.
Tomi Engdahl says:
Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants
https://blog.trendmicro.com/trendlabs-security-intelligence/using-machine-learning-to-cluster-malicious-network-flows-from-gh0st-rat-variants/
Cybercriminals have become more and more creative and efficient in their efforts to successfully bypass network security. Reports of unauthorized network intrusions that have compromised enterprise security, resources, and data, plague experts on a day-to-day basis, and will continue to do so if not prevented by a more efficient detection system or method. Currently, attackers use polymorphism, encryption, and obfuscation, among other techniques, to automate and increase variants in an attempt to evade traditional intrusion detection methods such as rule-based techniques.
To address these growing number of network threats and keep abreast with the changing sophistication of network intrusion methods, Trend Micro looked into network flow clustering — a method that leverages the power of machine learning in strengthening current intrusion detection techniques.
Network anomalies can be discovered by examining flow data because they contain information useful for analyzing traffic composition of varying applications and services in the network. To efficiently label and process large amounts of said data through clustering, we used a semi-supervised learning approach. These labels will then be used to discern relationships between different malware families, as well as to know how they differ from one another.
Tomi Engdahl says:
Google traffic misdirected to China & Russia today, resulted in downtime for some services
https://9to5google.com/2018/11/12/google-traffic-misdirect-china-russia/
The incident ended over an hour later at 2:35PM, with Google at 3:01PM describing the issue as “Google Cloud IP addresses being erroneously advertised by internet service providers other than Google”.
Throughout the duration of this issue Google services were operating as expected and we believe the root cause of the issue was external to Google. We will conduct an internal investigation of this issue and make appropriate improvements to our systems to help prevent or minimize future recurrence.
According to ThousandEyes, “traffic to certain Google destinations appears to be routed through an ISP in Russia & black-holed at a China Telecom gateway router.” China Telecom, Nigerian-provider MainOne, and Russian network operator TransTelekom were named by the security firm.
Tomi Engdahl says:
Tencent Has Access To China’s National Citizen Database
https://games.slashdot.org/story/18/11/12/0548246/tencent-has-access-to-chinas-national-citizen-database?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
The Chinese government doesn’t want children playing games for several hours every day. It said as much in a public notice from August. Now, Tencent is going along with that recommendation. The world’s biggest gaming company started pushing out its new “real name identity system” (RNIS) across China on November 1, according to market intelligence firm Niko Partners.
Tencent has access to China’s national citizen database
https://venturebeat.com/2018/11/05/tencent-china-national-citizen-database/
Tomi Engdahl says:
Cloudflare’s 1.1.1.1 Service Launches on Android and iOS
https://yro.slashdot.org/story/18/11/11/1843203/cloudflares-1111-service-launches-on-android-and-ios?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
Content-distribution network Cloudflare has introduced iOS and Android versions of 1.1.1.1, a free service which helps shield you from snoops by replacing your standard DNS with its encrypted (and speedy) alternative.
This incredibly simple privacy app helps protect your phone from snoops with one click
https://www.fastcompany.com/90265744/this-incredibly-simple-privacy-app-helps-protect-your-phone-from-snoops-with-one-click
In the United States and many other countries, there are no legal protections to stop internet service providers–landline or mobile–from tracking where you go online. (A 2017 act of Congress enshrined that right to snoop in the U.S.) They can use the info to market to you directly, or sell the data to other marketing companies. New laws, spearheaded by efforts in the EU and California, may someday prevent that–emphasis on may someday.
Meanwhile, you can throw a wrench in the schemes of ISPs, or snoopy governments or hackers, with a new, incredibly simple, and free app that encrypts the identity of the servers your mobile apps access. That partially obscures not only your web surfing, but also whether Spotify, Instagram, Fox News, MLB, or any other apps are pinging their respective servers.
The new app, from Cloudflare, is called 1.1.1.1–the name of the internet server it uses.
But Cloudflare also operates what’s called a DNS service.
Forgoing the default DNS server that your ISP provides and using an alternate one like Cloudflare’s (or others) makes it a lot harder for your ISP to log all the sites you go to. (They have to dig a lot deeper into your web traffic to get the info.)
A cool feature of Cloudflare’s service, at the IP address 1.1.1.1, is that it supports encryption. So an ISP, government, or hacker also can’t read the requests you send to Cloudflare’s server by trying to intercept the traffic.
Tomi Engdahl says:
Reuters:
Nigerian internet provider Main One Cable Co says it accidentally caused the problem that misrouted some Google traffic through China on Monday — SAN FRANCISCO (Reuters) – Nigerian internet provider Main One Cable Co took responsibility on Tuesday for a glitch that caused some Google traffic …
Nigerian firm takes blame for routing Google traffic through China
https://www.reuters.com/article/us-alphabet-disruption/nigerian-firm-takes-blame-for-routing-google-traffic-through-china-idUSKCN1NI2D9
Tomi Engdahl says:
Chaim Gartenberg / The Verge:
Google’s G Suite Twitter account is the latest to get hacked to promote a crypto scam, joining companies like Target, which had its account hacked this morning
Google’s G Suite Twitter account is the latest to get hacked in bitcoin scam
https://www.theverge.com/2018/11/13/18092656/google-g-suite-twitter-account-hacked-bitcoin-scam
Another major account has fallen victim
Tomi Engdahl says:
Facebook bug let websites read ‘likes’ and interests from a user’s profile
https://techcrunch.com/2018/11/13/facebook-bug-website-leak-likes-interests-profile/?sr_share=facebook&utm_source=tcfbpage
Facebook has fixed a bug that let any website pull information from a user’s profile — including their “likes” and interests — without that user’s knowledge.
Tomi Engdahl says:
GPS jamming came from Kola, Defense Ministry in Norway confirms
https://thebarentsobserver.com/en/security/2018/11/gps-jamming-came-kola-defense-ministry-norway-confirms
Civilian passenger planes lost GPS signals on flights over Finnmark.
Tomi Engdahl says:
Children are being ‘datafied’ before we’ve understood the risks, report warns
https://techcrunch.com/2018/11/09/children-are-being-datafied-before-weve-understood-the-risks-report-warns/?utm_source=tcfbpage&sr_share=facebook
A report by England’s children’s commissioner has raised concerns about how kids’ data is being collected and shared across the board, in both the private and public sectors.
In the report, entitled Who knows what about me?, Anne Longfield urges society to “stop and think” about what big data means for children’s lives.
Tomi Engdahl says:
Tyler Barriss, Serial ‘Swatter’ Who Phoned in Lethal Hoax, Pleads Guilty to 51 Federal Charges
https://gizmodo.com/tyler-barriss-serial-swatter-who-phoned-in-lethal-hoax-1830427801
will receive a minimum of 20 years in prison if his plea deal is approved by the judge in the case, the AP reported on Tuesday.
Swatting is a crime in which a party maliciously directs police to a location under the pretense that something very dangerous is occurring
Barriss is most infamous for a 2017 incident in which he allegedly accepted a $1.50 payment over a Call of Duty match to phone in a hoax hostage situation to police, who then arrived to an address belonging to none of the parties involved and killed 28-year-old Wichita, Kansas father of two
Tomi Engdahl says:
Angus Berwick / Reuters:
Investigation shows how ZTE helped Venezuela’s government build a system, used by as many as 18M, similar to China’s national identity card program — TRICKS OF THE TRADE: Critics say China exports tools that help autocratic governments monitor citizens. Venezuelan President Nicolás …
How ZTE helps Venezuela create China-style social control
https://www.reuters.com/investigates/special-report/venezuela-zte/
Chinese telecoms giant ZTE is helping Venezuela build a system that monitors citizen behavior through a new identification card. The “fatherland card,” already used by the government to track voting, worries many in Venezuela and beyond.
Tomi Engdahl says:
Infowars Infected With Credit Card-Stealing Malware, Alex Jones Claims It’s a Conspiracy
https://gizmodo.com/infowars-infected-with-credit-card-stealing-malware-al-1830433878
Customers of the Infowars store are getting scammed every day but this time it’s different. A security researcher discovered a form of malware embedded in the conspiracy site’s checkout process that records credit card details and transmits them to a remote server.
ZDNet interviewed Dutch security researcher Willem de Groot about his discovery of a strain of malware known as Magecart on the Infowars store.
Tomi Engdahl says:
Can Russia Invade Europe?
https://www.youtube.com/watch?v=2-oYaVnNDM8
if Russia was to invade Europe, how would it do it and could it do it at all?
Tomi Engdahl says:
Japan’s new cybersecurity minister admits he’s never used a computer
https://www.engadget.com/2018/11/15/japan-cybersecurity-minister-never-used-computer/?sr_source=Facebook
Whichever way your political ideology lies, there’s no doubt that we live in interesting times. A lot of us have opinions on which political figures are qualified to do their jobs — and which definitely aren’t — but we can probably all agree that if you’re going to put someone in charge of, say, cybersecurity, they should probably at least know their way around a computer. Right? Apparently not, if you’re the Japanese prime minister, who has recently appointed Yoshitaka Sakurada, 68, as head of the government’s cybersecurity office, despite him never having used a computer.
Tomi Engdahl says:
‘I don’t use computers,’ Japan’s minister in charge of cybersecurity tells Diet
https://www.japantimes.co.jp/news/2018/11/15/national/politics-diplomacy/dont-use-computers-says-japans-minister-charge-cybersecurity/#.W-3Hg1Pks0N
The minister in charge of cybersecurity said he doesn’t use computers.
Yoshitaka Sakurada, who just last week was criticized for stumbling over basic questions during Diet deliberations, found himself once again in hot water Wednesday after making it known that he doesn’t use them even though he is a deputy head of the government panel on cybersecurity and is tasked with overseeing policies on such matters.
Tomi Engdahl says:
Scammers launch toll free ‘customer support’ numbers posing as Binance, Coinbase and others – stealing the crypto of those who call…
http://www.globalcryptopress.com/2018/11/scammers-launch-toll-free-customer.html?m=1
Tomi Engdahl says:
“The two men are accused of being members of a 36-strong group said to have been behind a dark web forum responsible for more than $530m (£409m) of losses to banks and individuals.”
via BBC News
https://www.bbc.com/news/technology-46206614
Tomi Engdahl says:
Tom Spring / Threatpost:
Hackers breach iPhone X, Galaxy S9, and Xiaomi Mi6 and earn $325K for exposing 18 exploits at the Pwn2Own Tokyo 2018 contest — Three major mobile phone models – the Samsung Galaxy S9, iPhone X and the Xiaomi Mi6 – failed to survive the hacker onslaught at this year’s Pwn2Own Tokyo 2018.
Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers
https://threatpost.com/pwn2own-trifecta-galaxy-s9-iphone-x-and-xiaomi-mi6-fall-to-hackers/139092/
Hacker contest earns participants $325,000 based on the discovery of 18 vulnerabilities.
In all, 18 exploits, with some attacks chaining together as many as five exploits, were used to own the three phones and earn hacker teams a collective $325,000 in prize money.
The vulnerability attacks the baseband component of the Galaxy S9 to earn code execution.
“Baseband attacks are especially concerning, since someone can choose not join a Wi-Fi network, but they have no such control when connecting to baseband,” wrote event organizer Zero Day Initiative in a blog post.
When the Xiaomi Mi6 phone connected to a hacker controlled Wi-Fi server, the team was able to force the phone’s default web browser to navigate to a malicious website.
“They then chained additional bugs together to silently install an application via JavaScript, bypass the application white-list and automatically start the [rogue] application,” ZDI wrote.
iPhone X also fell to team Fluoroacetate, which targeted the handset over Wi-Fi.
Individual vulnerability details will be available in 90 days, per the contest’s protocol, which includes vendor notification and OEM patch deployments.
Tomi Engdahl says:
A leaky database of SMS text messages exposed password resets and two-factor codes
https://techcrunch.com/2018/11/15/millions-sms-text-messages-leaked-two-factor-codes/?utm_source=tcfbpage&sr_share=facebook
A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.
The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.
Kaul found the exposed server on Shodan
the database — running on Amazon’s Elasticsearch — was configured with a Kibana front-end, making the data within easily readable, browsable and searchable
After an inquiry by TechCrunch, Voxox pulled the database offline.
The exposure to personal information and phone numbers notwithstanding, the ability to access two-factor codes in near-real-time
“My real concern here is the potential that this has already been abused,”
Tomi Engdahl says:
Fake fingerprints can imitate real ones in biometric systems – research
https://www.theguardian.com/technology/2018/nov/15/fake-fingerprints-can-imitate-real-fingerprints-in-biometric-systems-research
DeepMasterPrints created by a machine learning technique have error rate of only one in five
“the underlying method is likely to have broad applications in fingerprint security as well as fingerprint synthesis.”
the DeepMasterPrints take advantage of two properties of fingerprint-based authentication systems
They compare the method to a “dictionary attack” against passwords
Tomi Engdahl says:
Facebook reports a massive spike in government demands for data, including secret orders
https://techcrunch.com/2018/11/15/facebook-releases-national-security-letters-for-customer-data/?sr_share=facebook&utm_source=tcfbpage
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
Voxox left database unsecured, exposing a near real-time stream of millions of SMS texts including password reset links and 2FA codes from Google, Yahoo, others — A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links …
A leaky database of SMS text messages exposed password resets and two-factor codes
https://techcrunch.com/2018/11/15/millions-sms-text-messages-leaked-two-factor-codes/
A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.
The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.
Tomi Engdahl says:
CISA’s Palace: Congress backs new cybersecurity nerve-center for cyber-America’s cyber-future
CISA heads off for Trump’s signature – no, not that CISA, the good one
https://www.theregister.co.uk/2018/11/15/congress_passes_cisa/
The US House of Representatives has unanimously passed a bipartisan bill that would create a new agency to lead the federal government’s cybersecurity efforts.
The Cybersecurity and Infrastructure Security Agency (CISA) Act, passed earlier this year by the Senate, would overhaul the Department of Homeland Security (DHS)’s National Protection and Programs Directorate to create CISA as a new, stand-alone agency under the umbrella of the DHS.
Tomi Engdahl says:
Adversaries Take Advantage of the Seams. Let’s Close Them.
https://www.securityweek.com/adversaries-take-advantage-seams-lets-close-them
Adversaries are Increasingly Masterful at Taking Advantage of Seams Between Technologies and Teams to Infiltrate Organizations
“It’s not a matter of if, but when and how you’ll be attacked” has become the security mantra and the industry is using it as a rallying cry as we innovate to reduce the impact of breaches. For years organizations have relied on a defense-in-depth strategy for protection. Yet despite the multiple point products deployed, the volume and velocity of compromises and breaches continue to increase. There are many reasons why this is occurring, stemming from the fact that we have seams in our defenses. Our layers of protection and our security teams are largely unintegrated and operate in silos.
The 2018 Cost of a Data Breach study (PDF) by Ponemon Institute finds the current dwell time has actually increased to 197 days from 191 the year prior. The mean time to contain is now up as well, rising to 69 days from 66. It takes organizations nearly nine months to mitigate risk and get back to business as usual. As timeframes extend, the damage and costs associated with breaches increase.
2018 Cost of a Data Breach Study: Global Overview
Benchmark research sponsored by IBM Security
Independently conducted by Ponemon Institute LLC
https://public.dhe.ibm.com/common/ssi/ecm/55/en/55017055usen/2018-global-codb-report_06271811_55017055USEN.pdf
Tomi Engdahl says:
Report Shows Increase in Email Attacks Using .com File Extensions
https://www.securityweek.com/report-shows-increase-email-attacks-using-com-file-extensions
Leesburg, VA-based anti-phishing firm Cofense (formerly PhishMe) has discovered an uptick in the use of .com file extensions in phishing emails.
The .com file extension designated executable files in DOS and Windows 95, 98 and Me. It has been replaced by .exe in later versions of the operating system
However, for backwards compatibility, Windows will still attempt to execute a file with the .com extension.
Throughout October, Cofense analyzed 132 unique phishing samples with the .com extension. To put this uptick in context, it found only 34 samples in the entire preceding nine months of 2018.
The most popular subject line lures in the new campaign (or campaigns) are ‘payment’ and ‘purchase order’ themes. These two make up 67% of the samples analyzed. Other themes include ‘shipping’, ‘invoice’ and ‘remittance advice’, giving the campaign a strong financial bias. The payload is generally information-stealing malware.
Purchase order subject emails most commonly delivered the Loki Bot information stealer and the Hawkeye keylogger. Those with ‘payment’ subject lines more commonly delivered the AZORult information stealer.
Tomi Engdahl says:
Chinese Hackers Target UK Engineering Company: Report
https://www.securityweek.com/chinese-hackers-target-uk-engineering-company-report
Recent attacks on an engineering company in the United Kingdom were attributed to a China-related cyber-espionage group despite the use of techniques usually associated with Russian threat actors.
As part of this campaign, the group is believed to have reused publicly reported, sophisticated Tactics, Techniques and Procedures (TTPs) from Russian threat groups Dragonfly and APT28. The purpose of the attacks was to gain access to sensitive and proprietary technologies and data, the researchers presume.
Tomi Engdahl says:
iPhone X Exploits Earn Hackers Over $100,000
https://www.securityweek.com/iphone-x-exploits-earn-hackers-over-100000
The Zero Day Initiative’s Pwn2Own Tokyo hacking competition has come to an end, with participants earning over $300,000 for disclosing vulnerabilities affecting iPhone X, Xiaomi Mi 6 and Samsung Galaxy S9 smartphones.
Tomi Engdahl says:
Misconfigured Docker Services Actively Exploited in Cryptojacking Operation
https://www.bleepingcomputer.com/news/security/misconfigured-docker-services-actively-exploited-in-cryptojacking-operation/
Adversaries looking for an easy way to mine for cryptocurrency are actively targeting publicly exposed Docker services. They use a malicious script capable to scan the network in search of vulnerable hosts and compromise them.
The point of entry is TCP port 2375 or 2376, the default for reaching the Docker service remotely via REST management APIs, which allow creating, starting and stopping containers. Unless configured otherwise, both ports provide unencrypted and unauthenticated communication.
Tomi Engdahl says:
Dridex/Locky Operators Unleash New Malware in Recent Attack
https://www.securityweek.com/firefox-alerts-users-when-visiting-breached-sites
Mozilla has added a new feature to Firefox to alert users when they visit a website that has been part of a data breach in the past.
Earlier this year, the Internet organization launched Firefox Monitor, a service to inform users if their accounts have been part of data breaches. Enjoying support for Cloudflare, the service uses data from Troy Hunt’s Have I Been Pwned (HIBP) website to keep track of compromised accounts.
The newly announced Firefox alert is the latest improvement Mozilla brings to Firefox Monitor and takes advantage of the very same HIBP data to warn users of breached websites.
Tomi Engdahl says:
Trend Micro, Moxa Form New IIoT Security Company
https://www.securityweek.com/trend-micro-moxa-form-new-iiot-security-company
Cybersecurity firm Trend Micro and industrial networking solutions provider Moxa on Thursday announced plans to form a joint venture corporation focusing on securing industrial internet of things (IIoT) environments.
The new company, TXOne Networks, will offer security gateways, endpoint agents and network segmentation solutions designed to help organizations secure, control and monitor equipment and operational technology (OT).
https://newsroom.trendmicro.com/press-release/corporate/trend-micro-and-moxa-announce-letter-intent-joint-venture-tackle-security-ne
Tomi Engdahl says:
MiSafes’ child-tracking smartwatches are ‘easy to hack’
https://www.bbc.com/news/technology-46195189
A location-tracking smartwatch worn by thousands of children has proven relatively easy to hack.
A security researcher found the devices neither encrypted the data they used nor secured each child’s account.
As a result, he said, he could track children’s movements, surreptitiously listen in to their activities and make spoof calls to the watches that appeared to be from parents.
Experts say the issues are so severe that the product should be discarded.
Sales ban
The Norwegian Consumer Council highlighted other cases of child-targeted smartwatches with security flaws last year.
It said the MiSafes products appeared to be “even more problematic” than the examples it had flagged.
“This is another example of unsecure products that should never have reached the market,” said Gro Mette Moen, the watchdog’s acting director of digital services.
“Our advice is to refrain from buying these smartwatches until the sellers can prove that their features and security standards are satisfactory.”
In the UK, Amazon used to sell the watches but has not had stock for some time.
MiSafes previously made headlines in February when an Austrian cyber-security company discovered several flaws with its Mi-Cam baby monitors.
Tomi Engdahl says:
Dutch government report says Microsoft Office telemetry collection breaks GDPR
https://www.zdnet.com/article/dutch-government-report-says-microsoft-office-telemetry-collection-breaks-gdpr/
Microsoft pledges to address issues; has already released a “zero exhaust” Office telemetry setting.
The telemetry data collection mechanism used by Microsoft Office breaks the EU General Data Protection Regulation (GDPR), Dutch authorities said yesterday in a report.
The report raises eight issues that investigators found in ProPlus subscriptions of Office 2016 and Office 365, but also with the web-based version of Office 365.
Investigators said they’ve identified the “large scale and covert collection of personal data” through Office’s built-in telemetry collection capabilities.
They said Microsoft engages in this telemetry collection covertly and without properly informing users.
The Dutch government is extremely worried because sensitive Dutch government-related information that might have been grabbed part of the telemetry collection system may have also ended up on those US servers. The Dutch government runs Office apps on over 300,000 computers, according to the latest public figures.
https://www.rijksoverheid.nl/binaries/rijksoverheid/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office/DPIA+Microsoft+Office+2016+and+365+-+20191105.pdf
Tomi Engdahl says:
New Loki Variant Being Spread By Phishing Email
https://www.fortinet.com/blog/threat-research/new-loki-variant-being-spread-by-phishing-email.html
Tomi Engdahl says:
Secureworks State of Cybercrime Report 2018
The Deep, Dark Truth Behind the Underground Hacker Economy
https://www.secureworks.com/resources/rp-2018-state-of-cybercrime
Ransomware is now more sophisticated than ever. Secureworks’ CTU researchers observed no less than 257 new and distinct ransomware families in 12 months.
Tomi Engdahl says:
Ransomware is now more sophisticated than ever. Secureworks’ CTU researchers observed no less than 257 new and distinct ransomware families in 12 months.
https://thehackernews.com/2018/11/amp-plugin-for-WordPress.html
A security researcher has disclosed details of a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website.
The vulnerable WordPress plugin in question is “AMP for WP – Accelerated Mobile Pages” that lets websites automatically generate valid accelerated mobile pages for their blog posts and other web pages.
AMP, stands for Accelerated Mobile Pages, is an open-source technology that has been designed by Google to allow websites build and server faster web pages to mobile visitors.
Just last week, an arbitrary file deletion vulnerability was disclosed in the popular WooCommerce plugin that could have allowed a malicious or compromised privileged user to gain full control over the WordPress websites.
Tomi Engdahl says:
Employees’ cybersecurity habits worsen, survey finds
Almost all young people recycle their passwords, often doing so across work and personal account
https://www.welivesecurity.com/2018/11/15/employees-cybersecurity-habits-worsen/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2018/11/15/etaohjattava-troijalainen-listoille-ei-suomessa/
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/8721-etaohjattavat-troijalaiset-yha-yleisempia
Tomi Engdahl says:
Cathay Apologizes Over Data Breach but Denies Cover-up
https://www.securityweek.com/cathay-apologizes-over-data-breach-denies-cover
The top two executives at Hong Kong carrier Cathay Pacific on Wednesday apologized for the firm’s handling of the world’s biggest airline hack that saw millions of customers’ data breached but denied trying to cover it up.
The CEO and chairman also said the crisis “was one of the most serious” in the embattled firm’s history and would act differently in a similar situation in future.
The pair were summoned to the city’s legislative council to explain to lawmakers why it had taken five months to admit it had been hacked and the data of 9.4 million customers compromised, including passport numbers and credit card details.
Lawmakers slammed the delay as a “blatant attempt” to cover up the incident and thereby deprive customers of months of opportunities to take steps to safeguard their personal data.
However, chairman John Slosar said: “I’d like to make it absolutely clear that there was never any attempt to cover anything up.”
He added: “I see it as one of the most serious crises that our airline has ever faced.”
Tomi Engdahl says:
The many faces of Magecart: Report profiles groups behind card-skimming threat
https://www.scmagazine.com/home/security-news/the-many-faces-of-magecart-report-profiles-groups-behind-card-skimming-threat/
Tomi Engdahl says:
US Panel Warns Against Government Purchase of Chinese Tech
https://www.securityweek.com/us-panel-warns-against-government-purchase-chinese-tech
A congressional advisory panel says the purchase of internet-linked devices manufactured in China leaves the United States vulnerable to security breaches that could put critical infrastructure at risk.
In its annual report on Wednesday, the U.S.-China Economic and Security Review Commission warns of dangers to the U.S. government and private sector from a reliance on global supply chains linked to China, which is the world’s largest manufacturer of information technology equipment.
China’s push to dominate in the high-tech industry by 2025 already is a sore point with Washington and a contributing factor in trade tensions that have seen the world’s two largest economies slap billions of dollars in punitive tariffs on each other’s products this year.
Tomi Engdahl says:
https://www.wired.com/story/mozilla-privacy-not-included-internet-connected-toys/
Tomi Engdahl says:
Want to hack a hole-in-the-wall cash machine for free dosh? It’s as easy as Windows XP
Bank ATM pen testing reveals alarming results
https://www.theregister.co.uk/2018/11/14/atm_security_lousy/
ATM machines are vulnerable to an array of basic attack techniques that would allow hackers to lift thousands in cash.
This according to researchers at Positive Technologies, who studied more than two dozen different models of ATMs and found (PDF) nearly all would be vulnerable to network or local access attacks that would allow raiders to pillage the cash dispensers.
The study, out today, pitted Positive researchers against 26 machines from various manufacturers and service providers. Among the more noteworthy results:
15 were found to be running Windows XP.
22 were vulnerable to a “network spoofing” attack where an attacker connects locally to the machine’s LAN port and conduct fraudulent transactions. Such an attack takes around 15 minutes to complete.
18 were vulnerable to ‘black box’ attacks where an attacker physically connects a device to the machine and tricks it into spitting out cash. Positive notes these attacks can be carried out in about ten minutes with aftermarket compute boards (such as a Raspberry Pi).
20 could be forced to exit out of kiosk mode via a USB or PS/2 connection. From there, an attacker could access the underlying OS of the machine and execute additional commands.
24 had no data encryption in place on the hard drive, allowing an attacker who had access to the drive (see above) to pull any stored data and configuration info from the machine.
https://regmedia.co.uk/2018/11/14/positive_tech_atm_vulnerabilities.pdf
Tomi Engdahl says:
State-Sponsored Actors Focus Attacks on Asia
https://www.bleepingcomputer.com/news/security/state-sponsored-actors-focus-attacks-on-asia/
Southeast Asia is the most actively attacked region, accordingly to Cyber Security firm, Group-IB. Their annual Hi-Tech Crime Trends Report 2018 advises, “In just one year, 21 state-sponsored groups were detected in this area, which is more than in the United States and Europe.” Although, not only state-sponsored groups are focusing their attention on this region and criminal organisations such as Cobalt have been observed.
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/edge-selain-vuoti-kuin-seula-kahdeksan-kriittista-aukkoa-microsoftilla-tarkein-paikkatiistai-aikoihin-6749175
It’s November 2018, and Microsoft’s super-secure Edge browser can be pwned eight different ways by a web page
Look, we’re tired of doing these headlines too, but there’s patching to do
https://www.theregister.co.uk/2018/11/14/patch_tuesday_november/