A malicious spam campaign that posts the clicked link on you Facebook wall. The campaign exploiting the vulnerability that resides in the mobile version of the Facebook.
One fine (or not so fine) day, you check your inbox and discover a message that starts like this:
“I’m aware, ********** is your password. You don’t know me and you are probably thinking why you are getting this email, right? Well, I actually placed a malware on the adult video clips (porn) web site…”
Or like this:
“I hacked this mailbox and infected your operating system with a virus…”
Or even:
“I’m part of an international hacker group. As you can guess, your account was hacked…”
All sorts of variants exist, but the message boils down to a claim that the sender infected your computer by hacking your account or placing malware on a porn site you visited.
Going into 2019, the cybersecurity community will continue to learn about the world of threat hunting and how organizations can implement an effective threat hunting program. Just like the fads that will inevitably come and go in 2019, there will be new cybersecurity tools, methodologies and lessons in the new year.
The unfortunate implications of a well-intentioned change to Google Play Developer policies – and the negative impact it has on ESET’s Android app customers
Researchers playing with Twinkly IoT lights found security weaknesses that allowed them to display custom lighting effects and to remotely turn off their Christmas brilliance. They estimate that about 20,000 devices are reachable over the internet.
The LEDs in Twinkly lights can be controlled individually. Exploiting inherent security weaknesses related to authentication and the communication of commands, the researchers were able to use the curtain of lights to play Snake, the game made so popular by Nokia phones in the late 1990s.
the current state of cryptanalysis against MD5 and SHA-1 allows for collisions, but not for pre-images. Still, it’s really bad form to accept these algorithms for any purpose.
A ransomware called JungleSec is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards since early November.
When originally reported in early November, victims were seen using Windows, Linux, and Mac, but there was no indication as to how they were being infected. Since then, BleepingComputer has spoken to multiple victims whose Linux servers were infected with the JungleSec Ransomware and they all stated the same thing; they were infected through unsecured IPMI devices.
Even with a stronger focus on security this year, most software is still riddled with security vulnerabilities. According to Veracode’s State of Software Security (SOSS) report, 87.5 percent of Java applications, 92 percent of C++ applications, and 85.7 percent of .NET application contain at least one vulnerability. In addition, over 13 percent of applications contain at least one critical vulnerability.
LAST CHRISTMAS, NATHAN Seidle’s wife gave him a second-hand safe she’d found on Craigslist.
The original owner had locked it and forgotten the combination. Her challenge to Seidle: Open it.
Seidle isn’t much of a safecracker. But as the founder of the Niwot, Colorado-based company SparkFun, a DIY and open-source hardware supplier, he’s a pretty experienced builder of homemade gadgets, tools, and robots.
The result: A fully automated device, built from off-the-shelf and 3-D printed components, that can open his model of SentrySafe in a maximum of 73 minutes, or half that time on average, with no human interaction.
Alan Meloy photographed distinctive plane in skies over Yorkshire on Boxing Day
When Donald Trump flew to Iraq on Christmas Day for a top secret visit, the US government took every precaution to avoid the news leaking out. Journalists were sworn to secrecy
The US military had not reckoned with a planespotter from the suburbs of Sheffield, who took a photograph of the president’s plane in the sky over Yorkshire and inadvertently helped to break news of the flight to the Middle East while Trump was still in the air.
After uploading the picture to the photo sharing site Flickr, the image was picked up by other aircraft enthusiasts who combined it with publicly available aircraft tracking data
As a result, the White House was forced to reveal details of the trip ahead of time, throwing media management and security plans into chaos.
The president also told journalists that he had never seen anything like the security measures taken to ensure the secrecy of his flight
there were lessons to be learned: “If you want to do covert work use a covert plane.”
last week the Department of Homeland Security published details of a U.S. Secret Service plan to test the use of facial recognition in and around the White House.
According to the document, the Secret Service will test whether its system can identify certain volunteer staff members by scanning video feeds from existing cameras
A popular smart security system maker has ignored warnings from security researchers that its flagship device has several serious vulnerabilities, including allowing anyone access to the company’s central store of customer-uploaded video recordings.
A hacker (or hacker group) has made over 200 Bitcoin (circa $750,000 at today’s exchange) using a clever attack on the infrastructure of the Electrum Bitcoin wallet.
The attack resulted in legitimate Electrum wallet apps showing a message on users’ computers, urging them to download a malicious wallet update from an unauthorized GitHub repository.
The attack began last week on Friday, December 21
The problem here is that Electrum servers are allowed to trigger popups with custom text inside users’ wallets.
After receiving news of attacks, the Electrum team responded by silently updating the Electrum wallet app, so these messages don’t render as rich HTML text anymore.
A new sample of Shamoon disk-wiping malware was uploaded from France recently to the VirusTotal scanning platform. It tries to pass as a system optimization tool from Chinese technology company Baidu.
This new Shamoon variant was uploaded on December 23, 2018, and is signed with a digital certificate from Baidu, issued on March 25, 2015. The signature is no longer valid, as it expired on March 26, 2016.
The targets attacked by the threat actor behind this malware are typically oil and gas companies in the Middle East region. The latest Shamoon samples hit companies in the same area as well as Europe, deleting files on infected systems and making the machines unbootable.
A ransomware called JungleSec is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards since early November.
When originally reported in early November, victims were seen using Windows, Linux, and Mac, but there was no indication as to how they were being infected. Since then, BleepingComputer has spoken to multiple victims whose Linux servers were infected with the JungleSec Ransomware and they all stated the same thing; they were infected through unsecured IPMI devices.
IPMI is a management interface built into server motherboards or installed as an add-on card that allow administrators to remotely manage the computer, power on and off the computer, get system information, and get access to a KVM that gives you remote console access.
Machine intelligence, in its many forms, began having a significant impact on cybersecurity this year – setting the stage for growing intelligence in security automation for 2019.
Security researcher finds treasure trove of passwords and API keys on an internet-accessible etcd database.
Finnish phone vendor Nokia denied today a security company’s claims that it exposed a treasure trove of internal credentials, encryption and API keys in a server that it accidentally left exposed and easily accessible over the Internet.
The issue at hand is in regards to an etcd server discovered by HackenProof researcher Bob Diachenko.
Etcd is a database server that is most often used in corporate and cloud computing environments. They are a standard part of CoreOS, an operating system developed for cloud hosting environments, where they are used as part of the OS’ clustering system. CoreOS uses an etcd server as a central
Diachenko told ZDNet last week that he came across one such etcd server last week, on December 13. He says he discovered the server using the Shodan search engine for internet-connected devices.
In a blog post today, the researcher finally detailed last week’s findings, after Nokia had secured the exposed server earlier this week.
Twitter accounts of several celebrities and journalists in the UK shared control of the tweet feed to an unauthorized user for a brief period.
The interference was part of an experiment meant to highlight the risk of using mobile phone networks to authenticate and interact on the social networking service.
Getting privileges to post on the timeline of the selected accounts was possible because Twitter offers the option to tweet as long as it is done from the phone number connected to the profile.
Proof-of-concept hack of a voicemail systems shows how it can lead to account takeovers multiple online services.
LEIPZIG, GERMANY – Voicemail systems are vulnerable to compromise via brute force attacks against the four-digit personal identification numbers that protect them. By doing so, researchers say a malicious user can then access the voicemail system to then take over online accounts similar to WhatsApp, PayPal, LinkedIn and Netflix.
Mystery hackers have stolen the personal information of nearly 1,000 people who defected from North to South Korea. The South Korean Unification Ministry admitted Friday that unknown hackers have gotten hold of the resettlement agency’s database and that the names, birth dates, and addresses of 997 defectors had been taken. “The malware was planted through emails sent by an internal address,”
Amid all the discussion today about online threats, from censorship to surveillance to cyberwar, we often spend more time on the symptoms than on the underlying chronic conditions. If we want to make people around the world safer from an oppressive, weaponized internet, we need to get a bit nerdy and talk about internet standards.
Most internet censorship today is only possible because the internet wasn’t designed to protect the privacy of your connections. It wasn’t private by design, so when censors came along, they pushed on an open door.
Put simply, we should make internet protocols — the who, what, where of internet addresses — more private.
Privacy makes selective censorship harder
Improving standards doesn’t take magic — just prototyping, debating, consensus-building and implementing.
Unfortunately, every time you visit a website, your computer first consults the DNS system without any encryption, allowing censors and snoopers to know the name of every website you visit. A new standard is emerging to encrypt DNS lookups.
the W3C (another internet standards body) has been establishing a draft standard for Network Error Logging. This potentially helps address one of the trickiest challenges in tackling network interference: figuring out when interference is even happening.
Network Error Logging allows the user’s device to report a failed lookup to a neutral third party that is not blocked
If we’re serious about addressing those challenges, we need to start with improving standards.
According to emerging reports, the popular Bitcoin wallet software Electrum has been attacked costing those affected over $750,000 worth of Bitcoin. The security breach involved hackers tricking the wallet into urging users to make a critical update.
Andrew Jeong / Wall Street Journal:
South Korea says hackers stole data, including names and addresses, of 997 North Korean defectors; cybersecurity experts say likely culprit is North Korea
Dell Cameron / Gizmodo:
A bug Twitter downplayed in 2012 resurfaces as researchers hijack celebrity accounts to send tweets by using a UK mobile phone number tied to an account
Twitter is claiming to have resolved a bug that allowed a group of London-based security researchers to post unauthorized tweets to the accounts of British celebrities and journalists. But the hackers who initially disclosed the vulnerability says that’s rubbish.
A Twitter spokesperson told reporters on Friday that it had “resolved a bug that allowed certain accounts with a connected UK phone number to be targeted by SMS spoofing.” However, during a conversation with Gizmodo, the hackers who posted the unauthorized tweets to celebrity accounts appeared able to reproduce the experiment after Twitter made its claim.
Through phones, computers, games even pizza deliveries the family is being terroized
Someone has hacked into every aspect of their home.
“He’s gotten into the home computer, he’s gotten into the video games that the kids are playing, he’s gotten into the phone, phone messages. My daughter’s school, my daughter’s online school. He’s gotten into all of our cell phone, which would be three cell phones,” an exhausted John Garrity described.
Gatwick Airport is Britain’s second busiest by passenger volume, and Europe’s eighth. And yet it was brought to a standstill for two days by two people and a single drone.
The criminals who break into the web sites of banks or chainstores and steal personal data or money are not the scariest people out there, he told me. The hackers we really ought to be worrying about are the ones trying to take entire countries offline. People who are trying to take down the internet, switch the lights off, cut the water supply, disable railways, or blow up factories.
The West’s weakness is in the older electronics and sensors that control processes in infrastructure and industry. Often these electronics were installed decades ago. The security systems controlling them are ancient or non-existent. If a hacker can gain control of a temperature sensor in a factory, he — they’re usually men — can blow the place up, or set it on fire. “The problem people don’t realise is it becomes a weapon of mass destruction. You can take down a whole country. It can be done,” he said.
And then, how do you respond?
“you have no idea who did it.”
“You can have a team of five people sitting in a basement and be just as devastating as WMDs,” he said. “It’s really scary. In some sense it’s a matter of time because it’s really easy.”
“Someone is learning how to take down the Internet,” Bruce Schneier, the CTO of IBM Resilient believes
The Dyn attack was done by three young men who had created some software that they merely hoped would disable a competitor’s company, until it got out of control. The Mauritania attack was probably done by the government of neighbouring Sierra Leone, which was trying to manipulate local election results by crippling the media.
It’s not merely that “someone” out there is trying to figure out how to take down the internet. There are multiple someones out there who want that power.
China is determined to control fifth-generation wireless technology (5G) networks, posing a threat to American telecommunication firms and raising national-security concerns. To win the next-generation mobile race, the U.S. government has to act fast, an expert warns.
Cyberspace is considered the fifth strategic domain of warfare, along with land, sea, air, and space. And the Chinese are on the verge of dominating this domain.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
486 Comments
Tomi Engdahl says:
Alert Traffic Patrolman Unveils Romanian Skimming Ring
https://securityboulevard.com/2018/12/alert-traffic-patrolman-unveils-romanian-skimming-ring/
Tomi Engdahl says:
Clickjacking Bug in Facebook Being Abused By Attackers To Post Spam On Your Facebook Wall
https://gbhackers.com/clickjacking-bug-facebook/
A malicious spam campaign that posts the clicked link on you Facebook wall. The campaign exploiting the vulnerability that resides in the mobile version of the Facebook.
Tomi Engdahl says:
Blackmail demand claims to have nailed you watching porn
https://www.kaspersky.com/blog/extortion-spam/25070/
One fine (or not so fine) day, you check your inbox and discover a message that starts like this:
“I’m aware, ********** is your password. You don’t know me and you are probably thinking why you are getting this email, right? Well, I actually placed a malware on the adult video clips (porn) web site…”
Or like this:
“I hacked this mailbox and infected your operating system with a virus…”
Or even:
“I’m part of an international hacker group. As you can guess, your account was hacked…”
All sorts of variants exist, but the message boils down to a claim that the sender infected your computer by hacking your account or placing malware on a porn site you visited.
Tomi Engdahl says:
Feds Charge Three in Mass Seizure of Attack-for-hire Services
https://krebsonsecurity.com/2018/12/feds-charge-three-in-mass-seizure-of-attack-for-hire-services/
Tomi Engdahl says:
More Than Just a Fad: Lessons Learned About Threat Hunting in 2018
https://securityintelligence.com/more-than-just-a-fad-lessons-learned-about-threat-hunting-in-2018/
Threat Hunting Is Here to Stay in 2019
Going into 2019, the cybersecurity community will continue to learn about the world of threat hunting and how organizations can implement an effective threat hunting program. Just like the fads that will inevitably come and go in 2019, there will be new cybersecurity tools, methodologies and lessons in the new year.
Tomi Engdahl says:
Google’s policy change reduces security, privacy and safety for 75% of users of ESET’s Android anti-theft service
https://www.welivesecurity.com/2018/12/21/google-policy-change-eset-android-anti-theft-service/
The unfortunate implications of a well-intentioned change to Google Play Developer policies – and the negative impact it has on ESET’s Android app customers
Tomi Engdahl says:
2018: A Banner Year for Breaches
https://threatpost.com/2018-biggest-breaches/140346/
A look back at the blizzard of breaches that made up 2018.
Where to start? In 2018 the mantra became “another day, another data breach.”
Tomi Engdahl says:
Hacking Christmas Lights For Fun and Mischief
https://www.bleepingcomputer.com/news/security/hacking-christmas-lights-for-fun-and-mischief/
Researchers playing with Twinkly IoT lights found security weaknesses that allowed them to display custom lighting effects and to remotely turn off their Christmas brilliance. They estimate that about 20,000 devices are reachable over the internet.
The LEDs in Twinkly lights can be controlled individually. Exploiting inherent security weaknesses related to authentication and the communication of commands, the researchers were able to use the curtain of lights to play Snake, the game made so popular by Nokia phones in the late 1990s.
Tomi Engdahl says:
Could you speak up a bit? I didn’t catch your password
We won’t need security experts when there’s no security left
https://www.theregister.co.uk/2018/12/25/could_you_speak_up_a_bit_i_didnt_catch_your_password/
Tomi Engdahl says:
MD5 and SHA-1 Still Used in 2018
https://www.schneier.com/blog/archives/2018/12/md5_and_sha-1_s.html
the current state of cryptanalysis against MD5 and SHA-1 allows for collisions, but not for pre-images. Still, it’s really bad form to accept these algorithms for any purpose.
Tomi Engdahl says:
Scanning Activity, end Goal is to add Hosts to Mirai Botnet
https://isc.sans.edu/forums/diary/Scanning+Activity+end+Goal+is+to+add+Hosts+to+Mirai+Botnet/24450/
Tomi Engdahl says:
Over 19,000 Orange modems are leaking WiFi credentials
Headaches for Orange customers in France and Spain for the holidays.
https://www.zdnet.com/article/over-19000-orange-modems-are-leaking-wifi-credentials/
Tomi Engdahl says:
Hacker steals ten years worth of data from San Diego school district
https://www.zdnet.com/article/hacker-steals-ten-years-worth-of-data-from-san-diego-school-district/
Officials said the hacker made off with the personal information of over 500,000 student and staff.
Tomi Engdahl says:
JungleSec Ransomware Infects Victims Through IPMI Remote Consoles
https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/
A ransomware called JungleSec is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards since early November.
When originally reported in early November, victims were seen using Windows, Linux, and Mac, but there was no indication as to how they were being infected. Since then, BleepingComputer has spoken to multiple victims whose Linux servers were infected with the JungleSec Ransomware and they all stated the same thing; they were infected through unsecured IPMI devices.
Tomi Engdahl says:
Veracode: DevSecOps is having a positive impact on security, but the state of security still has a long way to go
https://sdtimes.com/security/veracode-devsecops-is-having-a-positive-impact-on-security-but-the-state-of-security-still-has-a-long-way-to-go/
Even with a stronger focus on security this year, most software is still riddled with security vulnerabilities. According to Veracode’s State of Software Security (SOSS) report, 87.5 percent of Java applications, 92 percent of C++ applications, and 85.7 percent of .NET application contain at least one vulnerability. In addition, over 13 percent of applications contain at least one critical vulnerability.
Tomi Engdahl says:
Hot tub hack reveals washed-up security protection
https://www.bbc.com/news/technology-46674706
Thousands of hot tubs can be hacked and controlled remotely because of a hole in their online security, BBC Click has revealed.
Researchers showed the TV programme how an attacker could make the tubs hotter or colder, or control the pumps and lights via a laptop or smartphone.
Tomi Engdahl says:
Onko Huawei oikea turvallisuusriski vai osa kauppasotaa? “Vaikea sanoa, koska näyttöä vakoilusta ei ole”
https://yle.fi/uutiset/3-10546742
Tomi Engdahl says:
WATCH A HOMEMADE ROBOT CRACK A SAFE IN JUST 15 MINUTES
https://www.wired.com/story/watch-robot-crack-safe/
LAST CHRISTMAS, NATHAN Seidle’s wife gave him a second-hand safe she’d found on Craigslist.
The original owner had locked it and forgotten the combination. Her challenge to Seidle: Open it.
Seidle isn’t much of a safecracker. But as the founder of the Niwot, Colorado-based company SparkFun, a DIY and open-source hardware supplier, he’s a pretty experienced builder of homemade gadgets, tools, and robots.
The result: A fully automated device, built from off-the-shelf and 3-D printed components, that can open his model of SentrySafe in a maximum of 73 minutes, or half that time on average, with no human interaction.
Tomi Engdahl says:
Air Force One spotted in Sheffield: how UK enthusiast revealed Trump’s Iraq trip
https://www.theguardian.com/uk-news/2018/dec/27/air-force-one-spotted-in-sheffield-how-uk-enthusiast-revealed-trumps-iraq-trip
Alan Meloy photographed distinctive plane in skies over Yorkshire on Boxing Day
When Donald Trump flew to Iraq on Christmas Day for a top secret visit, the US government took every precaution to avoid the news leaking out. Journalists were sworn to secrecy
The US military had not reckoned with a planespotter from the suburbs of Sheffield, who took a photograph of the president’s plane in the sky over Yorkshire and inadvertently helped to break news of the flight to the Middle East while Trump was still in the air.
After uploading the picture to the photo sharing site Flickr, the image was picked up by other aircraft enthusiasts who combined it with publicly available aircraft tracking data
As a result, the White House was forced to reveal details of the trip ahead of time, throwing media management and security plans into chaos.
The president also told journalists that he had never seen anything like the security measures taken to ensure the secrecy of his flight
there were lessons to be learned: “If you want to do covert work use a covert plane.”
Tomi Engdahl says:
Secret Service Announces Test of Face Recognition System Around White House
https://www.aclu.org/blog/privacy-technology/surveillance-technologies/secret-service-announces-test-face-recognition
last week the Department of Homeland Security published details of a U.S. Secret Service plan to test the use of facial recognition in and around the White House.
According to the document, the Secret Service will test whether its system can identify certain volunteer staff members by scanning video feeds from existing cameras
Tomi Engdahl says:
Security flaws let anyone snoop on Guardzilla smart camera video recordings
https://techcrunch.com/2018/12/27/guardzilla-security-camera-flaws/?sr_share=facebook&utm_source=tcfbpage
A popular smart security system maker has ignored warnings from security researchers that its flagship device has several serious vulnerabilities, including allowing anyone access to the company’s central store of customer-uploaded video recordings.
Tomi Engdahl says:
Users report losing Bitcoin in clever hack of Electrum wallets
Hacker has stolen over $750,000 worth of Bitcoin over the past seven days.
https://www.zdnet.com/article/users-report-losing-bitcoin-in-clever-hack-of-electrum-wallets/
A hacker (or hacker group) has made over 200 Bitcoin (circa $750,000 at today’s exchange) using a clever attack on the infrastructure of the Electrum Bitcoin wallet.
The attack resulted in legitimate Electrum wallet apps showing a message on users’ computers, urging them to download a malicious wallet update from an unauthorized GitHub repository.
The attack began last week on Friday, December 21
The problem here is that Electrum servers are allowed to trigger popups with custom text inside users’ wallets.
After receiving news of attacks, the Electrum team responded by silently updating the Electrum wallet app, so these messages don’t render as rich HTML text anymore.
Tomi Engdahl says:
New Shamoon Sample from France Signed with Baidu Certificate
https://www.bleepingcomputer.com/news/security/new-shamoon-sample-from-france-signed-with-baidu-certificate/
A new sample of Shamoon disk-wiping malware was uploaded from France recently to the VirusTotal scanning platform. It tries to pass as a system optimization tool from Chinese technology company Baidu.
This new Shamoon variant was uploaded on December 23, 2018, and is signed with a digital certificate from Baidu, issued on March 25, 2015. The signature is no longer valid, as it expired on March 26, 2016.
The targets attacked by the threat actor behind this malware are typically oil and gas companies in the Middle East region. The latest Shamoon samples hit companies in the same area as well as Europe, deleting files on infected systems and making the machines unbootable.
Tomi Engdahl says:
JungleSec Ransomware Infects Victims Through IPMI Remote Consoles
https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/
A ransomware called JungleSec is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards since early November.
When originally reported in early November, victims were seen using Windows, Linux, and Mac, but there was no indication as to how they were being infected. Since then, BleepingComputer has spoken to multiple victims whose Linux servers were infected with the JungleSec Ransomware and they all stated the same thing; they were infected through unsecured IPMI devices.
IPMI is a management interface built into server motherboards or installed as an add-on card that allow administrators to remotely manage the computer, power on and off the computer, get system information, and get access to a KVM that gives you remote console access.
Tomi Engdahl says:
2018: The Year Machine Intelligence Arrived in Cybersecurity
https://www.darkreading.com/network-and-perimeter-security/2018-the-year-machine-intelligence-arrived-in-cybersecurity/d/d-id/1333556
Machine intelligence, in its many forms, began having a significant impact on cybersecurity this year – setting the stage for growing intelligence in security automation for 2019.
Tomi Engdahl says:
What should you do with your old devices
https://www.welivesecurity.com/2018/12/27/safe-disposal-old-devices-tips-tony-anscombe/
Disposal of old tech requires thought and effort and the need to cleanse the device of any personal data is just one of the concerns
Tomi Engdahl says:
Nokia denies leaking internal credentials in server snafu
https://www.zdnet.com/article/nokia-denies-leaking-internal-credentials-in-server-snafu/
Security researcher finds treasure trove of passwords and API keys on an internet-accessible etcd database.
Finnish phone vendor Nokia denied today a security company’s claims that it exposed a treasure trove of internal credentials, encryption and API keys in a server that it accidentally left exposed and easily accessible over the Internet.
The issue at hand is in regards to an etcd server discovered by HackenProof researcher Bob Diachenko.
Etcd is a database server that is most often used in corporate and cloud computing environments. They are a standard part of CoreOS, an operating system developed for cloud hosting environments, where they are used as part of the OS’ clustering system. CoreOS uses an etcd server as a central
Diachenko told ZDNet last week that he came across one such etcd server last week, on December 13. He says he discovered the server using the Shodan search engine for internet-connected devices.
In a blog post today, the researcher finally detailed last week’s findings, after Nokia had secured the exposed server earlier this week.
https://www.tivi.fi/Kaikki_uutiset/nokia-kiistaa-tietoturvatutkijan-loytaman-tietovuodon-merkittavyyden-6753745
New Discovery: Nokia left its cloud environment open, config details exposed
https://blog.hackenproof.com/industry-news/new-discovery-nokia-left-its-cloud-environment-open
Tomi Engdahl says:
US charges Chinese hackers with ‘massive theft’ from NASA, Navy and tech sector
The hacking campaign underscores a continuing threat from China, US
https://www.cnet.com/news/us-charges-chinese-hackers-with-massive-theft-from-nasa-navy-and-tech-sector/
https://www.tivi.fi/Kaikki_uutiset/kiinalainen-hakkeriryhma-iski-suomeenkin-yhdysvallat-nosti-kahdelle-kovat-syytteet-massiivisesta-tietomurrosta-6753532
Tomi Engdahl says:
Shared Tweeting Privileges Easy to Get by Spoofing Phone Numbers
https://www.bleepingcomputer.com/news/security/shared-tweeting-privileges-easy-to-get-by-spoofing-phone-numbers/
Twitter accounts of several celebrities and journalists in the UK shared control of the tweet feed to an unauthorized user for a brief period.
The interference was part of an experiment meant to highlight the risk of using mobile phone networks to authenticate and interact on the social networking service.
Getting privileges to post on the timeline of the selected accounts was possible because Twitter offers the option to tweet as long as it is done from the phone number connected to the profile.
Tomi Engdahl says:
Hijacking Online Accounts Via Hacked Voicemail Systems
https://threatpost.com/hijacking-online-accounts-via-hacked-voicemail-systems/140403/
Proof-of-concept hack of a voicemail systems shows how it can lead to account takeovers multiple online services.
LEIPZIG, GERMANY – Voicemail systems are vulnerable to compromise via brute force attacks against the four-digit personal identification numbers that protect them. By doing so, researchers say a malicious user can then access the voicemail system to then take over online accounts similar to WhatsApp, PayPal, LinkedIn and Netflix.
Tomi Engdahl says:
Hackers Make a Fake Hand to Beat Vein Authentication
https://motherboard.vice.com/amp/en_us/article/59v8dk/hackers-fake-hand-vein-authentication-biometrics-chaos-communication-congress#referrer=https%3A%2F%2Fwww.google.com&_tf=From%20%251%24s
Security researchers disclosed new work at the Chaos Communication Congress showing how hackers can bypass vein based authentication.
Tomi Engdahl says:
Mystery Hacker Steals Data of 1,000 North Korean Defectors to the South
https://www.thedailybeast.com/mystery-hacker-steals-data-of-1000-north-korean-defectors-to-the-south
Mystery hackers have stolen the personal information of nearly 1,000 people who defected from North to South Korea. The South Korean Unification Ministry admitted Friday that unknown hackers have gotten hold of the resettlement agency’s database and that the names, birth dates, and addresses of 997 defectors had been taken. “The malware was planted through emails sent by an internal address,”
Tomi Engdahl says:
The most common forms of censorship the public doesn’t know about
https://techcrunch.com/2018/12/19/the-most-common-forms-of-censorship-the-public-doesnt-know-about/
Amid all the discussion today about online threats, from censorship to surveillance to cyberwar, we often spend more time on the symptoms than on the underlying chronic conditions. If we want to make people around the world safer from an oppressive, weaponized internet, we need to get a bit nerdy and talk about internet standards.
Most internet censorship today is only possible because the internet wasn’t designed to protect the privacy of your connections. It wasn’t private by design, so when censors came along, they pushed on an open door.
Put simply, we should make internet protocols — the who, what, where of internet addresses — more private.
Privacy makes selective censorship harder
Improving standards doesn’t take magic — just prototyping, debating, consensus-building and implementing.
Unfortunately, every time you visit a website, your computer first consults the DNS system without any encryption, allowing censors and snoopers to know the name of every website you visit. A new standard is emerging to encrypt DNS lookups.
the W3C (another internet standards body) has been establishing a draft standard for Network Error Logging. This potentially helps address one of the trickiest challenges in tackling network interference: figuring out when interference is even happening.
Network Error Logging allows the user’s device to report a failed lookup to a neutral third party that is not blocked
If we’re serious about addressing those challenges, we need to start with improving standards.
Tomi Engdahl says:
Bitcoin Wallet Comprise: Electrum Wallet Breach Costs Users Over $750,000
https://www.newsbtc.com/2018/12/27/bitcoin-wallet-comprise-electrum/
According to emerging reports, the popular Bitcoin wallet software Electrum has been attacked costing those affected over $750,000 worth of Bitcoin. The security breach involved hackers tricking the wallet into urging users to make a critical update.
Tomi Engdahl says:
Report: Most of the internet is fake, including its users
https://www.msnbc.com/all-in/watch/report-most-of-the-internet-is-fake-including-its-users-1412606531832?cid=sm_npd_ms_tw_ma
If you think 2016 Russian disinformation was bad, that was just the tip of the iceberg. What if the entire internet is a fraud?
Tomi Engdahl says:
Julia Reda:
European Commission to start offering bug bounties on 14 Free Software projects like Notepad++ and VLC that the EU institutions rely on
In January, the EU starts running Bug Bounties on Free and Open Source Software
https://juliareda.eu/2018/12/eu-fossa-bug-bounties/
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
CenturyLink says all consumer services impacted by a ~32-hour outage that started on Thursday, including its 911 emergency services, have been restored
https://techcrunch.com/2018/12/28/911-service-outage-centurylink/
Tomi Engdahl says:
Andrew Jeong / Wall Street Journal:
South Korea says hackers stole data, including names and addresses, of 997 North Korean defectors; cybersecurity experts say likely culprit is North Korea
Hackers Steal Personal Information of North Koreans in South Korea
https://www.wsj.com/articles/hackers-steal-personal-information-of-north-korean-defectors-in-south-korea-11546001022
A likely culprit is North Korea, which attempts an estimated 1.5 million cyberattacks daily, or 17 every second
Tomi Engdahl says:
Dell Cameron / Gizmodo:
A bug Twitter downplayed in 2012 resurfaces as researchers hijack celebrity accounts to send tweets by using a UK mobile phone number tied to an account
Twitter Hackers Hijack New Accounts After Company Claims It Fixed Bug
https://gizmodo.com/twitter-hackers-hijacked-new-accounts-after-company-cla-1831369315
Twitter is claiming to have resolved a bug that allowed a group of London-based security researchers to post unauthorized tweets to the accounts of British celebrities and journalists. But the hackers who initially disclosed the vulnerability says that’s rubbish.
A Twitter spokesperson told reporters on Friday that it had “resolved a bug that allowed certain accounts with a connected UK phone number to be targeted by SMS spoofing.” However, during a conversation with Gizmodo, the hackers who posted the unauthorized tweets to celebrity accounts appeared able to reproduce the experiment after Twitter made its claim.
Tomi Engdahl says:
wallet.fail
Hacking the most popular cryptocurrency hardware wallets
https://media.ccc.de/v/35c3-9563-wallet_fail
Tomi Engdahl says:
Caught on camera: Cleveland family is being cyber-stalked on a whole new level
http://www.cleveland19.com/2018/12/27/caught-camera-cleveland-family-is-being-cyber-stalked-whole-new-level/
Through phones, computers, games even pizza deliveries the family is being terroized
Someone has hacked into every aspect of their home.
“He’s gotten into the home computer, he’s gotten into the video games that the kids are playing, he’s gotten into the phone, phone messages. My daughter’s school, my daughter’s online school. He’s gotten into all of our cell phone, which would be three cell phones,” an exhausted John Garrity described.
It started in early November.
Tomi Engdahl says:
https://securityintelligence.com/more-than-just-a-fad-lessons-learned-about-threat-hunting-in-2018/
Tomi Engdahl says:
Demo Exploit Code Published for Remote Code Execution via Microsoft Edge
https://www.bleepingcomputer.com/news/security/demo-exploit-code-published-for-remote-code-execution-via-microsoft-edge/
Tomi Engdahl says:
The Huawei bans aren’t about security — and they’re endangering the future internet
https://www.verdict.co.uk/huawei-bans-geopolitics-internet/
Tomi Engdahl says:
It’s the end of 2018, and this is your year in security
https://www.theregister.co.uk/2018/12/27/2018_the_year_in_security/
From fried chips to stuffed elections, a look back at the year that was
Tomi Engdahl says:
Someone Is Trying To Take Entire Countries Offline
https://www.iflscience.com/technology/someone-is-trying-to-take-entire-countries-offline/
Gatwick Airport is Britain’s second busiest by passenger volume, and Europe’s eighth. And yet it was brought to a standstill for two days by two people and a single drone.
The criminals who break into the web sites of banks or chainstores and steal personal data or money are not the scariest people out there, he told me. The hackers we really ought to be worrying about are the ones trying to take entire countries offline. People who are trying to take down the internet, switch the lights off, cut the water supply, disable railways, or blow up factories.
The West’s weakness is in the older electronics and sensors that control processes in infrastructure and industry. Often these electronics were installed decades ago. The security systems controlling them are ancient or non-existent. If a hacker can gain control of a temperature sensor in a factory, he — they’re usually men — can blow the place up, or set it on fire. “The problem people don’t realise is it becomes a weapon of mass destruction. You can take down a whole country. It can be done,” he said.
And then, how do you respond?
“you have no idea who did it.”
“You can have a team of five people sitting in a basement and be just as devastating as WMDs,” he said. “It’s really scary. In some sense it’s a matter of time because it’s really easy.”
“Someone is learning how to take down the Internet,” Bruce Schneier, the CTO of IBM Resilient believes
The Dyn attack was done by three young men who had created some software that they merely hoped would disable a competitor’s company, until it got out of control. The Mauritania attack was probably done by the government of neighbouring Sierra Leone, which was trying to manipulate local election results by crippling the media.
It’s not merely that “someone” out there is trying to figure out how to take down the internet. There are multiple someones out there who want that power.
Tomi Engdahl says:
China’s Global Control of 5G Could Be a Cyber Pearl Harbor for US
https://m.theepochtimes.com/chinas-global-control-of-5g-could-be-a-cyber-pearl-harbor-for-us_2748693.html
China is determined to control fifth-generation wireless technology (5G) networks, posing a threat to American telecommunication firms and raising national-security concerns. To win the next-generation mobile race, the U.S. government has to act fast, an expert warns.
Cyberspace is considered the fifth strategic domain of warfare, along with land, sea, air, and space. And the Chinese are on the verge of dominating this domain.
Tomi Engdahl says:
ICE Seizes Over 1 Million Websites With No Due Process; Apparently Unaware That Copyright & Trademark Are Different
from the this-does-not-bode-well dept
https://www.techdirt.com/articles/20181213/18030341224/ice-seizes-over-1-million-websites-with-no-due-process-apparently-unaware-that-copyright-trademark-are-different.shtml
Tomi Engdahl says:
Chinese schools are using chips in uniforms to monitor students
https://www.abacusnews.com/digital-life/chinese-schools-are-using-chips-uniforms-monitor-students/article/3000359
GPS and ID chips combine with a facial recognition system to track kids (but only during school hours)
Tomi Engdahl says:
Hot tub hack reveals washed-up security protection
https://www.bbc.com/news/technology-46674706?SThisFB
Thousands of hot tubs can be hacked and controlled remotely because of a hole in their online security, BBC Click has revealed.