Cyber Security News February 2019

This posting is here to collect cyber security news in February 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

 

373 Comments

  1. Tomi Engdahl says:

    US Lawmakers Kick Off Debate Over Online Privacy
    https://www.securityweek.com/us-lawmakers-kick-debate-over-online-privacy

    US lawmakers opened a debate Tuesday over privacy legislation in the first step by Congress toward regulation addressing a series of troublesome data protection abuses by tech firms.

    Reply
  2. Tomi Engdahl says:

    Chrome Zero-Day Exploited to Harvest User Data via PDF Files
    https://www.securityweek.com/chrome-zero-day-exploited-harvest-user-data-pdf-files

    Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect information on users who open the files through Google’s web browser.

    Reply
  3. Tomi Engdahl says:

    Google Analytics and Angular in Magento Credit Card Stealing Scripts
    https://blog.sucuri.net/2019/02/google-analytics-and-angular-in-magento-credit-card-stealing-scripts.html

    Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners.

    Reply
  4. Tomi Engdahl says:

    Drupal Vulnerability (CVE-2019-6340) Can Be Exploited for Remote Code Execution
    https://blog.trendmicro.com/trendlabs-security-intelligence/drupal-vulnerability-cve-2019-6340-can-be-exploited-for-remote-code-execution/

    The content management framework Drupal recently fixed a vulnerability (CVE-2019-6340) in their core software, identified as SA-CORE-2019-003. The flaw is categorized as highly critical, exposing vulnerable installations to unauthenticated remote code execution (RCE). The vulnerability affects a substantial portion of Drupal installations

    Reply
  5. Tomi Engdahl says:

    A Peek into BRONZE UNION’s Toolbox
    https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox

    Secureworks® Counter Threat Unit™ (CTU) researchers have tracked the activities of the BRONZE UNION threat group (also known as Emissary Panda, APT 27, and LuckyMouse) since 2013. CTU™ analysis suggests that BRONZE UNION is located in the People’s Republic of China. The threat group has historically leveraged a variety of publicly available and self-developed tools to gain access to targeted networks in pursuit of its political and military intelligence-collection objectives.

    Reply
  6. Tomi Engdahl says:

    Thunderclap Vulnerabilities Allow Attacks Using Thunderbolt Peripherals
    https://www.bleepingcomputer.com/news/security/thunderclap-vulnerabilities-allow-attacks-using-thunderbolt-peripherals/

    Modern computers that come with a Thunderbolt interface and run Windows, macOS, Linux, or FreeBSD are vulnerable to a range of Direct Memory Access (DMA) attacks performed by potential attackers with physical access to the device using malicious peripherals.

    The security flaws collectively dubbed “Thunderclap” can be exploited to run arbitrary code using highest possible privilege level on the system to potentially access or steal “passwords, banking logins, encryption keys, private files, browsing,” and other sensitive data present on machine that come with ports for peripherals that use PCI Express (PCIe) and USB-C ports.

    Reply
  7. Tomi Engdahl says:

    Hackers Backdoor Cloud Servers to Attack Future Customers
    https://www.bleepingcomputer.com/news/security/hackers-backdoor-cloud-servers-to-attack-future-customers/

    A new vulnerability dubbed Cloudborne can allow attackers to implant backdoor implants in the firmware or BMC of bare metal servers that survive client reassignment in bare metal and general cloud services, leading to a variety of attack scenarios.

    Organizations deploying critical high-value apps on bare metal servers through Infrastructure as a Service (IaaS) offerings consider it the best alternative to buying their own hardware because this allows for easy and quick scaling of cloud-based applications without the need of sharing the hardware with other users.

    While this generally means that an organization’s critical apps are always running on dedicated servers, the fact that those servers are reclaimed and re-assigned once the client no longer needs them exposes them to firmware weaknesses and vulnerabilities that can persist between customer assignments.

    Reply
  8. Tomi Engdahl says:

    Backdoor Targets U.S. Companies via LinkedIn
    https://www.securityweek.com/backdoor-targets-us-companies-linkedin

    Mainly targeting U.S. companies in the retail, entertainment, pharmacy, and other industries that commonly employ online payments, such as online shopping portals, the campaign utilizes inkedIn in an attempt to infect users with the More_eggs backdoor.

    Reply
  9. Tomi Engdahl says:

    GOVERNMENT
    North Korean hackers go on phishing expedition before Trump-Kim summit
    https://www.cyberscoop.com/trump-kim-summit-vietnam-north-korea-hackers-phishing/

    Reply
  10. Tomi Engdahl says:

    Thunder, thunder, thunder… Thunderclap: Feel the magic, hear the roar, macOS, Windows pwnage tools are loose
    https://www.theregister.co.uk/2019/02/26/thunderclap_hacking_devices/

    Reply
  11. Tomi Engdahl says:

    Tom Krazit / GeekWire:
    Microsoft unveils Azure Sentinel, a new cloud service that allows customers to view and respond to security alerts and threats across corporate networks — Ahead of next week’s big RSA security conference, Microsoft plans to introduce a new cloud service Thursday that will help customers manage …

    Microsoft unveils new Azure Sentinel cloud security service to help manage threat detection and analysis
    https://www.geekwire.com/2019/microsoft-unveils-new-azure-sentinel-cloud-security-service-help-manage-threat-detection-analysis/

    Reply
  12. Tomi Engdahl says:

    Natasha Lomas / TechCrunch:
    LinkedIn suspends emails to connections when a European member has been mentioned in the news, after algorithm mixes up identities

    LinkedIn forced to ‘pause’ mentioned in the news feature in Europe after complaints about ID mix-ups
    https://techcrunch.com/2019/02/28/linkedin-forced-to-pause-mentioned-in-the-news-feature-in-europe-after-complaints-about-id-mix-ups/

    LinkedIn has been forced to ‘pause’ a feature in Europe in which the platform emails members’ connections when they’ve been ‘mentioned in the news’.

    This follows a number of data protection complaints after LinkedIn’s algorithms incorrectly matched members to news articles — triggering an internal review of the feature. LinkedIn told us it subsequently decided to suspend the feature in Europe.

    Reply
  13. Tomi Engdahl says:

    Facebook admits 18% of Research spyware users were teens, not <5%
    https://techcrunch.com/2019/02/28/facebook-research-teens/

    Reply
  14. Tomi Engdahl says:

    Vulnerability exposes location of thousands of malware C&C servers
    https://www.zdnet.com/article/vulnerability-exposes-location-of-thousands-of-malware-c-c-servers/

    An extra whitespace in a server response allowed a security firm to track a hackers’ favorite tool for years.

    Reply
  15. Tomi Engdahl says:

    Joe McDonald / Associated Press:
    Chinese government report: travelers in China were blocked 23M times from buying plane or train tickets in 2018 due to their poor “social credit” — BEIJING (AP) — Skipped paying a fine in China? Then forget about buying an airline ticket. — Would-be air travelers …

    China bars millions from travel for ‘social credit’ offenses
    https://www.apnews.com/9d43f4b74260411797043ddd391c13d8

    Skipped paying a fine in China? Then forget about buying an airline ticket.

    Would-be air travelers were blocked from buying tickets 17.5 million times last year for “social credit” offenses including unpaid taxes and fines under a controversial system the ruling Communist Party says will improve public behavior.

    Others were barred 5.5 million times from buying train tickets, according to the National Public Credit Information Center.

    The ruling party says “social credit” penalties and rewards will improve order in a fast-changing society after three decades of economic reform have shaken up social structures.

    Authorities have experimented with “social credit” since 2014 in areas across China. Points are deducted for breaking the law or, in some areas, offenses as minor as walking a dog without a leash.

    The ruling party wants a nationwide system by 2020 but has yet to say how it will operate. Possible penalties include restrictions on travel, business and access to education. A slogan repeated in state media says, “Once you lose trust, you will face restrictions everywhere.”

    Offenses penalized under “social credit” last year included false advertising or violating drug safety rules, the government information center said. Individuals were blocked 290,000 times from taking senior management jobs or acting as a company’s legal representative.

    Reply
  16. Tomi Engdahl says:

    Dow Jones list of 2.4 million risky banking clients exposed online
    https://www.cnet.com/news/dow-jones-watchlist-of-2-4-million-risky-banking-clients-exposed/

    Foreign politicians, terrorists and high-profile criminals are on the list

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*