This posting is here to collect cyber security news in February 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
373 Comments
Tomi Engdahl says:
Neverquest Trojan Operator Pleads Guilty
https://www.securityweek.com/neverquest-trojan-operator-pleads-guilty
Tomi Engdahl says:
US Lawmakers Kick Off Debate Over Online Privacy
https://www.securityweek.com/us-lawmakers-kick-debate-over-online-privacy
US lawmakers opened a debate Tuesday over privacy legislation in the first step by Congress toward regulation addressing a series of troublesome data protection abuses by tech firms.
Tomi Engdahl says:
Chrome Zero-Day Exploited to Harvest User Data via PDF Files
https://www.securityweek.com/chrome-zero-day-exploited-harvest-user-data-pdf-files
Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect information on users who open the files through Google’s web browser.
Tomi Engdahl says:
Google Analytics and Angular in Magento Credit Card Stealing Scripts
https://blog.sucuri.net/2019/02/google-analytics-and-angular-in-magento-credit-card-stealing-scripts.html
Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners.
Tomi Engdahl says:
Drupal Vulnerability (CVE-2019-6340) Can Be Exploited for Remote Code Execution
https://blog.trendmicro.com/trendlabs-security-intelligence/drupal-vulnerability-cve-2019-6340-can-be-exploited-for-remote-code-execution/
The content management framework Drupal recently fixed a vulnerability (CVE-2019-6340) in their core software, identified as SA-CORE-2019-003. The flaw is categorized as highly critical, exposing vulnerable installations to unauthenticated remote code execution (RCE). The vulnerability affects a substantial portion of Drupal installations
Tomi Engdahl says:
A Peek into BRONZE UNION’s Toolbox
https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox
Secureworks® Counter Threat Unit™ (CTU) researchers have tracked the activities of the BRONZE UNION threat group (also known as Emissary Panda, APT 27, and LuckyMouse) since 2013. CTU™ analysis suggests that BRONZE UNION is located in the People’s Republic of China. The threat group has historically leveraged a variety of publicly available and self-developed tools to gain access to targeted networks in pursuit of its political and military intelligence-collection objectives.
Tomi Engdahl says:
Bangladesh Embassy Website in Cairo Compromised
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/bangladesh-embassy-website-in-cairo-compromised/
Tomi Engdahl says:
Thunderclap Vulnerabilities Allow Attacks Using Thunderbolt Peripherals
https://www.bleepingcomputer.com/news/security/thunderclap-vulnerabilities-allow-attacks-using-thunderbolt-peripherals/
Modern computers that come with a Thunderbolt interface and run Windows, macOS, Linux, or FreeBSD are vulnerable to a range of Direct Memory Access (DMA) attacks performed by potential attackers with physical access to the device using malicious peripherals.
The security flaws collectively dubbed “Thunderclap” can be exploited to run arbitrary code using highest possible privilege level on the system to potentially access or steal “passwords, banking logins, encryption keys, private files, browsing,” and other sensitive data present on machine that come with ports for peripherals that use PCI Express (PCIe) and USB-C ports.
Tomi Engdahl says:
Hackers Backdoor Cloud Servers to Attack Future Customers
https://www.bleepingcomputer.com/news/security/hackers-backdoor-cloud-servers-to-attack-future-customers/
A new vulnerability dubbed Cloudborne can allow attackers to implant backdoor implants in the firmware or BMC of bare metal servers that survive client reassignment in bare metal and general cloud services, leading to a variety of attack scenarios.
Organizations deploying critical high-value apps on bare metal servers through Infrastructure as a Service (IaaS) offerings consider it the best alternative to buying their own hardware because this allows for easy and quick scaling of cloud-based applications without the need of sharing the hardware with other users.
While this generally means that an organization’s critical apps are always running on dedicated servers, the fact that those servers are reclaimed and re-assigned once the client no longer needs them exposes them to firmware weaknesses and vulnerabilities that can persist between customer assignments.
Tomi Engdahl says:
Hackers Exploit WinRAR Vulnerability to Deliver Malware
https://www.securityweek.com/hackers-exploit-winrar-vulnerability-deliver-malware
Tomi Engdahl says:
Backdoor Targets U.S. Companies via LinkedIn
https://www.securityweek.com/backdoor-targets-us-companies-linkedin
Mainly targeting U.S. companies in the retail, entertainment, pharmacy, and other industries that commonly employ online payments, such as online shopping portals, the campaign utilizes inkedIn in an attempt to infect users with the More_eggs backdoor.
Tomi Engdahl says:
Drupal RCE Flaw Exploited in Attacks Days After Patch
https://www.securityweek.com/drupal-rce-flaw-exploited-attacks-days-after-patch
Tomi Engdahl says:
GOVERNMENT
North Korean hackers go on phishing expedition before Trump-Kim summit
https://www.cyberscoop.com/trump-kim-summit-vietnam-north-korea-hackers-phishing/
Tomi Engdahl says:
Thunder, thunder, thunder… Thunderclap: Feel the magic, hear the roar, macOS, Windows pwnage tools are loose
https://www.theregister.co.uk/2019/02/26/thunderclap_hacking_devices/
Tomi Engdahl says:
MarioNET attack lets hackers control your browser, even after you leave the attack page
https://www.ghacks.net/2019/02/26/marionet-attack-lets-hackers-control-your-browser-even-after-you-leave-the-attack-page/
Tomi Engdahl says:
https://www.abc.net.au/radionational/programs/latenightlive/the-story-of-a-white-hat-hacker/10851556
Tomi Engdahl says:
Tom Krazit / GeekWire:
Microsoft unveils Azure Sentinel, a new cloud service that allows customers to view and respond to security alerts and threats across corporate networks — Ahead of next week’s big RSA security conference, Microsoft plans to introduce a new cloud service Thursday that will help customers manage …
Microsoft unveils new Azure Sentinel cloud security service to help manage threat detection and analysis
https://www.geekwire.com/2019/microsoft-unveils-new-azure-sentinel-cloud-security-service-help-manage-threat-detection-analysis/
Tomi Engdahl says:
Natasha Lomas / TechCrunch:
LinkedIn suspends emails to connections when a European member has been mentioned in the news, after algorithm mixes up identities
LinkedIn forced to ‘pause’ mentioned in the news feature in Europe after complaints about ID mix-ups
https://techcrunch.com/2019/02/28/linkedin-forced-to-pause-mentioned-in-the-news-feature-in-europe-after-complaints-about-id-mix-ups/
LinkedIn has been forced to ‘pause’ a feature in Europe in which the platform emails members’ connections when they’ve been ‘mentioned in the news’.
This follows a number of data protection complaints after LinkedIn’s algorithms incorrectly matched members to news articles — triggering an internal review of the feature. LinkedIn told us it subsequently decided to suspend the feature in Europe.
Tomi Engdahl says:
Thailand passes controversial cybersecurity law that could enable government surveillance
https://techcrunch.com/2019/02/28/thailand-passes-controversial-cybersecurity-law/?fbclid=IwAR1zKTtjjELfSErHJCQC_QyMofdrd4FDDpoQb9u9twjsRgyRwaVJ_r04d6k
Tomi Engdahl says:
Facebook admits 18% of Research spyware users were teens, not <5%
https://techcrunch.com/2019/02/28/facebook-research-teens/
Tomi Engdahl says:
Vulnerability exposes location of thousands of malware C&C servers
https://www.zdnet.com/article/vulnerability-exposes-location-of-thousands-of-malware-c-c-servers/
An extra whitespace in a server response allowed a security firm to track a hackers’ favorite tool for years.
Tomi Engdahl says:
Joe McDonald / Associated Press:
Chinese government report: travelers in China were blocked 23M times from buying plane or train tickets in 2018 due to their poor “social credit” — BEIJING (AP) — Skipped paying a fine in China? Then forget about buying an airline ticket. — Would-be air travelers …
China bars millions from travel for ‘social credit’ offenses
https://www.apnews.com/9d43f4b74260411797043ddd391c13d8
Skipped paying a fine in China? Then forget about buying an airline ticket.
Would-be air travelers were blocked from buying tickets 17.5 million times last year for “social credit” offenses including unpaid taxes and fines under a controversial system the ruling Communist Party says will improve public behavior.
Others were barred 5.5 million times from buying train tickets, according to the National Public Credit Information Center.
The ruling party says “social credit” penalties and rewards will improve order in a fast-changing society after three decades of economic reform have shaken up social structures.
Authorities have experimented with “social credit” since 2014 in areas across China. Points are deducted for breaking the law or, in some areas, offenses as minor as walking a dog without a leash.
The ruling party wants a nationwide system by 2020 but has yet to say how it will operate. Possible penalties include restrictions on travel, business and access to education. A slogan repeated in state media says, “Once you lose trust, you will face restrictions everywhere.”
Offenses penalized under “social credit” last year included false advertising or violating drug safety rules, the government information center said. Individuals were blocked 290,000 times from taking senior management jobs or acting as a company’s legal representative.
Tomi Engdahl says:
Dow Jones list of 2.4 million risky banking clients exposed online
https://www.cnet.com/news/dow-jones-watchlist-of-2-4-million-risky-banking-clients-exposed/
Foreign politicians, terrorists and high-profile criminals are on the list