This posting is here to collect cyber security news in February 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
373 Comments
Tomi Engdahl says:
DanaBot updated with new C&C communication
https://www.welivesecurity.com/2019/02/07/danabot-updated-new-cc-communication/
ESET researchers have discovered new versions of the DanaBot Trojan, updated with a more complicated protocol for C&C communication and slight modifications to architecture and campaign IDs
Tomi Engdahl says:
MacOS Zero-Day Exposes Apple Keychain Passwords
https://threatpost.com/macos-zero-day-exposes-apple-keychain-passwords/141584/
A researcher who discovered a flaw letting him steal passwords in MacOS is not sharing his findings with Apple without a macOS bug bounty program.
A researcher claims to have found a new Apple zero-day impacting macOS that could allow an attacker to extract passwords from a targeted Mac’s keychain password management system. However, the researcher refuses to disclose the alleged vulnerability citing Apple’s lack of macOS bug bounty program.
Tomi Engdahl says:
Airbus Data Takes Flight; and Billions of Credentials Dumped on Dark Web
https://threatpost.com/airbus-data-breach/141368/
A cyberattack lifts employee data at the French aerospace giant as news hits of “Collections 2-5” being passed around the underground.
French airplane and military aircraft behemoth Airbus SE has become the latest victim of a cyberattack leading to a data breach, with an incident detected on its “commercial aircraft business” information systems.
It is only the latest high-profile data exposure to come to light in recent days, and it dovetails with the release of billions of records on the Dark Web as part of a data dump that’s being called “Collections #2-5.”
The company said on Wednesday that the incident resulted in unauthorized access to employee data, but that there was no impact on Airbus’ commercial operations or intellectual property.
Tomi Engdahl says:
Researcher Declines to Share Zero-Day macOS Keychain Exploit with Apple
https://www.bleepingcomputer.com/news/security/researcher-declines-to-share-zero-day-macos-keychain-exploit-with-apple/
Tomi Engdahl says:
Business Email Compromise Attacks See Almost 500% Increase
https://www.bleepingcomputer.com/news/security/business-email-compromise-attacks-see-almost-500-percent-increase/
Business email compromised (BEC) attacks have seen an explosive 476% growth between Q4 2017 and Q4 2018, while the number of email fraud attempts against companies increased 226% QoQ.
BEC attacks use social engineering to target specific company employees, regularly from the firm’s Finance department, and try to persuade them into wiring large sums of money to third-party banking accounts controlled by the attackers.
Cryptojacking Overtakes Ransomware, Malware-as-a-Service on the Rise
https://www.bleepingcomputer.com/news/security/cryptojacking-overtakes-ransomware-malware-as-a-service-on-the-rise/
Cryptominers infected roughly ten times more organizations during 2018 than ransomware did, however only one in five security professionals knew that their company’s systems have been impacted by a malware attack as reported by Check Point Research.
This follows a trend where threat actors have been doing their best to keep a low profile as much as possible, giving up on large scale ransomware attacks which get noticed immediately and switching to the harder to detect cryptojacking campaigns.
Tomi Engdahl says:
Flaw in Multiple Airline Systems Exposes Passenger Data
https://threatpost.com/flaw-in-multiple-airline-systems-exposes-passenger-data/141596/
Up to eight airlines do not encrypt e-ticketing booking systems – leaving personal customer data open for the taking.
Researchers have discovered that multiple airline e-ticketing systems do not encrypt check-in links. The security faux pas could allow bad actors on the same network as the victim to view – and in some cases even change – their flight booking details or boarding passes.
Tomi Engdahl says:
Who are the last people you’d expect to spill thousands of student records? A computer science dept? What a fantastic guess
O(1)? More like O(h) n(O)! Proto-boffins’ info leaks out
https://www.theregister.co.uk/2019/02/07/cal_poly_leak/
An errant email leaked academic information on every student at the Cal Poly Pomona College of Science, in California.
University publication Poly Post reports that it was, of all people, the American school’s computer science department that was to blame for the exposure of 4,557 active student records in an email that got sent out to other students – and was later partially posted to the forums of Reddit.
The data leak occurred on January 28
Tomi Engdahl says:
Ammattilaisetkaan eivät aina huomaa kryptolouhijoita
http://www.etn.fi/index.php/13-news/9052-ammattilaisetkaan-eivat-aina-huomaa-kryptolouhijoita
Check Pointin raportin mukaan kyberrikollisuus on demokratisoitunut, kun haittaohjelmien myymisestä palveluna (malware as a service) on tullut ansaintamuoto, ja kehittyneitä hyökkäysmenetelmiä on tarjolla kaikille, jotka ovat halukkaita maksamaan niistä.
Raportin mukaan kasvussa ovat etenkin useita erilaisia tekniikoita hyödyntävät hyökkäykset, jotka pyrkivät välttämään yritysten tietoturvatutkat.
Tomi Engdahl says:
Power Company Has Security Breach Due to Downloaded Game
https://www.bleepingcomputer.com/news/security/power-company-has-security-breach-due-to-downloaded-game/
South African energy supplier Eskom Group has been hit with a double security breach consisting of an unsecured database containing customer information and a corporate computer infected with the Azorult information-stealing Trojan.
According to Eskom’s web site, they are an energy company based out of Johannesburg in South Africa that supplies 95% of the electricity used in South Africa and approximately 45% of the electricity used in Africa.
Based on information provided to BleepingComputer, these breaches exposed Eskom’s network credentials, customer information, redacted customer credit card information, and sensitive business information.
It all started when security researcher .sS.! discovered data belonging to Eskom that was stolen by the Azorult password-stealing Trojan.
Infection caused by downloaded game
According to a screenshot created by Azorult when it was installed, the infection was masquerading as a downloader for The Sims 4 game.
Data breach from unsecured database
To make matters worse, a security researcher by the name of Devin Stokes found an unsecured database belonging to Eskom that had been publicly available for weeks.
From screenshots shared by Stokes, this database contained customer information, redacted payment information, meter information, and other sensitive details.
After repeated attempts to contact them in order to disclose the data breach, Stokes publicly tweeted a portion of the data to the Eskom Twitter account in order to get a response.
In response, Eskom finally replied that they were investigating the matter.
Tomi Engdahl says:
RDP Clients Exposed to Reverse RDP Attacks by Major Protocol Issues
https://www.bleepingcomputer.com/news/security/rdp-clients-exposed-to-reverse-rdp-attacks-by-major-protocol-issues/
Multiple major vulnerabilities were discovered in the Remote Desktop Protocol (RDP) protocol which can allow bad actors to take control of computers connecting to a malicious server using remote code execution and memory corruption.
Tomi Engdahl says:
China hacked Norway’s Visma to steal client secrets – investigators
https://uk.reuters.com/article/uk-china-cyber-norway-visma/china-hacked-norways-visma-to-steal-client-secrets-investigators-idUKKCN1PV14R
Hackers working on behalf of Chinese intelligence breached the network of Norwegian software firm Visma to steal secrets from its clients, cybersecurity researchers said, in what a company executive described as a potentially catastrophic attack.
Visma took the decision to talk publicly about the breach to raise industry awareness about the hacking campaign, which is known as Cloudhopper and targets technology service and software providers in order reach their clients.
“But if I put on my paranoia hat, this could have been catastrophic,” he said. “If you are a big intelligence agency somewhere in the world and you want to harvest as much information as possible, you of course go for the convergence points, it’s a given fact.”
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/journalistiliitto-tietomurron-kohteena-hs-jaljet-vievat-venajalle-ja-aasiaan-6757419
Tomi Engdahl says:
Microsoft Confirms Serious ‘PrivExchange’ Vulnerability
https://threatpost.com/microsoft-confirms-serious-privexchange-vulnerability/141553/
The elevated privilege flaw exists in Microsoft Exchange and would allow a remote attacker to impersonate an administrator.
https://www.us-cert.gov/ncas/current-activity/2019/02/05/Microsoft-Releases-Security-Advisory-Exchange-Server
Tomi Engdahl says:
Critical Zcash Bug Could Have Allowed ‘Infinite Counterfeit’ Cryptocurrency
https://thehackernews.com/2019/02/zcash-cryptocurrency-hack.html
Tomi Engdahl says:
More Alleged SIM Swappers Face Justice
https://krebsonsecurity.com/2019/02/more-alleged-sim-swappers-face-justice/
Tomi Engdahl says:
APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign
https://www.recordedfuture.com/apt10-cyberespionage-campaign/
Norwegian company Visma, who was targeted in the attack, and U.S. company Rapid7 provided support and extensive expertise throughout this research. Industry collaboration is a vital enabler in illuminating threats and offering protection to organizations at risk from hostile, state-sponsored economic cyberespionage.
Tomi Engdahl says:
https://www.visma.com/press-releases/intelligence-report-visma/
Tomi Engdahl says:
BEC Actors Exploiting Gmail “Dot Accounts” for Fun and Profit
https://www.agari.com/email-security-blog/bec-actors-exploit-google-dot-feature/
Recently, during one of our investigations into a group comprised of these threat actors, we observed several scammers taking advantage of a “feature” that Google has built into Gmail addresses. While Google sees this as an advantage of consumers, cybercriminals are exploiting it for malicious activities.
Let’s assume I create a Gmail account with the email address bad.guy007[at]gmail.com. Visually, it looks like the username “bad.guy007” is separated by a period. According to Google, however, “you own all dotted versions of your address.” This means that Google interprets the email address I created as badguy007[at]gmail.com, stripping out the period, and the same can be said if the dot was placed in any other place in the email address. In other words, this interpretation is a feature, not a bug. This also means that b.a.d.g.u.y.007[at]gmail.com and bad.guy.007[at]gmail.com and ba.dg.uy.007[at]gmail.com all direct incoming email to the same account.
For example, if I sign up for a Netflix account using the email address badguy007[at]gmail.com and then again with b.adg.uy007[at]gmail.com, Netflix—like most other online services—would think that these are two different accounts linked to two different people. This is where, and how, cybercriminals are able to take advantage.
Tomi Engdahl says:
GandCrab Ransomware Helps Shady Data Recovery Firms Hide Ransom Costs
https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-helps-shady-data-recovery-firms-hide-ransom-costs/
The GandCrab ransomware TOR site allows shady data recovery companies to hide the actual ransom cost from victims and it is currently being disseminated through a large assortment of distribution channels according to a Coveware report.
Partnering with recovery firms who frequently access GandCrab’s TOR site is an already documented feature, with “discount” codes being provided to the most active ones, usable when processing future settlements.
The ransomware’s TOR site comes with a hidden private chat that can be enabled using one of the “discount” codes, allowing dishonest data recovery firms to hide the final cost of the GandCrab decryption process from its customers.
Tomi Engdahl says:
I won’t bother hunting and reporting more Sony zero-days, because all I’d get is a lousy t-shirt
It’s 2019. Should billion-dollar corps do better than offer swag for vulns?
https://www.theregister.co.uk/2019/02/05/sony_tshirt_bounty/
Hunting for exploitable security bugs in software is not an easy way to make a living, and vulnerability researchers say vendors who don’t pay out for reports are making life even harder while putting their own products at risk.
Such was the case with João Figueiredo, a researcher in Brazil who tracked down and reported remote code execution vulnerabilities in two websites run by Sony and Sony Pictures. Those flaws were rated as a critical risk, and earned Figueiredo recognition on the hacktivity page of HackerOne, hired by Sony to handle its bug bounties.
It could, however, have been an even bigger disclosure, with potentially more security holes in the entertainment giant’s systems reported, had Sony offered Figueiredo better incentives. With just a t-shirt up for grabs, though, he decided to leave it at two.
Tomi Engdahl says:
Shellbot Crimeware Re-Emerges in Monero Mining Campaign
New attack uses a repurposed version of the Trojan that spreads using Internet Relay Chat.
https://www.darkreading.com/vulnerabilities—threats/shellbot-crimeware-re-emerges-in-monero-mining-campaign/d/d-id/1333801
Tomi Engdahl says:
Clever Phishing Attack Enlists Google Translate to Spoof Login Page
https://threatpost.com/clever-phishing-attack-enlists-google-translate-to-spoof-facebook-login-page/141571/
Tomi Engdahl says:
Ethical Hacker Exposes Magyar Telekom Vulnerabilities, Faces 8 Years in Jail
https://www.bleepingcomputer.com/news/security/ethical-hacker-exposes-magyar-telekom-vulnerabilities-faces-8-years-in-jail/
An ethical hacker who discovered a security vulnerability in Magyar Telekom’s IT systems during April 2018 is currently being investigated by the Hungarian Prosecution Service after the company filed a complaint and faces 8 years in prison, local Hungarian media reports.
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/9033-japani-aikoo-kyberhyokata-omia-kansalaisiaan-vastaan
Tomi Engdahl says:
Report: Chinese cyberspies hacked MSP, retailer and law firm in economic espionage campaign
https://www.scmagazine.com/home/security-news/apts-cyberespionage/report-chinese-cyberspies-hacked-msp-retailer-and-law-firm-in-economic-espionage-campaign/
The Chinese state-sponsored threat actor APT10 used stolen remote access software credentials to infiltrate the network of Norwegian managed services provider Visma last year, likely in an effort to launch secondary attacks against the MSP’s clients.
An investigation into the cyber espionage campaign revealed that APT10, aka Stone Panda, used similar tactics to invade the networks of at least two other companies – an international apparel retailer and a U.S.-based law firm with a specialization in intellectual property law.
Tomi Engdahl says:
A Valentine’s Day Warning for Let’s Encrypt TLS-SNI Users
https://www.venafi.com/blog/valentines-day-warning-lets-encrypt-sni-users?utm_source=socialmedia&utm_medium=Bora&utm_campaign=Valentine-letsencrypt-crawley-blog
Many organizations need to use free certificate authorities. If your business doesn’t have a budget for a paid CA, it’s certainly better to deliver your website or web app through HTTPS with the help of Let’s Encrypt than to use the plaintext web through HTTP. Recent versions of popular web browsers on both desktop and mobile such as Mozilla Firefox and Google Chrome have started to warn web surfers that HTTP sites are “not secure.”
probably convinced many organizations which previously avoided HTTPS because they didn’t want to pay for TLS certificates to sign up with Let’s Encrypt so that their users wouldn’t be dissuaded to visit their websites with a web browser-delivered warning. Also, Google has acknowledged that HTTP web pages are now being ranked lower in their search engine than HTTPS web pages
If your organization uses Let’s Encrypt as a CA, there’s an important deadline coming up very, very soon. On February 13, 2019, Let’s Encrypt will disable support for TLS-SNI-01 domain validation.
Tomi Engdahl says:
Not allowed to invent imaginary MITM attacks: Like MITI (Man in the Intern, aka social engineering via romantic compromise)… Its a big problem this time of year or so it is said.
Tomi Engdahl says:
Sean Gallagher / Ars Technica:
Jack’d, a gay dating app with 1M+ downloads from the Play store, stored users’ images, posted and marked as private in chat sessions, on an unsecured AWS server
Indecent disclosure: Gay dating app left “private” images, data exposed to Web (Updated)
https://arstechnica.com/information-technology/2019/02/indecent-disclosure-gay-dating-app-left-private-exposed-to-web/
Online-Buddies was exposing its Jack’d users’ private images and location; disclosing posed a risk.
Tomi Engdahl says:
BBC:
Germany orders Facebook to stop combining data from WhatsApp, Instagram, and third-party sites with data in a user’s main Facebook account without their consent
Facebook ordered by Germany to gather and mix less data
https://www.bbc.com/news/technology-47146431
Tomi Engdahl says:
Thousands of industrial refrigerators can be remotely defrosted, thanks to default passwords
https://techcrunch.com/2019/02/08/industrial-refrigerators-defrost-flaw/?sr_share=facebook&utm_source=tcfbpage
Security researchers have found thousands of exposed internet-connected industrial refrigerators that can be easily remotely instructed to defrost.
More than 7,000 vulnerable temperature controlled systems, manufactured by U.K.-based firm Resource Data Management, are accessible from the internet and can be controlled by simply plugging in its default password found in documentation on the company’s website, according to Noam Rotem, one of the security researchers who found the vulnerable systems.
Tomi Engdahl says:
Downgrade Attack on TLS 1.3 and Vulnerabilities in Major TLS Libraries
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/
On November 30, 2018. We disclosed CVE-2018-12404, CVE-2018-19608, CVE-2018-16868, CVE-2018-16869, and CVE-2018-16870. These were from vulnerabilities found back in August 2018 in several TLS libraries.
We tested nine different TLS implementations against cache attacks and seven were found to be vulnerable: OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS. The cat is not dead yet, with two lives remaining thanks to BearSSL (developed by my colleague Thomas Pornin) and Google’s BoringSSL.
The attack leverages a side-channel leak via cache access timings of these implementations in order to break the RSA key exchanges of TLS implementations.
Tomi Engdahl says:
A Valentine’s Day Warning for Let’s Encrypt TLS-SNI Users
https://www.venafi.com/blog/valentines-day-warning-lets-encrypt-sni-users?utm_source=socialmedia&utm_medium=Bora&utm_campaign=Valentine-letsencrypt-crawley-blog
Tomi Engdahl says:
Chinese intelligence hacked Norwegian software firm Visma to steal client secrets, investigators say
https://m.scmp.com/news/world/europe/article/2185218/chinese-intelligence-hacked-norwegian-software-firm-visma-steal?utm_medium=Social&utm_source=Facebook#Echobox=1549474474
The alleged attack was part of a global effort by China’s Ministry of State Security to steal intellectual property and company secrets, say security experts
The claims came after Norway’s police intelligence agency accused Beijing of stealing information via technology provided by telecom tech giant Huawei
Tomi Engdahl says:
San Francisco Wants to Ban Government Face Recognition
https://www.theatlantic.com/technology/archive/2019/02/san-francisco-proposes-ban-government-face-recognition/581923/?utm_term=2019-02-05T18:28:18&utm_source=twitter&utm_content=edit-promo&utm_campaign=the-atlantic&utm_medium=social
Is it too late, too difficult, or too ironic to try to stop it from becoming a city of surveillance?
Tomi Engdahl says:
SWITZERLAND OFFERS BOUNTIES TO ANYONE WHO HACKS ITS E-VOTING SYSTEM
https://www.securitynewspaper.com/2019/02/09/switzerland-offers-bounties-to-anyone-who-hacks-its-e-voting-system/
Security investigators aspire to rewards of up to 50k Swiss francs
Swiss government announced a bounty of 150K Swiss francs (about $140k USD) for hackers who successfully enter to its electronic voting system, as reported by network security and ethical hacking specialists from the International Institute of Cyber Security.
Tomi Engdahl says:
Power Company Has Security Breach Due to Downloaded Game
https://www.bleepingcomputer.com/news/security/power-company-has-security-breach-due-to-downloaded-game/
South African energy supplier Eskom Group has been hit with a double security breach consisting of an unsecured database containing customer information and a corporate computer infected with the Azorult information-stealing Trojan.
Tomi Engdahl says:
Power Company Fined $10 Million For Inadequate Cybersecurity
https://www.cynexlink.com/2019/02/04/power-company-fined-10-million-for-inadequate-cybersecurity/
Identified as Duke Energy Corp. in recent reports, one energy company experienced a cybersecurity inadequacy that is costing them a whopping fine of $10 million dollars. Said to be the largest imposed fine for the offense, the company was told to pay up by The North American Electric Reliability Corp. for the infraction.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2019/02/09/kybervakoilu-jatkuu-suomessa-aktiivisena-teknologia-kiinnostaa/
Tomi Engdahl says:
Catalin Cimpanu / ZDNet:
Google warns about two iOS zero-day vulnerabilities that hackers have been actively exploiting; the vulnerabilities have been fixed in iOS 12.1.4
Google warns about two iOS zero-days ‘exploited in the wild’
https://www.zdnet.com/article/google-warns-about-two-ios-zero-days-exploited-in-the-wild/
iOS users are advised to update to iOS 12.1.4; release which also fixes infamous FaceTime bug.
Tomi Engdahl says:
https://statescoop.com/its-still-really-easy-to-hack-and-reprogram-road-signs/
Tomi Engdahl says:
Facebook Says It Needs to Collect All Your Data to Protect Against Terrorism and Child Abuse
https://gizmodo.com/facebook-scolded-in-germany-but-insists-it-needs-to-col-1832421065
Facebook was slapped with a ruling in Germany today that limits how the social media giant can collect data across its multiple platforms, like WhatsApp and Instagram. And Facebook is not happy about it, to say the least. The company says it’s collecting all of that data for your own good. They’re simply using their data sharing methods to protect you against terrorism and child abuse, according to Facebook. Seriously.
Tomi Engdahl says:
Popular iPhone apps caught recording your screen without permission – here are the offenders
https://bgr.com/2019/02/07/iphone-apps-can-record-your-every-tap-and-swipe-report-says/
Tomi Engdahl says:
Introducing Zombie POODLE and GOLDENDOODLE
https://www.tripwire.com/state-of-security/vulnerability-management/zombie-poodle-goldendoodle/
Zombie POODLE and GOLDENDOODLE are the names I’ve given to the vulnerabilities I’ll be discussing. Similar to ROBOT, DROWN and many other vulnerabilities affecting HTTPS, these issues stem from continued use of cryptographic modes which should have been long ago deprecated and yet are inexplicably still supported in TLSv1.2. In this case, the troublesome feature is that TLSv1.2 supports CBC mode ciphersuites.
Tomi Engdahl says:
Japan Is Going To Hack Into Millions Of Its Citizens’ Devices
http://www.realclearlife.com/daily-brief/japan-going-hack-millions-citizens-devices/
The hack is part of an effort to improve cyber security.
Tomi Engdahl says:
MISSOURI ROAD SIGN HACKED TO SAY ‘I HATE DONALD TRUMP’: IT ‘RIPS AT THE FABRIC OF OUR COUNTRY,’ SAYS VETERAN
https://www.newsweek.com/road-sign-donald-trump-pewdiepie-i-hate-donald-trump-missouri-kansas-city-1317942
Tomi Engdahl says:
Reverse RDP Attack: Code Execution on RDP Clients
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
However, Check Point Research recently discovered multiple critical vulnerabilities in the commonly used Remote Desktop Protocol (RDP) that would allow a malicious actor to reverse the usual direction of communication and infect the IT professional or security researcher’s computer. Such an infection could then allow for an intrusion into the IT network as a whole.
16 major vulnerabilities and a total of 25 security vulnerabilities were found overall.
Tomi Engdahl says:
FBI ‘ran sting against Huawei in new technology theft case’
https://m.scmp.com/news/china/article/2185024/fbi-ran-sting-against-huawei-new-technology-theft-case
Bloomberg Businessweek said the operation involved Akhan Semiconductor, a US start-up with new glass for smartphone screens
Investigators were said to have asked an Akhan executive to record a conversation with Huawei officials at last month’s electronics trade show in Las Vegas
Tomi Engdahl says:
Does Your Sex Toy Use Encryption?
Jen Caltrider February 6, 2019
https://blog.mozilla.org/blog/2019/02/06/does-your-sex-toy-use-encryption/
This Valentine’s Day, Mozilla is assessing the privacy and security features of romantic connected devices
Tomi Engdahl says:
Open letter on the Terrorism Database
https://edri.org/open-letter-on-the-terrorism-database/
On 4 February 2019, EDRi joined dozens of organisations and academics in signing an open letter. The letter criticises, in the Terrorist Content Regulation debate, the blind faith in a database to flag “terrorist content”
The undersigned organizations write to share our concerns about the EU’s proposed Regulation on Preventing the Dissemination of Terrorist Content Online, and in particular the Regulation’s call for Internet hosts to use “proactive measures” to detect terrorist content. We are concerned that if this Regulation is adopted, it will almost certainly lead platforms to adopt poorly understood tools,
Tomi Engdahl says:
Researcher Assaulted By A Vendor After Disclosing A Vulnerability
https://www.secjuice.com/security-researcher-assaulted-ice-atrient/
Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has allegedly assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.