This posting is here to collect cyber security news in February 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
373 Comments
Tomi Engdahl says:
China is a Target – Just Like Us
https://www.securityweek.com/china-target-just-us
Chinese Companies Are facing Many of the Same Cyber Challenges as Companies Elsewhere in the World
Tomi Engdahl says:
Introducing Zombie POODLE and GOLDENDOODLE
https://www.tripwire.com/state-of-security/vulnerability-management/zombie-poodle-goldendoodle/
https://eprint.iacr.org/2018/1173.pdf
Tomi Engdahl says:
Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire
https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-adds-remote-application-credential-grabbing-capabilities-to-its-repertoire/
Tomi Engdahl says:
Ransomware Attacks Target MSPs to Mass-Infect Customers
https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/
Tomi Engdahl says:
Roll20 hacked, 4 million records at risk
https://www.geeknative.com/64554/roll20-hacked-4-million-records-at-risk/?fbclid=IwAR3uxwmvaGPBb1PPpFs_Hzb5KaJG1P6oDN771W0pyZ7R-dIFNxrHua046pw
Last night the tech press reported that a notorious hacker had struck again, claiming another 127 million accounts and records of exposed data for their trophy belt.
Virtual tabletop site Roll20 is in the list of victims
Tomi Engdahl says:
One click and you’re out: UK makes it an offence to view terrorist propaganda even once
https://www.theregister.co.uk/2019/02/13/uk_counter_terror_act_royal_assent/
Oh snap. UK netizens better hope they don’t have twitchy mouse-click finger
It will be an offence to view terrorist material online just once – and could incur a prison sentence of up to 15 years – under new UK laws.
The Counter-Terrorism and Border Security Bill was granted Royal Assent yesterday, updating a previous Act and bringing new powers to law enforcement to tackle terrorism.
new clause into the 2019 Act (PDF), making it an offence to “view (or otherwise access) any terrorist material online”.
This means that, technically, anyone who clicked on a link to such material could be caught by the law – and rights groups are concerned about the potential for abuse.
“the mesh of the net the government is creating… is far too fine and will catch far too many people”.
Corey Stoughton of rights campaigner Liberty echoed these concerns, and said the law should not cover academics and journalists, but should also exempt people who were viewing to gain a better understanding of the issues, or did so “out of foolishness or poor judgement”.
The UN’s special rapporteur on privacy, Joseph Cannataci, has also slammed the plans, saying the rule risked “pushing a bit too much towards thought crime”.
The government said the law still provides for the existing “reasonable excuse defence”
Tomi Engdahl says:
Hacker who stole 620 million records strikes again, stealing 127 million more
https://techcrunch.com/2019/02/14/hacker-strikes-again/?utm_source=tcfbpage&sr_share=facebook
A hacker who stole close to 620 million user records from 16 websites has stolen another 127 million records from eight more websites, TechCrunch has learned.
Tomi Engdahl says:
WannaCry Hero Loses Key Motions in Hacking Case
https://www.inforisktoday.com/wannacry-hero-loses-key-motions-in-hacking-case-a-12024
Judge Says ‘Terrible Hangover’ Didn’t Fuzz Suspect’s Miranda Rights Clarity
A famed British computer security researcher has lost several key motions in a federal hacking case that stems from his alleged contribution to two types of banking malware.
Tomi Engdahl says:
Bad news for WannaCry slayer Marcus Hutchins: Judge rules being young, hungover, and in a strange land doesn’t obviate evidence
https://www.theregister.co.uk/2019/02/14/marcus_hutchins_evidence/
When in America, STFU and get a lawyer. Even if you’re innocent
Marcus Hutchins, the Brit white-hat hacker who halted 2017′s WannaCry ransomware outbreak, has failed to stop the American legal system using statements he made while recovering from the effects of holidaying in Las Vegas.
Tomi Engdahl says:
China data leak exposes vast hi-tech surveillance operation in Xinjiang
https://www.scmp.com/news/china/politics/article/2186547/china-data-leak-exposes-vast-hi-tech-surveillance-operation
Dutch researcher says tracking firm left database of personal details unprotected for months
A Chinese surveillance firm is tracking the movements of more than 2.5 million people in the far-western Xinjiang region, according to a data leak flagged by a Dutch internet expert.
An online database containing names, ID card numbers, birth dates and location data was left unprotected for months by Shenzhen-based facial-recognition technology firm SenseNets Technology
Tomi Engdahl says:
https://threatmap.checkpoint.com/ThreatPortal/livemap.html
Tomi Engdahl says:
Fun fact: GPS uses 10 bits to store the week. That means it runs out… oh heck – April 6, 2019
https://www.theregister.co.uk/2019/02/12/current_gps_epoch_ends/
Nav gadgets will be Gah, Properly Screwed if you don’t or can’t update firmware
Tomi Engdahl says:
50+ Pakistani Government Websites Hacked After Pulwama Attack
https://www.technotification.com/2019/02/50-pakistani-websites-hacked.html
More than 50 websites that are linked to Pakistan’s ministries and government institutions faced a major security breach on Saturday.
The major blow includes the official website of Pakistan’s Foreign Ministry. This is one of the worst cyber attacks Pakistan have ever faced.
More than 50 websites were hacked
Tomi Engdahl says:
ZDNet:”As reported by the South China Morning Post, some of Taiwan’s most sensitive military sites have been revealed publicly through the update, which included new three-dimensional renditions of Taipei, New Taipei, Taoyuan, and Taichung.”
https://www.zdnet.com/article/google-maps-update-accidentally-reveals-secret-military-sites/
Tomi Engdahl says:
Australia’s government and political parties hit by cyberattack from ‘sophisticated state actor’
https://techcrunch.com/2019/02/18/australia-cyber-attack-from-sophisticated-state-actor/?utm_source=tcfbpage&sr_share=facebook
The Australia government suffered a cyberattack that it suspects is the work of a “sophisticated state actor,” according to the country’s prime minister.
Australia is months away from federal elections, which will take place in May.
Morrison said there is “no evidence of any electoral interference.”
Sources told SMH that the sophistication of the attack was “unprecedented,” but nobody in the government is naming suspects.
Tomi Engdahl says:
Vulnerability In Xiaomi Electric Scooters Allows Attackers to Take Control of the Machine
https://latesthackingnews.com/2019/02/17/vulnerability-in-xiaomi-electric-scooters-allows-attackers-to-take-control-of-the-machine/
Xiaomi electric scooters bear serious vulnerabilities. Exploiting the flaws could allow an attacker to remotely hack the scooters and execute commands, such as sudden breaks.
Tomi Engdahl says:
This malware turns ATM hijacking into a slot machine game
https://www.zdnet.com/article/this-malware-turns-atm-hijacking-into-slot-machine-games/
WinPot can force infected ATMs to automatically dispense cash. Just spin.
Researchers have found an oddly amusing sample of ATM malware which turns financial theft into a slot machine-style game.
WinPot — named internally by Kaspersky as ATMPot — is designed to compromise the ATMs of an unnamed but popular vendor and force these machines to empty their cassettes of all funds.
Time has been spent on making the interface look like a slot machine, which is most likely a reference to “ATM jackpotting” — a term used to describe the compromise of ATMs themselves.
A button labeled “spin,” when pressed, starts the dispensation of cash. The “stop” button cuts off cash from being spewed out
Tomi Engdahl says:
Bangladesh blocks internet porn: Authorities target 20,000 websites in war on X-rated content and online gambling
https://www.dailymail.co.uk/news/article-6721145/Bangladesh-blocks-internet-porn-taking-20-000-websites.html?ito=social-facebook
The country’s High Court asked the government to block porn in November
Pornography and gambling websites have been taken down in recent weeks
Tomi Engdahl says:
Rietspoof malware distributes ransomware via messaging apps
https://www.hackread.com/rietspoof-malware-distributes-ransomware-via-messaging-apps/?fbclid=IwAR1uPsI2M-AGXD7L-6y3403Wmm6XfvmmabZmAPtq2HGhcXlSpAOJq211a7E
A malware strain dubbed as Rietspoof has been under the radar of researchers at Avast since last August. Reportedly, researchers suspect that the malware is on the rise and it is being distributed via Skype, Facebook Messenger, and other messaging apps.
Tomi Engdahl says:
” While the Russian bears took an average of just 18 minutes and 49 seconds to start moving laterally into other network systems, the North Korean nation-state ‘chollimas’ took two hours and 20 minutes to breakout. To put this into even more context, Chinese ‘pandas’ were third fastest on four hours and 26 seconds followed by Iranian ‘kittens’ with a breakout time of five hours and nine minutes. Criminal gangs, as opposed to nation-state actors who tend to be far better resourced, took nine hours and 42 minutes” – write Davey Winder for Forbes
https://www.forbes.com/sites/daveywinder/2019/02/19/how-the-speed-of-russian-bears-can-help-your-business-understand-the-1-10-60-rule/#474ad96a7131
Tomi Engdahl says:
A critical remote code execution flaw found in WordPress versions 4.9 and 5.0 found by chaining two vulnerabilities, namely a path traversal and and a local file intrusion vulnerability.
Writeup: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
Tomi Engdahl says:
ATM Jackpotting Malware Hones Its Heist Tools
https://threatpost.com/atm-jackpotting-malware-winpot/141960/
The WinPot malware takes its cues from slot machines.
Tomi Engdahl says:
Someone found cameras in Singapore Airlines’ in-flight entertainment system
https://www.fastcompany.com/90310098/someone-found-cameras-in-singapore-airlines-in-flight-entertainment-system?partner=rss&utm_source=twitter.com&utm_medium=social&utm_campaign=rss+fastcompany&utm_content=rss
Tomi Engdahl says:
Nasty code-execution bug in WinRAR threatened millions of users for 14 years
https://arstechnica.com/information-technology/2019/02/nasty-code-execution-bug-in-winrar-threatened-millions-of-users-for-14-years/
If you’re one of the 500 million utility users, now would be a good time to patch.
Tomi Engdahl says:
GitHub bug bounty: Microsoft ramps up payouts to $30,000-plus
https://www.zdnet.com/article/github-bug-bounty-microsoft-ramps-up-payouts-to-30000-plus/
GitHub revamps its bug bounty with higher rewards and legal safe-harbor terms for researchers.
Tomi Engdahl says:
You have around 20 minutes to contain a Russian APT attack
https://www.zdnet.com/article/you-have-around-20-minutes-to-contain-a-russian-apt-attack/
Russian state hackers don’t leave room for error in your cyber-security defenses.
Tomi Engdahl says:
2.7 million patient calls to Swedish healthcare hotline left unprotected online
https://www.google.com/amp/s/thenextweb.com/eu/2019/02/18/2-7-million-patient-calls-to-swedish-healthcare-hotline-left-unprotected-online/amp/
Tomi Engdahl says:
Microsoft: Russian hackers are trying to influence EU elections
https://www.engadget.com/2019/02/20/microsoft-fancy-bear-eu-elections/
It isn’t just going after political groups, but NGOs, non-profits and integrity monitoring bodies.
Tomi Engdahl says:
Google says Nest’s secret microphone was ‘never intended to be a secret’
https://techcrunch.com/2019/02/20/nest-secret-microphone/
Google said there’s absolutely, positively, nothing to worry about the secret microphone in your Nest Secure smart home hub that it didn’t tell you about. Nope, not at all. Just an oversight, said Google. No need to be alarmed. Everything is just fine.
Tomi Engdahl says:
CVE-2019-3924: MikroTik Firewall & NAT Bypass
A vulnerability in RouterOS assigned CVE-2019–3924, allows a remote, unauthenticated attacker to proxy crafted TCP and UDP requests through the router’s Winbox port, where proxied requests can even bypass the router’s firewall to reach LAN hosts. The exploit is nothing but a simple reverse shell crafted in PHP.
Write-up: https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
Exploit: https://github.com/tenable/routeros/tree/master/poc/cve_2019_3924
Tomi Engdahl says:
2.7 million medical calls breached in Sweden, and it’s pure comedy
https://medium.com/@rikardhjort/2-7-medical-calls-breached-in-sweden-and-its-pure-comedy-b93c1af95e06?fbclid=IwAR0OT7AoR-zQthDOXL06QRcwn37_grHQTvIFgScnz5ic-bZB3DDe-EfWfI8
On Monday, news outlet Computer Sweden broke the news that millions of calls to a national Swedish health care adviser were openly available on the internet.
In short, they were recording calls for years, put them on a NAS and connected it to the internet, unencrypted, with no password protection. Caller phone numbers were displayed in the file names.
Why is this funny? It isn’t. It is extremely serious, and I sincerely hope that we will see massive fines, people lose their jobs, and perhaps some more severe criminal charges brought against those whose negligence caused this.
But it is also funny. Because the incompetence reads like a Monty Python sketch
Tomi Engdahl says:
China blocks 17.5 million plane tickets for people without enough ‘social credit’
https://www.independent.co.uk/news/world/asia/china-social-credit-flight-travel-plane-tickets-xi-jinping-blacklist-a8792256.html?utm_medium=Social&utm_source=Facebook&fbclid=IwAR0KsGAibDNC4H9At9tMsHp8eSTY9DSWoxz-OqSxdw_YscBAUNF62pf2SnY#Echobox=1550852408
Would-be passengers blacklisted for offences as minor as walking dogs without lead
Tomi Engdahl says:
Bloomberg:
A look at Chinese companies making surveillance-enabling tech, which count China’s government as a major client or investor and have spawned 4+ billionaires
China’s Powerful Surveillance State Has Created at Least Four Billionaires
https://www.bloomberg.com/news/articles/2019-02-21/big-brother-billionaires-get-rich-as-china-watches-everyone
The figure underscores the scale of Chinese President Xi Jinping’s unprecedented push to keep tabs on the country’s 1.4 billion people. About 176 million video surveillance cameras monitored China’s streets, buildings and public spaces in 2016, versus 50 million in America, according to IHS Markit. In 2017, Xi’s government spent an estimated $184 billion on domestic security. By 2020, authorities plan to roll out an “omnipresent’’ nationwide camera network and a social-credit system that tracks personal data on everything from traffic violations to video-game habits. It will soon be hard to go anywhere in Tianjin, or any other city in China, without being watched.
Tomi Engdahl says:
Shira Ovide / Bloomberg:
Academic paper argues that Facebook’s potential abuses of monopoly power and violations of users’ privacy are not separate but are two sides of the same coin
Facebook Grew Too Big to Care About Privacy
https://www.bloomberg.com/opinion/articles/2019-02-21/facebook-grew-too-big-to-care-about-privacy
Once it became indispensable, it gained the power to reverse promises it had made not to gather certain data.
Tomi Engdahl says:
ICANN warns of “ongoing and significant” attacks against internet’s DNS infrastructure
https://techcrunch.com/2019/02/23/icann-ongoing-attacks-dns/
The internet’s address book keeper has warned of an “ongoing and significant risk” to key parts of the domain name system infrastructure, following months of increased attacks.
Tomi Engdahl says:
Secret Service warning: High-tech thieves can remotely skim credit cards at gas pumps
https://www.fastcompany.com/90310433/secret-service-warning-high-tech-thieves-can-remotely-skim-credit-cards-at-gas-pumps
Krebs on Security website wrote this week about a new warning from the fraud-investigation branch of the Secret Service. In a memo to its field offices, Krebs reports, the agency said some high-tech thieves have devised an innovative way to steal your credit card information: adding next-gen credit card skimmers to gas pumps.
These nasty little gadgets swipe the data from cards that use the contactless payment method at the gas pump. Then, through a small cellphone and Bluetooth-enabled device hidden inside the payment terminal, it sends the stolen details via mobile text message to almost anywhere in the world.
https://krebsonsecurity.com/2019/02/new-breed-of-fuel-pump-skimmer-uses-sms-and-bluetooth/
Tomi Engdahl says:
Highly Critical Drupal RCE Flaw Affects Millions of Websites
https://threatpost.com/critical-drupal-rce-flaw/142091/
Tomi Engdahl says:
WinRAR patched 19-year-old bug that left millions vulnerable
https://www.engadget.com/amp/2019/02/21/winrar-19-year-old-bug-patched/
WinRAR gets back at us all for hitting “next time” when prompted to pay.
Tomi Engdahl says:
2.7 million medical calls breached in Sweden, and it’s pure comedy
https://medium.com/@rikardhjort/2-7-medical-calls-breached-in-sweden-and-its-pure-comedy-b93c1af95e06?fbclid=IwAR0OT7AoR-zQthDOXL06QRcwn37_grHQTvIFgScnz5ic-bZB3DDe-EfWfI8
On Monday, news outlet Computer Sweden broke the news that millions of calls to a national Swedish health care adviser were openly available on the internet. Here is a summary in English. In short, they were recording calls for years, put them on a NAS and connected it to the internet, unencrypted, with no password protection. Caller phone numbers were displayed in the file names.
https://www.thelocal.se/20190219/millions-of-calls-to-swedish-healthcare-hotline-left-unprotected-online
Tomi Engdahl says:
Chrome will soon put an end to those pesky sites that won’t let you go ‘back’
https://9to5google.com/2018/12/17/chrome-sites-wont-go-back/
Tomi Engdahl says:
Nike’s self-lacing sneakers turn into bricks after faulty firmware update
https://arstechnica.com/gadgets/2019/02/my-left-shoe-wont-even-reboot-faulty-app-bricks-nike-smart-sneakers/
$350 self-lacing sneakers don’t work with Nike’s official Android app.
Tomi Engdahl says:
Google Maps Reveals Images Of Sensitive Military Bases
https://www.iflscience.com/technology/google-maps-reveals-images-of-sensitive-military-bases-/
Tomi Engdahl says:
https://www.securityfocus.com/bid/107063
Linux Kernel ‘crypto/af_alg.c’ Use After Free Arbitrary Code Execution Vulnerability
Bugtraq ID: 107063
Class: Design Error
CVE: CVE-2019-8912
Tomi Engdahl says:
I scanned the whole country of Austria and this is what I’ve found
IP cameras, printers, industrial controls to name a few..
https://blog.haschek.at/2019/i-scanned-austria.html
Austria has 11 million IPv4 addresses. 11.170.487 to be exact
If you don’t want to play around with IPs yourself, you can also use Shodan.io
Tomi Engdahl says:
Australia’s major political parties hacked in ‘sophisticated’ attack ahead of election
https://www.smh.com.au/politics/federal/australia-s-major-political-parties-hacked-in-sophisticated-attack-ahead-of-election-20190218-p50yi1.html
Prime Minister Scott Morrison has revealed Australia’s political parties suffered cyber attacks alongside the Parliament House computer network several weeks ago by a “sophisticated state actor”.
The announcement is likely to intensify speculation that China was behind the attacks, which come just three months before the federal election
Sources are describing the level of sophistication as “unprecedented” but are unable to say yet which foreign government is behind the attack.
“Our cyber experts believe that a sophisticated state actor is responsible for this malicious activity.”
The theft of any party or political material has echoes of the 2016 election interference campaign against the United States by Russia. The Democratic National Committee was hacked by Russia and damaging information was released during the presidential campaign.
Australian prime minister blames ‘state level’ baddies for Oz parliament breach
China, Russia, Israel and the US floated as potential culprits
https://www.theregister.co.uk/2019/02/18/australia_pm_scott_morrison_state_level_hackers_parliament_breach/
Australia’s prime minister has blamed a “sophisticated state actor” for a hack on the country’s parliament and some of its prominent political parties.
Tomi Engdahl says:
This will be an interesting story to follow – 2.7 million voice recordings from Swedes calling the national health service (1177) for advice was found on a server, without any encryption or authentication. This is sensitive personal data!
”Värsta svenska integritetshaveriet i mannaminne”
https://computersweden.idg.se/2.2683/1.714790/1177-lackan-integritetshaveri
Omfattningen av haveriet är nästan ofattbar. Nu måste 1177-läckan utredas grundligt, skriver Computer Swedens chefredaktör Marcus Jerräng.
Tomi Engdahl says:
Facebook uses its apps to track users it thinks could threaten employees and offices
https://www.cnbc.com/2019/02/14/facebooks-security-team-tracks-posts-location-for-bolo-threat-list.html
Facebook maintains a list of individuals that its security guards must “be on lookout” for that is comprised of users who’ve made threatening statements against the company on its social network as well as numerous former employees.
The company’s information security team is capable of tracking these individuals’ whereabouts using the location data they provide through Facebook’s apps and websites.
Tomi Engdahl says:
Hackers Target WordPress Sites via WP Cost Estimation Plugin
https://www.securityweek.com/hackers-target-wordpress-sites-wp-cost-estimation-plugin
Tomi Engdahl says:
Germany sees big rise in security problems affecting infrastructure
https://www.reuters.com/article/us-germany-cybersecurity-idUSKCN1Q60CS
Germany has experienced a big increase in the number of security incidents hitting critical infrastructure such as power grids and water suppliers, the BSI cybersecurity agency said on Sunday, adding however that they were not all due to hacking.
The Welt am Sonntag weekly had reported on Sunday that Germany had learned of 157 hacker attacks on critical infrastructure companies in the second half of 2018 compared to 145 attacks in the whole of the previous year.
Tomi Engdahl says:
A Deep Dive on the Recent Widespread DNS Hijacking Attacks
https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/
The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy.