Cyber Security News February 2019

This posting is here to collect cyber security news in February 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

 

373 Comments

  1. Tomi Engdahl says:

    China is a Target – Just Like Us
    https://www.securityweek.com/china-target-just-us

    Chinese Companies Are facing Many of the Same Cyber Challenges as Companies Elsewhere in the World

    Reply
  2. Tomi Engdahl says:

    Roll20 hacked, 4 million records at risk
    https://www.geeknative.com/64554/roll20-hacked-4-million-records-at-risk/?fbclid=IwAR3uxwmvaGPBb1PPpFs_Hzb5KaJG1P6oDN771W0pyZ7R-dIFNxrHua046pw

    Last night the tech press reported that a notorious hacker had struck again, claiming another 127 million accounts and records of exposed data for their trophy belt.

    Virtual tabletop site Roll20 is in the list of victims

    Reply
  3. Tomi Engdahl says:

    One click and you’re out: UK makes it an offence to view terrorist propaganda even once
    https://www.theregister.co.uk/2019/02/13/uk_counter_terror_act_royal_assent/

    Oh snap. UK netizens better hope they don’t have twitchy mouse-click finger

    It will be an offence to view terrorist material online just once – and could incur a prison sentence of up to 15 years – under new UK laws.

    The Counter-Terrorism and Border Security Bill was granted Royal Assent yesterday, updating a previous Act and bringing new powers to law enforcement to tackle terrorism.

    new clause into the 2019 Act (PDF), making it an offence to “view (or otherwise access) any terrorist material online”.

    This means that, technically, anyone who clicked on a link to such material could be caught by the law – and rights groups are concerned about the potential for abuse.

    “the mesh of the net the government is creating… is far too fine and will catch far too many people”.

    Corey Stoughton of rights campaigner Liberty echoed these concerns, and said the law should not cover academics and journalists, but should also exempt people who were viewing to gain a better understanding of the issues, or did so “out of foolishness or poor judgement”.

    The UN’s special rapporteur on privacy, Joseph Cannataci, has also slammed the plans, saying the rule risked “pushing a bit too much towards thought crime”.

    The government said the law still provides for the existing “reasonable excuse defence”

    Reply
  4. Tomi Engdahl says:

    Hacker who stole 620 million records strikes again, stealing 127 million more
    https://techcrunch.com/2019/02/14/hacker-strikes-again/?utm_source=tcfbpage&sr_share=facebook

    A hacker who stole close to 620 million user records from 16 websites has stolen another 127 million records from eight more websites, TechCrunch has learned.

    Reply
  5. Tomi Engdahl says:

    WannaCry Hero Loses Key Motions in Hacking Case
    https://www.inforisktoday.com/wannacry-hero-loses-key-motions-in-hacking-case-a-12024

    Judge Says ‘Terrible Hangover’ Didn’t Fuzz Suspect’s Miranda Rights Clarity

    A famed British computer security researcher has lost several key motions in a federal hacking case that stems from his alleged contribution to two types of banking malware.

    Reply
  6. Tomi Engdahl says:

    Bad news for WannaCry slayer Marcus Hutchins: Judge rules being young, hungover, and in a strange land doesn’t obviate evidence
    https://www.theregister.co.uk/2019/02/14/marcus_hutchins_evidence/

    When in America, STFU and get a lawyer. Even if you’re innocent

    Marcus Hutchins, the Brit white-hat hacker who halted 2017′s WannaCry ransomware outbreak, has failed to stop the American legal system using statements he made while recovering from the effects of holidaying in Las Vegas.

    Reply
  7. Tomi Engdahl says:

    China data leak exposes vast hi-tech surveillance operation in Xinjiang
    https://www.scmp.com/news/china/politics/article/2186547/china-data-leak-exposes-vast-hi-tech-surveillance-operation

    Dutch researcher says tracking firm left database of personal details unprotected for months

    A Chinese surveillance firm is tracking the movements of more than 2.5 million people in the far-western Xinjiang region, according to a data leak flagged by a Dutch internet expert.
    An online database containing names, ID card numbers, birth dates and location data was left unprotected for months by Shenzhen-based facial-recognition technology firm SenseNets Technology

    Reply
  8. Tomi Engdahl says:

    Fun fact: GPS uses 10 bits to store the week. That means it runs out… oh heck – April 6, 2019
    https://www.theregister.co.uk/2019/02/12/current_gps_epoch_ends/

    Nav gadgets will be Gah, Properly Screwed if you don’t or can’t update firmware

    Reply
  9. Tomi Engdahl says:

    50+ Pakistani Government Websites Hacked After Pulwama Attack
    https://www.technotification.com/2019/02/50-pakistani-websites-hacked.html

    More than 50 websites that are linked to Pakistan’s ministries and government institutions faced a major security breach on Saturday.

    The major blow includes the official website of Pakistan’s Foreign Ministry. This is one of the worst cyber attacks Pakistan have ever faced.

    More than 50 websites were hacked

    Reply
  10. Tomi Engdahl says:

    ZDNet:”As reported by the South China Morning Post, some of Taiwan’s most sensitive military sites have been revealed publicly through the update, which included new three-dimensional renditions of Taipei, New Taipei, Taoyuan, and Taichung.”

    https://www.zdnet.com/article/google-maps-update-accidentally-reveals-secret-military-sites/

    Reply
  11. Tomi Engdahl says:

    Australia’s government and political parties hit by cyberattack from ‘sophisticated state actor’
    https://techcrunch.com/2019/02/18/australia-cyber-attack-from-sophisticated-state-actor/?utm_source=tcfbpage&sr_share=facebook

    The Australia government suffered a cyberattack that it suspects is the work of a “sophisticated state actor,” according to the country’s prime minister.

    Australia is months away from federal elections, which will take place in May.

    Morrison said there is “no evidence of any electoral interference.”

    Sources told SMH that the sophistication of the attack was “unprecedented,” but nobody in the government is naming suspects.

    Reply
  12. Tomi Engdahl says:

    Vulnerability In Xiaomi Electric Scooters Allows Attackers to Take Control of the Machine
    https://latesthackingnews.com/2019/02/17/vulnerability-in-xiaomi-electric-scooters-allows-attackers-to-take-control-of-the-machine/

    Xiaomi electric scooters bear serious vulnerabilities. Exploiting the flaws could allow an attacker to remotely hack the scooters and execute commands, such as sudden breaks.

    Reply
  13. Tomi Engdahl says:

    This malware turns ATM hijacking into a slot machine game
    https://www.zdnet.com/article/this-malware-turns-atm-hijacking-into-slot-machine-games/

    WinPot can force infected ATMs to automatically dispense cash. Just spin.

    Researchers have found an oddly amusing sample of ATM malware which turns financial theft into a slot machine-style game.

    WinPot — named internally by Kaspersky as ATMPot — is designed to compromise the ATMs of an unnamed but popular vendor and force these machines to empty their cassettes of all funds.

    Time has been spent on making the interface look like a slot machine, which is most likely a reference to “ATM jackpotting” — a term used to describe the compromise of ATMs themselves.

    A button labeled “spin,” when pressed, starts the dispensation of cash. The “stop” button cuts off cash from being spewed out

    Reply
  14. Tomi Engdahl says:

    Bangladesh blocks internet porn: Authorities target 20,000 websites in war on X-rated content and online gambling
    https://www.dailymail.co.uk/news/article-6721145/Bangladesh-blocks-internet-porn-taking-20-000-websites.html?ito=social-facebook

    The country’s High Court asked the government to block porn in November
    Pornography and gambling websites have been taken down in recent weeks

    Reply
  15. Tomi Engdahl says:

    Rietspoof malware distributes ransomware via messaging apps
    https://www.hackread.com/rietspoof-malware-distributes-ransomware-via-messaging-apps/?fbclid=IwAR1uPsI2M-AGXD7L-6y3403Wmm6XfvmmabZmAPtq2HGhcXlSpAOJq211a7E

    A malware strain dubbed as Rietspoof has been under the radar of researchers at Avast since last August. Reportedly, researchers suspect that the malware is on the rise and it is being distributed via Skype, Facebook Messenger, and other messaging apps.

    Reply
  16. Tomi Engdahl says:

    ” While the Russian bears took an average of just 18 minutes and 49 seconds to start moving laterally into other network systems, the North Korean nation-state ‘chollimas’ took two hours and 20 minutes to breakout. To put this into even more context, Chinese ‘pandas’ were third fastest on four hours and 26 seconds followed by Iranian ‘kittens’ with a breakout time of five hours and nine minutes. Criminal gangs, as opposed to nation-state actors who tend to be far better resourced, took nine hours and 42 minutes” – write Davey Winder for Forbes

    https://www.forbes.com/sites/daveywinder/2019/02/19/how-the-speed-of-russian-bears-can-help-your-business-understand-the-1-10-60-rule/#474ad96a7131

    Reply
  17. Tomi Engdahl says:

    A critical remote code execution flaw found in WordPress versions 4.9 and 5.0 found by chaining two vulnerabilities, namely a path traversal and and a local file intrusion vulnerability.

    Writeup: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/

    Reply
  18. Tomi Engdahl says:

    ATM Jackpotting Malware Hones Its Heist Tools
    https://threatpost.com/atm-jackpotting-malware-winpot/141960/

    The WinPot malware takes its cues from slot machines.

    Reply
  19. Tomi Engdahl says:

    Nasty code-execution bug in WinRAR threatened millions of users for 14 years
    https://arstechnica.com/information-technology/2019/02/nasty-code-execution-bug-in-winrar-threatened-millions-of-users-for-14-years/

    If you’re one of the 500 million utility users, now would be a good time to patch.

    Reply
  20. Tomi Engdahl says:

    GitHub bug bounty: Microsoft ramps up payouts to $30,000-plus
    https://www.zdnet.com/article/github-bug-bounty-microsoft-ramps-up-payouts-to-30000-plus/

    GitHub revamps its bug bounty with higher rewards and legal safe-harbor terms for researchers.

    Reply
  21. Tomi Engdahl says:

    You have around 20 minutes to contain a Russian APT attack
    https://www.zdnet.com/article/you-have-around-20-minutes-to-contain-a-russian-apt-attack/

    Russian state hackers don’t leave room for error in your cyber-security defenses.

    Reply
  22. Tomi Engdahl says:

    Microsoft: Russian hackers are trying to influence EU elections
    https://www.engadget.com/2019/02/20/microsoft-fancy-bear-eu-elections/

    It isn’t just going after political groups, but NGOs, non-profits and integrity monitoring bodies.

    Reply
  23. Tomi Engdahl says:

    Google says Nest’s secret microphone was ‘never intended to be a secret’
    https://techcrunch.com/2019/02/20/nest-secret-microphone/

    Google said there’s absolutely, positively, nothing to worry about the secret microphone in your Nest Secure smart home hub that it didn’t tell you about. Nope, not at all. Just an oversight, said Google. No need to be alarmed. Everything is just fine.

    Reply
  24. Tomi Engdahl says:

    CVE-2019-3924: MikroTik Firewall & NAT Bypass

    A vulnerability in RouterOS assigned CVE-2019–3924, allows a remote, unauthenticated attacker to proxy crafted TCP and UDP requests through the router’s Winbox port, where proxied requests can even bypass the router’s firewall to reach LAN hosts. The exploit is nothing but a simple reverse shell crafted in PHP.

    Write-up: https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
    Exploit: https://github.com/tenable/routeros/tree/master/poc/cve_2019_3924

    Reply
  25. Tomi Engdahl says:

    2.7 million medical calls breached in Sweden, and it’s pure comedy
    https://medium.com/@rikardhjort/2-7-medical-calls-breached-in-sweden-and-its-pure-comedy-b93c1af95e06?fbclid=IwAR0OT7AoR-zQthDOXL06QRcwn37_grHQTvIFgScnz5ic-bZB3DDe-EfWfI8

    On Monday, news outlet Computer Sweden broke the news that millions of calls to a national Swedish health care adviser were openly available on the internet.

    In short, they were recording calls for years, put them on a NAS and connected it to the internet, unencrypted, with no password protection. Caller phone numbers were displayed in the file names.

    Why is this funny? It isn’t. It is extremely serious, and I sincerely hope that we will see massive fines, people lose their jobs, and perhaps some more severe criminal charges brought against those whose negligence caused this.

    But it is also funny. Because the incompetence reads like a Monty Python sketch

    Reply
  26. Tomi Engdahl says:

    Bloomberg:
    A look at Chinese companies making surveillance-enabling tech, which count China’s government as a major client or investor and have spawned 4+ billionaires

    China’s Powerful Surveillance State Has Created at Least Four Billionaires
    https://www.bloomberg.com/news/articles/2019-02-21/big-brother-billionaires-get-rich-as-china-watches-everyone

    The figure underscores the scale of Chinese President Xi Jinping’s unprecedented push to keep tabs on the country’s 1.4 billion people. About 176 million video surveillance cameras monitored China’s streets, buildings and public spaces in 2016, versus 50 million in America, according to IHS Markit. In 2017, Xi’s government spent an estimated $184 billion on domestic security. By 2020, authorities plan to roll out an “omnipresent’’ nationwide camera network and a social-credit system that tracks personal data on everything from traffic violations to video-game habits. It will soon be hard to go anywhere in Tianjin, or any other city in China, without being watched.

    Reply
  27. Tomi Engdahl says:

    Shira Ovide / Bloomberg:
    Academic paper argues that Facebook’s potential abuses of monopoly power and violations of users’ privacy are not separate but are two sides of the same coin

    Facebook Grew Too Big to Care About Privacy
    https://www.bloomberg.com/opinion/articles/2019-02-21/facebook-grew-too-big-to-care-about-privacy

    Once it became indispensable, it gained the power to reverse promises it had made not to gather certain data.

    Reply
  28. Tomi Engdahl says:

    ICANN warns of “ongoing and significant” attacks against internet’s DNS infrastructure
    https://techcrunch.com/2019/02/23/icann-ongoing-attacks-dns/

    The internet’s address book keeper has warned of an “ongoing and significant risk” to key parts of the domain name system infrastructure, following months of increased attacks.

    Reply
  29. Tomi Engdahl says:

    Secret Service warning: High-tech thieves can remotely skim credit cards at gas pumps
    https://www.fastcompany.com/90310433/secret-service-warning-high-tech-thieves-can-remotely-skim-credit-cards-at-gas-pumps

    Krebs on Security website wrote this week about a new warning from the fraud-investigation branch of the Secret Service. In a memo to its field offices, Krebs reports, the agency said some high-tech thieves have devised an innovative way to steal your credit card information: adding next-gen credit card skimmers to gas pumps.

    These nasty little gadgets swipe the data from cards that use the contactless payment method at the gas pump. Then, through a small cellphone and Bluetooth-enabled device hidden inside the payment terminal, it sends the stolen details via mobile text message to almost anywhere in the world.

    https://krebsonsecurity.com/2019/02/new-breed-of-fuel-pump-skimmer-uses-sms-and-bluetooth/

    Reply
  30. Tomi Engdahl says:

    Highly Critical Drupal RCE Flaw Affects Millions of Websites
    https://threatpost.com/critical-drupal-rce-flaw/142091/

    Reply
  31. Tomi Engdahl says:

    WinRAR patched 19-year-old bug that left millions vulnerable
    https://www.engadget.com/amp/2019/02/21/winrar-19-year-old-bug-patched/

    WinRAR gets back at us all for hitting “next time” when prompted to pay.

    Reply
  32. Tomi Engdahl says:

    2.7 million medical calls breached in Sweden, and it’s pure comedy
    https://medium.com/@rikardhjort/2-7-medical-calls-breached-in-sweden-and-its-pure-comedy-b93c1af95e06?fbclid=IwAR0OT7AoR-zQthDOXL06QRcwn37_grHQTvIFgScnz5ic-bZB3DDe-EfWfI8

    On Monday, news outlet Computer Sweden broke the news that millions of calls to a national Swedish health care adviser were openly available on the internet. Here is a summary in English. In short, they were recording calls for years, put them on a NAS and connected it to the internet, unencrypted, with no password protection. Caller phone numbers were displayed in the file names.

    https://www.thelocal.se/20190219/millions-of-calls-to-swedish-healthcare-hotline-left-unprotected-online

    Reply
  33. Tomi Engdahl says:

    Chrome will soon put an end to those pesky sites that won’t let you go ‘back’
    https://9to5google.com/2018/12/17/chrome-sites-wont-go-back/

    Reply
  34. Tomi Engdahl says:

    Nike’s self-lacing sneakers turn into bricks after faulty firmware update
    https://arstechnica.com/gadgets/2019/02/my-left-shoe-wont-even-reboot-faulty-app-bricks-nike-smart-sneakers/

    $350 self-lacing sneakers don’t work with Nike’s official Android app.

    Reply
  35. Tomi Engdahl says:

    https://www.securityfocus.com/bid/107063

    Linux Kernel ‘crypto/af_alg.c’ Use After Free Arbitrary Code Execution Vulnerability

    Bugtraq ID: 107063
    Class: Design Error
    CVE: CVE-2019-8912

    Reply
  36. Tomi Engdahl says:

    I scanned the whole country of Austria and this is what I’ve found
    IP cameras, printers, industrial controls to name a few..
    https://blog.haschek.at/2019/i-scanned-austria.html

    Austria has 11 million IPv4 addresses. 11.170.487 to be exact

    If you don’t want to play around with IPs yourself, you can also use Shodan.io

    Reply
  37. Tomi Engdahl says:

    Australia’s major political parties hacked in ‘sophisticated’ attack ahead of election
    https://www.smh.com.au/politics/federal/australia-s-major-political-parties-hacked-in-sophisticated-attack-ahead-of-election-20190218-p50yi1.html

    Prime Minister Scott Morrison has revealed Australia’s political parties suffered cyber attacks alongside the Parliament House computer network several weeks ago by a “sophisticated state actor”.

    The announcement is likely to intensify speculation that China was behind the attacks, which come just three months before the federal election

    Sources are describing the level of sophistication as “unprecedented” but are unable to say yet which foreign government is behind the attack.

    “Our cyber experts believe that a sophisticated state actor is responsible for this malicious activity.”

    The theft of any party or political material has echoes of the 2016 election interference campaign against the United States by Russia. The Democratic National Committee was hacked by Russia and damaging information was released during the presidential campaign.

    Australian prime minister blames ‘state level’ baddies for Oz parliament breach
    China, Russia, Israel and the US floated as potential culprits
    https://www.theregister.co.uk/2019/02/18/australia_pm_scott_morrison_state_level_hackers_parliament_breach/

    Australia’s prime minister has blamed a “sophisticated state actor” for a hack on the country’s parliament and some of its prominent political parties.

    Reply
  38. Tomi Engdahl says:

    This will be an interesting story to follow – 2.7 million voice recordings from Swedes calling the national health service (1177) for advice was found on a server, without any encryption or authentication. This is sensitive personal data!

    ”Värsta svenska integritetshaveriet i mannaminne”
    https://computersweden.idg.se/2.2683/1.714790/1177-lackan-integritetshaveri

    Omfattningen av haveriet är nästan ofattbar. Nu måste 1177-läckan utredas grundligt, skriver Computer Swedens chefredaktör Marcus Jerräng.

    Reply
  39. Tomi Engdahl says:

    Facebook uses its apps to track users it thinks could threaten employees and offices
    https://www.cnbc.com/2019/02/14/facebooks-security-team-tracks-posts-location-for-bolo-threat-list.html

    Facebook maintains a list of individuals that its security guards must “be on lookout” for that is comprised of users who’ve made threatening statements against the company on its social network as well as numerous former employees.
    The company’s information security team is capable of tracking these individuals’ whereabouts using the location data they provide through Facebook’s apps and websites.

    Reply
  40. Tomi Engdahl says:

    Germany sees big rise in security problems affecting infrastructure
    https://www.reuters.com/article/us-germany-cybersecurity-idUSKCN1Q60CS

    Germany has experienced a big increase in the number of security incidents hitting critical infrastructure such as power grids and water suppliers, the BSI cybersecurity agency said on Sunday, adding however that they were not all due to hacking.

    The Welt am Sonntag weekly had reported on Sunday that Germany had learned of 157 hacker attacks on critical infrastructure companies in the second half of 2018 compared to 145 attacks in the whole of the previous year.

    Reply
  41. Tomi Engdahl says:

    A Deep Dive on the Recent Widespread DNS Hijacking Attacks
    https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/

    The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*