Cyber Security March 2019

This posting is here to collect cyber security news in March 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

490 Comments

  1. Tomi Engdahl says:

    Hackers Are Loving PowerShell, Study Finds
    https://www.securityweek.com/hackers-are-loving-powershell-study-finds

    Threat Actors Prefer PowerShell over Other ATT&CK Techniques, Report Shows

    PowerShell is by far the most prevalent MITRE ATT&CK technique, being detected twice as often as the next most common technique, says a new report from cybersecurity firm Red Canary.

    Reply
  2. Tomi Engdahl says:

    Office Depot And OfficeMax Find Malware That Isn’t There
    https://hackaday.com/2019/03/28/office-depot-and-officemax-find-malware-that-isnt-there/

    Plenty of stores — including big box office stores such as Office Depot and OfficeMax — will be glad to help you.

    The Federal Trade Commission (FTC) has fined Office Depot (who owns OfficeMax) $25 million and plans to use the funds to issue refunds. In addition, a vendor, Support.com, will pay $10 million to support the refunds.

    The free check used software to detect problems on a PC. However, during the scan the user is asked if their computer has any of the following symptoms. For example, if their PC has become slow or frequently reboots. If you said yes to any of these questions, the software would produce a report claiming to have found evidence of malware and offering fixes that could cost significant amounts of money even if there was no other evidence.

    Reply
  3. Tomi Engdahl says:

    Bitcoin exchange DragonEx ‘hacked for undisclosed amount’
    https://thenextweb.com/hardfork/2019/03/26/bitcoin-exchange-dragonex-hacked-for-undisclosed-amount/

    Another day, another hack

    Reply
  4. Tomi Engdahl says:

    Ransomware Behind Norsk Hydro Attack Takes On Wiper-Like Capabilities
    https://threatpost.com/lockergoga-ransomware-norsk-hydro-wiper/143181/

    Reply
  5. Tomi Engdahl says:

    Don’t change your Twitter birthday to 2007 unless you want to get kicked off for being under 13
    You can’t actually unlock new color schemes!
    https://www.theverge.com/tldr/2019/3/26/18282942/twitter-birthday-prank-2007-13-color-scheme

    A viral prank trying to get people to change their Twitter birthdays to 2007 is getting users locked out of the platform for being under 13. The prank tweets tell users that changing the Twitter birthdays on their profiles will do everything from unlocking new color schemes, getting them admin privileges, or even a verified check. It gives me great pain to have to narc on a solid prank, but this won’t actually happen.

    Reply
  6. Tomi Engdahl says:

    Russia Regularly Spoofs Regional GPS
    https://www.darkreading.com/risk/russia-regularly-spoofs-regional-gps/d/d-id/1334262

    The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.

    Reply
  7. Tomi Engdahl says:

    Researchers Find Google Play Store Apps Were Actually Government Malware
    https://motherboard.vice.com/en_us/article/43z93g/hackers-hid-android-malware-in-google-play-store-exodus-esurv

    Security researchers have found a new kind of government malware that was hiding in plain sight within apps on Android’s Play Store. And they appear to have uncovered a case of lawful intercept gone wrong.

    Reply
  8. Tomi Engdahl says:

    Office Depot Fined $25 Million For Scamming Customers With Bogus Malware Scans
    https://amp.hothardware.com/news/office-depot-fined-scamming-customers-malware-scans

    Reply
  9. Tomi Engdahl says:

    Encryption law: time for tech industry to take the reins
    https://itwire.com/open-sauce/86520-encryption-law-time-for-tech-industry-to-take-the-reins.html

    a Sydney forum, organised under the name Safe Encryption Australia, outlining the negatives of the law.

    Reply
  10. Tomi Engdahl says:

    Hackers dropped a secret backdoor in Asus’ update software
    https://techcrunch.com/2019/03/25/asus-update-backdoor/

    Reply
  11. Tomi Engdahl says:

    Malware Installed in Asus Computers through Hacked Update Process
    https://www.schneier.com/blog/archives/2019/03/malware_install.html

    Kaspersky Labs is reporting on a new supply chain attack they call “Shadowhammer.”

    Reply
  12. Tomi Engdahl says:

    Releasing the NSA’s Previously Classified Tool ‘Ghidra’ For Free Is a ‘Game Changer’
    https://motherboard.vice.com/en_us/article/panvm7/nsa-releases-ghidra-for-free-game-changer

    The NSA release a free and open source reverse engineering app called ‘Ghidra.”

    Reply
  13. Tomi Engdahl says:

    We’re already in the middle of a major cyber war, experts believe
    https://www.foxnews.com/tech/were-already-in-the-middle-of-a-major-cyberwar-experts-believe

    A whopping 87 percent of information security specialists believe we’re in the middle of a global cyber war.

    Reply
  14. Tomi Engdahl says:

    The Fragile State of U.K. Banking Sector IT Systems Continues Unabated
    https://spectrum.ieee.org/riskfactor/computing/it/the-fragile-state-of-uk-banking-sector-it-systems-continues-unabated

    Banking sector IT systems in the United Kingdom are in a very sorry state. A review of various media reports shows that in 2018, there were at least 44 bank and building-society-related IT operational or cybersecurity incidents that prevented customers from accessing their payment services.

    Reply
  15. Tomi Engdahl says:

    How Russia tampers with GPS
    https://www.axios.com/how-russia-tampers-with-gps-f43f91d9-fa0f-4a6d-a2a6-2857b5b4985e.html

    Satellite navigation systems like the Global Positioning System (GPS) make so many different pieces of our global infrastructure tick that most countries treat their signals as sacrosanct, knowing that interfering with them could have devastating effects. But a new report released Tuesday is giving us the first broad view of a country — Russia — that’s pervasively tampering with the service.

    Reply
  16. Tomi Engdahl says:

    FTC Crackdown Stops Operations Responsible for Billions of Illegal Robocalls
    https://www.ftc.gov/news-events/press-releases/2019/03/ftc-crackdown-stops-operations-responsible-billions-illegal

    Unwanted calls pitched auto warranties, debt-relief services, Google listings, and a fake charity

    Reply
  17. Tomi Engdahl says:

    New Virus Steals Your Files Until PewDiePie Gets 100M Subscribers
    https://futurism.com/ransomware-encrypts-files-pewdiepie

    Another ransomware variant encrypts your files unless you subscribe to PewDiePie — but even if you do, it deletes them anyway.

    Reply
  18. Tomi Engdahl says:

    20 years for swatter who got a man killed
    https://techcrunch.com/2019/03/29/20-years-for-swatter-who-got-a-man-killed/

    Tyler Barriss, a prolific and seemingly unremorseful repeat swatter and bomb hoaxer whose fakery got a man killed in 2017, has been sentenced to 20 years in prison. This hopefully closes the book on a long and disturbing career of random and mercenary harassment and threats.

    Reply
  19. Tomi Engdahl says:

    Here’s the List of ~600 MAC Addresses Targeted in Recent ASUS Hack
    https://thehackernews.com/2019/03/asus-hack-mac-addresses.html?m=1

    Russian security firm Kaspersky last week didn’t release the full list all MAC addresses that hackers hardcoded into their malware to surgically target a specific pool of users.

    offline tool and launched an online web page where ASUS PC users can search for their MAC addresses to check whether they were in the hit list.

    ASUS Hack: Operation ShadowHammer
    It was revealed last week that a group of state-sponsored hackers managed to hijack ASUS Live automatic software update server last year and pushed malicious updates to over one million Windows computers worldwide in order to infect them with backdoors.

    Though the second stage malware was only pushed to nearly 600 targeted users, it doesn’t mean that millions of ASUS computers which received the malicious software update are not compromised

    Reply
  20. Tomi Engdahl says:

    Hacker Rigs New Zealand Shooter’s Manifesto With Malware
    https://uk.pcmag.com/news/120294/hacker-rigs-new-zealand-shooters-manifesto-with-malware

    A hacker is responding to the New Zealand mosque shooting by booby-trapping the attacker’s manifesto with malware.

    Reply
  21. Tomi Engdahl says:

    CNBC:
    Researchers find totaled Teslas contain unencrypted and personally revealing data about owners, including locations visited, phone contacts, and dash cam video

    Tesla cars keep more data than you think, including this video of a crash that totaled a Model 3
    https://www.cnbc.com/2019/03/29/tesla-model-3-keeps-data-like-crash-videos-location-phone-contacts.html

    Crashed Tesla vehicles, sold at junk yards and auctions, contain deeply personal and unencrypted data including info from drivers’ paired mobile devices, and video showing what happened just before the accident.
    Security researcher GreenTheOnly extracted unencrypted video, phonebooks, calendar items and other data from Model S, Model X and Model 3 vehicles purchased for testing and research at salvage.
    Hackers who test or modify the systems in their own Tesla vehicles are flagged internally, ensuring that they are not among the first to receive over-the-air software updates first.

    Reply
  22. Tomi Engdahl says:

    Dan Goodin / Ars Technica:
    A newly published exploit for a Magento vulnerability that can be used without authentication puts hundreds of thousands of e-commerce sites at risk

    Brace yourselves: Exploit published for serious Magento bug allowing card skimming [Updated]
    Magento admins: Beware of SQL flaw that requires no authentication.
    https://arstechnica.com/information-technology/2019/03/severe-magento-bug-opens-300k-commerce-sites-to-card-skimming-attacks/

    Reply
  23. Tomi Engdahl says:

    Gavin De Becker / The Daily Beast:
    Jeff Bezos’ security chief says his investigation concluded with high confidence that Saudi Arabia “had access to Bezos’ phone, and gained private information” — The National Enquirer’s lawyer tried to get me to say there was no hacking.

    Bezos Investigation Finds the Saudis Obtained His Private Data
    https://www.thedailybeast.com/jeff-bezos-investigation-finds-the-saudis-obtained-his-private-information

    The National Enquirer’s lawyer tried to get me to say there was no hacking.

    “Our investigators and several experts concluded with high confidence that the Saudis had access to Bezos’ phone, and gained private information.”

    Experts with whom we consulted confirmed New York Times reports on the Saudi capability to “collect vast amounts of previously inaccessible data from smartphones in the air without leaving a trace—including phone calls, texts, emails”—and confirmed that hacking was a key part of the Saudis’ “extensive surveillance efforts that ultimately led to the killing of [Washington Post] journalist Jamal Khashoggi.”

    Some Americans will be surprised to learn that the Saudi government has been intent on harming Jeff Bezos since last October, when the Post began its relentless coverage of Khashoggi’s murder. The Saudi campaign against Bezos has already been reported by CNN International, Bloomberg, The Daily Beast, and others.

    Saudi Arabia attacks people in many ways, obviously, including through their elaborate social media program that uses sophisticated technology and paid surrogates to create artificially trending hashtags

    Reply
  24. Tomi Engdahl says:

    Mark Zuckerberg / Washington Post:
    Mark Zuckerberg calls for global regulations in four areas: policing harmful content, election integrity, a GDPR-like privacy framework, and data portability — Mark Zuckerberg is founder and chief executive of Facebook. — Technology is a major part of our lives, and companies such as Facebook have immense responsibilities.
    http://www.washingtonpost.com/opinions/mark-zuckerberg-the-internet-needs-new-rules-lets-start-in-these-four-areas/2019/03/29/9e6f0504-521a-11e9-a3f7-78b7525a8d5f_story.html

    Reply
  25. Tomi Engdahl says:

    Alex W. Palmer / Wired:
    A behind-the-scenes account of how a member of TripAdvisor’s anti-fraud team helped the FCC track down a Florida man accused of making 96M+ illegal robocalls — BRAD YOUNG, A lawyer at TripAdvisor, arrived at the company’s offices in Needham, Massachusetts, on October 12, 2015 …
    https://www.wired.com/story/on-the-trail-of-the-robocall-king/

    Reply
  26. Tomi Engdahl says:

    NSA-Inspired Vulnerability Found in Huawei Laptops
    https://www.schneier.com/blog/archives/2019/03/nsa-inspired_vu.html

    This is an interesting story of a serious vulnerability in a Huawei driver that Microsoft found. The vulnerability is similar in style to the NSA’s DOUBLEPULSAR that was leaked by the Shadow Brokers — believed to be the Russian government — and it’s obvious that this attack copied that technique.

    Reply
  27. Tomi Engdahl says:

    Equifax, FICO launch Data Decision Cloud as credit scores meld with marketing, compliance, customer experience
    https://www.zdnet.com/article/equifax-fico-launch-data-decision-cloud-as-credit-scores-meld-with-marketing-compliance-customer-experience/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem:+Trending+Content

    By combining data pools and platforms, the companies hope to find more insights, build better predictive models and manage customer experiences better.

    Reply
  28. Tomi Engdahl says:

    Huawei savaged by Brit code review board over pisspoor dev practices
    HCSEC pulls no technical punches in annual report
    https://www.theregister.co.uk/2019/03/28/hcsec_huawei_oversight_board_savaging_annual_report/

    Britain’s Huawei oversight board has said the Chinese company is a threat to British national security after all – and some existing mobile network equipment will have to be ripped out and replaced to get rid of said threat.

    “The work of HCSEC [Huawei Cyber Security Evaluation Centre]… reveals serious and systematic defects in Huawei’s software engineering and cyber security competence,” said the HCSEC oversight board in its annual report, published this morning.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*