This posting is here to collect cyber security news in March 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
490 Comments
Tomi Engdahl says:
Source: Leaked Documents Show the U.S. Government Tracking Journalists and Immigration Advocates Through a Secret Database
https://www.nbcsandiego.com/investigations/Source-Leaked-Documents-Show-the-US-Government-Tracking-Journalists-and-Advocates-Through-a-Secret-Database-506783231.html
Tomi Engdahl says:
Hacking Satellites Is Surprisingly Simple
https://www.extremetech.com/extreme/287284-hacking-satellites-is-probably-easier-than-you-think
Satellites are physically quite secure orbiting the Earth, but the advent of cheaper high-power antennas makes them vulnerable in other ways. Engineers have only recently started taking cybersecurity seriously in satellite design
Malik showed the audience at the recent RSA conference several known attacks on NASA systems, some of which focused on satellites. For example, an attacker could access the systems on the Hubble Telescope and open its camera hatch while pointed at the sun, destroying the sensitive optics. They could also use the solar panels to blow out the batteries. Many satellites are also vulnerable to jamming attacks that could disrupt important commands from ground control.
Tomi Engdahl says:
https://pentestmag.com/ukraine-under-cyberattack/
Tomi Engdahl says:
Researchers obtain a command server used by North Korean hacker group
https://techcrunch.com/2019/03/03/north-korea-lazarus-hackers/
Tomi Engdahl says:
Flawed visitor check-in systems let anyone steal guest logs and sneak into buildings
https://techcrunch.com/2019/03/04/vulnerable-visitor-check-in-systems/
Tomi Engdahl says:
Supply Chain Security Talk
https://www.bunniestudios.com/blog/?p=5519
Tomi Engdahl says:
Cybersecurity report from Middle-earth
https://www.kaspersky.com/blog/middle-earth-cybersecurity/25846/
Tomi Engdahl says:
Hacked: Cyber Attack Reveals Worrying Flaws in Israeli Online Security
http://www.israeltoday.co.il/NewsItem/tabid/178/nid/36092/Default.aspx
Tomi Engdahl says:
Formjacking: The newest way hackers are stealing credit card information
https://globalnews.ca/news/5017232/formjacking-hack-steal-credit-card-information/
According to the Symantec Internet Security Threat Report, as security companies get better at preventing common scams, instances of formjacking have skyrocketed, with an average of almost 5,000 websites per month becoming victim to a formjacking attack during 2018.
Tomi Engdahl says:
Chris Ip / Engadget:
How Foursquare, which tracks the location of millions via their smartphones and has 100K+ clients including Snapchat and Uber, makes sure its data isn’t misused — It seems counter-intuitive that, in the thick of a backlash against Big Tech’s data privacy abuses, Dennis Crowley …
Foursquare’s unusual pitch: The ethical data company
Hypertrending is an exercise in trust.
https://www.engadget.com/2019/03/10/foursquare-hypertrending-dennis-crowley-interview/
It seems counter-intuitive that, in the thick of a backlash against Big Tech’s data privacy abuses, Dennis Crowley is pitching location tracking technology at South By Southwest.
The feature is limited to this city during SXSW, will be gone by March 21 and there are no plans for a wider release.
So what’s the point?
As a means of finding where everyone’s hanging out in the city it’s OK — but even Crowley said in his keynote speech on Saturday that it’s not particularly useful.
Tomi Engdahl says:
Dennis Crowley / Foursquare Intersections:
Foursquare’s Hypertrending app uses Pilgrim, its SDK used by thousands of apps on millions of phones, to show where people congregate in Austin, in real time
Introducing Hypertrending
Where 10 Years of Foursquare Has Led Us
https://enterprise.foursquare.com/intersections/article/introducing-hypertrending/
Tomi Engdahl says:
Kalev Aasmae / ZDNet:
In this month’s parliamentary elections in Estonia, 44% of about 561K votes counted were cast online using the e-voting system, setting a new digital record — In this month’s Estonian parliamentary elections, a whopping 44 percent of the ballot was cast using e-voting.
Online voting: Now Estonia teaches the world a lesson in electronic elections
https://www.zdnet.com/article/online-voting-now-estonia-teaches-the-world-a-lesson-in-electronic-elections/
In this month’s Estonian parliamentary elections, a whopping 44 percent of the ballot was cast using e-voting.
Tomi Engdahl says:
Tufts expelled a student for grade hacking. She claims innocence
https://techcrunch.com/2019/03/08/tufts-grade-hacking/amp/
A day earlier, she was expelled from Tufts University veterinary school. As a Canadian, her visa was no longer valid and she was told by the school to leave the U.S. “as soon as possible.” That night, her plane departed the U.S. for her native Toronto, leaving any prospect of her becoming a veterinarian behind.
Filler, 24, was accused of an elaborate months-long scheme involving stealing and using university logins to break into the student records system, view answers, and alter her own and other students’ grades.
The case Tufts presented seems compelling, if not entirely believable.
There’s just one problem: In almost every instance that the school accused Filler of hacking, she was elsewhere with proof of her whereabouts or an eyewitness account and without the laptop she’s accused of using.
Tufts is either right or it expelled an innocent student on shoddy evidence four months before she was set to graduate.
Tomi Engdahl says:
Analysing a massive Office 365 phishing campaign
https://bartblaze.blogspot.com/2019/03/analysing-massive-office-365-phishing.html
Tomi Engdahl says:
Iranian-backed hackers ransacked Citrix, swiped 6TB+ of emails, docs, secrets, claims cyber-biz
Remote-desktop giant ‘among more than 200 govt agencies, oil, gas, tech corps’ hit by gang
https://www.theregister.co.uk/2019/03/08/citrix_hacked_data_stolen/
Citrix today warned its customers that foreign hackers romped through its internal company network and stole corporate secrets
Tomi Engdahl says:
Avast and Emsisoft release free decrypters for BigBobRoss ransomware
BigBobRoss ransomware has been active since mid-January.
https://www.zdnet.com/article/avast-and-emsisoft-release-free-decrypters-for-bigbobross-ransomware/#ftag=RSSbaffb68
Tomi Engdahl says:
Georgia county pays a whopping $400,000 to get rid of a ransomware infection
County hired cyber-security consultant to negotiate ransom fee with hacker group.
https://www.zdnet.com/article/georgia-county-pays-a-whopping-400000-to-get-rid-of-a-ransomware-infection/
Officials in Jackson County, Georgia, paid $400,000 to cyber-criminals this week to get rid of a ransomware infection and regain access to their IT systems.
Tomi Engdahl says:
Facebook sues Ukrainian browser extension makers for scraping user data
https://www.zdnet.com/article/facebook-sues-ukrainian-browser-extension-makers-for-scraping-user-data/
Facebook said the malicious extensions were installed by more than 63,000 users.
Tomi Engdahl says:
Attack landscape H2 2018: Attack traffic increases fourfold
https://blog.f-secure.com/attack-landscape-h2-2018/
Our adversaries in cyber space have been busy. That much is evident from our statistics from our global network of honeypots throughout the last half of 2018. Our servers registered a fourfold jump in attack and reconnaissance traffic for the period.
Tomi Engdahl says:
Japanese police charge 13-year-old for sharing ‘unclosable popup’ prank online
https://www.zdnet.com/article/japanese-police-charge-13-year-old-for-sharing-unclosable-popup-prank-online/
Police also searched the home of a 47-year-old man and are also investigating three other suspects.
Tomi Engdahl says:
All Intel chips open to new Spoiler non-Spectre attack: Don’t expect a quick fix
https://www.zdnet.com/article/all-intel-chips-open-to-new-spoiler-non-spectre-attack-dont-expect-a-quick-fix/
Researchers say Intel won’t be able to use a software mitigation to fully address the problem Spoiler exploits.
Researchers have discovered a new flaw affecting all Intel chips due to the way they carry out speculative execution for CPU performance gains.
Like the Spectre and Meltdown attacks revealed in January 2018, Spoiler also abuses speculative execution in Intel chips to leak secrets.
However, it targets a different area of the processor called the Memory Order Buffer, which is used to manage memory operations and is tightly coupled with the cache.
https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/
Tomi Engdahl says:
Citrix investigating unauthorized access to internal network
https://www.citrix.com/blogs/2019/03/08/citrix-investigating-unauthorized-access-to-internal-network/
Tomi Engdahl says:
Citrix Learns About Internal Network Security Breach from FBI
https://www.bleepingcomputer.com/news/security/citrix-learns-about-internal-network-security-breach-from-fbi/
Tomi Engdahl says:
PINCHY SPIDER Affiliates Adopt “Big Game Hunting” Tactics to Distribute GandCrab Ransomware
https://www.crowdstrike.com/blog/pinchy-spider-adopts-big-game-hunting/
Tomi Engdahl says:
Buffer overflow flaw in British Airways in-flight entertainment systems will affect other airlines, but why try it in the air?
Researcher’s stumbling on bug was risky to say the least
https://www.theregister.co.uk/2019/03/08/thales_topseries_vuln/
At the start of a commercial transatlantic flight he took in February, Marco pasted long strings of text into an in-flight chat app using a USB wireless mouse.
“Although I was very tired, and it was a night flight, I couldn’t resist to do some basic security checks in the entertainment systems,” he originally wrote in a LinkedIn post explaining the in-flight entertainment (IFE) system vuln, which was assigned CVE-2019-9109 by MITRE. That blog post was edited shortly after The Register contacted Marco.
In an email to The Register (Marco refused to discuss his findings over the phone), the cybersecurity prof insisted he was “not probing for vulnerabilities”, before insisting that during his flight he “wanted to send a long message to another chat seat” and decided to use the mouse. “After copying and pasting many times the chat application surprisingly disappeared in front of me.”
Tomi Engdahl says:
Evading AV with JavaScript Obfuscation
https://blog.yoroi.company/research/evading-av-with-javascript-obfuscation/
Tomi Engdahl says:
Tricks and COMfoolery: How Ursnif Evades Detection
https://www.bromium.com/how-ursnif-evades-detection/
Tomi Engdahl says:
SectorD02 PowerShell Backdoor Analysis
https://threatrecon.nshc.net/2019/03/07/sectord02-powershell-backdoor-analysis/
Tomi Engdahl says:
Sairaalan ultraäänilaite on helppo hakkeroida
http://www.etn.fi/index.php/13-news/9190-sairaalan-ultraaanilaite-on-helppo-hakkeroida
Tomi Engdahl says:
Mark Zuckerberg Describes a New Privacy-Centric Facebook
https://www.securityweek.com/mark-zuckerberg-describes-new-privacy-centric-facebook
Tomi Engdahl says:
GIF Attack on Facebook Messenger Earned Hacker $10,000
https://www.securityweek.com/gif-attack-facebook-messenger-earned-hacker-10000
A white hat hacker earned $10,000 from Facebook last year for finding a Messenger vulnerability that apparently could have been exploited to randomly obtain other users’ images.
Tomi Engdahl says:
Research Firm Offers $3 Million for iOS, Android 0-Days
https://www.securityweek.com/research-firm-offers-3-million-ios-android-0-days
Vulnerability research firm Crowdfense has launched a new 0-day acquisition program and is promising payouts of up to $3 million for full-chain, previously unreported exploits.
Tomi Engdahl says:
Google Launches New Cloud Security Services
https://www.securityweek.com/google-launches-new-cloud-security-services
Google has introduced a new set of services to provide cloud customers with improved protection from unsafe websites, distributed denial of service (DDoS) attacks, and other threats.
With the newly introduced Web Risk API, currently in beta, client applications can check URLs against Google’s lists of unsafe web resources, such as phishing and deceptive sites, and sites hosting malware or unwanted software.
The new Google Cloud service allows organizations to quickly identify known bad sites and warn users that clicking on specific links may lead to risky pages. It can also be used to prevent users from posting links to known malicious pages, Google says.
Powered by the same technology as Safe Browsing, Web Risk API leverages data on over a million unsafe URLs that Google maintains by examining billions of links each day, and allows enterprises to leverage the technology to keep their users safe.
Simplify enterprise threat detection and protection with new Google Cloud security services
https://cloud.google.com/blog/products/identity-security/simplify-enterprise-threat-detection-and-protection-with-new-google-cloud-security-services
Tomi Engdahl says:
Attack on Software Giant Citrix Attributed to Iranian Hackers
https://www.securityweek.com/attack-software-giant-citrix-attributed-iranian-hackers
Tomi Engdahl says:
Venezuela’s Maduro Says Cyber Attack Prevented Power Restoration
https://www.securityweek.com/venezuelas-maduro-says-cyber-attack-prevented-power-restoration
Venezuela President Nicolas Maduro claimed on Saturday that a new cyber attack had prevented authorities from restoring power throughout the country following a blackout on Thursday that caused chaos.
It caused chaos with public services such as water and transport also grinding to a halt, while hospitals were left without power.
The opposition said dozens of people died as a result of the power cut, a claim denied by Rodriguez.
Experts say Venezuela’s power problems are due to a lack of investment in infrastructure.
Maduro’s regime usually blames outages on outside factors.
Tomi Engdahl says:
WordPress shopping sites under attack
https://www.zdnet.com/article/wordpress-shopping-sites-under-attack/#ftag=RSSbaffb68
Hackers using cross-site scripting (XSS) flaw in abandoned cart plugin to take over vulnerable sites.
WordPress-based shopping sites are under attack from a hacker group abusing a vulnerability in a shopping cart plugin to plant backdoors and take over vulnerable sites.
Attacks are currently ongoing, according to Defiant, the company behind Wordfence, a firewall plugin for WordPress sites.
Hackers are targeting WordPress sites that use the “Abandoned Cart Lite for WooCommerce,” a plugin installed on over 20,000 WordPress sites, according to the official WordPress Plugins repository.
https://wordpress.org/plugins/woocommerce-abandoned-cart/
Tomi Engdahl says:
US tells Germany to stop using Huawei equipment or lose some intelligence access
Letter sent from US Ambassador to Germany
https://www.theverge.com/2019/3/11/18260344/us-germany-huawei-5g-letter-security
Tomi Engdahl says:
Trapdoor commitments in the SwissPost e-voting shuffle proof
https://people.eng.unimelb.edu.au/vjteague/SwissVote
The implementation of the commitment scheme in the SwissPost-Scytl mixnet uses a trapdoor commitment scheme, which allows anyone who knows the trapdoor values to generate a shuffle proof transcript that passes verification but actually alters votes. This allows undetectable vote manipulation by an authority who implemented or administered a mix server.
Tomi Engdahl says:
Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits
https://www.bleepingcomputer.com/news/security/yatron-ransomware-plans-to-spread-using-eternalblue-nsa-exploits/
Tomi Engdahl says:
Adobe Releases March 2019 Security Fixes for Photoshop CC and Digital Editions
https://www.bleepingcomputer.com/news/security/adobe-releases-march-2019-security-fixes-for-photoshop-cc-and-digital-editions/
Tomi Engdahl says:
Microsoft Releases Patches for 64 Flaws — Two Under Active Attack
https://thehackernews.com/2019/03/microsoft-windows-security-updates.html
It’s time for another batch of “Patch Tuesday” updates from Microsoft.
Microsoft today released its March 2019 software updates to address a total of 64 CVE-listed security vulnerabilities in its Windows operating systems and other products, 17 of which are rated critical, 45 important, one moderate and one low in severity.
Tomi Engdahl says:
Unpatched Windows Bug Allows Attackers to Spoof Security Dialog Boxes
https://threatpost.com/windows-bug-spoof-dialog-boxes/142711/
Microsoft won’t be patching the bug, but a proof of concept shows the potential for successful malware implantation.
A previously unknown bug in Microsoft Windows would allow an attacker to spoof Windows dialog boxes that surface when making changes to the Windows registry. This would allow an adversary to plant malware or make other nefarious changes in the registry while getting around Windows’ built-in defenses, according to a researcher.
Tomi Engdahl says:
Microsoft changes DHCP to ‘Dammit! Hacked! Compromised! Pwned!’ Big bunch of security fixes land for Windows
DHCP client has trio of remote-code exec vulns – plus SAP, Adobe issue updates
https://www.theregister.co.uk/2019/03/12/march_patch_tuesday_dhcp/
DHCP flaws headline Patch Tuesday priorities
Of the 64 bugs squashed in Redmond’s March update, researchers are pointing to five particular bugs as being especially noteworthy.
First, there are the trio of CVE-2019-0697, CVE-2019-0698, and CVE-2019-0726, all covering holes present in the DHCP server component for Windows. Each of the flaws would potentially allow an attacker on the local network to achieve remote code execution on a targeted machine simply by sending a malformed DHCP network packet.
Tomi Engdahl says:
Hapless engineers leave UK cable landing station gate open, couple of journos waltz right in
Infosec skills are useful. But so are locked doors
https://www.theregister.co.uk/2019/03/11/southport_cable_landing_station_wide_open/
Journalists were able to bimble into a UK cable landing station almost completely unchallenged after security gates were left open and unlocked.
Two reporters from the Mail on Sunday walked straight into the nondescript hut where the Hibernia Express cable reaches the British mainland in Southport, 30km north of Liverpool on the Irish Sea coast. The cable is the fastest transatlantic fibre optic route for internet traffic between the UK and North America.
“A terrorist or foreign agent would have been free to plant explosives or force their way inside,” reported the paper.
Revealed: Unlocked hut in a caravan park with no guards is all that protects Britain’s £30billion internet link to the US from sabotage
https://www.dailymail.co.uk/news/article-6790751/Unlocked-hut-caravan-park-no-guards-protects-UKs-30billion-internet-link.html
A shock report has revealed the security threat faced by the fibre-optic cable
The building home to the £230m Hibernia Express has no security guard
An Al Qaeda plot to blown up a London internet hub was previously stopped
Tomi Engdahl says:
On the eve of Patch Tuesday, Microsoft confirms Windows 10 can automatically remove borked updates
Install. Uninstall. Boot. Repeat
https://www.theregister.co.uk/2019/03/12/windows_10_auto_uninstall/
Microsoft has quietly updated a support document to let us know that Windows 10 will have a crack at uninstalling borked updates – just in time for patch Tuesday.
Windows 10 endures enjoys a near constant stream of updates and patches to, as Microsoft put it, “keep your device secure and running at peak efficiency”. This is all well and good, but as a significant section of customers would agree, things sometimes go wrong and a hasty uninstall is required.
Microsoft has therefore tweaked Windows 10 to spot a recovery from a failed startup (after all, a reboot after a patch seems de rigueur, even in 2019) and bring a hobnailed boot down on the offending update.
Tomi Engdahl says:
New Android adware found in 200 apps on Google Play
https://techcrunch.com/2019/03/13/new-android-adware-google-play/
Tomi Engdahl says:
Nixu Files: Eastern European ransoms
https://www.nixu.com/blog/nixu-files-eastern-european-ransoms
Tomi Engdahl says:
Mozilla launches its free, encrypted file sharing service, Firefox Send
https://techcrunch.com/2019/03/12/mozilla-launches-its-free-encrypted-file-sharing-service-firefox-send/
Tomi Engdahl says:
F E A R I N G F O R HIS L I F E
https://www.theverge.com/2019/3/13/18253848/eric-garner-footage-ramsey-orta-police-brutality-killing-safety
Ramsey Orta filmed the killing of Eric Garner. The video traveled far, but it wouldn’t get justice for his dead friend. Instead, the NYPD would exact their revenge
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
Researchers find mobile adware, dubbed SimBad, hidden in over 200 Android games, with more than 150M downloads — Security researchers have found a new kind of mobile adware hidden in hundreds of Android apps, and downloaded more than 150 million times from Google Play.
New Android adware found in 200 apps on Google Play
https://techcrunch.com/2019/03/13/new-android-adware-google-play/