Cyber Security March 2019

This posting is here to collect cyber security news in March 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

490 Comments

  1. Tomi Engdahl says:

    Emil Protalinski / VentureBeat:
    Google says it removed 2.3B bad ads in 2018, down 28% from 2017 and terminated ~1M bad advertiser accounts, including ~734K publishers and app developers — Around this time of year, Google shares how many “bad ads” it killed the year before. And every year, the number grows. But not this time.

    Google killed 2.3 billion ‘bad ads’ in 2018, down 28% from 2017
    https://venturebeat.com/2019/03/13/google-killed-2-3-billion-bad-ads-in-2018-down-28-from-2017/

    Around this time of year, Google shares how many “bad ads” it killed the year before. And every year, the number grows. But not this time.

    “Bad ads” consist of any advertising that violates Google’s advertising policies, including ad fraud, phishing scams, and malware. That includes everything from a one-off accident to a coordinated action by scammers trying to make money.

    Reply
  2. Tomi Engdahl says:

    A world of hurt after GoDaddy, Apple, and Google misissue >1 million certificates
    Certificates with 63-bit serial numbers touch off mass revocation blitz.
    https://arstechnica.com/information-technology/2019/03/godaddy-apple-and-google-goof-results-in-1-million-misissued-certificates/

    A major operational error by GoDaddy, Apple, and Google has resulted in the issuance of at least 1 million browser-trusted digital certificates that don’t comply with binding industry mandates. The number of non-compliant certificates may be double that number, and other browser-trusted authorities are also likely to be affected.

    The snafu is the result of the companies’ misconfiguration of the open source EJBCA software package that many browser-trusted authorities use to generate certificates that secure websites, encrypt email, and digitally sign code.

    The 63 bits is far off the mark of the required 64 bits and, as such, poses a theoretically unacceptable risk to the entire ecosystem. (Practically speaking, there’s almost no chance of the certificates being maliciously exploited. More about that later.)

    The 63 bits is far off the mark of the required 64 bits and, as such, poses a theoretically unacceptable risk to the entire ecosystem. (Practically speaking, there’s almost no chance of the certificates being maliciously exploited. More about that later.)

    Almost no chance of exploitation

    With all that said, despite the shortcomings of the misissued certificates, there is very little chance their non-compliant entropy can be exploited. Certificates are now generated using SHA256, a modern algorithm that doesn’t have the known vulnerabilities of MD5. The 64-bit requirement, rather, is more a matter of insuring against new attacks that will likely be discovered in the coming decades.

    “Our goal is to reissue all the certificates within the next 30 days,” wrote Daymion Reynolds, who is senior director of SSL/PKI security products at GoDaddy. “We have started the revocation process. We have a significant number of customers that use manual methods for managing their certificates, so being agile for them is difficult. We want to keep our customers using https through the entire revocation period. Due to the large number of certificates and the benign nature of the issue, our plan is to revoke in a responsible way.”

    Reply
  3. Tomi Engdahl says:

    Baseline Requirementsfor theIssuance and Management of Publicly-Trusted Certificates
    https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.6.3.pdf

    Reply
  4. Tomi Engdahl says:

    New Ursnif Variant Targets Japan Packed with New Features
    https://www.cybereason.com/blog/new-ursnif-variant-targets-japan-packed-with-new-features

    The Ursnif trojan (also known as Gozi ISFB) is one of the most prolific information stealing Trojans
    in the cybercrime landscape. Since its reappearance in early 2013, it has been constantly evolving. In 2015, its source code was leaked and made publicly available on Github, which led to further development of the code by different threat actors who improved it and added new features.

    Over the past few years, Japan has been among the top countries targeted by Ursnif’s operators.

    Reply
  5. Tomi Engdahl says:

    Kremlin interference in EU vote is likely, says Estonian spy agency
    https://www.cyberscoop.com/russia-interference-eu-elections-estonia-intelligence/

    Estonia’s foreign intelligence agency says it is “very likely” that the Russian government will try to interfere in the European Union parliamentary elections in May.

    The Kremlin’s meddling will likely focus on France, Germany and Italy, which hold the most EU parliamentary seats, in a concerted effort to “secure as many seats as possible for pro-Russian or euro-skeptical political forces,” the Estonian Foreign Intelligence Service said Tuesday in an external security report focused on threats from Russia.

    The European Parliament’s status as the only EU institution directly elected by the people makes it a prime target for Russian influence operations, the EFIS said

    https://www.valisluureamet.ee/pdf/raport-2019-ENG-web.pdf

    Reply
  6. Tomi Engdahl says:

    The Advanced Persistent Threat files: Lazarus Group
    https://blog.malwarebytes.com/threat-analysis/2019/03/the-advanced-persistent-threat-files-lazarus-group/

    We’ve heard a lot about Advanced Persistent Threats (APTs) over the past few years. As a refresher, APTs are prolonged, aimed attacks on specific targets with the intention to compromise their systems and gain information from or about that target.

    While the targets may be anyone or anything—a person, business, or other organization—APTs are often associated with government or military operations, as they tend to be the organizations with the resources necessary to conduct such an attack. Starting with Mandiant’s APT1 report in 2013, there’s been a continuous stream of exposure of nation-state hacking at scale.

    Reply
  7. Tomi Engdahl says:

    The fourth horseman: CVE-2019-0797 vulnerability
    The new zero-day in the Windows OS exploited in targeted attacks
    https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/

    Microsoft have just released a patch, crediting Kaspersky Lab researchers Vasiliy Berdnikov and Boris Larin with the discovery

    This is the fourth consecutive exploited Local Privilege Escalation vulnerability in Windows we have discovered recently using our technologies. Just like with CVE-2018-8589, we believe this exploit is used by several threat actors including, but possibly not limited to, FruityArmor and SandCat. While FruityArmor is known to have used zero-days before, SandCat is a new APT we discovered only recently. In addition to CVE-2019-0797 and CHAINSHOT, SandCat also uses the FinFisher/FinSpy framework.

    Reply
  8. Tomi Engdahl says:

    Microsoft March 2019 Patch Tuesday
    https://isc.sans.edu/forums/diary/Microsoft+March+2019+Patch+Tuesday/24742/

    This month we got patches for 64 vulnerabilities. Two of them have been exploited and four have been made public before today.

    Both exploited vulnerabilities (CVE-2019-0808 and CVE-2019-0797) affects win32k component on multiple Windows versions, from Windows 7 to 2019, and may lead to privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    Reply
  9. Tomi Engdahl says:

    Mobile Supply Chain Attacks Are More Than Just an Annoyance
    https://blog.checkpoint.com/2019/03/13/mobile-supply-chain-attacks-are-more-than-just-an-annoyance/

    Mark Twain once wrote there are few things harder to put up with than the annoyance of a good example. He would have had a hard time then putting up with the latest shining example of why it is so necessary to have an advanced security solution installed on your mobile device.

    Reply
  10. Tomi Engdahl says:

    Inside Tufts University’s grade-hacking case
    https://techcrunch.com/2019/03/13/inside-tufts-universitys-grade-hacking-case/

    AdChoices

    Extra Crunch
    Inside Tufts University’s grade-hacking case
    Henry Pickavet
    @pickavet / 1 day ago
    000
    Each week, Extra Crunch members have access to conference calls moderated by the TechCrunch writers you read every day. This week, security reporter Zack Whittaker discussed his exclusive report about Tufts University veterinary student Tiffany Filler who was expelled on charges she hacked her grades. Being Canadian and therefore in the U.S. on a student visa, she had to immediately leave the country.

    From the transcript:

    Firstly, given the legal risks, the potential public relations nightmare, and the ethics behind what looked like a failed due process, why didn’t Tufts hire a third-party forensics team to investigate the incident, especially given the nature of the allegations?

    Secondly, how did Tufts decide that the student was to blame for these hacks? Attribution for any hack or cyber attack is often difficult, if not impossible. And the school’s IT department showed no evidence it was qualified to investigate the source of the breaches

    Reply
  11. Tomi Engdahl says:

    Facebook blames a server configuration change for yesterday’s outage
    https://techcrunch.com/2019/03/14/facebook-blames-a-misconfigured-server-for-yesterdays-outage/

    Facebook has finally released its assessment of what was responsible for yesterday’s massive outage of its Instagram, Messenger, and core Facebook service.

    Contrary to the thesis circulating yesterday that it was a route leak, the company said that a server configuration change was to blame.

    Reply
  12. Tomi Engdahl says:

    DARPA Is Building a $10 Million, Open Source, Secure Voting System
    https://motherboard.vice.com/en_us/article/yw84q7/darpa-is-building-a-dollar10-million-open-source-secure-voting-system

    The system will be fully open source and designed with newly developed secure hardware to make the system not only impervious to certain kinds of hacking, but also allow voters to verify that their votes were recorded accurately.

    Reply
  13. Tomi Engdahl says:

    39% of All Counter-Strike 1.6 Servers Used to Infect Players
    https://www.bleepingcomputer.com/news/security/39-percent-of-all-counter-strike-16-servers-used-to-infect-players/

    When playing a video game, most people do not worry about getting infected by the their game client. New research, though, shows that’s exactly what is happening when 39% of all existing Counter-Strike 1.6 game servers were trying to infect players through vulnerabilities in the game client.

    While Counter-Strike 1.6 is almost 20 years old, there is a still a strong player base and market for game servers to play on. With this demand, hosting providers rent game servers on a monthly basis and offer other services such as a the promotion of a customer’s game server in order to increase their popularit

    In a new report by Dr. Web, researchers explain how a developer is utilizing game client vulnerabilities, the Belonard Trojan botnet, and malicious servers to promote the game servers of his customers and enlist more victims to the botnet. At its peak, this botnet grew so large that approximately 39% of the 5,000 Counter-Strike 1.6 servers were malicious in nature and attempting to infect connected players.

    Reply
  14. Tomi Engdahl says:

    Chrome Stable Channel Update for Desktop
    https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
    Classification: Severe, Solution: Update, Exploit: Unknown
    This update includes 60 security fixes. Below, we highlight fixes that
    were contributed by external researchers. Please see the Chrome
    Security Page for more information.

    Reply
  15. Tomi Engdahl says:

    Attackers Sending Out Fake CDC Flu Warnings to Distribute GandCrab
    https://www.tripwire.com/state-of-security/security-data-protection/attackers-sending-out-fake-cdc-flu-warnings-to-distribute-gandcrab/

    An attack begins when a user receives a fake CDC email. The sender field claims that the email came from “Centers for Disease Control and Prevention.” But a closer look reveals the sender to actually be “[email protected],” an email address which has nothing to do with the CDC.

    Reply
  16. Tomi Engdahl says:

    Facebook blames ‘server config change’ for 14-hour outage. Someone run that through the universal liar translator
    Is a single tweet enough when millions of people’s communications are affected?
    https://www.theregister.co.uk/2019/03/14/facebook_server_configuration/

    Reply
  17. Tomi Engdahl says:

    What today links Gmail, Google Drive, YouTube, Facebook, Instagram – apart from being run by monopolistic personal data harvesters?
    They all fell over, fears of massive DDoS denied
    https://www.theregister.co.uk/2019/03/13/google_facebook_outage/

    Both Google and Facebook suffered outages Wednesday, with the Chocolate Factory leading the way and seemingly fixing its issues just as Zuck’s network became decidedly antisocial.

    Reply
  18. Tomi Engdahl says:

    Malicious Javascript Active on FILA UK and Other Websites
    https://www.bleepingcomputer.com/news/security/malicious-javascript-active-on-fila-uk-and-other-websites/

    Payment card data of thousands of online shoppers has been stolen at checkout via malicious JavaScript code cybercriminals embedded in seven websites and which continues to collect and deliver the information the crooks.

    Reply
  19. Tomi Engdahl says:

    Thomas Ricker / The Verge:
    Facebook says all of its services are now operational, attributes the downtime to a “server configuration change” — Instagram, WhatsApp, and Facebook all appear to be operating normally — Facebook is reporting all services operational after a prolonged outage that impacted all of the company’s most popular apps.

    Facebook returns after its worst outage ever
    https://www.theverge.com/2019/3/14/18265185/facebook-instagram-whatsapp-outage-2019-return-back

    Instagram, WhatsApp, and Facebook all appear to be operating normally

    Reply
  20. Tomi Engdahl says:

    Threat actors leverage credential dumps, phishing, and legacy email protocols to bypass MFA and breach cloud accounts worldwide
    https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols

    Proofpoint analyzed over one hundred thousand unauthorized logins across millions of monitored cloud user-accounts and found that:

    72% of tenants were targeted at least once by threat actors

    40% of tenants had at least one compromised account in their environment

    Over 2% of active user-accounts were targeted by malicious actors

    15 out of every 10,000 active user-accounts were successfully breached by attackers

    Reply
  21. Tomi Engdahl says:

    Ransomware Attack on Vendor Affects 600,000
    Healthcare Billing Services Vendor Notifying Individuals of Potential Data Exposure
    https://www.inforisktoday.com/ransomware-attack-on-vendor-affects-600000-a-12164

    A ransomware attack last fall on a company that provides billing and other business services to health plans and hospitals resulted in a breach affecting more than 600,000 individuals, according to Michigan state officials.

    The incident highlights the difficulty some organizations have in determining whether to report ransomware attacks as breaches to comply with the HIPAA Breach Notification Rule.

    More than 600,000 Michigan residents may have had their information compromised in the breach at Detroit-based Wolverine Solutions Group, according to a statement from Michigan Attorney General Dana Nessel and Anita Fox, director of the state’s department of insurance and financial services.

    Reply
  22. Tomi Engdahl says:

    New BitLocker attack puts laptops storing sensitive data at risk
    https://www.zdnet.com/article/new-bitlocker-attack-puts-laptops-storing-sensitive-data-at-risk/#ftag=RSSbaffb68

    New Zealand security researcher details never-before-seen attack for recovering BitLocker keys.

    A security researcher has come up with a new method of extracting BitLocker encryption keys from a computer’s Trusted Platform Module (TPM) that only requires a $27 FPGA board and some open-sourced code.

    To be clear, this new BitLocker attack require physical access to a device and will result in the device’s destruction as the attacker needs to hard-wire equipment into the computer’s motherboard.

    Nonetheless, the attack yields the desired results and should be considered a threat vector for owners of devices storing highly-valuable information, such as classified materials, proprietary business documents, cryptocurrency wallet keys, or other similarly sensitive data.

    Reply
  23. Tomi Engdahl says:

    Details of Actively Exploited Windows Flaw Made Public
    https://www.securityweek.com/details-actively-exploited-windows-flaw-made-public

    Researchers from Chinese cybersecurity firm Qihoo 360 have made public technical details that can be used to construct a proof-of-concept (PoC) exploit for CVE-2019-0808, a recently patched Windows vulnerability that has been involved in targeted attacks.

    The existence of CVE-2019-0808 was brought to light a week ago when Google’s Threat Analysis Group revealed that it had been exploited alongside CVE-2019-5786, a Chrome vulnerability that the browser’s developers patched on March 1.

    Reply
  24. Tomi Engdahl says:

    WordPress 5.1.1 Patches Remote Code Execution Vulnerability
    https://www.securityweek.com/wordpress-511-patches-remote-code-execution-vulnerability

    WordPress this week addressed a vulnerability that could allow an unauthenticated attacker to execute code remotely and take over vulnerable websites.

    Reply
  25. Tomi Engdahl says:

    NATO Takes Huawei Security Concerns Seriously: Stoltenberg
    https://www.securityweek.com/nato-takes-huawei-security-concerns-seriously-stoltenberg

    Security concerns about the role of Huawei in Western 5G telecom infrastructure are to be taken seriously, the head of NATO said Thursday, as Washington steps up pressure on Europe not to use the Chinese firm.

    NATO Secretary General Jens Stoltenberg said the 29-member alliance has begun internal consultations on Huawei, which the US says poses a “threat” to Europe.

    The US and several other Western nations have shut Huawei out of tenders for the development of super-fast fifth-generation, or 5G, networks, because of the company’s close ties to the Chinese government.

    “Some NATO allies have expressed their concerns over Huawei and their role in providing 5G infrastructure. NATO takes these concerns very seriously,” Stoltenberg told reporters.

    Reply
  26. Tomi Engdahl says:

    Many Security Apps on Google Play Inefficient, Fake: Study
    https://www.securityweek.com/many-security-apps-google-play-inefficient-fake-study

    Antivirus testing firm AV-Comparatives has analyzed 250 security applications for Android offered on Google Play and found that many of them either fail to detect threats or they are simply fake.

    Overall, 70 products blocked over 80% of the malware samples and 80 products blocked over 30% with no false positives — AV-Comparatives considers antiviruses that block less than 30% as being ineffective or unsafe.

    “Apart from the apps on their respective whitelists, the risky ‘AV apps’ block almost all other apps, regardless of whether they were installed from the official Google Play Store or not. Some of them do not even bother to add their own packages to their whitelists, causing them to report their own app.”

    https://www.av-comparatives.org/tests/android-test-2019-250-apps/

    Reply
  27. Tomi Engdahl says:

    How BOV hackers got away with €13 million
    Phishing e-mails did the job… and bank still doesn’t know how long hackers had access
    https://www.timesofmalta.com/articles/view/20190225/local/how-bov-hackers-got-away-with-13-million.702800

    Hackers posed as the French stock market regulator to break into Bank of Valletta’s IT systems and walk away with millions of euros, Maltese and European authorities believe.

    The group, dubbed EmpireMonkey by investigators, carried out a €13 million heist from the bank on February 13, which led BOV to temporarily take its services offline.

    Reply
  28. Tomi Engdahl says:

    McAfee: Oops, our bad. Sharpshooter malware was the Norks’ Lazarus Group the whole time
    Access to C’n’C server data shows state hackers weren’t smart enough for false flags
    https://www.theregister.co.uk/2019/03/04/sharpshooter_malware_campaign_lazarus_group_mcafee/

    McAfee (the antivirus firm, not John the dodgy “playboy”) reckons the Sharpshooter malware campaign it uncovered in late 2018 is the work of North Korean hacking crew the Lazarus Group.

    Thanks to data from a command-and-control server that was “provided to McAfee for analysis by a government entity that is familiar with McAfee’s published research on this malware campaign”, researchers were able to link Sharpshooter to earlier Lazarus Group activity from 2017.

    The latest malware effort appears, according to McAfee, to be focused on “finance, government and critical infrastructure around the globe, primarily in Germany, Turkey, UK and the US”.

    Reply
  29. Tomi Engdahl says:

    What today links Gmail, Google Drive, YouTube, Facebook, Instagram – apart from being run by monopolistic personal data harvesters?
    They all fell over, fears of massive DDoS denied
    https://www.theregister.co.uk/2019/03/13/google_facebook_outage/

    Reply
  30. Tomi Engdahl says:

    Cisco Talos Honeypot Analysis Reveals Rise in Attacks on Elasticsearch Clusters
    https://blog.talosintelligence.com/2019/02/cisco-talos-honeypot-analysis-reveals.html

    Reply
  31. Tomi Engdahl says:

    This Guy is Hacking Printers to Warn About Job-Stealing AI
    https://futurism.com/hacking-printers-warn-job-stealing-ai/

    The “warning” also includes a coupon for his partner’s courses.

    Reply
  32. Tomi Engdahl says:

    Beto O’Rourke’s secret membership in America’s oldest hacking group
    https://www.reuters.com/investigates/special-report/usa-politics-beto-orourke/

    Reply
  33. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    McAfee research: 100+ unique exploits are using the recently disclosed code-execution vulnerability in WinRAR, a file compression app, to infect Windows users — As expected, the recent WinRAR vulnerability is now being abused en-masse by multiple threat actors.

    ’100 unique exploits and counting’ for latest WinRAR security bug
    https://www.zdnet.com/article/100-unique-exploits-and-counting-for-latest-winrar-security-bug/

    As expected, the recent WinRAR vulnerability is now being abused en-masse by multiple threat actors.

    Reply
  34. Tomi Engdahl says:

    PuTTY just released v0.71 that fixes some security issues found during EU bug bounty earlier this year.
    Time to check

    Reply
  35. Tomi Engdahl says:

    Car Alarm Hacks 3 Million Vehicles
    https://hackaday.com/2019/03/08/car-alarm-hacks-3-million-vehicles/

    Pen testing isn’t about evaluating inks. It is short for penetration testing — someone ensuring a system’s security by trying to break in or otherwise attack it. A company called Pen Test Partners made the news last week by announcing that high-end car alarm systems made by several vendors have a critical security flaw that could make the vehicles less secure. They claim about three million vehicles are affected.

    https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/

    Reply
  36. Tomi Engdahl says:

    Mariella Moon / Engadget:
    Microsoft starts testing Windows Defender Application Guard extensions, which open untrusted web pages in a virtual container, for Chrome and Firefox — Microsoft has developed and started testing Windows Defender Application Guard extensions for both Chrome and Firefox to better protect enterprise PCs.

    Microsoft releases Windows Defender extensions for Chrome and Firefox
    The add-on will still use Edge to open untrusted URLs, though.
    https://www.engadget.com/2019/03/16/windows-defender-extensions-chrome-firefox/?guccounter=1

    Reply
  37. Tomi Engdahl says:

    Android Q Brings New Privacy and Security Features
    https://www.securityweek.com/android-q-brings-new-privacy-and-security-features

    Building on previously introduced features such as file-based encryption, lockdown mode, encrypted backups, Google Play Protect, and more, Android Q brings more control over location access, improved transparency, and better data security (many of the enhancements are part of Google’s Project Strobe).

    In Android Q, for example, apps still need to ask for permission to get location, but users can set different permission levels, such as never, only when the app is in use (running), or all the time (when in the background).

    “To maintain a good user experience, design your app to gracefully handle when your app doesn’t have background location permission or when it doesn’t have any access to location,” Google tells application developers.

    Reply
  38. Tomi Engdahl says:

    Chrome, Firefox Get Windows Defender Application Guard Extensions
    https://www.securityweek.com/chrome-firefox-get-windows-defender-application-guard-extensions

    Microsoft is extending the protection capabilities of Windows Defender Application Guard with the release of browser extensions for Chrome and Firefox.

    The new extensions were designed to automatically redirect untrusted navigations to Windows Defender Application Guard for Microsoft Edge. The extensions check site URLs against a list of trusted domains (defined by enterprise admins) and redirect to an isolated Microsoft Edge session if the site is untrusted.

    Reply
  39. Tomi Engdahl says:

    Slack Introduces Enterprise Key Management Tool
    https://www.securityweek.com/slack-introduces-enterprise-key-management-tool

    Slack on Monday announced the introduction of Enterprise Key Management, an Enterprise Grid add-on feature that gives customers complete control over their encryption keys.

    Slack does encrypt data for all organizations, both while it’s at rest and in transit. However, some organizations, particularly in regulated industries where data protection requirements are more stringent, may want to use their own encryption keys.

    Reply
  40. Tomi Engdahl says:

    New Mirai Variant Targets Enterprise IoT Devices
    https://www.securityweek.com/new-mirai-variant-targets-enterprise-iot-devices

    A recently discovered variant of the infamous Mirai botnet is targeting devices specifically intended for businesses, potentially signaling a focus toward enterprise.

    Best known for the massive attacks on OVH and Dyn in late 2016, Mirai is a Linux malware targeting Internet of Things (IoT) devices in an attempt to ensnare them into botnets capable of launching distributed denial of service (DDoS) attacks.

    Numerous variants of the malware have emerged ever since Mirai’s source code leaked in October 2016, including Wicked, Satori, Okiru, Masuta, and others. One variant observed last year was leveraging an open-source project to become cross-platform and target multiple architectures, including ARM, MIPS, PowerPC, and x86.

    Reply
  41. Tomi Engdahl says:

    Google Open Sources Sandboxed API
    https://www.securityweek.com/google-open-sources-sandboxed-api

    Google on Monday announced that it has made available its Sandboxed API as open source in an effort to make it easier for software developers to create secure products.

    It’s not uncommon for applications to be affected by memory corruption or other types of vulnerabilities that can be exploited for remote code execution and other purposes. Using a sandbox ensures that the code responsible for processing user input can only access the resources it needs to, which mitigates the impact of a flaw by containing the exploit to a restricted environment and preventing it from interacting with other software components.

    “Sandboxed API makes it possible to create security policies for individual software libraries. This concept allows to create reusable and secure implementations of functionality residing within popular software libraries, yet is granular enough to protect the rest of used software infrastructure,” explained members of Google’s ISE Sandboxing team.

    Reply
  42. Tomi Engdahl says:

    EU Adopts New Response Protocol for Major Cyberattacks
    https://www.securityweek.com/eu-adopts-new-response-protocol-major-cyberattacks

    Europol on Monday announced the adoption of a new protocol for how law enforcement authorities in the European Union and beyond will respond to major cross-border cyberattacks.

    The new EU Law Enforcement Emergency Response Protocol should prove useful in case of major attacks such as the ones involving WannaCry and NotPetya malware, which in 2017 hit hundreds of thousands of systems around the world and caused significant losses for many organizations.

    The new protocol, adopted by the Council of the EU, is part of the EU’s Blueprint for Coordinated Response to Large-Scale Cross-Border Cybersecurity Incidents and Crises, and it will be implemented by Europol’s European Cybercrime Centre (EC3). It focuses on rapid assessment, sharing of information, and coordination of the international aspects of an investigation.

    Reply
  43. Tomi Engdahl says:

    Beto O’Rourke ‘Mortified’ Over Articles Written as Teen Member of Cult of the Dead Cow Hacker Group
    https://www.securityweek.com/beto-orourke-mortified-over-articles-written-teen-member-cult-dead-cow-hacker-group

    Democratic presidential candidate Beto O’Rourke expressed regret Friday over writings he contributed as a teenage member of the Cult of the Dead Cow hacker group.

    “I’m mortified to read it now, incredibly embarrassed, but I have to take ownership of my words,” Mr. Rourke said during a podcast taping in Cedar Rapids, Iowa, attendees reported. “Whatever my intention was as a teenager doesn’t matter, I have to look long and hard at my actions, at the language I have used, and I have to constantly try to do better.”

    Reply
  44. Tomi Engdahl says:

    Ukraine Ready to Take on Russian Election Hackers
    https://www.securityweek.com/ukraine-ready-take-russian-election-hackers

    At the headquarters of Ukraine’s SBU security service more than a dozen local and Western security experts watch a simulated foreign cyber attack on several big screens ahead of this month’s presidential vote.

    Reply
  45. Tomi Engdahl says:

    https://www.tivi.fi/Kaikki_uutiset/mysteerimies-purkaa-kiristysohjelmien-salaisuudet-ja-saa-kylmaavia-viesteja-kyberrikollisilta-6761389

    Hated and hunted
    https://www.bbc.co.uk/news/resources/idt-sh/hated_and_hunted_the_computer_virus_malware_ransomware_cracker

    The perilous life of the computer virus
    cracker making powerful enemies online

    Fabian is world renowned for destroying ransomware – the viruses sent out by criminal gangs to extort money.

    Because of this, he lives a reclusive existence, always having to be one step ahead of the cyber criminals.

    He has moved to an unknown location since this interview was carried out.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*