This posting is here to collect cyber security news in March 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
490 Comments
Tomi Engdahl says:
Emil Protalinski / VentureBeat:
Google says it removed 2.3B bad ads in 2018, down 28% from 2017 and terminated ~1M bad advertiser accounts, including ~734K publishers and app developers — Around this time of year, Google shares how many “bad ads” it killed the year before. And every year, the number grows. But not this time.
Google killed 2.3 billion ‘bad ads’ in 2018, down 28% from 2017
https://venturebeat.com/2019/03/13/google-killed-2-3-billion-bad-ads-in-2018-down-28-from-2017/
Around this time of year, Google shares how many “bad ads” it killed the year before. And every year, the number grows. But not this time.
“Bad ads” consist of any advertising that violates Google’s advertising policies, including ad fraud, phishing scams, and malware. That includes everything from a one-off accident to a coordinated action by scammers trying to make money.
Tomi Engdahl says:
A world of hurt after GoDaddy, Apple, and Google misissue >1 million certificates
Certificates with 63-bit serial numbers touch off mass revocation blitz.
https://arstechnica.com/information-technology/2019/03/godaddy-apple-and-google-goof-results-in-1-million-misissued-certificates/
A major operational error by GoDaddy, Apple, and Google has resulted in the issuance of at least 1 million browser-trusted digital certificates that don’t comply with binding industry mandates. The number of non-compliant certificates may be double that number, and other browser-trusted authorities are also likely to be affected.
The snafu is the result of the companies’ misconfiguration of the open source EJBCA software package that many browser-trusted authorities use to generate certificates that secure websites, encrypt email, and digitally sign code.
The 63 bits is far off the mark of the required 64 bits and, as such, poses a theoretically unacceptable risk to the entire ecosystem. (Practically speaking, there’s almost no chance of the certificates being maliciously exploited. More about that later.)
The 63 bits is far off the mark of the required 64 bits and, as such, poses a theoretically unacceptable risk to the entire ecosystem. (Practically speaking, there’s almost no chance of the certificates being maliciously exploited. More about that later.)
Almost no chance of exploitation
With all that said, despite the shortcomings of the misissued certificates, there is very little chance their non-compliant entropy can be exploited. Certificates are now generated using SHA256, a modern algorithm that doesn’t have the known vulnerabilities of MD5. The 64-bit requirement, rather, is more a matter of insuring against new attacks that will likely be discovered in the coming decades.
“Our goal is to reissue all the certificates within the next 30 days,” wrote Daymion Reynolds, who is senior director of SSL/PKI security products at GoDaddy. “We have started the revocation process. We have a significant number of customers that use manual methods for managing their certificates, so being agile for them is difficult. We want to keep our customers using https through the entire revocation period. Due to the large number of certificates and the benign nature of the issue, our plan is to revoke in a responsible way.”
Tomi Engdahl says:
Baseline Requirementsfor theIssuance and Management of Publicly-Trusted Certificates
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.6.3.pdf
Tomi Engdahl says:
New Ursnif Variant Targets Japan Packed with New Features
https://www.cybereason.com/blog/new-ursnif-variant-targets-japan-packed-with-new-features
The Ursnif trojan (also known as Gozi ISFB) is one of the most prolific information stealing Trojans
in the cybercrime landscape. Since its reappearance in early 2013, it has been constantly evolving. In 2015, its source code was leaked and made publicly available on Github, which led to further development of the code by different threat actors who improved it and added new features.
Over the past few years, Japan has been among the top countries targeted by Ursnif’s operators.
Tomi Engdahl says:
Kremlin interference in EU vote is likely, says Estonian spy agency
https://www.cyberscoop.com/russia-interference-eu-elections-estonia-intelligence/
Estonia’s foreign intelligence agency says it is “very likely” that the Russian government will try to interfere in the European Union parliamentary elections in May.
The Kremlin’s meddling will likely focus on France, Germany and Italy, which hold the most EU parliamentary seats, in a concerted effort to “secure as many seats as possible for pro-Russian or euro-skeptical political forces,” the Estonian Foreign Intelligence Service said Tuesday in an external security report focused on threats from Russia.
The European Parliament’s status as the only EU institution directly elected by the people makes it a prime target for Russian influence operations, the EFIS said
https://www.valisluureamet.ee/pdf/raport-2019-ENG-web.pdf
Tomi Engdahl says:
The Advanced Persistent Threat files: Lazarus Group
https://blog.malwarebytes.com/threat-analysis/2019/03/the-advanced-persistent-threat-files-lazarus-group/
We’ve heard a lot about Advanced Persistent Threats (APTs) over the past few years. As a refresher, APTs are prolonged, aimed attacks on specific targets with the intention to compromise their systems and gain information from or about that target.
While the targets may be anyone or anything—a person, business, or other organization—APTs are often associated with government or military operations, as they tend to be the organizations with the resources necessary to conduct such an attack. Starting with Mandiant’s APT1 report in 2013, there’s been a continuous stream of exposure of nation-state hacking at scale.
Tomi Engdahl says:
The fourth horseman: CVE-2019-0797 vulnerability
The new zero-day in the Windows OS exploited in targeted attacks
https://securelist.com/cve-2019-0797-zero-day-vulnerability/89885/
Microsoft have just released a patch, crediting Kaspersky Lab researchers Vasiliy Berdnikov and Boris Larin with the discovery
This is the fourth consecutive exploited Local Privilege Escalation vulnerability in Windows we have discovered recently using our technologies. Just like with CVE-2018-8589, we believe this exploit is used by several threat actors including, but possibly not limited to, FruityArmor and SandCat. While FruityArmor is known to have used zero-days before, SandCat is a new APT we discovered only recently. In addition to CVE-2019-0797 and CHAINSHOT, SandCat also uses the FinFisher/FinSpy framework.
Tomi Engdahl says:
Microsoft March 2019 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+March+2019+Patch+Tuesday/24742/
This month we got patches for 64 vulnerabilities. Two of them have been exploited and four have been made public before today.
Both exploited vulnerabilities (CVE-2019-0808 and CVE-2019-0797) affects win32k component on multiple Windows versions, from Windows 7 to 2019, and may lead to privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Tomi Engdahl says:
Mobile Supply Chain Attacks Are More Than Just an Annoyance
https://blog.checkpoint.com/2019/03/13/mobile-supply-chain-attacks-are-more-than-just-an-annoyance/
Mark Twain once wrote there are few things harder to put up with than the annoyance of a good example. He would have had a hard time then putting up with the latest shining example of why it is so necessary to have an advanced security solution installed on your mobile device.
Tomi Engdahl says:
Malspam pushes Emotet with Qakbot as the follow-up malware
https://isc.sans.edu/forums/diary/Malspam+pushes+Emotet+with+Qakbot+as+the+followup+malware/24738/
Tomi Engdahl says:
Inside Tufts University’s grade-hacking case
https://techcrunch.com/2019/03/13/inside-tufts-universitys-grade-hacking-case/
AdChoices
Extra Crunch
Inside Tufts University’s grade-hacking case
Henry Pickavet
@pickavet / 1 day ago
000
Each week, Extra Crunch members have access to conference calls moderated by the TechCrunch writers you read every day. This week, security reporter Zack Whittaker discussed his exclusive report about Tufts University veterinary student Tiffany Filler who was expelled on charges she hacked her grades. Being Canadian and therefore in the U.S. on a student visa, she had to immediately leave the country.
From the transcript:
Firstly, given the legal risks, the potential public relations nightmare, and the ethics behind what looked like a failed due process, why didn’t Tufts hire a third-party forensics team to investigate the incident, especially given the nature of the allegations?
Secondly, how did Tufts decide that the student was to blame for these hacks? Attribution for any hack or cyber attack is often difficult, if not impossible. And the school’s IT department showed no evidence it was qualified to investigate the source of the breaches
Tomi Engdahl says:
Facebook blames a server configuration change for yesterday’s outage
https://techcrunch.com/2019/03/14/facebook-blames-a-misconfigured-server-for-yesterdays-outage/
Facebook has finally released its assessment of what was responsible for yesterday’s massive outage of its Instagram, Messenger, and core Facebook service.
Contrary to the thesis circulating yesterday that it was a route leak, the company said that a server configuration change was to blame.
Tomi Engdahl says:
DARPA Is Building a $10 Million, Open Source, Secure Voting System
https://motherboard.vice.com/en_us/article/yw84q7/darpa-is-building-a-dollar10-million-open-source-secure-voting-system
The system will be fully open source and designed with newly developed secure hardware to make the system not only impervious to certain kinds of hacking, but also allow voters to verify that their votes were recorded accurately.
Tomi Engdahl says:
39% of All Counter-Strike 1.6 Servers Used to Infect Players
https://www.bleepingcomputer.com/news/security/39-percent-of-all-counter-strike-16-servers-used-to-infect-players/
When playing a video game, most people do not worry about getting infected by the their game client. New research, though, shows that’s exactly what is happening when 39% of all existing Counter-Strike 1.6 game servers were trying to infect players through vulnerabilities in the game client.
While Counter-Strike 1.6 is almost 20 years old, there is a still a strong player base and market for game servers to play on. With this demand, hosting providers rent game servers on a monthly basis and offer other services such as a the promotion of a customer’s game server in order to increase their popularit
In a new report by Dr. Web, researchers explain how a developer is utilizing game client vulnerabilities, the Belonard Trojan botnet, and malicious servers to promote the game servers of his customers and enlist more victims to the botnet. At its peak, this botnet grew so large that approximately 39% of the 5,000 Counter-Strike 1.6 servers were malicious in nature and attempting to infect connected players.
Tomi Engdahl says:
Chrome Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
Classification: Severe, Solution: Update, Exploit: Unknown
This update includes 60 security fixes. Below, we highlight fixes that
were contributed by external researchers. Please see the Chrome
Security Page for more information.
Tomi Engdahl says:
Attackers Sending Out Fake CDC Flu Warnings to Distribute GandCrab
https://www.tripwire.com/state-of-security/security-data-protection/attackers-sending-out-fake-cdc-flu-warnings-to-distribute-gandcrab/
An attack begins when a user receives a fake CDC email. The sender field claims that the email came from “Centers for Disease Control and Prevention.” But a closer look reveals the sender to actually be “[email protected],” an email address which has nothing to do with the CDC.
Tomi Engdahl says:
Facebook blames ‘server config change’ for 14-hour outage. Someone run that through the universal liar translator
Is a single tweet enough when millions of people’s communications are affected?
https://www.theregister.co.uk/2019/03/14/facebook_server_configuration/
Tomi Engdahl says:
What today links Gmail, Google Drive, YouTube, Facebook, Instagram – apart from being run by monopolistic personal data harvesters?
They all fell over, fears of massive DDoS denied
https://www.theregister.co.uk/2019/03/13/google_facebook_outage/
Both Google and Facebook suffered outages Wednesday, with the Chocolate Factory leading the way and seemingly fixing its issues just as Zuck’s network became decidedly antisocial.
Tomi Engdahl says:
Malicious Javascript Active on FILA UK and Other Websites
https://www.bleepingcomputer.com/news/security/malicious-javascript-active-on-fila-uk-and-other-websites/
Payment card data of thousands of online shoppers has been stolen at checkout via malicious JavaScript code cybercriminals embedded in seven websites and which continues to collect and deliver the information the crooks.
Tomi Engdahl says:
Beware of Bitcoin Investment Emails Pushing Clipboard Hijackers
https://www.bleepingcomputer.com/news/security/beware-of-bitcoin-investment-emails-pushing-clipboard-hijackers/
Tomi Engdahl says:
Thomas Ricker / The Verge:
Facebook says all of its services are now operational, attributes the downtime to a “server configuration change” — Instagram, WhatsApp, and Facebook all appear to be operating normally — Facebook is reporting all services operational after a prolonged outage that impacted all of the company’s most popular apps.
Facebook returns after its worst outage ever
https://www.theverge.com/2019/3/14/18265185/facebook-instagram-whatsapp-outage-2019-return-back
Instagram, WhatsApp, and Facebook all appear to be operating normally
Tomi Engdahl says:
Threat actors leverage credential dumps, phishing, and legacy email protocols to bypass MFA and breach cloud accounts worldwide
https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols
Proofpoint analyzed over one hundred thousand unauthorized logins across millions of monitored cloud user-accounts and found that:
72% of tenants were targeted at least once by threat actors
40% of tenants had at least one compromised account in their environment
Over 2% of active user-accounts were targeted by malicious actors
15 out of every 10,000 active user-accounts were successfully breached by attackers
Tomi Engdahl says:
Ransomware Attack on Vendor Affects 600,000
Healthcare Billing Services Vendor Notifying Individuals of Potential Data Exposure
https://www.inforisktoday.com/ransomware-attack-on-vendor-affects-600000-a-12164
A ransomware attack last fall on a company that provides billing and other business services to health plans and hospitals resulted in a breach affecting more than 600,000 individuals, according to Michigan state officials.
The incident highlights the difficulty some organizations have in determining whether to report ransomware attacks as breaches to comply with the HIPAA Breach Notification Rule.
More than 600,000 Michigan residents may have had their information compromised in the breach at Detroit-based Wolverine Solutions Group, according to a statement from Michigan Attorney General Dana Nessel and Anita Fox, director of the state’s department of insurance and financial services.
Tomi Engdahl says:
New BitLocker attack puts laptops storing sensitive data at risk
https://www.zdnet.com/article/new-bitlocker-attack-puts-laptops-storing-sensitive-data-at-risk/#ftag=RSSbaffb68
New Zealand security researcher details never-before-seen attack for recovering BitLocker keys.
A security researcher has come up with a new method of extracting BitLocker encryption keys from a computer’s Trusted Platform Module (TPM) that only requires a $27 FPGA board and some open-sourced code.
To be clear, this new BitLocker attack require physical access to a device and will result in the device’s destruction as the attacker needs to hard-wire equipment into the computer’s motherboard.
Nonetheless, the attack yields the desired results and should be considered a threat vector for owners of devices storing highly-valuable information, such as classified materials, proprietary business documents, cryptocurrency wallet keys, or other similarly sensitive data.
Tomi Engdahl says:
Details of Actively Exploited Windows Flaw Made Public
https://www.securityweek.com/details-actively-exploited-windows-flaw-made-public
Researchers from Chinese cybersecurity firm Qihoo 360 have made public technical details that can be used to construct a proof-of-concept (PoC) exploit for CVE-2019-0808, a recently patched Windows vulnerability that has been involved in targeted attacks.
The existence of CVE-2019-0808 was brought to light a week ago when Google’s Threat Analysis Group revealed that it had been exploited alongside CVE-2019-5786, a Chrome vulnerability that the browser’s developers patched on March 1.
Tomi Engdahl says:
WordPress 5.1.1 Patches Remote Code Execution Vulnerability
https://www.securityweek.com/wordpress-511-patches-remote-code-execution-vulnerability
WordPress this week addressed a vulnerability that could allow an unauthenticated attacker to execute code remotely and take over vulnerable websites.
Tomi Engdahl says:
NATO Takes Huawei Security Concerns Seriously: Stoltenberg
https://www.securityweek.com/nato-takes-huawei-security-concerns-seriously-stoltenberg
Security concerns about the role of Huawei in Western 5G telecom infrastructure are to be taken seriously, the head of NATO said Thursday, as Washington steps up pressure on Europe not to use the Chinese firm.
NATO Secretary General Jens Stoltenberg said the 29-member alliance has begun internal consultations on Huawei, which the US says poses a “threat” to Europe.
The US and several other Western nations have shut Huawei out of tenders for the development of super-fast fifth-generation, or 5G, networks, because of the company’s close ties to the Chinese government.
“Some NATO allies have expressed their concerns over Huawei and their role in providing 5G infrastructure. NATO takes these concerns very seriously,” Stoltenberg told reporters.
Tomi Engdahl says:
Many Security Apps on Google Play Inefficient, Fake: Study
https://www.securityweek.com/many-security-apps-google-play-inefficient-fake-study
Antivirus testing firm AV-Comparatives has analyzed 250 security applications for Android offered on Google Play and found that many of them either fail to detect threats or they are simply fake.
Overall, 70 products blocked over 80% of the malware samples and 80 products blocked over 30% with no false positives — AV-Comparatives considers antiviruses that block less than 30% as being ineffective or unsafe.
“Apart from the apps on their respective whitelists, the risky ‘AV apps’ block almost all other apps, regardless of whether they were installed from the official Google Play Store or not. Some of them do not even bother to add their own packages to their whitelists, causing them to report their own app.”
https://www.av-comparatives.org/tests/android-test-2019-250-apps/
Tomi Engdahl says:
How BOV hackers got away with €13 million
Phishing e-mails did the job… and bank still doesn’t know how long hackers had access
https://www.timesofmalta.com/articles/view/20190225/local/how-bov-hackers-got-away-with-13-million.702800
Hackers posed as the French stock market regulator to break into Bank of Valletta’s IT systems and walk away with millions of euros, Maltese and European authorities believe.
The group, dubbed EmpireMonkey by investigators, carried out a €13 million heist from the bank on February 13, which led BOV to temporarily take its services offline.
Tomi Engdahl says:
McAfee: Oops, our bad. Sharpshooter malware was the Norks’ Lazarus Group the whole time
Access to C’n’C server data shows state hackers weren’t smart enough for false flags
https://www.theregister.co.uk/2019/03/04/sharpshooter_malware_campaign_lazarus_group_mcafee/
McAfee (the antivirus firm, not John the dodgy “playboy”) reckons the Sharpshooter malware campaign it uncovered in late 2018 is the work of North Korean hacking crew the Lazarus Group.
Thanks to data from a command-and-control server that was “provided to McAfee for analysis by a government entity that is familiar with McAfee’s published research on this malware campaign”, researchers were able to link Sharpshooter to earlier Lazarus Group activity from 2017.
The latest malware effort appears, according to McAfee, to be focused on “finance, government and critical infrastructure around the globe, primarily in Germany, Turkey, UK and the US”.
Tomi Engdahl says:
What today links Gmail, Google Drive, YouTube, Facebook, Instagram – apart from being run by monopolistic personal data harvesters?
They all fell over, fears of massive DDoS denied
https://www.theregister.co.uk/2019/03/13/google_facebook_outage/
Tomi Engdahl says:
Cisco Talos Honeypot Analysis Reveals Rise in Attacks on Elasticsearch Clusters
https://blog.talosintelligence.com/2019/02/cisco-talos-honeypot-analysis-reveals.html
Tomi Engdahl says:
This Guy is Hacking Printers to Warn About Job-Stealing AI
https://futurism.com/hacking-printers-warn-job-stealing-ai/
The “warning” also includes a coupon for his partner’s courses.
Tomi Engdahl says:
New Zealand Tragedy-Related Scams and Malware Campaigns
https://www.us-cert.gov/ncas/current-activity/2019/03/15/New-Zealand-Related-Scams-and-Malware-Campaigns
Tomi Engdahl says:
Beto O’Rourke’s secret membership in America’s oldest hacking group
https://www.reuters.com/investigates/special-report/usa-politics-beto-orourke/
Tomi Engdahl says:
SimBad: A Rogue Adware Campaign On Google Play
https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/
Tomi Engdahl says:
Catalin Cimpanu / ZDNet:
McAfee research: 100+ unique exploits are using the recently disclosed code-execution vulnerability in WinRAR, a file compression app, to infect Windows users — As expected, the recent WinRAR vulnerability is now being abused en-masse by multiple threat actors.
’100 unique exploits and counting’ for latest WinRAR security bug
https://www.zdnet.com/article/100-unique-exploits-and-counting-for-latest-winrar-security-bug/
As expected, the recent WinRAR vulnerability is now being abused en-masse by multiple threat actors.
Tomi Engdahl says:
PuTTY just released v0.71 that fixes some security issues found during EU bug bounty earlier this year.
Time to check
Tomi Engdahl says:
Car Alarm Hacks 3 Million Vehicles
https://hackaday.com/2019/03/08/car-alarm-hacks-3-million-vehicles/
Pen testing isn’t about evaluating inks. It is short for penetration testing — someone ensuring a system’s security by trying to break in or otherwise attack it. A company called Pen Test Partners made the news last week by announcing that high-end car alarm systems made by several vendors have a critical security flaw that could make the vehicles less secure. They claim about three million vehicles are affected.
https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/
Tomi Engdahl says:
Mariella Moon / Engadget:
Microsoft starts testing Windows Defender Application Guard extensions, which open untrusted web pages in a virtual container, for Chrome and Firefox — Microsoft has developed and started testing Windows Defender Application Guard extensions for both Chrome and Firefox to better protect enterprise PCs.
Microsoft releases Windows Defender extensions for Chrome and Firefox
The add-on will still use Edge to open untrusted URLs, though.
https://www.engadget.com/2019/03/16/windows-defender-extensions-chrome-firefox/?guccounter=1
Tomi Engdahl says:
‘Shameless’ Scammers Seek to Cash in on Christchurch Massacre
https://www.securityweek.com/shameless-scammers-seek-cash-christchurch-massacre
Tomi Engdahl says:
Android Q Brings New Privacy and Security Features
https://www.securityweek.com/android-q-brings-new-privacy-and-security-features
Building on previously introduced features such as file-based encryption, lockdown mode, encrypted backups, Google Play Protect, and more, Android Q brings more control over location access, improved transparency, and better data security (many of the enhancements are part of Google’s Project Strobe).
In Android Q, for example, apps still need to ask for permission to get location, but users can set different permission levels, such as never, only when the app is in use (running), or all the time (when in the background).
“To maintain a good user experience, design your app to gracefully handle when your app doesn’t have background location permission or when it doesn’t have any access to location,” Google tells application developers.
Tomi Engdahl says:
Chrome, Firefox Get Windows Defender Application Guard Extensions
https://www.securityweek.com/chrome-firefox-get-windows-defender-application-guard-extensions
Microsoft is extending the protection capabilities of Windows Defender Application Guard with the release of browser extensions for Chrome and Firefox.
The new extensions were designed to automatically redirect untrusted navigations to Windows Defender Application Guard for Microsoft Edge. The extensions check site URLs against a list of trusted domains (defined by enterprise admins) and redirect to an isolated Microsoft Edge session if the site is untrusted.
Tomi Engdahl says:
Slack Introduces Enterprise Key Management Tool
https://www.securityweek.com/slack-introduces-enterprise-key-management-tool
Slack on Monday announced the introduction of Enterprise Key Management, an Enterprise Grid add-on feature that gives customers complete control over their encryption keys.
Slack does encrypt data for all organizations, both while it’s at rest and in transit. However, some organizations, particularly in regulated industries where data protection requirements are more stringent, may want to use their own encryption keys.
Tomi Engdahl says:
New Mirai Variant Targets Enterprise IoT Devices
https://www.securityweek.com/new-mirai-variant-targets-enterprise-iot-devices
A recently discovered variant of the infamous Mirai botnet is targeting devices specifically intended for businesses, potentially signaling a focus toward enterprise.
Best known for the massive attacks on OVH and Dyn in late 2016, Mirai is a Linux malware targeting Internet of Things (IoT) devices in an attempt to ensnare them into botnets capable of launching distributed denial of service (DDoS) attacks.
Numerous variants of the malware have emerged ever since Mirai’s source code leaked in October 2016, including Wicked, Satori, Okiru, Masuta, and others. One variant observed last year was leveraging an open-source project to become cross-platform and target multiple architectures, including ARM, MIPS, PowerPC, and x86.
Tomi Engdahl says:
Google Open Sources Sandboxed API
https://www.securityweek.com/google-open-sources-sandboxed-api
Google on Monday announced that it has made available its Sandboxed API as open source in an effort to make it easier for software developers to create secure products.
It’s not uncommon for applications to be affected by memory corruption or other types of vulnerabilities that can be exploited for remote code execution and other purposes. Using a sandbox ensures that the code responsible for processing user input can only access the resources it needs to, which mitigates the impact of a flaw by containing the exploit to a restricted environment and preventing it from interacting with other software components.
“Sandboxed API makes it possible to create security policies for individual software libraries. This concept allows to create reusable and secure implementations of functionality residing within popular software libraries, yet is granular enough to protect the rest of used software infrastructure,” explained members of Google’s ISE Sandboxing team.
Tomi Engdahl says:
EU Adopts New Response Protocol for Major Cyberattacks
https://www.securityweek.com/eu-adopts-new-response-protocol-major-cyberattacks
Europol on Monday announced the adoption of a new protocol for how law enforcement authorities in the European Union and beyond will respond to major cross-border cyberattacks.
The new EU Law Enforcement Emergency Response Protocol should prove useful in case of major attacks such as the ones involving WannaCry and NotPetya malware, which in 2017 hit hundreds of thousands of systems around the world and caused significant losses for many organizations.
The new protocol, adopted by the Council of the EU, is part of the EU’s Blueprint for Coordinated Response to Large-Scale Cross-Border Cybersecurity Incidents and Crises, and it will be implemented by Europol’s European Cybercrime Centre (EC3). It focuses on rapid assessment, sharing of information, and coordination of the international aspects of an investigation.
Tomi Engdahl says:
Beto O’Rourke ‘Mortified’ Over Articles Written as Teen Member of Cult of the Dead Cow Hacker Group
https://www.securityweek.com/beto-orourke-mortified-over-articles-written-teen-member-cult-dead-cow-hacker-group
Democratic presidential candidate Beto O’Rourke expressed regret Friday over writings he contributed as a teenage member of the Cult of the Dead Cow hacker group.
“I’m mortified to read it now, incredibly embarrassed, but I have to take ownership of my words,” Mr. Rourke said during a podcast taping in Cedar Rapids, Iowa, attendees reported. “Whatever my intention was as a teenager doesn’t matter, I have to look long and hard at my actions, at the language I have used, and I have to constantly try to do better.”
Tomi Engdahl says:
Ukraine Ready to Take on Russian Election Hackers
https://www.securityweek.com/ukraine-ready-take-russian-election-hackers
At the headquarters of Ukraine’s SBU security service more than a dozen local and Western security experts watch a simulated foreign cyber attack on several big screens ahead of this month’s presidential vote.
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/mysteerimies-purkaa-kiristysohjelmien-salaisuudet-ja-saa-kylmaavia-viesteja-kyberrikollisilta-6761389
Hated and hunted
https://www.bbc.co.uk/news/resources/idt-sh/hated_and_hunted_the_computer_virus_malware_ransomware_cracker
The perilous life of the computer virus
cracker making powerful enemies online
Fabian is world renowned for destroying ransomware – the viruses sent out by criminal gangs to extort money.
Because of this, he lives a reclusive existence, always having to be one step ahead of the cyber criminals.
He has moved to an unknown location since this interview was carried out.