Cyber Security News April 2019

This posting is here to collect cyber security news in April 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

402 Comments

  1. Tomi Engdahl says:

    Zack Whittaker / TechCrunch:
    Security researcher finds massive spam operation in an unsecured server, now inactive, which sent 5M+ emails over 10 days that 160K+ people clicked through
    https://techcrunch.com/2019/04/02/inside-a-spam-operation/?guccounter=1

    Reply
  2. Tomi Engdahl says:

    Russia demands access to VPN providers’ servers
    https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html

    10 VPN service providers have been ordered to link their servers in Russia to the state censorship agency by April 26

    Reply
  3. Tomi Engdahl says:

    Facebook asked some users for their email passwords, because why not
    https://arstechnica.com/information-technology/2019/04/facebook-asked-some-users-for-their-email-passwords-because-why-not/

    And two third-party developers left the data from millions of Facebook users exposed in S3 bucket

    Reply
  4. Tomi Engdahl says:

    Are We Sleepwalking Into A Control Society?
    https://medium.com/swlh/are-we-sleepwalking-into-a-control-society-b7156b803ba6

    Urban data is used to trace issues even before they occur. Sounds comforting? That’s unless authorities are going to intervene on our predicted behavior.

    Reply
  5. Tomi Engdahl says:

    Azure AD Password Protection Available, Lowers Spray Attack Risks
    https://www.bleepingcomputer.com/news/security/azure-ad-password-protection-available-lowers-spray-attack-risks/

    The Azure Active Directory (AD) Password Protection feature which blocks commonly used and compromised passwords to dramatically reduce the risks raised by password spray attacks is now generally available.

    While already in public preview since June 2018, Azure AD Password Protection now allows all admins to prevent users of cloud and hybrid environments from picking passwords which are easily guessable or known to have been included in recent data breaches, thus making it a lot harder for malicious actors to abuse them with password spray attacks.

    Reply
  6. Tomi Engdahl says:

    Bashlite IoT Malware Updated with Mining and Backdoor Commands, Targets WeMo Devices
    https://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-iot-malware-updated-with-mining-and-backdoor-commands-targets-wemo-devices/

    We uncovered an updated Bashlite malware designed to add infected internet-of-things devices to a distributed-denial-of-service (DDoS) botnet. Trend Micro detects this malware as Backdoor.Linux.BASHLITE.SMJC4, Backdoor.Linux.BASHLITE.AMF, Troj.ELF.TRX.XXELFC1DFF002, and Trojan.SH.BASHDLOD.AMF. Based on the Metasploit module it exploits, the malware targets devices with the WeMo Universal Plug and Play (UPnP) application programming interface (API).

    This updated iteration of Bashlite is notable. For one, its arrival method is unique in that it doesn’t rely on specific vulnerabilities (e.g., security flaws assigned with CVEs). It instead abuses a publicly available remote-code-execution (RCE) Metasploit module.

    Reply
  7. Tomi Engdahl says:

    Researcher prints ‘PWNED!’ on hundreds of GPS watches’ maps due to unfixed API
    https://www.zdnet.com/article/researcher-prints-pwned-on-hundreds-of-gps-watches-maps-due-to-unfixed-api/

    Over 20 GPS watch models still allow threat actors to track device owners, tinker with watch functions.

    A German security researcher has printed the word “PWNED!” on the tracking maps of hundreds of GPS watches after the watch vendor ignored vulnerability reports for more than a year, leaving thousands of GPS-tracking watches –some of which are used by children and the elderly– open to attackers.

    Speaking at the Troopers 2019 security conference that was held in Heidelberg, Germany, at the end of March, security researcher Christopher Bleckmann-Dreher presented a series of vulnerabilities impacting over 20 models of GPS watches manufactured by Austrian company Vidimensio.

    Back in December 2017, Dreher discovered flaws in the mechanism through which the GPS watches communicate with this backend API server.

    His researcher began after German authorities banned the sale children’s smartwatches with remote-listening capabilities

    Reply
  8. Tomi Engdahl says:

    In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code
    https://thehackernews.com/2019/04/js-sniffers-credit-card-hacking.html

    Reply
  9. Tomi Engdahl says:

    Mystery of the Chinese woman who allegedly tried to sneak into Trump’s Mar-a-Lago with a USB stick of malware
    She faces two federal charges after apparently getting as far as reception
    https://www.theregister.co.uk/2019/04/02/trump_china_malware_usb_stick/

    A Chinese woman was caught sneaking into President Trump’s Mar-a-Lago country club with a thumb drive of malware, it was claimed yesterday.

    Reply
  10. Tomi Engdahl says:

    Ex-Mozilla CTO: US border cops demanded I unlock my phone, laptop at SF airport – and I’m an American citizen
    Techie says he was grilled for three hours after refusing to let agents search his devices
    https://www.theregister.co.uk/2019/04/02/us_border_patrol_search_demand_mozilla_cto/

    Reply
  11. Tomi Engdahl says:

    Ukraine under CyberAttack
    https://pentestmag.com/ukraine-under-cyberattack/

    New cyber attack on the business of Ukraine. Full analysis of the latest version of SmokeBot Loader.

    Reply
  12. Tomi Engdahl says:

    Computer virus alters cancer scan images
    https://www.bbc.com/news/technology-47812475

    A computer virus that can add fake tumours to medical scan images has been created by cyber-security researchers.

    In laboratory tests, the malware altered 70 images and managed to fool three radiologists into believing patients had cancer.

    Not cool. This reminds me an older incident: https://www.wired.com/2008/03/hackers-assault-epilepsy-patients-via-computer/

    Reply
  13. Tomi Engdahl says:

    Bayer contains cyber attack it says bore Chinese hallmarks
    https://www.reuters.com/article/us-bayer-cyber-idUSKCN1RG0NN

    German drugmaker Bayer has contained a cyber attack it believes was hatched in China, the company said, highlighting the risk of data theft and disruption faced by big business.

    “There is no evidence of data theft,” Bayer said in a statement

    “This type of attack points toward the ‘Wicked Panda’ group in China, according to security experts,” the spokesman added

    Reply
  14. Tomi Engdahl says:

    Microsoft Finds Backdoor in Huawei Laptops That Could Give Hackers Access
    https://www.theepochtimes.com/microsoft-finds-backdoor-in-huawei-laptops-that-could-give-hackers-access_2863926.html

    Researchers at U.S. tech giant Microsoft recently revealed that they discovered a backdoor in certain Huawei laptop models that allowed unprivileged users to gain access to all laptop data.

    This vulnerability is similar to the technique DoublePulsar, a malware tool leaked by the hacker group The Shadow Brokers in early 2017. It had infected more than 200,000 computers running on Microsoft Windows software within a few weeks.

    From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw
    https://www.microsoft.com/security/blog/2019/03/25/from-alert-to-driver-vulnerability-microsoft-defender-atp-investigation-unearths-privilege-escalation-flaw/

    Reply
  15. Tomi Engdahl says:

    Xiaomi Vulnerability: When Security Is Not What it Seems
    https://blog.checkpoint.com/2019/04/04/xiaomi-vulnerability-when-security-is-not-what-it-seems/

    Smartphones usually come with pre-installed apps, some of which are useful and some that never get used at all. What a user does not expect, however, is for a preinstalled app to be an actual liability to their privacy and security.

    Check Point Research recently discovered a vulnerability in one of the preinstalled apps in one of the world’s biggest mobile vendors, Xiaomi, which, with almost 8% market share in 2018, ranks third in the mobile phone market. Ironically, it was the pre-installed security app, ‘Guard Provider’, which should protect the phone from malware, which exposes the user to an attack.

    Reply
  16. Tomi Engdahl says:

    540 Million Facebook User Records Found On Unprotected Amazon Servers
    https://thehackernews.com/2019/04/facebook-app-database.html

    First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now…

    …the bad week gets worse with a new privacy breach.

    More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers.

    The exposed datasets do not directly come from Facebook; instead, they were collected and unsecurely stored online by third-party Facebook app developers.

    Reply
  17. Tomi Engdahl says:

    RUSSIAN HACKERS GO FROM FOOTHOLD TO FULL-ON BREACH IN 19 MINUTES
    https://www.wired.com/story/russian-hackers-speed-intrusion-breach/

    Reply
  18. Tomi Engdahl says:

    Microsoft Not Concerned About Disclosed Edge, IE Flaws
    https://www.securityweek.com/microsoft-not-concerned-about-disclosed-edge-ie-flaws

    Microsoft does not seem too concerned about the risk posed by unpatched Internet Explorer and Edge vulnerabilities for which proof-of-concept (PoC) exploits were recently made public.

    Researcher James Lee last week published PoC exploits for same-origin policy (SOP) bypass vulnerabilities affecting Microsoft’s Internet Explorer and Edge web browsers. He said he had reported his findings to the company 10 months ago, but received no reply and the flaws remain unpatched.

    https://www.securityweek.com/poc-exploits-released-unpatched-edge-ie-vulnerabilities

    Reply
  19. Tomi Engdahl says:

    Cisco Patches Router Vulnerabilities Targeted in Attacks
    https://www.securityweek.com/cisco-patches-router-vulnerabilities-targeted-attacks

    Cisco on Thursday announced new patches it has released for the RV320 and RV325 routers to correctly address vulnerabilities that have been targeted in attacks for over two months.

    Reply
  20. Tomi Engdahl says:

    New ‘Xwo’ Malware Looks for Exposed Services, Default Passwords
    https://www.securityweek.com/new-xwo-malware-looks-exposed-services-default-passwords

    A recently identified malware family is actively scanning the Internet for exposed web services and default passwords, AT&T Alien Labs reports.

    The firm that resulted from AT&T’s acquisition of AlienVault calls the new malware Xwo, based on the name of the threat’s primary module.

    Reply
  21. Tomi Engdahl says:

    Hundreds Targeted in Recent Roaming Mantis Campaign
    https://www.securityweek.com/hundreds-targeted-recent-roaming-mantis-campaign

    Hundreds of users have been targeted with malware over the past month as part of attacks that Kaspersky Lab has linked to last year’s Roaming Mantis campaign.

    Reply
  22. Tomi Engdahl says:

    NVIDIA Patches High Severity Flaws in Tegra Drivers
    https://www.securityweek.com/nvidia-patches-high-severity-flaws-tegra-drivers

    NVIDIA this week released security patches to address multiple vulnerabilities in the Tegra Linux Driver Package (L4T), including several flaws assessed with a “high” severity rating.

    Reply
  23. Tomi Engdahl says:

    Computer virus alters cancer scan images
    https://www.bbc.com/news/technology-47812475

    A computer virus that can add fake tumours to medical scan images has been created by cyber-security researchers

    Reply
  24. Tomi Engdahl says:

    Study maps ‘extensive Russian GPS spoofing’
    https://www.bbc.com/news/technology-47786248

    Reply
  25. Tomi Engdahl says:

    Man stole $122m from Facebook and Google by sending them random bills, which the companies dutifully paid
    https://boingboing.net/2019/03/24/evaldas-rimasauskas.html

    Reply
  26. Tomi Engdahl says:

    Researchers find mountains of sensitive data on totalled Teslas in junkyards
    https://boingboing.net/2019/03/30/greentheonly.html

    Reply
  27. Tomi Engdahl says:

    Cybercrime groups continue to flourish on Facebook
    https://techcrunch.com/2019/04/05/talos-facebook-cybercrime-groups/?tpcc=ECFB2019

    You might be surprised what you can buy on Facebook, if you know where to look.

    a wave of Facebook groups dedicated to making money from a variety of illicit and otherwise sketchy online behaviors

    74 groups researchers detected boasted a cumulative 385,000 members.

    Talos found posts openly selling credit card numbers with three-digit CVV codes, some with accompanying photos of the card’s owner.

    Reply
  28. Tomi Engdahl says:

    Airbnb guest found hidden surveillance camera by scanning Wi-Fi network
    https://arstechnica.com/information-technology/2019/04/airbnb-guest-found-hidden-surveillance-camera-by-scanning-wi-fi-network/

    Airbnb initially didn’t ban offender despite rule against undisclosed cameras.

    Reply
  29. Tomi Engdahl says:

    TLS CBC Padding Oracles in 2019
    https://www.tripwire.com/state-of-security/vert/tls-cbc-padding-oracles/

    countless hours studying CBC padding oracle attacks toward the development of a new scan tool called padcheck. Using this tool, I was able to identify thousands of popular domains which could be targeted by an active network adversary (i.e. MiTM) to hijack authenticated HTTPS sessions.

    The underlying vulnerabilities break down into two main categories which I have named Zombie POODLE and GOLDENDOODLE.

    *UPDATE: Padcheck source is now available on GitHub: https://github.com/Tripwire/padcheck

    Reply
  30. Tomi Engdahl says:

    Hackers beat university cyber-defences in two hours
    https://www.bbc.com/news/education-47805451

    A test of UK university defences against cyber-attacks found that in every case hackers were able to obtain “high-value” data within two hours.

    The tests were carried out by “ethical hackers” working for Jisc, the agency providing internet services to the UK’s universities and research centres.

    They were able to access personal data, finance systems and research networks.

    University research projects have been major hacking targets, with more than 1,000 cyber-attacks last year.

    Reply
  31. Tomi Engdahl says:

    The teenage hackers who’ve been given a second chance
    https://www.bbc.com/news/uk-england-devon-46757849

    Step inside the offices of Bluescreen and you’ll find some of the UK’s most talented young hackers, dragged from a world of crime to fight for the other side.

    These computer experts have swapped the confines of their bedrooms for a fairly ordinary looking cyber-security company in Plymouth.

    Bluescreen employs hackers the authorities have deemed worthy of a second chance, who pit their wits against some of the anonymous online criminals they used to see as brothers in arms.

    Reply
  32. Tomi Engdahl says:

    Jason Kint / Nieman Lab:
    Survey: fewer than 50% of US adults expect Google to collect data on users’ activities on its platforms or apps, track personal browsing for ad targeting, more — Numerous privacy scandals over the past couple of years have fueled the need for increased examination of tech companies’ data tracking practices.

    Does Google meet its users’ expectations around consumer privacy? This news industry research says no
    https://www.niemanlab.org/2019/04/does-google-meet-its-users-expectations-around-consumer-privacy-this-news-industry-research-says-no/

    A significant majority of consumers do not expect Google to track their activities across their lives, their locations, on other sites, and on other platforms.

    Reply
  33. Tomi Engdahl says:

    Camera Above the Classroom
    http://www.sixthtone.com/news/1003759/camera-above-the-classroom

    Chinese schools are using facial recognition on students. But should they?

    Jason Todd first discovered his school’s secret on the internet.

    It was late September 2018, less than a month after high school had started. Jason was idly scrolling through his news feed on the Chinese microblogging site Weibo when he saw a trending hashtag — #ThankGodIGraduatedAlready — and clicked it.

    Under the hashtag, someone had posted a photo depicting a bird’s-eye view of a classroom. Around 30 students sat at their desks, facing the blackboard. Their backpacks lay discarded at their feet. It looked like a typical Chinese classroom.

    Reply
  34. Tomi Engdahl says:

    Facebook Got Caught Phishing For Friends
    https://www.eff.org/deeplinks/2019/04/facebook-got-caught-phishing-friends

    Once again, Facebook is in the news for bad security practices, dark design patterns, and secretly reappropriating sensitive data meant for “authentication” to its own ends. Incredibly, this time, the company managed to accomplish all three in one fell swoop.

    Reply
  35. Tomi Engdahl says:

    Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists
    https://www.washingtonpost.com/technology/2019/04/03/hospital-viruses-fake-cancerous-nodes-ct-scans-created-by-malware-trick-radiologists/

    Researchers in Israel created malware to draw attention to serious security weaknesses in medical imaging equipment and networks.

    Reply
  36. Tomi Engdahl says:

    Security flaws found in Xiaomi mobile apps
    https://www.itproportal.com/news/security-flaws-found-in-xiaomi-mobile-apps/

    Built-in security app would allow a hacker to perform a man-in-the-middle attack.

    Reply
  37. Tomi Engdahl says:

    Phishing malware “distribution centre” uncovered
    https://www.itproportal.com/news/phishing-malware-distribution-centre-uncovered/

    Major Amazon-esque distribution facility hidden in plain sight.

    Web servers from the US are being used by hackers to distribute banking trojans, but also to steal information and spread ransomware.

    The company traced almost a dozen different malware types to the servers: Dridex, Gootkit, IcedID, Nymaim, Trickbot, Fareit, Neutrino, AZORult, Gandcrab and Hermes.

    The spokesperson says this type of work allows non-US-based hackers to avoid geoblocks on content from restricted countries (think Iran or North Korea).

    “These findings demonstrate the enduring effectiveness of phishing to spread malware and infect enterprise systems,” the spokesperson continues.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*