Cyber Security News April 2019

This posting is here to collect cyber security news in April 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

402 Comments

  1. Tomi Engdahl says:

    Security flaw in EA’s Origin client exposed gamers to hackers
    https://techcrunch.com/2019/04/16/ea-origin-bug-exposed-hackers/

    The bug affected Windows users with the Origin app installed. Tens of millions of gamers use the Origin app to buy, access and download games.

    Reply
  2. Tomi Engdahl says:

    Tracking Phones, Google Is a Dragnet for the Police
    https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html

    The tech giant records people’s locations worldwide. Now, investigators are using it to find suspects and witnesses near crimes, running the risk of snaring the innocent.

    Reply
  3. Tomi Engdahl says:

    Facial recognition to replace passports, boarding passes at Tampa Intl. Airport
    https://www.wfla.com/news/hillsborough-county/facial-recognition-tech-to-replace-passports-boarding-passes-at-tampa-international/1929518296?fbclid=IwAR167eCu3os85DNnTpNx4sah5K907fYk4Tx6H2CYYkyadGgVVN1cr6wJxR8

    The goal is to replace passports and boarding passes with biometric technology that scans your face before getting on the plane for international travel.

    Reply
  4. Tomi Engdahl says:

    Internet Explorer zero-day lets hackers steal files from Windows PCs
    https://www.zdnet.com/article/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs/

    Microsoft refused to patch issue so security researcher released exploit code online.

    The vulnerability resides in the way Internet Explorer processes MHT files.

    Reply
  5. Tomi Engdahl says:

    ‘NamPoHyu Virus’ Ransomware Targets Remote Samba Servers
    https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/

    Instead of an executable running on a victim’s computer, the attacker is running the ransomware locally and having it remotely encrypt accessible Samba servers.

    Reply
  6. Tomi Engdahl says:

    Leo Kelion / BBC:
    UK government announces that porn websites will have to introduce age-checks by July 15; sites failing to comply will face being blocked by ISPs

    UK to introduce porn age-checks in July
    https://www.bbc.com/news/technology-47960775

    An age-check scheme designed to stop under-18s viewing pornographic websites will come into force on 15 July.

    From that date, affected sites will have to verify the age of UK visitors.

    If they fail to comply they will face being blocked by internet service providers.

    Reply
  7. Tomi Engdahl says:

    Shamima Begum: Why women are terrorism’s secret weapon
    https://www.bbc.com/news/world-47653190

    When women make the news because of terrorism, the focus has often been on their role as victims or as potential allies in countering the threat.

    By contrast, women who take part in and support extremism have sometimes been overlooked.

    Reply
  8. Tomi Engdahl says:

    How Facebook is being used to profile and kill Kenyan ‘gangsters’
    https://www.bbc.com/news/world-africa-47805113

    A suspected death squad operating inside Kenya’s police force is using Facebook to target and kill young men they believe to be gang members, residents of a poor and overcrowded area of the capital have told a public meeting.

    suspected to be criminals, were profiled within various Facebook groups by “gangster hunters”.

    “They profile them on Facebook, after one week or a month they shoot them, and put pictures of their dead bodies on Facebook,” Wilfred Olal from the Dandora Community Justice Centre told the meeting.

    Last November, former police chief Joseph Boinnet had said: “The person behind the Facebook accounts is not a police officer, but [a civilian] passionate about security matters.”

    Reply
  9. Tomi Engdahl says:

    Internet Explorer browser flaw threatens all Windows users
    https://nakedsecurity.sophos.com/2019/04/17/internet-explorer-browser-flaw-threatens-all-windows-users/amp/

    Nearly four years after it was replaced by Edge as Microsoft’s preferred Windows browser, researchers keep finding unpleasant security flaws in Internet Explorer (IE).

    Success would…

    Allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information.

    IE should throw up a security warning, but this could be bypassed

    Reply
  10. Tomi Engdahl says:

    Rare spying platform TajMahal discovered after 5 years
    https://www.thequint.com/news/hot-news/rare-spying-platform-tajmahal-discovered-after-5-years?ch=10&share=cbc4665f

    Researchers with cyber security firm Kaspersky Lab have uncovered a sophisticated spying platform, TajMahal, that has been active for more than five years now and appears to be unconnected to any known threat actors.

    The TajMahal framework features around 80 malicious modules and includes functionality never before seen in an advanced persistent threat, such as the ability to steal information from printer queues and to grab previously seen files from a USB device the next time it reconnects, the researchers said.

    Reply
  11. Tomi Engdahl says:

    Ecuador says hit by 40 million cyber attacks since Assange arrest
    https://news.yahoo.com/ecuador-says-hit-40-million-cyber-attacks-since-224432459.html

    Quito (AFP) – Ecuador said on Monday it has suffered 40 million cyber attacks on the webpages of public institutions since stripping Wikileaks founder Julian Assange of political asylum.

    country had suffered “volumetric attacks” that blocked access to the internet following “threats from those groups linked to Julian Assange.”

    Reply
  12. Tomi Engdahl says:

    Student used ‘USB Killer’ device to destroy $58,000 worth of college computers
    https://www.theverge.com/2019/4/17/18412427/college-saint-rose-student-guilty-usb-killer-destroyed-computers

    The former College of Saint Rose student faces up to 10 years in prison

    Reply
  13. Tomi Engdahl says:

    A new state-backed hacker group is hijacking
    https://techcrunch.com/2019/04/17/sea-turtle-talos-dns-hijack/?tpcc=ECFB2019

    government domains at a phenomenal pace
    The hackers exploit flaws in the domain name system to carry out espionage

    Reply
  14. Tomi Engdahl says:

    Subaru StarLink persistent root code execution.
    https://github.com/sgayou/subaru-starlink-research

    Rooting the latest generation of Harman head units running on newer Subaru vehicles.

    Reply
  15. Tomi Engdahl says:

    Väärinkäytösten ilmiantajat saavat lisäsuojaa – Uudet EU-säännöt suojaavat myös työnantajan kostolta
    https://www.hs.fi/ulkomaat/art-2000006075728.html?share=e3b7b4d534b9ddc4b83384989bf1c225

    Reply
  16. Tomi Engdahl says:

    EU Parliament Takes Up Its Next Attempt To Wipe Out An Open Internet: Terrorist Content Regulation Vote On Wednesday
    https://www.techdirt.com/articles/20190415/17130042019/eu-parliament-takes-up-next-attempt-to-wipe-out-open-internet-terrorist-content-regulation-vote-wednesday.shtml

    if you were worried about the EU Copyright Directive, you should be absolutely terrified about the EU Terrorist Content Regulation, which has continued to march forward with very little attention compared to the Copyright Directive

    Terrorist Content Regulation, starting with the requirement that any site (even a one-person blog somewhere outside of the EU) be required to take down content within an hour of notification by an ill-defined “competent authority,” but also covering other aspects, such as requiring mandatory content filters.

    left in the 1 hour content removal requirement. And the largest group in the EU Parliament, the EPP, has already put forth amendments to bring back all the other bad stuff in the proposal.

    As MEP Julia Reda notes, the EU Parliament will now vote on the Terrorist Content Regulation on Wednesday

    https://juliareda.eu/2019/04/reject-terror-filters/

    Reply
  17. Tomi Engdahl says:

    Why didn’t GPS crash?
    https://www.youtube.com/watch?v=iyz7dSnZItw

    “In the Future the Modernized GPS Navigation (CNAV and MNAV) message has a 13-bit week number, which for all practical purposes solves this ambiguity”

    Fun fact: GPS uses 10 bits to store the week. That means it runs out… oh heck – April 6, 2019
    https://www.theregister.co.uk/2019/02/12/current_gps_epoch_ends/

    Nav gadgets will be Gah, Properly Screwed if you don’t or can’t update firmware

    Reply
  18. Tomi Engdahl says:

    Adblock Plus Filters Can Be Exploited to Run Malicious Code
    https://www.bleepingcomputer.com/news/security/adblock-plus-filters-can-be-exploited-to-run-malicious-code/

    An exploit has been discovered that could allow ad blocking filter list maintainers for the Adblock Plus, AdBlock, and uBlocker browser extensions to create filters that inject remote scripts into web sites.

    With ad blockers having a a user base of over 10 million installs, if malicious scripts were injected it would have a huge impact as they could perform unwanted activity such as stealing cookies, login credentials, causing page redirects, or other unwanted behavior.

    When Adblocker Plus 3.2 was released in 2018, a new filter list option was added called $rewrite.

    Why would a filter maintainer go rogue?

    While there may numerous ways to modify a filter list, Sebastian told BleepingComputer his main concern is a “filter list operators that may perform targeted attacks that are difficult to detect”.

    As many filter list maintainers are volunteers, it’s conceivable that they would add an unwanted filter for numerous reasons.

    Reply
  19. Tomi Engdahl says:

    New Malicious Medical DICOM Image Files Cause HIPAA Headache
    https://www.bleepingcomputer.com/news/security/new-malicious-medical-dicom-image-files-cause-hipaa-headache/

    Malicious DICOM files can be crafted to contain both CT and MRI scan imaging data and potentially dangerous PE executables, a process which can be used by threat actors to hide malware inside seemingly harmless files.

    Reply
  20. Tomi Engdahl says:

    Microsoft Email Hack Shows the Lurking Danger of Customer Support
    https://www.wired.com/story/microsoft-email-hack-outlook-hotmail-customer-support/

    On Friday night, Microsoft sent notification emails to an unknown number of its individual email users—across Outlook, MSN, and Hotmail—warning them about a data breach. Between January 1 and March 28 of this year, hackers used a set of stolen credentials for a Microsoft customer support platform to access account data like email addresses in messages, message subject lines, and folder names inside accounts. By Sunday, it acknowledged that the problem was actually much worse.

    Reply
  21. Tomi Engdahl says:

    EU: No evidence of Kaspersky spying despite ‘confirmed malicious’ classification
    https://www.zdnet.com/article/eu-no-evidence-of-kaspersky-spying-despite-confirmed-malicious-classification/

    European Commission “not in possession of any evidence regarding potential issues related to the use of Kaspersky Lab products.”

    Reply
  22. Tomi Engdahl says:

    Former student destroys 59 university computers using USB Killer device
    https://www.zdnet.com/article/former-student-destroys-59-university-computers-using-usb-killer-device/

    He also destroyed seven computer monitors and computer-enhanced podiums that had open USB slots.

    Reply
  23. Tomi Engdahl says:

    Scranos rootkit expands operations from China to the rest of the world
    https://www.zdnet.com/article/scranos-rootkit-expands-operations-from-china-to-the-rest-of-the-world/

    Rise of new multi-functional rootkit-backdoor-infostealer-adware strain worries researchers.

    A malware operation previously limited to China’s borders has expanded over the past few months to infect users from all over the world, antivirus firm Bitdefender said in a report published today.

    Reply
  24. Tomi Engdahl says:

    Malspam Campaigns Distribute HawkEye Keylogger, Post Ownership Change
    https://threatpost.com/hawkeye-keylogger-malspam-campaigns/143807/

    Reply
  25. Tomi Engdahl says:

    Scranos: New Rapidly Evolving Rootkit-Enabled Spyware Discovered
    https://thehackernews.com/2019/04/scranos-rootkit-spyware.html

    A new powerful rootkit-enabled spyware operation has been discovered wherein hackers are distributing multifunctional malware disguised as cracked software or trojanized app posing as legitimate software like video players, drivers and even anti-virus products.

    Reply
  26. Tomi Engdahl says:

    Adblock Plus filters can be abused to execute malicious code in browsing sessions
    The vendor was not aware of the problem until public disclosure.
    https://www.zdnet.com/article/adblock-plus-filters-can-be-abused-by-hackers-to-execute-malware/

    Reply
  27. Tomi Engdahl says:

    Your Android phone can now double as a security key
    An extra layer of security never hurt anybody, and now you can turn your phone into a physical security key
    https://www.welivesecurity.com/2019/04/16/android-phone-security-key/

    Google has announced that any smartphone running Android 7.0 (Nougat) or later can now be used as a hardware security key for two-factor authentication (2FA).

    Available in beta at the moment, the new feature is intended to provide an additional authentication factor and keep Google account users safe from phishing scams and other attacks that attempt to steal people’s login credentials. It can be used to protect your personal Google accounts, as well as Google Cloud Accounts at work.

    The ultimate account security is now in your pocket
    https://www.blog.google/technology/safety-security/your-android-phone-is-a-security-key/

    Reply
  28. Tomi Engdahl says:

    Spear Phishing Campaign Targets Ukraine Government and Military; Infrastructure Reveals Potential Link to So-Called Luhansk People’s Republic
    https://www.fireeye.com/blog/threat-research/2019/04/spear-phishing-campaign-targets-ukraine-government.html

    Blog >
    Game of Thrones Phishing Scams and How to Avoid Them

    Game of Thrones Phishing Scams and How to Avoid Them
    https://blog.checkpoint.com/2019/04/16/game-of-thrones-phishing-scams-and-how-to-avoid-them/

    Reply
  29. Tomi Engdahl says:

    90% of Infrastructure Security Pros Have Been Hacked in the Last Two Years
    https://www.designnews.com/design-hardware-software/90-infrastructure-security-pros-have-been-hacked-last-two-years/213044111660594?ADTRK=UBM&elq_mid=8200&elq_cid=876648

    According to a report commissioned by Tenable, 62% of respondents said their organizations have suffered multiple attacks.

    Reply
  30. Tomi Engdahl says:

    CVE-2019-0859: A zero-day vulnerability in Windows
    https://www.kaspersky.com/blog/cve-2019-0859-detected/26451/

    What are we dealing with?

    CVE-2019-0859 is a Use-After-Free vulnerability in the system function that handles dialog windows, or more precisely, their additional styles. The exploit pattern found in the wild targeted 64-bit versions of OS, from Windows 7 to the latest builds of Windows 10. Exploitation of the vulnerability allows the malware to download and execute a script written by the attackers, which in the worst-case scenario results in full control over the infected PC.

    Reply
  31. Tomi Engdahl says:

    Patched Windows Zero-Day Provided Full Control Over Vulnerable Systems
    https://www.bleepingcomputer.com/news/security/patched-windows-zero-day-provided-full-control-over-vulnerable-systems/

    A Windows zero-day vulnerability which got patched by Microsoft as part of the company’s April 2019 Patch Tuesday together with 73 other flaws could allow potential attackers to take full control of vulnerable systems.

    The 0-day was actively exploited before patching, with Kaspersky Lab’s researchers Vasiliy Berdnikov and Boris Larin finding an exploit in the wild actively targeting multiple 64-bit versions of Windows, ranging from “Windows 7 to older builds of Windows 10.”

    Reply
  32. Tomi Engdahl says:

    Internet Explorer zero-day lets hackers steal files from Windows PCs
    https://www.zdnet.com/article/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs/

    Microsoft refused to patch issue so security researcher released exploit code online.

    Reply
  33. Tomi Engdahl says:

    Rogue Waves: Preparing the Internet for the Next Mega DDoS Attack
    https://threatpost.com/future-mega-ddos-attacks/143752/

    Why many attack techniques can be reused – but organizations can’t defend against them.

    When you think of a distributed denial-of-service (DDoS) attack at this point in the age of the internet, you might be thinking they’re old news. But when a multi-million-dollar business can be easily taken offline by an unskilled adversary and a $5 rent-a-DDoS service, I would argue that the issue is still very much relevant. Because of this, I decided to take a look at what might be on the horizon for malicious attackers, not in terms of who they’re going to hit next (that’s a game everyone can play but no one wins), but instead how it’s most likely to happen, and possibly from where.

    Reply
  34. Tomi Engdahl says:

    Microsoft Outlook Breach Widens in Scope, Impacting MSN And Hotmail – Report
    https://threatpost.com/microsoft-outlook-breach-msn-hotmail/143772/

    Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support
    https://motherboard.vice.com/en_us/article/ywyz3x/hackers-could-read-your-hotmail-msn-outlook-microsoft-customer-support

    Hackers abused a Microsoft customer support portal that allowed them to read the emails of any non-corporate account.

    Reply
  35. Tomi Engdahl says:

    The Bayrob malware gang’s rise and fall
    https://www.zdnet.com/article/the-bayrob-malware-gangs-rise-and-fall/

    The story of how a talented computer science student and his friends created and ran a multi-million dollar botnet.

    Three Romanians ran an extremely complex online fraud operation along with a massive malware botnet for nine years, made tens of millions of US dollars, but their crime spree is now over, and all three will be heading to prison by the end of August this year.

    Reply
  36. Tomi Engdahl says:

    US-Cert alert! Thanks to a massive bug, VPN now stands for ‘Vigorously Pwned Nodes’
    Multiple providers leaving storage cookies up for grabs
    https://www.theregister.co.uk/2019/04/12/uscert_vpn_alert/

    The US-Cert is raising alarms following the disclosure of a serious vulnerability in multiple VPN services.

    Reply
  37. Tomi Engdahl says:

    ‘Dragonblood’ Vulnerabilities Seep Into WPA3 Secure Wifi Handshake
    A new set of vulnerabilities may put some early adopters of strong Wifi security at greater security risk.
    https://www.darkreading.com/vulnerabilities—threats/dragonblood-vulnerabilities-seep-into-wpa3-secure-wifi-handshake/d/d-id/1334407

    Reply
  38. Tomi Engdahl says:

    Matrix Compromised Through Known Jenkins Flaws
    https://www.infosecurity-magazine.com/news/matrix-compromised-through-known-1/

    Matrix users are encouraged to change their passwords after an unauthorized actor gained access to the servers hosting Matrix.org. Those using IRC bridging are also encouraged to change their NickServ passwords.

    An open network for secure, interoperable, decentralized, real-time communication over IP, Matrix is used across instant messaging, VoIP/WebRTC signaling and internet of things (IoT) communication, according to the company’s website.

    “The rebuilt infrastructure itself is secure, however, and the DNS issue has been solved without further abuse. If you have already changed your password, you do not need to do so again.”

    https://matrix.org/blog/2019/04/11/security-incident/

    Reply
  39. Tomi Engdahl says:

    ‘Land Lordz’ Service Powers Airbnb Scams
    https://krebsonsecurity.com/2019/04/land-lordz-service-powers-airbnb-scams/

    Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “Land Lordz,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings.

    Reply
  40. Tomi Engdahl says:

    A new piece of malware that could endanger the healthcare sector
    https://www.pandasecurity.com/mediacenter/news/new-malware-healthcare-sector/

    The malicious software, which can affect CAT and MRI scanners, is able to add fake cancerous tumors to medical results, fooling doctors, and potentially causing serious problems in medical institutions.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*