Cyber security news in June 2019

This posting is here to collect cyber security news in June 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

 

109 Comments

  1. Tomi Engdahl says:

    The CBP Theft Is Exactly What Privacy Experts Said Would Happen
    https://www.theatlantic.com/technology/archive/2019/06/travelers-images-stolen-attack-cbp/591403/

    The more information the government collects, the more attractive that information is to bad actors.

    Reply
  2. Tomi Engdahl says:

    Mobile Hacking Firm Cellebrite’s New Premium Tool can Hack & Extract Data From All iOS and High-end Android Devices
    https://gbhackers.com/cellebrites-new-premium-tool-ufed-can-hack-all-ios-android-devices/

    Cellebrite released a public statement that they can hack any iOS and High-end Android devices for law enforcement agencies.

    Reply
  3. Tomi Engdahl says:

    How the US Military’s Latest Surveillance Technology Was Inspired by Hollywood
    https://spectrum.ieee.org/tech-talk/aerospace/military/qa-with-eyes-in-the-sky-author-arthur-holland-michel

    A new type of aerial surveillance, enabled by rapid advances in imaging and computing technology, is quietly replacing traditional drone video cameras. Wide-area motion imaging (WAMI) aims to capture an entire city within a single image, giving operators a God-like view in which they can follow multiple incidents simultaneously, and track people or vehicles backward in time.

    Reply
  4. Tomi Engdahl says:

    Facebook lawyer says users ‘have no expectation of privacy’
    https://www.dailydot.com/debug/facebook-lawyer-no-expectation-of-privacy/

    “There is no invasion of privacy at all, because there is no privacy.”

    Reply
  5. Tomi Engdahl says:

    CISA Issues Alert Against BlueKeep Remote Desktop Exploit
    http://offensiveaware.com/index.php/2019/06/18/cisa-issues-alert-against-bluekeep-remote-desktop-exploit/

    a successful remote code execution on a computer running a vulnerable version of Windows 2000

    Reply
  6. Tomi Engdahl says:

    IN COURT, FACEBOOK BLAMES USERS FOR DESTROYING THEIR OWN RIGHT TO PRIVACY
    https://theintercept.com/2019/06/14/facebook-privacy-policy-court/

    The simple act of using Facebook, Snyder claimed, negated any user’s expectation of privacy:

    There is no privacy interest, because by sharing with a hundred friends on a social media platform, which is an affirmative social act to publish, to disclose, to share ostensibly private information with a hundred people, you have just, under centuries of common law, under the judgment of Congress, under the SCA, negated any reasonable expectation of privacy.

    An outside party can’t violate what you yourself destroyed, Snyder seemed to suggest

    Reply
  7. Tomi Engdahl says:

    A Rogue Raspberry Pi Let Hackers Into NASA’s JPL Network
    https://www.extremetech.com/internet/293563-a-rogue-raspberry-pi-let-hackers-into-nasas-jpl-network?source=opera

    A rogue Raspberry Pi helped hackers access NASA JPL systems
    https://www.engadget.com/2019/06/20/nasa-jpl-cybersecurity-weaknesses/

    JPL might have the technology to make Martian rovers, but it’s seriously lacking in cybersecurity measures.

    Investigators looked into the research center’s network security controls after an April 2018 security breach, wherein a Raspberry Pi that was not authorized to be linked to the JPL network was targeted by hackers. The attackers were able to steal 500 megabytes of data from one of its major mission systems

    Diving deeper into the system gave the hackers access to several major missions, including NASA’s Deep Space Network — its network of spacecraft communication facilities. As a result, the security teams of some sensitive programs, such as the Orion Multi-Purpose Crew Vehicle and the International Space Station, have chosen to disconnect from the agency’s network

    Reply
  8. Tomi Engdahl says:

    Florida city pays $600,000 to hackers who seized its computer system
    https://www.cbsnews.com/news/riviera-beach-florida-ransomware-attack-city-council-pays-600000-to-hackers-who-seized-its-computer-system/

    The Riviera Beach City Council voted unanimously this week to pay the hackers’ demands, believing the Palm Beach suburb had no choice if it wanted to retrieve its records, which the hackers encrypted. The council already voted to spend almost $1 million on new computers and hardware

    Reply
  9. Tomi Engdahl says:

    Linux PCs, Servers, Gadgets Can Be Crashed by ‘Ping of Death’ Network Packets
    https://linux.slashdot.org/story/19/06/17/2018227/linux-pcs-servers-gadgets-can-be-crashed-by-ping-of-death-network-packets

    The Register reports that it is possible to crash network-facing Linux servers, PCs, smartphones and tablets, and gadgets, or slow down their network connections, by sending them a series of maliciously crafted packets. It is also possible to hamper FreeBSD machines

    https://www.theregister.co.uk/2019/06/17/linux_tcp_sack_kernel_crash/

    Reply
  10. Tomi Engdahl says:

    It’s Surprisingly Easy to Hack the Precision Time Protocol
    https://spectrum.ieee.org/tech-talk/computing/networks/synchronizing-networks-with-ptp-yields-precision-but-also-vulnerability

    When it comes to synchronizing large and important networks, every microsecond counts, and NTP is not always accurate enough. One of the most effective approach for this is called IEEE 1588-2008 or the Precision Time Protocol (PTP).

    A team of researchers from IBM and Marist College recently identified a remarkably simple but effective way to hack a PTP network.

    The researchers were able to infiltrate the network by “sniffing” out the ANNOUNCE and SYNC packets of the legitimate master clock. Next, they created a rogue master clock.

    The tested slave was unable to recover from this kind of attack.

    Reply
  11. Tomi Engdahl says:

    I thought a ping of death DoS attack was a thing of the past. Boy, I was wrong. Apparently, both FreeBSD & Linux, are affected. Patches are already released. However, I am getting random ssh dropouts since we patched our Linux boxes. Is anyone seeing that? https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

    Reply
  12. Tomi Engdahl says:

    LTE flaws let hackers ‘easily’ spoof presidential alerts
    https://techcrunch.com/2019/06/21/lte-flaws-spoof-presidential-alerts/

    Using off-the-shelf equipment and open-source software, a working exploit made it possible to send a simulated alert to every phone in a 50,000-seat football stadium with little effort, with the potential of causing “cascades of panic,” said researchers at the University of Colorado Boulder in a paper out this week.

    Their attack worked in nine out of 10 tests, they said.

    Last year the Federal Emergency Management Agency sent out the first “presidential alert” test using the Wireless Emergency Alert (WEA) system.

    The researchers said fixing the vulnerabilities would “require a large collaborative effort between carriers, government stakeholders and cell phone manufacturers.”

    Reply
  13. Tomi Engdahl says:

    Trump approved cyber-strikes against Iran’s missile systems
    https://www.washingtonpost.com/world/national-security/with-trumps-approval-pentagon-launched-cyber-strikes-against-iran/2019/06/22/250d3740-950d-11e9-b570-6416efdc0803_story.html?noredirect=on&utm_term=.ccb3e7198ff5#click=https://t.co/Xpfgo2bJUv

    President Trump approved an offensive cyberstrike that disabled Iranian computer systems used to control rocket and missile launches, even as he backed away from a conventional military attack in response to its downing Thursday of an unmanned U.S. surveillance drone, according to people familiar with the matter.

    The administration on Saturday warned industry officials to be alert for cyberattacks originating from Iran.

    Thursday’s strikes against the Revolutionary Guard represented the first offensive show of force since Cyber Command was elevated to a full combatant command in May.

    Reply
  14. Tomi Engdahl says:

    Stuxnet patient zero: Kaspesky Lab identifies worm’s first victims in Iran

    https://www.rt.com/news/205235-stuxnet-kaspersky-iran-companies/

    Reply
  15. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    NASA says it was hacked in April 2018 via an unauthorized Raspberry Pi on the network; hackers had access for nearly a year, stealing Mars mission-related data — NASA described the hackers as an “advanced persistent threat,” a term generally used for nation-state hacking groups.

    NASA hacked because of unauthorized Raspberry Pi connected to its network
    https://www.zdnet.com/article/nasa-hacked-because-of-unauthorized-raspberry-pi-connected-to-its-network/

    NASA described the hackers as an “advanced persistent threat,” a term generally used for nation-state hacking groups.

    Reply
  16. Tomi Engdahl says:

    Nat Levy / GeekWire:
    Leaked Microsoft memo says Slack, AWS, Google Docs, PagerDuty, and even GitHub are prohibited or discouraged from internal use, primarily over security concerns

    No Slack for you! Microsoft puts rival app on internal list of ‘prohibited and discouraged’ software
    https://www.geekwire.com/2019/no-slack-microsoft-puts-rival-app-internal-list-prohibited-discouraged-software/

    Reply
  17. Tomi Engdahl says:

    Warning Issued For Millions Of Microsoft Windows 10 Users
    https://www.forbes.com/sites/gordonkelly/2019/06/22/microsoft-windows-10-problem-warning-dell-diagnostics-security-upgrade-windows/

    estimate is conservative with the number realistically set to be hundreds of millions.

    The flaw lies in PC-Doctor Toolbox, systems analysis software which is rebadged and pre-installed on PCs made by some of the world’s biggest computer retailers, including Dell, its Alienware gaming brand, Staples and Corsair.

    impacts both Windows 10 business and home PCs and enables hackers to gain complete control of your computer.

    Reply
  18. Tomi Engdahl says:

    US struck Iranian military computers this week
    https://www.militarytimes.com/news/your-military/2019/06/23/us-struck-iranian-military-computers-this-week/?utm_medium=social&utm_source=facebook.com&utm_campaign=Socialflow+ARM

    U.S. military cyber forces launched a strike against Iranian military computer systems on Thursday

    attacks, which specifically targeted Iran’s Islamic Revolutionary Guard Corps computer system

    The IRGC, which was designated a foreign terrorist group by the Trump administration earlier this year, is a branch of the Iranian military.

    There was no immediate reaction Sunday morning in Iran to the U.S. claims. Iran has hardened and disconnected much of its infrastructure from the internet after the Stuxnet computer virus

    The cyberattacks are the latest chapter in the U.S. and Iran’s ongoing cyber operations targeting the other.

    In recent weeks, hackers believed to be working for the Iranian government have targeted U.S.

    CrowdStrike shared images of the spear-phishing emails

    cyber experts said they have seen an increase in Iranian hacking efforts.

    “This is not a remote war (anymore),” said Sergio Caltagirone, vice president of threat intelligence at Dragos Inc. “This is one where Iranians could quote unquote bring the war home to the United States.”

    Iran has also shown a willingness to conduct destructive campaigns

    experts say the Iranians would not necessarily immediately exploit any access they gain into computer systems and may seek to maintain future capabilities

    “It’s important to remember that cyber is not some magic offensive nuke you can fly over and drop one day,”

    Reply
  19. Tomi Engdahl says:

    Cloudflare issues affecting numerous sites on Monday AM [Update: fixed]
    https://techcrunch.com/2019/06/24/cloudflare-outage-affecting-numerous-sites-on-monday-am/

    According to Cloudflare, it identified a possible route leak that’s impacting some of the Cloudflare IP ranges

    Reply
  20. Tomi Engdahl says:

    Researchers Send Fake Presidential Alerts to Stadium of 50,000 Using LTE Vulnerability
    https://gizmodo.com/researchers-send-fake-presidential-alerts-to-stadium-of-1835806990

    Researchers figured out a way to exploit the system that sends presidential emergency alerts to our phones, simulating their method on a 50,000 seat football stadium in Colorado with a 90 percent success rate.

    The researchers tested this LTE vulnerability by creating their own malicious cell tower channel using off-the-shelf hardware and open-source software

    Reply
  21. Tomi Engdahl says:

    Global Telecom Carriers Attacked by Suspected Chinese Hackers
    https://www.wsj.com/articles/global-telecom-carriers-attacked-by-suspected-chinese-hackers-11561428003

    Attack targeted 20 people believed to have ties to China across Asia, Europe, Africa and Middle East, according to a cybersecurity firm report

    Hackers believed to be backed by China’s government have infiltrated the cellular networks of at least 10 global carriers, swiping users’ whereabouts, text-messaging records and call logs

    Reply
  22. Tomi Engdahl says:

    Global phone networks attacked by hackers
    https://www.bbc.com/news/technology-48756030

    Hackers targeted mobile phone networks around the world to snoop on specific users, according to a report.

    The level of access they gained to the networks meant they could have shut them down had they wanted to.

    “The hackers used phishing attacks to get privileged access to networks and could potentially have closed them down.”

    Reply
  23. Tomi Engdahl says:

    Hackers hit over a dozen mobile carriers and could shut down networks, researchers find
    https://www.cnet.com/news/hackers-hit-over-a-dozen-mobile-carriers-and-could-shut-down-networks-researchers-find/

    “Hacking a company that has mountains of data that is always updating is the holy grail for an intelligence agency.”

    Reply
  24. Tomi Engdahl says:

    Hackers are stealing years of call records from hacked cell networks
    At least 10 cell networks have been hacked over the past seven years
    https://techcrunch.com/2019/06/24/hackers-cell-networks-call-records-theft/

    Reply
  25. Tomi Engdahl says:

    Security firms demonstrate subdomain hijack exploit vs. EA/Origin
    https://arstechnica.com/information-technology/2019/06/security-firms-demonstrate-subdomain-hijack-exploit-vs-eaorigin/

    Two security firms graphically demonstrate the danger of subdomain hijacking.

    Israeli security firms Check Point and CyberInt partnered up this week to find, exploit, and demonstrate a nasty security flaw that allows attackers to hijack player accounts in EA/Origin’s online games. The exploit chains together several classic types of attacks—phishing, session hijacking, and cross-site scripting—but the key flaw that makes the entire attack work is poorly maintained DNS.

    With the working subdomain, the attacker was able to harvest the authentication token from an existing active EA session before exploiting it directly and in real time.

    According to Alex and Oded, the kind of oversight made here by EA/Origin is depressingly common in large companies. Devops teams don’t talk to infosec teams, neither of them talks to more traditional ops teams that manage core services like company-wide DNS, and mistakes get made.

    Reply
  26. Tomi Engdahl says:

    Karl Bode / VICE:
    Researchers demonstrate how the US Wireless Emergency Alert system, which uses LTE networks, can be easily spoofed with “pirate” cell towers to cause mass panic — With a pirate cell tower, it’s easy to send fake emergency alerts warning of a terrorist attack, nuclear bomb, or other disaster.

    Researchers Demonstrate How U.S. Emergency Alert System Can Be Hijacked and Weaponized
    https://www.vice.com/en_us/article/evy75j/researchers-demonstrate-how-us-emergency-alert-system-can-be-hijacked-and-weaponized

    With a pirate cell tower, it’s easy to send fake emergency alerts warning of a terrorist attack, nuclear bomb, or other disaster.

    Reply
  27. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    Less than a week after ransomware victim Riviera City paid ~$600K, another Florida town, Lake City, votes to pay ~$500K in BTC to ransomware hackers

    Second Florida city pays giant ransom to ransomware gang in a week
    https://www.zdnet.com/article/second-florida-city-pays-giant-ransom-to-ransomware-gang-in-a-week/

    Lake City officials give in and agree to pay nearly $500,000 to ransomware gang.

    Reply
  28. Tomi Engdahl says:

    U.S. cyber attacks on Iranian targets not successful, Iran minister says
    https://www.reuters.com/article/us-mideast-iran-usa-cyber-idUSKCN1TP0B1

    Reply
  29. Tomi Engdahl says:

    Reuters:
    Sources: hackers likely belonging to Five Eyes governments used Regin malware in late 2018 to infiltrate Russian search giant Yandex and spy on users — WASHINGTON/LONDON/SAN FRANCISCO (Reuters) – Hackers working for Western intelligence agencies broke into Russian internet search company Yandex …

    Exclusive: Western intelligence hacked ‘Russia’s Google’ Yandex to spy on accounts – sources
    https://www.reuters.com/article/us-usa-cyber-yandex-exclusive/exclusive-western-intelligence-hacked-russias-google-yandex-to-spy-on-accounts-sources-idUSKCN1TS2SX

    Hackers working for Western intelligence agencies broke into Russian internet search company Yandex (YNDX.O) in late 2018 deploying a rare type of malware in an attempt to spy on user accounts

    The malware, called Regin, is known to be used by the “Five Eyes” intelligence-sharing alliance of the United States, Britain, Australia, New Zealand and Canada

    Western cyberattacks against Russia are seldom acknowledged or spoken about in public.

    Reply
  30. Tomi Engdahl says:

    Wall Street Journal:
    Inside AMD’s battle with the US government over a deal with the supercomputer developer Sugon, which saved AMD but helped China get advanced chip technology

    How a Big U.S. Chip Maker Gave China the ‘Keys to the Kingdom’
    https://www.wsj.com/articles/u-s-tried-to-stop-china-acquiring-world-class-chips-china-got-them-anyway-11561646798

    Advanced Micro Devices revived its fortunes through the deal, and sparked a national-security battle

    Reply
  31. Tomi Engdahl says:

    An 14-year-old’s Internet-of-Things worm is bricking shitty devices by the thousands
    https://boingboing.net/2019/06/25/teenaged-kicks.html

    A hacker calling themself Light Leafon who claims to be a 14-year-old is responsible for a new IoT worm called Silex that targets any Unix-like system by attempting a login with default credentials; upon gaining access, the malware enumerates all mounted disks and writes to them from /dev/random until they are filled, then it deletes the devices’ firewall rules and removes its network config and triggers a restart — this effectively bricks the device, rendering it useless until someone performs the complex dance needed to download and reinstall the device’s firmware.

    Reply
  32. Tomi Engdahl says:

    U.S. cyber attacks on Iranian targets not successful, Iran minister says
    https://mobile.reuters.com/article/amp/idUSKCN1TP0B1

    Reply
  33. Tomi Engdahl says:

    BGP Route Leak Sends European Traffic Via China
    https://www.ciscozine.com/bgp-route-leak-european-traffic-china/

    On Thursday June 6, 2019, traffic destined to some of Europe’s biggest mobile providers was misdirected in a roundabout path through the Chinese-government-controlled China Telecom, in some cases for more than two hours.

    “Swiss data center colocation company AS21217 leaked over 70,000 routes to China Telecom (AS4134) in Frankfurt, Germany. China Telecom then announced these routes on to the global internet redirecting large amounts of internet traffic destined for some of the largest European mobile networks through China Telecom’s network. Impacts were seen by some of Europe’s largest networks in Switzerland, Holland, and France among other countries.”

    Reply
  34. Tomi Engdahl says:

    University attacked by its own vending machines, smart light bulbs & 5,000 IoT devices
    https://www.csoonline.com/article/3168763/university-attacked-by-its-own-vending-machines-smart-light-bulbs-and-5-000-iot-devices.html

    A university, attacked by its own malware-laced soda machines and other botnet-controlled IoT devices, was

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*