This posting is here to collect cyber security news in July 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
237 Comments
Tomi Engdahl says:
“His logic bomb was apparently discovered when the program glitched while he was on vacation, and he was forced to give employees the password so they could fix it.”
Moral : Don’t go for a vacation when the glitch is about to appear.
A contract programmer faces 10 years in jail for inserting a ‘logic bomb’ into a spreadsheet that caused the company to keep rehiring him
https://www.businessinsider.in/a-contract-programmer-faces-10-years-in-jail-for-inserting-a-logic-bomb-into-a-spreadsheet-that-caused-the-company-to-keep-rehiring-him/amp_articleshow/70354739.cms
Tomi Engdahl says:
Fake PornHub And Google Android Apps Are Actually ‘Russian Spy Tools’
https://www.forbes.com/sites/thomasbrewster/2019/07/24/warning-android-malware-masquerading-as-pornhub-google-and-evernote-is-actually-a-russian-spy-operation/?utm_source=FBPAGE&utm_medium=social&utm_content=2500975919&utm_campaign=sprinklrForbesMainFB#46cbea5d5a3a
Tomi Engdahl says:
Researchers hide data in music – and human ears can’t detect it
https://nakedsecurity.sophos.com/2019/07/17/researchers-hide-data-in-music-and-human-ears-cant-detect-it/
Researchers have developed a way for data to be secretly transferred inside a music track at a usable rate without turning it into unlistenable mush.
While using sound waves as a data carrier is not new, applying the principle to music has always been a challenge because even small distortions made when adding data will be noticed by the human ear.
The technique outlined by Manuel Eichelberger and Simon Tanner of ETH Zurich uses orthogonal frequency-division multiplexing (OFDM) to add data to the musical frequencies humans are less likely to notice whilst avoiding the ones they are sensitive to.
researchers found it was possible to achieve data rates of 300 to 400 bits per second (bps) over distances of up to 24 metres, with a 10% error rate, without affecting the original music when played to a test group of 40 people.
Tomi Engdahl says:
Data protection
‘Anonymised’ data can never be totally anonymous, says study
https://www.theguardian.com/technology/2019/jul/23/anonymised-data-never-be-anonymous-enough-study-finds
Findings say it is impossible for researchers to fully protect real identities in datasets
Tomi Engdahl says:
Tony Romm / Washington Post:
FTC announces a $5B fine against Facebook for repeated privacy violations as part of a settlement that requires federal oversight of its business practices — The settlement between the Federal Trade Commission and Facebook ends a 16-month probe that began after revelations of the tech giant’s entanglement with Cambridge Analytica
https://www.washingtonpost.com/technology/2019/07/24/us-government-issues-stunning-rebuke-historic-billion-fine-against-facebook-repeated-privacy-violations/
Tomi Engdahl says:
Your Android Phone Can Get Hacked Just By Playing This Video
https://thehackernews.com/2019/07/android-media-framework-hack.html?fbclid=IwAR29SrF6ib_xuS_mwZuo4eLtVlqPe9gHUuAHTU7PQB0lMWZafURmCbkBy-o&m=1
a specially crafted innocuous-looking video file can compromise your Android smartphone—thanks to a critical remote code execution vulnerability that affects over 1 billion devices running Android OS between version 7.0 and 9.0 (Nougat, Oreo, or Pie).
The critical RCE vulnerability (CVE-2019-2107) in question resides in the Android media framework, which if exploited, could allow a remote attacker to execute arbitrary code on a targeted device.
gain full control of the device
Google already released a patch earlier this month to address this vulnerability, apparently millions of Android devices are still waiting for the latest Android security update
Android developer Marcin Kozlowski has uploaded a proof-of-concept for this attack on Github.
https://github.com/marcinguy/CVE-2019-2107
Tomi Engdahl says:
How Cybercriminals Break into the Microsoft Cloud
https://www.darkreading.com/cloud/how-cybercriminals-break-into-the-microsoft-cloud/d/d-id/1335314
Microsoft and Trimarc researchers explore the most common attacks against the cloud and effective defenses and mitigation.
Tomi Engdahl says:
Ransomware Attack Cripples Power Company’s Entire Network
https://www.bleepingcomputer.com/news/security/ransomware-attack-cripples-power-company-s-entire-network/
A ransomware attack that hit the South African electric utility City Power from Johannesburg this morning encrypted all its systems, including databases and applications.
Tomi Engdahl says:
Your Android Phone Can Get Hacked Just By Playing This Video
https://thehackernews.com/2019/07/android-media-framework-hack.html
Tomi Engdahl says:
BlueKeep guides make imminent public exploit more likely
https://nakedsecurity.sophos.com/2019/07/26/bluekeep-guides-make-imminent-public-exploit-more-likely/?utm_source=dlvr.it&utm_medium=twitter
A public exploit for Microsoft’s apocalyptic BlueKeep vulnerability is just days away. In fact, for those with deep enough pockets, it’s already here.
To refresh your memory. BlueKeep is a vulnerability in the Remote Desktop Protocol (RDP)
An attacker who exploits it can do two things. First, they can run code remotely on the compromised machine. Secondly, they can use RDP to exploit other machines without any human interaction. That’s a worm, and that’s bad
The problem is exploiting it properly. Getting code to run on targeted machines without crashing them is technically difficult. That’s why, even though Microsoft acknowledged the vulnerability and patched it on 14 May 2019, we haven’t seen BlueKeep worms swarming across the internet yet.
One technical expert released workable exploits, while others posted detailed instructions on how to produce them, this week.
some Python proof-of-concept code,
The exploit runs code on Windows XP, they said, but warned that it would probably crash Windows 7 or Server 2008 machines.
They justified the release of the information by saying that the information is “largely already available within the Chinese hacker community”.
BlueKeep isn’t the only problem facing machines running RDP. Recent research by Sophos showed that criminals are performing massive numbers of simple but effective RDP password guessing attacks every day against internet-facing Windows machines.
https://nakedsecurity.sophos.com/2019/07/01/rdp-bluekeep-exploit-shows-why-you-really-really-need-to-patch/
Tomi Engdahl says:
Marcus Hutchins, malware researcher and ‘WannaCry hero,’ sentenced to supervised release
https://tcrn.ch/2Mj9yWw
Tomi Engdahl says:
Judge Rules No Jail Time for WannaCry ‘Killer’ Marcus Hutchins, a.k.a. MalwareTech
https://thehackernews.com/2019/07/marcus-hutchins-sentenced.html
Marcus Hutchins, better known as MalwareTech, has been sentenced to “time served” and one year of supervised release for developing and selling the Kronos banking malware.
Yes, Hutchins will not go to prison, United States District Judge J.P. Stadtmueller ruled today in Milwaukee County Court, after describing his good work as “too many positives on the other side of the ledger.”
Tomi Engdahl says:
FTC Fines Facebook $5b. There’s 2.38b Facebook users. Your privacy on FB is worth $2.10 and you’ll never see a dime of that money.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/ransomware-attacks-prompt-louisiana-to-declare-state-of-emergency/
Louisiana Governor John Edwards has declared a state of emergency after a wave of ransomware attacks targeted school districts this month. This Emergency Declaration will allow Louisiana state resources and cybersecurity experts to assist local governments in securing their networks.
Tomi Engdahl says:
Cybersecurity Firm Drops Code for the Incredibly Dangerous Windows ‘BlueKeep’ Vulnerability
https://www.vice.com/en_us/article/wjvvvb/cybersecurity-firm-drops-code-for-the-incredibly-dangerous-windows-bluekeep-vulnerability
Tomi Engdahl says:
Mobile malware attacks are booming in 2019: These are the most common threats
https://www.zdnet.com/article/mobile-malware-attacks-are-booming-in-2019-these-are-the-most-common-threats/
Researchers at Check Point warn of a 50% increase in cyberattackers targeting smartphones compared with last year.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2019/07/26/mikaan-ymparisto-ei-ole-immuuni-kyberhyokkayksille/
Tomi Engdahl says:
https://hackingtricksgallery.blogspot.com/2019/07/paypal-phone-vertification-bypass.html?m=1
Tomi Engdahl says:
An exposed password let a hacker access internal Comodo files
https://tcrn.ch/2SJwpvA
A hacker gained access to internal files and documents owned by security company and SSL certificate issuer Comodo by using an email address and password mistakenly exposed on the internet.
The credentials were found in a public GitHub repository owned by a Comodo software developer. With the email address and password in hand, the hacker was able to log into the company’s Microsoft-hosted cloud services. The account was not protected with two-factor authentication.
Tomi Engdahl says:
Bellingcat journalists targeted by failed phishing attempt
https://tcrn.ch/2JZxL2R
Tomi Engdahl says:
Teenage hackers are offered a second chance under European experiment
https://www.cyberscoop.com/teenage-hackers-police-britain-netherlands/
Police in the U.K. and the Netherlands have created a legal intervention campaign for first-time offenders accused of committing cybercrimes
The average age of an accused cybercriminal is 19 years old
There is an “overrepresentation” of autistic traits in those offenders
Many of those people are motivated to try new tricks online to impress their friends, such as stealing a password with a harmless intent, and don’t have the social context to understand that what they are doing is illegal
push the teenage hacker into a kind of community service that consists of 10 to 20 hours of ethical computer training, and then put them in touch with professionals who can explain possible career paths and point to the best education based on their interests.
In order to qualify for the program, suspects must confess to their actions, not have a remarkable criminal history and be prepared to change their behavior.
There is a stark difference in the European and American approaches to cybercriminal enforcement.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/hackers-inject-multi-gateway-card-skimmer-via-fake-google-domains/
Tomi Engdahl says:
What to do when Customs asks for your social-media account info
https://the-parallax.com/2019/06/12/what-to-do-customs-social-media/
Tomi Engdahl says:
NSA aims to up its cybersecurity game
It’s setting up a Cybersecurity Directorate to help it work better with the likes of Homeland Security and the FBI.
https://www.cnet.com/news/nsa-to-unveil-a-cybersecurity-directorate-report-says/
Tomi Engdahl says:
Cyber Warning For OS Inside 2 Billion Industrial, Medical And Enterprise IoT Devices
https://www.forbes.com/sites/zakdoffman/2019/07/29/warning-as-2-billion-medical-industrial-and-enterprise-iot-devices-at-risk-of-attack/
A team of security researchers at California-based Armis has disclosed the discovery of 11 zero-day vulnerabilities in one of the world’s most widely used IoT operating systems. VxWorks is so common, in fact, that it powers more than 2 billion devices around the world, including medical equipment, firewalls, elevators and industrial machinery. Armis describes VxWorks as “the most widely used operating system you have likely never heard about.”
Armis has estimated that the vulnerabilities expose around 200 million of the devices carrying the VxWorks OS to the potential risk of attack.
A spokesperson for Wind River, the company behind VxWorks, disputed this and told me the number is not that high:
.
Tomi Engdahl says:
https://www.zdnet.com/article/siemens-contractor-pleads-guilty-to-planting-logic-bomb-in-company-spreadsheets/
Tomi Engdahl says:
https://www.bloomberg.com/news/articles/2019-07-11/mercedes-thieves-showed-just-how-vulnerable-car-sharing-can-be
Tomi Engdahl says:
Exclusive: Hack Breaks Your Visa Card’s Contactless Limit For Big Frauds
https://www.forbes.com/sites/thomasbrewster/2019/07/29/exclusive-hackers-can-break-your-credit-cards-30-contactless-limit/
Think that £30 limit on contactless payments is going to protect you from big thefts? Think again.
Tomi Engdahl says:
Kiristäjät vaativat lunnaita Kokemäen kaupungilta – haittaohjelma pisti kaupungin verkon polvilleen
https://yle.fi/uutiset/3-10899982
Tomi Engdahl says:
Update to iOS 12.4 right away
https://www.kaspersky.com/blog/ios-critical-vulnerabilities-124/27778/
Updating your iPhone’s or iPad’s operating system as soon as the new version comes out is always a good idea — almost every new version of iOS contains fixes for some bugs that have been found in previous ones. But this time it might be even more crucial: iOS 12.4 fixes severe vulnerabilities in iMessage that can be exploited without any user interaction.
Tomi Engdahl says:
To Spot MDMA Users, Festivals May Soon Roll Out Thermal Cameras
https://merryjane.com/news/to-spot-mdma-users-festivals-may-soon-roll-out-thermal-cameras
Festival organizers claim that thermal cameras may help them find MDMA users who are dangerously overheating, but surveillance in the name of safety is often used against us
Tomi Engdahl says:
US warns small planes are vulnerable to hacking
https://nypost.com/2019/07/31/us-warns-small-planes-are-vulnerable-to-hacking/?utm_campaign=iosapp&utm_source=facebook_app
The Department of Homeland Security issued a security alert Tuesday for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft.
The cybersecurity firm, Rapid7, found that an attacker could potentially disrupt electronic messages transmitted across a small plane’s network, for example by attaching a small device to its wiring, that would affect aircraft systems.
Engine readings, compass data, altitude and other readings “could all be manipulated to provide false measurements to the pilot,” according to the DHS alert.
The warning reflects the fact that aircraft systems are increasingly reliant on networked communications systems, much like modern cars. The auto industry has already taken steps to address similar concerns after researchers exposed vulnerabilities.
Tomi Engdahl says:
The hacker who cracked into Capital One—gaining access to more than 100 million credit cards—may have unleashed havoc on many more companies.
http://on.forbes.com/6186ELXpg
Tomi Engdahl says:
‘Our task was to set Americans against their own government’: New details emerge about Russia’s trolling operation
https://www.businessinsider.com/former-troll-russia-disinformation-campaign-trump-2017-10?fbclid=IwAR27qpOE9jPKoqj7yimXXIqG9Vn-mkP36u__8aaGGhI-5Gz5PedvEpO6gcw&utm_medium=referral&utm_content=topbar&utm_term=desktop&referrer=facebook&r=US&IR=T
The Russian desk operated bots and trolls that used fake social-media accounts to flood the internet with pro-Trump messages and made-up news.
The foreign desk was more sophisticated, with trolls required to learn the nuances of American politics to best “rock the boat” on divisive issues.
“Our task was to set Americans against their own government,” Maxim said, “to provoke unrest and discontent.”
Tomi Engdahl says:
DOD workers bought thousands of Chinese electronics vulnerable to hacks, spying
https://www.rollcall.com/news/policy/pentagon-dod-workers-bought-thousands-of-hackable-chinese-electronics-spy
More than 9,000 commercially available products could be used to spy on or hack U.S. military personnel and facilities
Tomi Engdahl says:
New Research: Investigating and Reversing Avionics CAN Bus Systems
https://blog.rapid7.com/2019/07/30/new-research-investigating-and-reversing-avionics-can-bus-systems/
This paper examines the security (or lack thereof) in CAN bus networks, specifically as they are implemented in small aircraft.
CAN bus for aviation. After all, it’s inexpensive, easy to connect (just two wires), EMI-resistant, and it’s rapidly becoming the de-facto standard network that connects electronically controlled sensors and actuators in all sorts of vehicles, aircraft included
How secure are CAN bus avionics systems?
Unfortunately, it looks like the avionics sector is lagging in network security when it comes to CAN bus, and I think part of the reason is the heavy reliance on the physical security of airplanes.
Think about it: If you felt like your internal LAN was totally and completely untouchable by attackers, you probably wouldn’t worry much about software patching or password management. Of course, LANs aren’t impregnable, and neither are CAN bus networks, so we’re worried about this mindset when it comes to avionics security.
the security implications of deploying CAN bus have been much discussed in the automotive industry
https://www.rapid7.com/research/report/investigating-can-bus-network-integrity-in-avionics-systems/
Tomi Engdahl says:
Cyberattack On LAPD Confirmed: Data Breach Impacts Thousands Of Officers
https://www.forbes.com/sites/zakdoffman/2019/07/30/lapd-cyberattack-police-department-confirms-it-has-been-hacked/#155677aa14be
The Los Angeles Police Department has confirmed that it has been hacked, with the personal information of at least 20,000 people exposed.