Cyber security news in July 2019

This posting is here to collect cyber security news in July 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

 

237 Comments

  1. Tomi Engdahl says:

    Florida City Fires IT Employee After Paying $460,000 Bitcoin Ransom to Hackers
    https://gizmodo.com/florida-city-fires-it-employee-after-paying-460-000-in-1836031022

    Lake City, Florida paid out a bitcoin ransom worth $460,000 to hackers who disabled the city’s computer systems with sophisticated ransomware last month, hot on the heels of a $600,000 ransom paid out in similar circumstances by Riviera Beach

    the city has fired its director of information technology.

    employee downloaded an infected document they had received via email. That set off a chain of events

    Emotet trojan, which installed itself and subsequently downloaded another trojan called TrickBot and the Ryuk ransomware. Ryuk then spread throughout city systems, locking them down and demanding a ransom.

    city officials reluctantly determined that it would be cheaper and more effective to simply pay off the hackers

    Reply
  2. Tomi Engdahl says:

    Ryuk, Ryuk, Ryuk: Georgia’s courts hit by ransomware
    It looks like another Ryuk ransomware campaign is responsible.
    https://arstechnica.com/information-technology/2019/07/ryuk-ryuk-ryuk-georgias-courts-hit-by-ransomware/

    Reply
  3. Tomi Engdahl says:

    The Pentagon Has A Laser That Can Remotely Identify People By Reading Their Heartbeat
    https://www.iflscience.com/technology/pentagon-laser-can-remotely-identify-people-reading-heartbeat/

    According to MIT Technology Review, a laser has been developed for the Pentagon that can read people’s unique heartbeat signatures, after it was requested by US Special Forces. Code-named Jetson, the device is still in the prototype stage but is already able to read heartbeats from around 200 meters (656 feet) away, even through people’s clothing.

    The Pentagon has a laser that can identify people from a distance—by their heartbeat
    https://www.technologyreview.com/s/613891/the-pentagon-has-a-laser-that-can-identify-people-from-a-distanceby-their-heartbeat/

    While it works at 200 meters (219 yards), longer distances could be possible with a better laser. “I don’t want to say you could do it from space,”

    uses a technique known as laser vibrometry to detect the surface movement caused by the heartbeat. This works though typical clothing like a shirt and a jacket (though not thicker clothing such as a winter coat).

    The most common way of carrying out remote biometric identification is by face recognition. But this needs good, frontal view of the face

    Cardiac signatures are already used for security identification.

    He claims that Jetson can achieve over 95% accuracy under good conditions

    One glaring limitation is the need for a database of cardiac signatures, but even without this the system has its uses

    Reply
  4. Tomi Engdahl says:

    ‘Deepfake’ revenge porn is now illegal in Virginia
    https://techcrunch.com/2019/07/01/deepfake-revenge-porn-is-now-illegal-in-virginia/

    The law, which went into effect Monday, now makes it illegal to share nude photos of videos of someone without their permission— whether they’re real or fake ones. The law also covers photoshopped images or any other kind of fake footage

    Reply
  5. https://www.topmobiletech.com/how-to-fix-headphone-jack-not-working-on-laptop/ says:

    I just like the valuable info you provide for your articles.
    I’ll bookmark your blog and check again here
    regularly. I am slightly sure I will learn many new stuff
    right right here! Good luck for the following!

    Reply
  6. Tomi Engdahl says:

    A Cloudflare outage is impacting sites everywhere
    https://techcrunch.com/2019/07/02/a-cloudflare-outage-is-impacting-sites-everywhere/

    If you’ve been experiencing “502 Bad Gateway” notices all morning, for better or worse, you’re not alone. Cloudflare has been experiencing some major outages this morning, leaving many sites reeling in its wake

    “Massive spike in CPU usage caused primary and backup systems to fall over. Impacted all services. No evidence yet attack related. Shut down service responsible for CPU spike and traffic back to normal levels. Digging in to root cause.”

    Reply
  7. Tomi Engdahl says:

    Face Recognition Surveillance Banned by Second American City
    https://gizmodo.com/face-recognition-surveillance-banned-by-second-american-1835945552

    One day after the biggest police body camera manufacturer in America banned the use of face recognition technology, Somerville, Massachusetts became the second city in the United States to ban the tech after San Francisco broke new ground with a ban last month, Vice reported.

    Reply
  8. Tomi Engdahl says:

    UCLA PROFESSOR STOLE MISSILE SECRETS FOR CHINA, FACES 219 YEARS IN PRISON
    https://www.newsweek.com/ucla-professor-stole-missile-secrets-china-219-years-prison-espionage-1447286

    California-based electrical engineer has been found guilty of attempting to export sensitive military electronics to China and could face more than two centuries behind bars.

    a plot to illegally obtain microchips from an American company and export them to China, where they could be used in a range of military systems including missiles and fighter jets.

    Shih posed as a customer to acquire the hardware—so-called monolithic microwave integrated circuits (MMICs)—from an unnamed U.S. company.

    The MMICs were then shipped to Chinese company called Chengdu GaStone Technology (CGTC), where Shih had previously served as president.

    Reply
  9. Tomi Engdahl says:

    Subcontracting censorship plus no real agreement on defintion – non starter

    EU’s terrorism filter plans: The problems just keep coming
    https://www.zdnet.com/article/eus-terrorism-filter-plans-the-problems-just-keep-coming/

    European authorities have discovered that creating rules to keep terrorist content off the internet is not easy.

    Reply
  10. Tomi Engdahl says:

    https://fossbytes.com/deepnude-app-available-internet-github-youtube-4chan/

    were numerous fake copies on the DeepNude app available on the internet. There are various websites providing alleged Android APK files of the said app. However, the app was only designed for Windows and Linux-based operating systems.

    He took the app offline

    Still, there was a possibility that copies of the original app could be lying down somewhere on the internet and might surface later.

    Reply
  11. Tomi Engdahl says:

    China is installing a secret surveillance app on tourists’ phones
    https://www.vox.com/future-perfect/2019/7/3/20681258/china-uighur-surveillance-app-tourist-phone

    It scans for Quran passages, Dalai Lama photos, and other things the authorities don’t want you to bring into Xinjiang

    Reply
  12. Tomi Engdahl says:

    YouTube’s ‘instructional hacking’ ban threatens computer security teachers
    https://www.theverge.com/2019/7/3/20681586/youtube-ban-instructional-hacking-phishing-videos-cyber-weapons-lab-strike

    YouTube now says takedown of a ‘white hat’ hacking channel was a mistake

    Reply
  13. Tomi Engdahl says:

    spyware found on more than 700 million Android phones
    https://www.cyberscoop.com/android-malware-china-huawei-zte-kryptowire-blu-products/

    More than 700 million Android smartphones, some of which were used in the U.S., carried hidden software that enabled surveillance by tracking user’s movements and communications, a Virginia-based team of security researchers found.

    The firmware, discovered by Kryptowire, was reportedly authored by Chinese startup Shanghai Adups Technology Company. It was largely discovered on disposable and prepaid phones made overseas.

    Reply
  14. Tomi Engdahl says:

    Police face calls to end use of facial recognition software
    https://www.theguardian.com/technology/2019/jul/03/police-face-calls-to-end-use-of-facial-recognition-software

    Analysts find system often wrongly identifies people and could breach human rights law

    Reply
  15. Tomi Engdahl says:

    Lorenzo Franceschi-Bicchierai / VICE:
    Unknown attackers are spamming OpenPGP certificates, breaking a core component of encryption software PGP and showing a fundamental weakness known for a decade

    Someone Is Spamming and Breaking a Core Component of PGP’s Ecosystem
    https://www.vice.com/en_us/article/8xzj45/someone-is-spamming-and-breaking-a-core-component-of-pgps-ecosystem

    A new wave of spamming attacks on a core component of PGP’s ecosystem has highlighted a fundamental weakness in the whole ecosystem.

    Reply
  16. Tomi Engdahl says:

    Bloomberg:
    Sources: Broadcom is in advanced talks to acquire Symantec in a deal that could be reached in weeks; Symantec shares rise 13%+

    Broadcom Is in Advanced Talks to Acquire Symantec
    https://www.bloomberg.com/news/articles/2019-07-02/broadcom-is-said-to-be-in-advanced-talks-to-acquire-symantec

    Broadcom could reach an agreement to buy the Mountain View, California-based company within weeks

    The deal would mark Broadcom’s second big bet in software, following its $18 billion takeover last year of CA Technologies.

    “Symantec would make a perfect fit for the Broadcom portfolio,” Harsh Kumar, an analyst at Piper Jaffray wrote in a note to investors. He said the situation is similar to Broadcom’s CA acquisition, “which ultimately turned out to be extremely successful under the Broadcom umbrella.”

    Reply
  17. Tomi Engdahl says:

    Dan Goodin / Ars Technica:
    D-Link agrees to implement a new security program to settle a 2017 FTC complaint that alleged D-Link left thousands open to well-known attacks

    D-Link agrees to new security monitoring to settle FTC charges
    Agreement settles charges D-Link left users open to critical and widespread threats.
    https://arstechnica.com/information-technology/2019/07/d-link-agrees-to-new-security-monitoring-to-settle-ftc-charges/?mid=1

    Reply
  18. Tomi Engdahl says:

    Youtube’s ban on “hacking techniques” threatens to shut down all of infosec Youtube
    https://boingboing.net/2019/07/03/nobus-r-us.html

    Once upon a time, companies were able to insist — with a straight face — that the real problem with the security defects in their products was the researchers who went public with them, warning customers and users that the products they were trusting were not trustworthy.

    Then came the modern infosec movement, in which hactivists and researchers started to give companies a little grace period before going public, while still rejecting the whole idea of “security through obscurity.”

    Infosec’s watchword is “sunlight is the best disinfectant.” If you want to prove that a product is genuinely defective, it’s not enough to make the claim: you have to back it up with demos that anyone else can replicate — otherwise the companies will straight up call you a liar and assure their customers that there’s nothing to worry about.

    Yesterday, Youtube froze Kody Kinzie’s longrunning Cyber Weapons Lab channel, citing a policy that bans “Instructional hacking and phishing: Showing users how to bypass secure computer systems.”

    The two groups that really benefit from these disclosures are:

    1. Users, who get to know which systems they should and should not trust; and

    2. Developers, who learn from other developers’ blunders and improve their own security.

    Youtube banning security disclosures doesn’t make products more secure, nor will it prevent attackers from exploiting defects

    Reply
  19. Tomi Engdahl says:

    https://nakedsecurity.sophos.com/2019/07/04/open-sesame-zipatos-smart-hub-hacked-to-open-front-doors/

    Zipato’s ZipaMicro Z-Wave smart hub controller offers a simple and relatively cheap way of doing that with the added benefit that it works with all sorts of smart home products – security cameras, sensors, heating controls, light bulbs, and IoT-enabled locks – from third parties.

    Unfortunately, according to Black Marble researchers Chase Dardaman and Jason Wheeler, there’s a catch – the Zipato controller has three critical security flaws which could be used together by hackers to open your home’s doors for you.

    Reply
  20. Tomi Engdahl says:

    Internet group brands Mozilla ‘internet villain’ for supporting DNS privacy feature
    https://techcrunch.com/2019/07/05/isp-group-mozilla-internet-villain-dns-privacy/?tpcc=ECFB2019

    The U.K.’s Internet Services Providers’ Association (ISPA), the trade group for U.K. internet service providers, nominated the browser maker for its proposed effort to roll out the security feature, which they say will allow users to “bypass UK filtering obligations and parental controls, undermining internet safety standards in the U.K.”

    ISPA doesn’t think DNS-over-HTTPS is compatible with the U.K.’s current website blocking regime.

    Under U.K. law, websites can be blocked for facilitating the infringement of copyrighted or trademarked material or if they are deemed to contain terrorist material or child abuse imagery.

    Reply
  21. Tomi Engdahl says:

    Grubhub is using thousands of fake websites to upcharge commission fees from real businesses
    https://www.theverge.com/2019/6/28/19154220/grubhub-seamless-fake-restaurant-domain-names-commission-fees

    Reply
  22. Tomi Engdahl says:

    Huawei cryptographic keys embedded in Cisco’s firmware
    https://www.iot-inspector.com/blog/2019/07/huawei-cryptographic-keys-embedded-in-ciscos-firmware/

    Things happen when they happen. And when developers use third-party or open source libraries in their own product, they may not be aware of potential security issues.

    Reply
  23. Tomi Engdahl says:

    Amazon confirms Alexa customer voice recordings are kept forever
    That is unless you know how to delete them manually.
    https://www.zdnet.com/article/amazon-confirms-alexa-customer-voice-recordings-are-kept-forever/

    Reply
  24. Tomi Engdahl says:

    Don’t Try To Download DeepNude Apps From The Internet, Here’s Why

    https://fossbytes.com/download-deepnude-apk/

    Reply
  25. Tomi Engdahl says:

    Security flaws in a popular smart home hub let hackers unlock front doors
    https://techcrunch.com/2019/07/02/smart-home-hub-flaws-unlock-doors/

    Zipato smart hubs. In new research published Tuesday and shared with TechCrunch, Dardaman and Wheeler found three security flaws which, when chained together, could be abused to open a front door with a smart lock.

    Reply
  26. Tomi Engdahl says:

    Cautionary tale: Hackers hijack phone number, break into man’s Google account, then try to steal $25K
    https://www.androidpolice.com/2019/06/17/cautionary-tale-hackers-hijack-phone-number-break-into-mans-google-account-then-try-to-steal-25k/

    Identity theft via hacking or social engineering is a common problem these days, and the results can quickly spiral out of control, locking you out of the accounts you depend on permanently, as in the case of today’s horror story. A contributor over at ZDNet recently suffered what can only be called a total security meltdown in the space of a week when a hacker gained access to his Google account via a SIM-swap attack.

    Reply
  27. Tomi Engdahl says:

    Pian pelkkä luottokortti ei enää käy verkkokaupassa – Osa kauppiaista ei ole läheskään valmiita uudistukseen, miljardien ostot vaarassa
    https://yle.fi/uutiset/3-10833294

    Reply
  28. Tomi Engdahl says:

    New Silex malware is bricking IoT devices, has scary plans
    Over 2,000 devices have been bricked in the span of a few hours. Attacks still ongoing.
    https://www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/

    Reply
  29. Tomi Engdahl says:

    81% of ‘suspects’ flagged by Met’s police facial recognition technology innocent, independent report says
    https://news.sky.com/story/met-polices-facial-recognition-tech-has-81-error-rate-independent-report-says-11755941

    The force maintains its technology only makes a mistake in one in 1,000 cases, but it uses a different metric for gauging success.

    the report concludes that it is “highly possible” the Met’s usage of the system would be found unlawful if challenged in court

    Reply
  30. Tomi Engdahl says:

    Subcontracting censorship plus no real agreement on defintion – non starter

    EU’s terrorism filter plans: The problems just keep coming
    https://www.zdnet.com/article/eus-terrorism-filter-plans-the-problems-just-keep-coming/

    European authorities have discovered that creating rules to keep terrorist content off the internet is not easy.

    Reply
  31. Tomi Engdahl says:

    Seriously? Cisco put Huawei X.509 certificates and keys into its own switches
    https://www.zdnet.com/article/seriously-cisco-put-huawei-x-509-certificates-and-keys-into-its-own-switches/

    How did cryptographic certificates and keys issued to Huawei end up in Cisco gear?

    Reply
  32. Tomi Engdahl says:

    U.S. Military Satellites Likely Cyber Attacked By China Or Russia Or Both: Report
    https://www.forbes.com/sites/zakdoffman/2019/07/05/u-s-military-satellites-likely-cyber-attacked-by-china-or-russia-or-both-report/

    New research from a leading defense think tank has turned the tables on that theory, suggesting U.S. and NATO command and control systems are themselves open to compromise because of vulnerabilities in the satellite systems carrying mission-critical data. Cyber attacks on satellites “have the potential to wreak havoc on strategic weapons systems and undermine deterrence by creating uncertainty and confusion,”

    The enemy here is not Iran—it does not have the sophistication, it is China and Russia.

    For the Consultative Committee for Space Data Systems, people working in the space industry likely “constitute the weakest link in cyber defense.” But to this, you can add aging IT systems, outdated civilian cyber defenses and typically slack corporate information security across legacy systems. A wide range of vulnerabilities. Highly sophisticated cyber adversaries

    Reply
  33. Tomi Engdahl says:

    UK ISP group names Mozilla ‘Internet Villain’ for supporting ‘DNS-over-HTTPS’
    https://www.zdnet.com/article/uk-isp-group-names-mozilla-internet-villain-for-supporting-dns-over-https/

    UK government and local ISPs are putting the pressure on browsers to drop plans to support DoH protocol

    Reply
  34. Tomi Engdahl says:

    IronPython, darkly: how we uncovered an attack on government entities in Europe
    http://blog.ptsecurity.com/2019/07/ironpython-darkly-how-we-uncovered.html?m=1

    Reply
  35. Tomi Engdahl says:

    Russia Is Disrupting GPS Signals and It’s Spilling into Israel
    The interference is so powerful, it’s been deutsches by the International Space Station.
    https://www.popularmechanics.com/military/weapons/a28250133/russia-gps-signals-israel/

    Reply
  36. Tomi Engdahl says:

    Ubuntu-Maker Canonical’s GitHub Account Gets Hacked
    https://thehackernews.com/2019/07/canonical-ubuntu-github-hacked.html

    An unknown hacker yesterday successfully managed to hack into the official GitHub account of Canonical, the company behind the Ubuntu Linux project and created 11 new empty repositories.
    It appears that the cyberattack was, fortunately, just a “loud” defacement attempt rather than a “silent” sophisticated supply-chain attack that could have been abused to distribute modified malicious versions of the open-source Canonical software.

    Reply
  37. Tomi Engdahl says:

    Google Confirms Apple iPhone Bricking iMessage Bomb
    https://www.forbes.com/sites/daveywinder/2019/07/07/google-confirms-apple-iphone-bricking-imessage-bomb/

    vulnerability in Apple’s iMessage has been found that “bricks” an iPhone and survives hard resets, leaving users having to wipe the device and start factory fresh again.

    The iMessage text bombing zero-day was disclosed by Google Project Zero researcher Natalie Silvanovich, who describes how the malformed message vulnerability can cause a Mac to “crash and respawn.”

    If you haven’t turned on the automatic software update feature in iOS 12, then I recommend that you do. That way you can be sure that issues like the iMessage text bomb iPhone bricker will not impact you

    Reply
  38. Tomi Engdahl says:

    Microsoft Issues Warning For 50M Windows 10 Users
    https://www.forbes.com/sites/gordonkelly/2019/07/06/microsoft-windows-10-upgrade-vpn-warning-upgrade-windows/

    Microsoft has told tens of millions of Windows 10 users that the latest KB4501375 update may break the platform’s Remote Access Connection Manager (RASMAN). And this can have serious repercussions.

    The big one is VPNs.

    Microsoft is stepping up its attempts to push Windows 7 users to Windows 10.

    Reply
  39. Tomi Engdahl says:

    “Activists seeking to use various “secure” chat tools are regularly forced to use the exact same account registration approach used by Telegram — even with its known built-in security vulnerability.”

    This includes the popular chat apps Signal and Whatsapp. Several human rights technologists, and users of the apps, have spoken about the problem with this system design. Consider, for example, Jillian York’s critique of this approach two years ago. And requests for this feature in Signal go back at least as far as 2014. The engineers of these apps cannot feign ignorance.”

    As Hong Kong protesters embrace Telegram, when will the messaging app fix one of its biggest security flaws?
    https://www.hongkongfp.com/2019/07/07/hong-kong-protesters-embrace-telegram-will-messaging-app-fix-one-biggest-security-flaws/

    the mass mobilisation of over a million protestors in Hong Kong who took to the streets last month to voice their opposition to the extradition bill. As a result, Telegram has experienced DDoS attacks hampering the service, and security experts have questioned the strength of Telegram (For instance, Telegram group chats are not encrypted).

    Hong Kong activist, Ivan Ip, was arrested for being the administrator of a 20,000 person Telegram group and was forced by the authorities to provide his phone’s access information. As a result, the 20,000 people participating in a peaceful protest are now readily identifiable to authorities (by their phone numbers), creating a data breach that has the potential to be exponentially more damaging, and long-lasting for the implicated activists, than any of the DDoS attacks Telegram now faces.

    The Security Issue is a System Architecture Problem

    Some digital security experts are asking why activists in Hong Kong would choose to use Telegram (a fairly legitimate question since the chat app has had its security efficacy regularly questioned by experts).

    Telegram and other “secure” chat apps, such as WhatsApp and Signal, have chosen a system design that ignores one of the largest security threats faced by those most in need of secure apps and even enforces the vulnerability.

    First, consider just some of the known options available for secure chat: Signal, WhatsApp, and Telegram all require phone number verification.

    Human rights technologists and some tech-savvy individuals have found strategies to work around this phone number requirement to enable users to mask their identity when using these apps. However, some of the people most in need of such apps don’t have access to the digital resources required to achieve these workarounds (e.g., burner phones and burner SIMs cannot be purchased, or a person has limited financial means, etc.).

    This is a serious question. Doesn’t it make more sense to just fix this engineered security flaw?

    I am fairly confident these software organizations did not intentionally design their systems to incorporate such a significant security flaw. It was likely these system design choices were made to make it easy to adopt the use of these tools, and to easily connect with those you want to chat with. It is understandable and even valuable to make these tools easy to use. The increased use of these apps is a good thing.

    Also, making the type of architectural change needed to fix the flaw on an active system with a large userbase is not simple or cheap.

    Reply
  40. Tomi Engdahl says:

    Microsoft Discovers Fileless Astaroth Trojan Campaign
    https://www.bleepingcomputer.com/news/security/microsoft-discovers-fileless-astaroth-trojan-campaign/#.XSOEdn-DD-g.facebook

    A fileless malware campaign used by attackers to drop the information stealing Astaroth Trojan into the memory of infected computers was detected by Microsoft Defender ATP Research Team researchers.

    Reply
  41. Tomi Engdahl says:

    7-Eleven Japanese customers lose $500,000 due to mobile app flaw
    https://www.zdnet.com/article/7-eleven-japanese-customers-lose-500000-due-to-mobile-app-flaw/

    Hackers exploit 7-Eleven’s poorly Dordogne password reset function to make unwanted charges on 900 customers’ accounts.

    The 7pay mobile app was designed to show a barcode on the phone’s screen when customers reach the 7-Eleven cashier counters. The cashier scans the barcode, and the bought goods are charged to the user’s 7pay app and the customer’s credit or debit cards that have been saved in the account

    However, in a mind-boggling turn of events, the app contained a password reset function that was incredibly poorly designed. It allowed anyone to request a password reset for other people’s accounts, but have the password reset link sent to their email address, instead of the legitimate account owner.

    With so much data about Japanese users lying around the internet from the multitude of past breaches, a hacker only had to compile it and automate an attack.

    And so they did.

    7-ELEVEN PROMISES TO COMPENSATE HACKED 7PAY USERS

    hackers broke into nearly 900 7pay accounts, and made illegal charges worth ¥55 million ($510,000).

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*