Cyber security news August 2019

This posting is here to collect cyber security news in August 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

 

273 Comments

  1. Tomi Engdahl says:

    Microsoft has issued a critical warning across all versions of its platforms, including every version of Windows 10, and told users they must act now.

    https://www.forbes.com/sites/gordonkelly/2019/08/13/microsoft-windows-10-upgrade-new-bluekeep-critical-warning-upgrade-windows/

    https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/

    Let’s see:

    Wormable: yes
    Exploit likelihood: moderate
    Skill to exploit: unknown but assumed intermediate based on previous exploits
    Impact: Severe
    Public POC: no
    Public Exploit: no
    Access level: network
    Unauthenticated: yes
    CVSS: 9.7
    Mitigations: moderately effective

    Enabling NLA can moderately deter by requiring creds but if you can Mimikatz the machine that’s a useless compensating control.

    Reply
  2. Tomi Engdahl says:

    Biostar security software ‘leaked a million fingerprints’
    https://www.bbc.co.uk/news/technology-49343774

    Researchers working with cyber-security firm VPNMentor managed to access data from a security tool called Biostar 2.

    Reply
  3. Tomi Engdahl says:

    https://thehackernews.com/2019/08/windows-rdp-wormable-flaws.html?m=1

    Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to the recently patched ‘BlueKeep’ RDP vulnerability.
    Discovered by Microsoft’s security team itself, all four vulnerabilities, CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226, can be exploited by unauthenticated, remote attackers to take control of an affected computer system without requiring any user interaction.

    the vulnerabilities reside in Remote Desktop Services—formerly known as Terminal Services—could be exploited by unauthenticated, remote attackers by sending specially crafted requests over RDP protocol to a targeted system.

    Microsoft also says that the company has found “no evidence that these vulnerabilities were known to any third party,” or being exploited in the wild.

    If left unpatched, these security vulnerabilities could allow attackers to spread wormable malware

    Microsoft August 2019 Patch Tuesday Updates
    Besides these four critical security flaws, Microsoft has also patched 89 vulnerabilities as part of the company’s monthly batch of software security updates for August, 25 of which are rated critical and 64 important in severity.

    Reply
  4. Tomi Engdahl says:

    This data leak strikes at the heart of one of the big fears and criticism about biometrics: You can change your username and password with a couple of clicks. Your face and fingerprints are forever.

    https://www.technologyreview.com/f/614163/data-leak-exposes-unchangeable-biometric-data-of-over-1-million-people/?utm_medium=tr_social&utm_campaign=site_visitor.unpaid.engagement&utm_source=Facebook#Echobox=1565802376

    Reply
  5. Tomi Engdahl says:

    We checked and yup, it’s no longer 2001. And yet you can pwn a Windows box via Notepad.exe
    Google guru shows how WinXP-era text code grants total control
    https://www.theregister.co.uk/2019/08/13/windows_notepad_flaw/

    Patch Tuesday Software buried in Windows since the days of WinXP can be abused to take complete control of a PC with the help of good ol’ Notepad and some crafty code.

    system’s Text Services Framework, which manages keyboard layouts and text input, could be exploited by malware or rogue logged-in users to gain System-level privileges.

    The flaw, designated CVE-2019-1162, is patched in this month’s Patch Tuesday release of security fixes from Microsoft. The relevant update should be installed as soon as possible.

    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1162

    Reply
  6. Tomi Engdahl says:

    https://www.latimes.com/california/story/2019-08-12/facial-recognition-software-mistook-1-in-5-california-lawmakers-for-criminals-says-aclu

    In a recent test, facial recognition software incorrectly matched 26 California legislators with mug shots of people who had been arrested. California is considering banning such software from being used with police body cameras.

    About 1 in 5 legislators was erroneously matched to a person who had been arrested when the ACLU used the software to screen their pictures against a database of 25,000 publicly available booking photos.

    Reply
  7. Tomi Engdahl says:

    Huawei employees reportedly aided African governments in spying
    https://techcrunch.com/2019/08/14/huawei-employees-reportedly-aided-african-governments-in-spying/?tpcc=ECFB2019

    A new report from The Wall Street Journal could be another damning piece of evidence for a company already under a good deal of international scrutiny. The paper is reporting that technicians working for Huawei helped members of government in Uganda and Zambia spy on political opponents.

    https://www.wsj.com/articles/huawei-technicians-helped-african-governments-spy-on-political-opponents-11565793017

    Reply
  8. Tomi Engdahl says:

    This Hacker Made Clothes That Can Confuse Automatic License Plate Readers​
    https://www.vice.com/en_us/article/qvgpvv/adversarial-fashion-clothes-that-confuse-automatic-license-plate-readers

    Designer Kate Rose presented her “adversarial fashion” line of clothing, which introduces garbage data into license plate reader systems, at DEF CON 27

    Reply
  9. Tomi Engdahl says:

    US Cyber Command has publicly posted malware linked to a North Korea hacking group
    https://tcrn.ch/2z0h7tk

    U.S. Cyber Command, the sister division of the National Security Agency focused on offensive hacking and security operations, has released a set of newsamples of malware linked to North Korean hackers.

    The military unit tweeted Wednesday that it had uploaded the malware to VirusTotal, a widely used database for malware and security research.

    https://www.virustotal.com/gui/file/7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1/detection

    Reply
  10. Tomi Engdahl says:

    Why You Should Never Borrow Someone Else’s Charging Cable
    https://www.forbes.com/sites/suzannerowankelleher/2019/08/15/why-you-should-never-borrow-someone-elses-charging-cable/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269

    Protect your charging cables like you protect your passwords, say cybersecurity experts.

    “There are certain things in life that you just don’t borrow,” says Charles Henderson, Global Managing Partner and Head of X-Force Red at IBM Security. “If you were on a trip and realized you forgot to pack underwear, you wouldn’t ask all your co-travelers if you could borrow their underwear. You’d go to a store and buy new underwear.”

    Malicious charging cables aren’t a widespread threat at this time, says Henderson, “Mainly because this kind of attack doesn’t scale real well, so if you saw it, it would be a very targeted attack.”

    Reply
  11. Tomi Engdahl says:

    https://thehackernews.com/2019/08/windows-driver-vulnerability.html?m=1

    If you own a device, or a hardware component, manufactured by ASUS, Toshiba, Intel, NVIDIA, Huawei, or other 15 other vendors listed below, you’re probably screwed.
    A team of security researchers has discovered high-risk security vulnerabilities in more than 40 drivers from at least 20 different vendors that could allow attackers to gain most privileged permission on the system and hide malware in a way that remains undetected over time, sometimes for years.

    Reply
  12. Tomi Engdahl says:

    Trend Micro Patches Privilege Escalation Bug in its Password Manager
    https://www.darkreading.com/vulnerabilities—threats/trend-micro-patches-privilege-escalation-bug-in-its-password-manager/d/d-id/1335525?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

    Organizations should update to latest build as soon as possible, security vendor says.

    Reply
  13. Tomi Engdahl says:

    Antisurveillance clothes foil cameras by making you look like a car
    https://www.cnet.com/news/anti-surveillance-clothes-foil-cameras-by-making-you-look-like-a-car/

    The garments introduced at DefCon are meant to confuse systems that track civilians. Talk about a statement piece.

    Reply
  14. Tomi Engdahl says:

    Timothy B. Lee / Ars Technica:
    Federal judge rules Georgia will have to fall back to paper ballots if it doesn’t replace its electronic voting machines with a secure system for 2020 election

    Judge orders Georgia to switch to paper ballots for 2020 elections
    Judge finds several serious flaws with Georgia’s current election technology.
    https://arstechnica.com/tech-policy/2019/08/judge-bans-insecure-touchscreen-voting-machines-from-georgia-after-2019/

    Election security advocates scored a major victory on Thursday as a federal judge issued a 153-page ruling ordering Georgia officials to stop using its outdated electronic voting machines by the end of the year. The judge accepted the state’s argument that it would be too disruptive to switch to paper ballots for municipal elections being held in November 2019. But she refused to extend that logic into 2020, concluding that the state had plenty of time to phase out its outdated touchscreen machines before then.

    The state of Georgia was already planning to phase out its ancient touchscreen electronic voting machines in favor of a new system based on ballot-marking machines.

    “The court’s ruling recognizes that Georgia’s voting machines are so insecure, they’re unconstitutional,” Halderman said in an email to Ars. “That’s a huge win for election security that will reverberate across other states that have equally vulnerable systems.”

    Reply
  15. Tomi Engdahl says:

    Kaspersky AV injected unique ID that allowed sites to track users, even in incognito mode
    https://arstechnica.com/information-technology/2019/08/kaspersky-av-injected-unique-id-into-webpages-even-in-incognito-mode/

    Feature Kaspersky added in 2015 also made it possible to be ID’d across different browsers.

    Reply
  16. Tomi Engdahl says:

    TRAVEL USA
    Customs computers shut down, causing delays at airports nationwide
    https://abc7ny.com/travel/customs-computers-shut-down-causing-delays-at-airports-nationwide/5472947/

    UCB had attempted to use a backup system, but now, passengers are being processed manually

    The cause of the shutdown is unknown.

    Reply
  17. Tomi Engdahl says:

    Researchers Show How Easy It Is to Hijack an IoT Surveillance Feed
    https://www.securitysales.com/emerging-tech/cybersecurity-tech/researchers-hijack-iot-surveillance-feed/

    Researchers replaced an IP camera’s real-time footage with pre-recorded video, highlighting the dangers of weak encryption.

    Reply
  18. Tomi Engdahl says:

    Customs computer system crash causes nationwide airport delays
    https://nypost.com/2019/08/16/customs-computer-system-crash-causes-nationwide-airport-delays/?utm_campaign=iosapp&utm_source=facebook_app

    The US Customs and Border Protection agency’s computer system experienced a nationwide shutdown Friday — causing major delays and massive lines at airports.

    Reply
  19. Tomi Engdahl says:

    https://knobattack.com/

    The specification of Bluetooth includes an encryption key negotiation protocol that allows to negotiate encryption keys with 1 Byte of entropy without protecting the integrity of the negotiation process. A remote attacker can manipulate the entropy negotiation to let any standard compliant Bluetooth device negotiate encryption keys with 1 byte of entropy and then brute force the low entropy keys in real time.

    Reply
  20. Tomi Engdahl says:

    Facial recognition in King’s Cross prompts call for new laws
    https://www.bbc.co.uk/news/technology-49333352

    There is growing pressure for more details about the use of facial recognition in London’s King’s Cross to be disclosed after a watchdog described the deployment as “alarming”.

    Reply
  21. Tomi Engdahl says:

    How uncertainty in the cyber domain changes war
    https://www.fifthdomain.com/show-reporters/black-hat/2019/08/08/how-uncertainty-in-the-cyber-domain-changes-war/

    Uncertainty clouds the cyber domain. The ability to blur where attacks originated raises questions about how to strike back, while cyber weapons are changing the theory of deterrence.

    Discussions swirl throughout the globe about whether cyberattacks constitute acts of war and whether they warrant a military response. In 2011, the Pentagon decided that they would.

    “It’s very easy to say these things; it’s much more different to do these things,”

    Reply
  22. Tomi Engdahl says:

    OPINION THE WEEKEND INTERVIEW
    An ‘Old-School Hacker’ Fights Cybercrime
    https://www.wsj.com/articles/an-old-school-hacker-fights-cybercrime-11565994214

    After five years in prison, Kevin Mitnick put on a ‘white hat.’ Now he has advice for companies—and for you—about staying safe online.

    Reply
  23. Tomi Engdahl says:

    Karmea moka: Ihmisten tuoreita terveystietoja päätyi tietokoneen mukana kirpputorille – ”Tällä olisi voinut tehdä miljoonavahingot”
    https://www.iltalehti.fi/kotimaa/a/cc7fed80-2d7e-4803-81a7-8427c2d83451

    Reply
  24. Tomi Engdahl says:

    I Tried Hiding From Silicon Valley in a Pile of Privacy Gadgets
    https://www.bloomberg.com/news/features/2019-08-08/i-tried-hiding-from-silicon-valley-in-a-pile-of-privacy-gadgets

    Avoiding digital snoops takes more than throwing money at the problem, but that part can be really fun.

    Reply
  25. Tomi Engdahl says:

    Mobiilimaksuilla laskutettu härskisti kuluttajia – Telia sulki valituksia saaneen palvelun, operaattorit tarkistavat linjauksiaan
    https://yle.fi/uutiset/3-10924793

    http://www.mobiilimaksuinfo.fi/

    Reply
  26. Tomi Engdahl says:

    Cybersecurity conference attendees possibly exposed to IRL virus
    https://mashable.com/article/black-hat-conference-virus-measles.amp?__twitter_impression=true

    Hackers and cybersecurity researchers who attended this year’s annual Black Hat information security conference in Las Vegas found themselves on the receiving end of the wrong kind of security notification. On Thursday, the Southern Nevada Health District issued a warning stating that individuals in Vegas over the course of the conference may have been exposed to measles.

    Reply
  27. Tomi Engdahl says:

    Is your CISO really C-Level ?
    https://pentestmag.com/is-your-ciso-really-c-level/

    There’s a big hype around the title CISO – Chief Information Security Officer.

    From my point of view, not only it is “over used” but also frequently abused

    Reply
  28. Tomi Engdahl says:

    INTRODUCING the Screen Crab and Signal Owl by Hak5 – 2601
    https://www.youtube.com/watch?v=IBn49r8Gw7Y

    Reply
  29. Tomi Engdahl says:

    Judge orders Georgia to switch to paper ballots for 2020 elections
    Judge finds several serious flaws with Georgia’s current election technology.
    https://arstechnica.com/tech-policy/2019/08/judge-bans-insecure-touchscreen-voting-machines-from-georgia-after-2019/

    Reply
  30. Tomi Engdahl says:

    This new cryptojacking malware uses a sneaky trick to remain hidden
    https://www.zdnet.com/article/this-new-cryptojacking-malware-uses-a-sneaky-trick-to-remain-hidden/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d543e77a341320001ab04bb&utm_medium=trueAnthem&utm_source=facebook

    ‘Norman’ cryptomining malware was found to have infected almost every system in one organisation during an investigation by security researchers

    Reply
  31. Tomi Engdahl says:

    Capital One Cyber Staff Raised Concerns Before Hack
    https://www.wsj.com/articles/capital-one-cyber-staff-raised-concerns-before-hack-11565906781

    Cybersecurity employees reported what they saw as staffing issues and other problems to bank’s internal auditors, human-resources department and other senior executives

    Reply
  32. Tomi Engdahl says:

    RIP Hacker Hoodies? Competition Calls for Better Cybersecurity Art
    https://uk.pcmag.com/news/121923/rip-hacker-hoodies-competition-calls-for-better-cybersecurity-art

    BY MICHAEL KAN 1 AUG 2019, 7:49 P.M.
    Got a creative idea on how to visualize cyber conflict, hacking, and privacy? A new contest wants your submission. ‘There is a massive opportunity to improve the ways in which cybersecurity is communicated, taught, and visualized,’ says the contest’s sponsors.

    How might we reimagine a more compelling and relatable visual language for cybersecurity?
    https://www.openideo.com/challenge-briefs/cybersecurity-visuals

    Reply
  33. Tomi Engdahl says:

    AusCERT2019 Day 1 AM Keynote by Mikko Hypponen
    https://www.youtube.com/watch?v=igNAXqiuXm8

    Julkaistu 11.6.2019
    ‘Computer Security: Yesterday, Today and Tomorrow

    Reply
  34. Tomi Engdahl says:

    Ransomware attack in Texas targets local government agencies
    https://engt.co/2zbV82F

    It appears to have been a coordinated effort.

    Reply
  35. Tomi Engdahl says:

    This week’s Windows updates fix critical ‘wormable’ flaws but may also break Visual Basic apps, macros, and scripts. What should you do?

    To patch Windows or not: Do you want BlueKeep bug or broken Visual Basic apps?
    https://www.zdnet.com/article/to-patch-windows-or-not-do-you-want-bluekeep-bug-or-broken-visual-basic-apps/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d56c546a341320001ab2c01&utm_medium=trueAnthem&utm_source=facebook

    This week’s Windows updates fix critical ‘wormable’ flaws but may also break Visual Basic apps, macros, and scripts. What should you do?

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*