This posting is here to collect cyber security news in August 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
273 Comments
Tomi Engdahl says:
Researchers discover malware that records users’ screens when they watch porn
https://thenextweb.com/security/2019/08/14/researchers-discover-malware-that-records-users-screens-when-they-watch-porn/
Researchers from antivirus developer ESET recently discovered a new form of spam-delivered malware that threatens to steal unsuspecting users’ passwords and financial information, and record their screens if they watch pornography.
The virus is called Varenyky and it’s a doozy. It’s apparently been designed to target customers of French ISP Orange SA, but the researchers indicate there’s nothing stopping someone from using the same malware on other ISPs or in other areas. It’s delivered via a very official looking email that appears to be a phone bill.
Tomi Engdahl says:
KNOB attack forces two Bluetooth devices to communicate using a 1-byte encryption key, making it trivial to decrypt the traffic. Don’t trust Bluetooth encryption unless you’ve verified your devices are safe. https://knobattack.com/
Tomi Engdahl says:
Alarm in Texas as 23 towns hit by ‘coordinated’ ransomware attack
https://www.cnbc.com/2019/08/19/alarm-in-texas-as-23-towns-hit-by-coordinated-ransomware-attack.html
Twenty-three Texas towns have been struck by a “coordinated” ransomware attack, according to the state’s Department of Information Resources.
Tomi Engdahl says:
The attacks follow recent state and local ransomware attacks in New York, Louisiana, Maryland and Florida resulted in the loss of significant sums — either in ransom demands to criminals or in repairs for the damaged caused by them.
https://www.cnbc.com/2019/08/19/alarm-in-texas-as-23-towns-hit-by-coordinated-ransomware-attack.html
Tomi Engdahl says:
Microsoft claims it rules the Windows antivirus world, with Defender on over half a billion PCs.
https://www.zdnet.com/video/top-windows-defender-expert-these-are-the-threats-security-hasnt-yet-solved/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d57a6226f0c9700014b5a41&utm_medium=trueAnthem&utm_source=facebook
Tomi Engdahl says:
https://latesthackingnews.com/2019/08/17/researchers-found-multiple-critical-security-vulnerabilities-in-gitlab/
Tomi Engdahl says:
https://www.venafi.com/blog/jury-out-whether-reducing-certificate-lifetimes-would-improve-security?utm_source=socialmedia&utm_medium=Bora&utm_campaign=Reduce-Certificate-Lifetime-Proposal-blog
Tomi Engdahl says:
https://breakingdefense.com/2019/08/navy-wrestles-with-cyber-policy-as-china-and-iran-hack-away/
Tomi Engdahl says:
https://arstechnica.com/information-technology/2019/08/centurylinks-37-hour-outage-blocked-911-service-for-17-million-people/
Tomi Engdahl says:
Judge orders Georgia to switch to paper ballots for 2020 elections
https://arstechnica.com/tech-policy/2019/08/judge-bans-insecure-touchscreen-voting-machines-from-georgia-after-2019/
If Georgia isn’t able to switch to its new high-tech system, it will be required to fall back on a low-tech system of paper ballots rather than continue using the insecure and buggy machines it has used for well over a decade.
“The court’s ruling recognizes that Georgia’s voting machines are so insecure, they’re unconstitutional,” Halderman said in an email to Ars. “That’s a huge win for election security that will reverberate across other states that have equally vulnerable systems.”
Tomi Engdahl says:
Google wants to reduce lifespan for HTTPS certificates to one year
https://www.zdnet.com/article/google-wants-to-reduce-lifespan-for-https-certificates-to-one-year/
A Google proposal would cut lifespan of SSL certificates from 825 days to 397 days.
In the last decade and a half, browser makers have chipped away at the lifespan of SSL certificates, cutting it down from eight years to five, then to three, and then to two.
“So what is the proposed security benefit that justifies this cost? It is far from clear that there is any at all,” Hollebeek said.
“This change has absolutely no effect on malicious websites, which operate for very short time periods, from a few days to a week or two at most. After that, the domain has been added to various blacklists, and the attacker moves on to a new domain and acquires new certificates.”
Jury Out on Whether Reducing Certificate Lifetimes Would Actually Improve Security
https://www.venafi.com/blog/jury-out-whether-reducing-certificate-lifetimes-would-improve-security
Tomi Engdahl says:
Attackers can flood Tor’s bridges with just $17k/month, Tor’s load balancers for only $2.8k/month, academics say.
Degrading Tor network performance only costs a few thousand dollars per month
https://www.zdnet.com/article/degrading-tor-network-performance-only-costs-a-few-thousand-dollars-per-month/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d5a02dfa341320001ab5f6d&utm_medium=trueAnthem&utm_source=facebook
Threat actors or nation-states looking into degrading the performance of the Tor anonymity network can do it on the cheap, for only a few thousands US dollars per month, new academic research has revealed.
Tomi Engdahl says:
Financial Times:
Uganda partners with Huawei to debut a facial recognition, AI-powered surveillance system, as part of Huawei’s Safe City program, now in 200+ cities
https://t.co/DbKSIuU8wj
Tomi Engdahl says:
Cybercriminals have learned they can get bigger pay days by going after bigger targets. Read more: https://zd.net/31CTW4Q
https://www.zdnet.com/video/ransomware-attacks-are-getting-more-ambitious-as-crooks-target-shared-files/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d5789f8a341320001ab3785&utm_medium=trueAnthem&utm_source=facebook
Tomi Engdahl says:
Surveillance as a Condition for Humanitarian Aid
https://www.schneier.com/blog/archives/2019/08/surveillance_as_2.html
auditing for fraud requires entire populations to be tracked using their personal data
https://www.nytimes.com/2019/07/11/opinion/data-humanitarian-aid.html
Tomi Engdahl says:
Facebook to stop stalking you off-site – but only if asked
https://www.bbc.com/news/technology-49410371
Tomi Engdahl says:
https://www.darkreading.com/risk-management/vxworks-tcp-ip-stack-vulnerability-poses-major-manufacturing-risk/d/d-id/1335563
Tomi Engdahl says:
https://thehackernews.com/2019/08/http2-dos-vulnerability.html
Tomi Engdahl says:
Google, Mozilla team up to block Kazakhstan’s browser spying tactics
https://techcrunch.com/2019/08/21/google-mozilla-kazakhstans-browser-spying/?tpcc=ECFB2019
Citizens had been told to install the government-issued certificate on their computers and devices as part of a domestic surveillance program. In doing so it gave the government ‘root’ access to the network traffic on those devices, allowing the government to intercept and snoop on citizens’ internet browsing activities.
Researchers found that only a few sites were being monitored, like Facebook, Twitter, and Google.
Tomi Engdahl says:
https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html?m=1
Tomi Engdahl says:
https://latesthackingnews.com/2019/08/18/mozilla-firefox-bug-could-allow-copying-saved-passwords-without-master-password/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/severe-flaws-in-kubernetes-expose-all-servers-to-dos-attacks/
Tomi Engdahl says:
Federal government bodies should’ve started kicking out tech from Chinese surveillance dealers. But thousands of snooping cameras from the likes of Hikvision and Dahua remain on U.S. soil.
Thousands Of Banned Chinese Surveillance Cameras Are Watching Over America
http://on.forbes.com/6189ENsPT
Tomi Engdahl says:
Multiple Security Vulnerabilities Discovered In VLC Media Player
https://latesthackingnews.com/2019/08/21/multiple-security-vulnerabilities-discovered-in-vlc-media-player/ | Latest Hacking News
Tomi Engdahl says:
Off-Facebook Activity tool greeted with skepticism after its found riddled with privacy loopholes. http://bit.ly/2Zn2DCA
.
Even after users have opted for the Off-Facebook Activity, Facebook can still see your data for up to 48 hours for their advertising business purposes.
Tomi Engdahl says:
https://www.zdnet.com/article/backdoor-code-found-in-11-ruby-libraries/
Tomi Engdahl says:
Don’t tell me when something is behaving as expected, tell me when it’s not. Expecting HTTPS by default, Chrome and Firefox will remove the EV indicator from their URL bars and flag HTTP sites as ‘Not Secure’ instead.
#encryption #certificates #security #cybersecurity #infosec
https://www.venafi.com/blog/ev-certificates-its-end-world-we-know-it-and-i-feel-fine?utm_source=socialmedia&utm_medium=Bora&utm_campaign=EV-Certs-End-of-the-World-blog
Tomi Engdahl says:
CCC camp have just started uploading videos … https://youtu.be/sUGKhcbUzfg (it’s this weekend btw.)
Tomi Engdahl says:
Google proposes new privacy and anti-fingerprinting controls for the web
https://techcrunch.com/2019/08/22/google-proposes-new-privacy-and-anti-fingerprinting-controls-for-the-web/
Tomi Engdahl says:
https://www.zdnet.com/article/researcher-publishes-second-steam-zero-day-after-getting-banned-on-valves-bug-bounty-program/?ftag=TRE-03-10aaa6b&bhid=20514466461958198516067951795281
Tomi Engdahl says:
Justice Department indicts 80 individuals in a massive business email scam bust
https://tcrn.ch/3209VKb
Tomi Engdahl says:
It does not seem to be a good idea to use “guest network” feature of your router.
“if you must have multiple networks at home, they warn, use separate hardware devices.”
https://www.forbes.com/sites/zakdoffman/2019/08/20/new-study-warns-guest-networks-open-millions-of-home-internet-routers-to-cyberattack/
Tomi Engdahl says:
COPENHAGEN — The authorities in Denmark say they plan to review over 10,000 court verdicts because of errors in cellphone tracking data offered as evidence.
The first error was found in an I.T. system that converts phone companies’ raw data into evidence
the system omitted some data
In a second problem, some cellphone tracking data linked phones to the wrong cellphone towers
https://www.nytimes.com/2019/08/20/world/europe/denmark-cellphone-data-courts.html
Tomi Engdahl says:
Here’s an interesting phishing trick – a way for crooks to get lots of customised web links without doing any programming.
Serious Security: Phishing in the cloud – the freemium way
https://nakedsecurity.sophos.com/2019/08/20/serious-security-phishing-in-the-cloud-the-freemium-way/
The 404 Not Found page tells you that you’ve hit a broken or dead link – except when it doesn’t. Phishers are using malicious custom 404 pages to serve phishing sites. A phishing campaign targeting Microsoft uses such technique, giving phishers virtually unlimited phishing URLs.
Tomi Engdahl says:
https://electrek.co/2019/08/22/tesla-stolen-keyfob-hack-camera-how-to-prevent-it/
Tomi Engdahl says:
https://nakedsecurity.sophos.com/2019/08/16/google-removes-option-to-disable-nest-cams-status-light/
Tomi Engdahl says:
Häiriöiden syyksi paljastui palvelunestohyökkäys.
https://www.tivi.fi/uutiset/nyt-et-paase-veroja-maksamaan-verofi-ja-poliisin-verkkosivut-alhaalla/446aa6c8-dfe3-4135-92b9-599e419a7570
Tomi Engdahl says:
In an unnerving twist, when a critical zero-day vulnerability was reported in a Unix administration tool, called Webmin, it was revealed the flaw was no accident. According to researchers, the vulnerability was a secret backdoor planted in the popular utility nearly a year before its discovery.
https://threatpost.com/backdoor-found-in-utility-for-linux/147581/
Tomi Engdahl says:
Another warning of adware-ridden apps found in the Google Play Store. The apps were for gaming or photography. Check put this article for more information, including a link to a list of the apps.
Google Android Adware Warning Issued To 8 Million Play Store Users
https://bit.ly/31Pn9tl
Tomi Engdahl says:
The lifetime odds of men being killed by police are one in 2,000 – for black men, that rate doubles.
Police Violence A Leading Cause Of Death For Young Black Men In US, Study Says
https://www.iflscience.com/health-and-medicine/police-violence-a-leading-cause-of-death-for-young-black-men-in-us-study-says/
Police violence is a leading cause of death in young black men between the ages of 20 and 35 in the United States, according to new research.
“But if we are going to try and change police practices that aren’t working, we need to track this information better.”
Tomi Engdahl says:
And from trhe “Guilty until proved innocent” department… https://www.theverge.com/2019/8/23/20829490/denmark-cellphone-location-data-evidence-flaw-police-trial-convictions I am not advocating abolishing digital evidence but when someone’s guilt is based on hearsay then something may be broken.
Tomi Engdahl says:
Cybersecurity Pros Name Their Price as Hacker Attacks Swell
https://www.bloomberg.com/news/articles/2019-08-07/cybersecurity-pros-name-their-price-as-hacker-attacks-multiply
‘A full-on war for cyber talent,’ executive recruiter says
Average digital breach costs firms $8 million, study finds
Tomi Engdahl says:
What We Can Learn From NASA’s Raspberry Pi Attack
https://www.forbes.com/sites/extrahop/2019/07/31/what-we-can-learn-from-nasas-raspberry-pi-attack/?utm_source=FBPAGE&utm_medium=social&utm_content=2580610772&utm_campaign=sprinklrForbesMainFB#5a28eb15304c
Tomi Engdahl says:
Neutrino botnet is hijacking servers by taking over other hackers’ PHP and Java web shells.
A botnet has been cannibalizing other hackers’ web shells for more than a year
https://www.zdnet.com/article/a-botnet-has-been-cannibalizing-other-hackers-web-shells-for-more-than-a-year/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d5e057b37ca340001cf9504&utm_medium=trueAnthem&utm_source=facebook
Neutrino botnet is hijacking servers by taking over other hackers’ PHP and Java web shells.
Web shells are web-accessible backdoor scripts that hackers plant on servers they manage to compromise.
Web shells have a web-based interface to which hackers can connect to and issue commands via their browser, or a programmatic interface to which they send automated instructions.
According to Positive Technologies, Neutrino has been searching the web for 159 different types of PHP web shells and two JSP (Java Server Pages) ones.
The botnet compiles a list of web shells, and then launches brute-force attacks in an attempt too guess the web shells’ login credentials and take over the shells — and the underlying web servers.
Tomi Engdahl says:
A rash of supply chain attacks hitting open source software over the past year shows few signs of abating, following the discovery this week of two separate backdoors slipped into a dozen libraries downloaded by hundreds of thousands of server administrators.
The year-long rash of supply chain attacks against open source is getting worse
https://arstechnica.com/information-technology/2019/08/the-year-long-rash-of-supply-chain-attacks-against-open-source-is-getting-worse/
Backdoors snuck into 12 OSS packages were downloaded hundreds of thousands of times.
Tomi Engdahl says:
https://www.faa.gov/news/updates/?newsId=94424
FAA asks public not to attach guns, bombs, or flamethrowers to drones. The Federal Aviation Administration would like you to know that drones and weapons are “a dangerous mix.” The government agency sent out a notice on Thursday “warning” the public “that it is illegal to operate a drone with a dangerous weapon attached.” A dangerous weapon is broadly defined as “any item that is used for, or is readily capable of, causing death or serious bodily injury.”
Tomi Engdahl says:
Mobile Facial Recognition Catches Killer After ‘Spotting’ Dead Smartphone User
https://www.forbes.com/sites/zakdoffman/2019/08/23/police-catch-killer-after-facial-recognition-on-victims-phone-warns-no-signs-of-life/?utm_source=FACEBOOK&utm_medium=social&utm_term=Bonnie/#626f6e6e696
Facial recognition has been slammed in the media in recent months, but a story from southeastern China this week provides something different. According to local media reports, a killer accessed a mobile banking app on his victim’s phone in an attempt to steal money—but the facial recognition alerted when it could find no signs of life. The police were then dispatched by staff at the financial institution, and the killer was caught
Tomi Engdahl says:
Nasa said to be investigating first allegation of a crime in space
https://www.bbc.co.uk/news/world-49457912
Nasa is reported to be investigating a claim that an astronaut accessed the bank account of her estranged spouse from the International Space Station, in what may be the first allegation of a crime committed in space.
Tomi Engdahl says:
Anne McClain acknowledges accessing the account from the ISS but denies any wrongdoing, the New York Times reports.
https://www.nytimes.com/2019/08/23/us/nasa-astronaut-anne-mcclain.html
Tomi Engdahl says:
Bitcoin Hackers Charged As Nuclear Power Plant Security Compromised
https://www.forbes.com/sites/daveywinder/2019/08/23/bitcoin-hackers-charged-as-nuclear-power-plant-security-compromised/