Cyber security news August 2019

This posting is here to collect cyber security news in August 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

 

273 Comments

  1. Tomi Engdahl says:

    Researchers discover malware that records users’ screens when they watch porn
    https://thenextweb.com/security/2019/08/14/researchers-discover-malware-that-records-users-screens-when-they-watch-porn/

    Researchers from antivirus developer ESET recently discovered a new form of spam-delivered malware that threatens to steal unsuspecting users’ passwords and financial information, and record their screens if they watch pornography.

    The virus is called Varenyky and it’s a doozy. It’s apparently been designed to target customers of French ISP Orange SA, but the researchers indicate there’s nothing stopping someone from using the same malware on other ISPs or in other areas. It’s delivered via a very official looking email that appears to be a phone bill.

    Reply
  2. Tomi Engdahl says:

    KNOB attack forces two Bluetooth devices to communicate using a 1-byte encryption key, making it trivial to decrypt the traffic. Don’t trust Bluetooth encryption unless you’ve verified your devices are safe. https://knobattack.com/

    Reply
  3. Tomi Engdahl says:

    Alarm in Texas as 23 towns hit by ‘coordinated’ ransomware attack
    https://www.cnbc.com/2019/08/19/alarm-in-texas-as-23-towns-hit-by-coordinated-ransomware-attack.html

    Twenty-three Texas towns have been struck by a “coordinated” ransomware attack, according to the state’s Department of Information Resources.

    Reply
  4. Tomi Engdahl says:

    The attacks follow recent state and local ransomware attacks in New York, Louisiana, Maryland and Florida resulted in the loss of significant sums — either in ransom demands to criminals or in repairs for the damaged caused by them.

    https://www.cnbc.com/2019/08/19/alarm-in-texas-as-23-towns-hit-by-coordinated-ransomware-attack.html

    Reply
  5. Tomi Engdahl says:

    Judge orders Georgia to switch to paper ballots for 2020 elections
    https://arstechnica.com/tech-policy/2019/08/judge-bans-insecure-touchscreen-voting-machines-from-georgia-after-2019/

    If Georgia isn’t able to switch to its new high-tech system, it will be required to fall back on a low-tech system of paper ballots rather than continue using the insecure and buggy machines it has used for well over a decade.

    “The court’s ruling recognizes that Georgia’s voting machines are so insecure, they’re unconstitutional,” Halderman said in an email to Ars. “That’s a huge win for election security that will reverberate across other states that have equally vulnerable systems.”

    Reply
  6. Tomi Engdahl says:

    Google wants to reduce lifespan for HTTPS certificates to one year
    https://www.zdnet.com/article/google-wants-to-reduce-lifespan-for-https-certificates-to-one-year/

    A Google proposal would cut lifespan of SSL certificates from 825 days to 397 days.

    In the last decade and a half, browser makers have chipped away at the lifespan of SSL certificates, cutting it down from eight years to five, then to three, and then to two.

    “So what is the proposed security benefit that justifies this cost? It is far from clear that there is any at all,” Hollebeek said.

    “This change has absolutely no effect on malicious websites, which operate for very short time periods, from a few days to a week or two at most. After that, the domain has been added to various blacklists, and the attacker moves on to a new domain and acquires new certificates.”

    Jury Out on Whether Reducing Certificate Lifetimes Would Actually Improve Security
    https://www.venafi.com/blog/jury-out-whether-reducing-certificate-lifetimes-would-improve-security

    Reply
  7. Tomi Engdahl says:

    Attackers can flood Tor’s bridges with just $17k/month, Tor’s load balancers for only $2.8k/month, academics say.

    Degrading Tor network performance only costs a few thousand dollars per month
    https://www.zdnet.com/article/degrading-tor-network-performance-only-costs-a-few-thousand-dollars-per-month/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d5a02dfa341320001ab5f6d&utm_medium=trueAnthem&utm_source=facebook

    Threat actors or nation-states looking into degrading the performance of the Tor anonymity network can do it on the cheap, for only a few thousands US dollars per month, new academic research has revealed.

    Reply
  8. Tomi Engdahl says:

    Financial Times:
    Uganda partners with Huawei to debut a facial recognition, AI-powered surveillance system, as part of Huawei’s Safe City program, now in 200+ cities
    https://t.co/DbKSIuU8wj

    Reply
  9. Tomi Engdahl says:

    Surveillance as a Condition for Humanitarian Aid
    https://www.schneier.com/blog/archives/2019/08/surveillance_as_2.html

    auditing for fraud requires entire populations to be tracked using their personal data

    https://www.nytimes.com/2019/07/11/opinion/data-humanitarian-aid.html

    Reply
  10. Tomi Engdahl says:

    Facebook to stop stalking you off-site – but only if asked
    https://www.bbc.com/news/technology-49410371

    Reply
  11. Tomi Engdahl says:

    Google, Mozilla team up to block Kazakhstan’s browser spying tactics
    https://techcrunch.com/2019/08/21/google-mozilla-kazakhstans-browser-spying/?tpcc=ECFB2019

    Citizens had been told to install the government-issued certificate on their computers and devices as part of a domestic surveillance program. In doing so it gave the government ‘root’ access to the network traffic on those devices, allowing the government to intercept and snoop on citizens’ internet browsing activities.

    Researchers found that only a few sites were being monitored, like Facebook, Twitter, and Google.

    Reply
  12. Tomi Engdahl says:

    Federal government bodies should’ve started kicking out tech from Chinese surveillance dealers. But thousands of snooping cameras from the likes of Hikvision and Dahua remain on U.S. soil.

    Thousands Of Banned Chinese Surveillance Cameras Are Watching Over America
    http://on.forbes.com/6189ENsPT

    Reply
  13. Tomi Engdahl says:

    Off-Facebook Activity tool greeted with skepticism after its found riddled with privacy loopholes. http://bit.ly/2Zn2DCA
    .
    Even after users have opted for the Off-Facebook Activity, Facebook can still see your data for up to 48 hours for their advertising business purposes.

    Reply
  14. Tomi Engdahl says:

    Don’t tell me when something is behaving as expected, tell me when it’s not. Expecting HTTPS by default, Chrome and Firefox will remove the EV indicator from their URL bars and flag HTTP sites as ‘Not Secure’ instead.

    #encryption #certificates #security #cybersecurity #infosec

    https://www.venafi.com/blog/ev-certificates-its-end-world-we-know-it-and-i-feel-fine?utm_source=socialmedia&utm_medium=Bora&utm_campaign=EV-Certs-End-of-the-World-blog

    Reply
  15. Tomi Engdahl says:

    CCC camp have just started uploading videos … https://youtu.be/sUGKhcbUzfg (it’s this weekend btw.)

    Reply
  16. Tomi Engdahl says:

    Justice Department indicts 80 individuals in a massive business email scam bust

    https://tcrn.ch/3209VKb

    Reply
  17. Tomi Engdahl says:

    It does not seem to be a good idea to use “guest network” feature of your router.

    “if you must have multiple networks at home, they warn, use separate hardware devices.”

    https://www.forbes.com/sites/zakdoffman/2019/08/20/new-study-warns-guest-networks-open-millions-of-home-internet-routers-to-cyberattack/

    Reply
  18. Tomi Engdahl says:

    COPENHAGEN — The authorities in Denmark say they plan to review over 10,000 court verdicts because of errors in cellphone tracking data offered as evidence.

    The first error was found in an I.T. system that converts phone companies’ raw data into evidence

    the system omitted some data

    In a second problem, some cellphone tracking data linked phones to the wrong cellphone towers

    https://www.nytimes.com/2019/08/20/world/europe/denmark-cellphone-data-courts.html

    Reply
  19. Tomi Engdahl says:

    Here’s an interesting phishing trick – a way for crooks to get lots of customised web links without doing any programming.

    Serious Security: Phishing in the cloud – the freemium way
    https://nakedsecurity.sophos.com/2019/08/20/serious-security-phishing-in-the-cloud-the-freemium-way/

    The 404 Not Found page tells you that you’ve hit a broken or dead link – except when it doesn’t. Phishers are using malicious custom 404 pages to serve phishing sites. A phishing campaign targeting Microsoft uses such technique, giving phishers virtually unlimited phishing URLs.

    Reply
  20. Tomi Engdahl says:

    In an unnerving twist, when a critical zero-day vulnerability was reported in a Unix administration tool, called Webmin, it was revealed the flaw was no accident. According to researchers, the vulnerability was a secret backdoor planted in the popular utility nearly a year before its discovery.

    https://threatpost.com/backdoor-found-in-utility-for-linux/147581/

    Reply
  21. Tomi Engdahl says:

    Another warning of adware-ridden apps found in the Google Play Store. The apps were for gaming or photography. Check put this article for more information, including a link to a list of the apps.

    Google Android Adware Warning Issued To 8 Million Play Store Users
    https://bit.ly/31Pn9tl

    Reply
  22. Tomi Engdahl says:

    The lifetime odds of men being killed by police are one in 2,000 – for black men, that rate doubles.

    Police Violence A Leading Cause Of Death For Young Black Men In US, Study Says
    https://www.iflscience.com/health-and-medicine/police-violence-a-leading-cause-of-death-for-young-black-men-in-us-study-says/

    Police violence is a leading cause of death in young black men between the ages of 20 and 35 in the United States, according to new research.

    “But if we are going to try and change police practices that aren’t working, we need to track this information better.”

    Reply
  23. Tomi Engdahl says:

    And from trhe “Guilty until proved innocent” department… https://www.theverge.com/2019/8/23/20829490/denmark-cellphone-location-data-evidence-flaw-police-trial-convictions I am not advocating abolishing digital evidence but when someone’s guilt is based on hearsay then something may be broken.

    Reply
  24. Tomi Engdahl says:

    Cybersecurity Pros Name Their Price as Hacker Attacks Swell
    https://www.bloomberg.com/news/articles/2019-08-07/cybersecurity-pros-name-their-price-as-hacker-attacks-multiply

    ‘A full-on war for cyber talent,’ executive recruiter says
    Average digital breach costs firms $8 million, study finds

    Reply
  25. Tomi Engdahl says:

    Neutrino botnet is hijacking servers by taking over other hackers’ PHP and Java web shells.

    A botnet has been cannibalizing other hackers’ web shells for more than a year
    https://www.zdnet.com/article/a-botnet-has-been-cannibalizing-other-hackers-web-shells-for-more-than-a-year/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d5e057b37ca340001cf9504&utm_medium=trueAnthem&utm_source=facebook

    Neutrino botnet is hijacking servers by taking over other hackers’ PHP and Java web shells.

    Web shells are web-accessible backdoor scripts that hackers plant on servers they manage to compromise.

    Web shells have a web-based interface to which hackers can connect to and issue commands via their browser, or a programmatic interface to which they send automated instructions.

    According to Positive Technologies, Neutrino has been searching the web for 159 different types of PHP web shells and two JSP (Java Server Pages) ones.

    The botnet compiles a list of web shells, and then launches brute-force attacks in an attempt too guess the web shells’ login credentials and take over the shells — and the underlying web servers.

    Reply
  26. Tomi Engdahl says:

    A rash of supply chain attacks hitting open source software over the past year shows few signs of abating, following the discovery this week of two separate backdoors slipped into a dozen libraries downloaded by hundreds of thousands of server administrators.

    The year-long rash of supply chain attacks against open source is getting worse
    https://arstechnica.com/information-technology/2019/08/the-year-long-rash-of-supply-chain-attacks-against-open-source-is-getting-worse/

    Backdoors snuck into 12 OSS packages were downloaded hundreds of thousands of times.

    Reply
  27. Tomi Engdahl says:

    https://www.faa.gov/news/updates/?newsId=94424

    FAA asks public not to attach guns, bombs, or flamethrowers to drones. The Federal Aviation Administration would like you to know that drones and weapons are “a dangerous mix.” The government agency sent out a notice on Thursday “warning” the public “that it is illegal to operate a drone with a dangerous weapon attached.” A dangerous weapon is broadly defined as “any item that is used for, or is readily capable of, causing death or serious bodily injury.”

    Reply
  28. Tomi Engdahl says:

    Mobile Facial Recognition Catches Killer After ‘Spotting’ Dead Smartphone User
    https://www.forbes.com/sites/zakdoffman/2019/08/23/police-catch-killer-after-facial-recognition-on-victims-phone-warns-no-signs-of-life/?utm_source=FACEBOOK&utm_medium=social&utm_term=Bonnie/#626f6e6e696

    Facial recognition has been slammed in the media in recent months, but a story from southeastern China this week provides something different. According to local media reports, a killer accessed a mobile banking app on his victim’s phone in an attempt to steal money—but the facial recognition alerted when it could find no signs of life. The police were then dispatched by staff at the financial institution, and the killer was caught

    Reply
  29. Tomi Engdahl says:

    Nasa said to be investigating first allegation of a crime in space
    https://www.bbc.co.uk/news/world-49457912

    Nasa is reported to be investigating a claim that an astronaut accessed the bank account of her estranged spouse from the International Space Station, in what may be the first allegation of a crime committed in space.

    Reply
  30. Tomi Engdahl says:

    Anne McClain acknowledges accessing the account from the ISS but denies any wrongdoing, the New York Times reports.

    https://www.nytimes.com/2019/08/23/us/nasa-astronaut-anne-mcclain.html

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*