Cyber security news September 2019

This posting is here to collect cyber security news in September 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

 

 

211 Comments

  1. Tomi Engdahl says:

    Dear network operators, please use the existing tools to fix security
    https://www.zdnet.com/article/dear-network-operators-please-use-the-existing-tools-to-fix-security/

    The internet’s security and stability would be significantly improved if network operators implemented protocols that were already written into technical standards and if vendors provided better tools for fixing security

    Reply
  2. Tomi Engdahl says:

    IE still exist. Please don’t use Internet Explorer…
    and still you seem to need to use extra effort to keep it updated in case it get’s started accidentially.

    Microsoft urges Windows users to install emergency security patch
    https://techcrunch.com/2019/09/24/microsoft-emergency-patch-windows/

    Reply
  3. Tomi Engdahl says:

    Tibetans hit by the same mobile malware targeting Uyghurs
    Both iPhone and Android users were targeted by the mobile hacking campaign
    https://techcrunch.com/2019/09/24/tibetans-iphone-android-hacks-uyghurs/?tpcc=ECFB2019

    Reply
  4. Tomi Engdahl says:

    Microsoft Confirms New Update Warnings For 800M Windows 10 Users
    https://www.forbes.com/sites/gordonkelly/2019/09/22/microsoft-windows-10-warning-optional-updates-upgrade-windows-10/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269

    Picked up by BleepingComputer, Microsoft has confirmed it is changing the Windows 10 update experience so users will now be warned which updates they do not need to install. Given that in the last month alone, the aforementioned problems along with screen discolouration and spiking CPU usage were all caused by updates users didn’t need to install, this should make a big difference not just to Windows 10 stability but users’ peace of mind overall. 

    Reply
  5. Tomi Engdahl says:

    Cloudflare has a new plan to fight bots — and climate change
    https://tcrn.ch/2l2jZT9

    Cloudflare is ratcheting up its fight against bots with a new “fight mode,” which it says will frustrate and disincentivize bot operators from their malicious activity.

    Cloudflare gets three billion bot requests each day. Now the company said it has “decided to fight back.”

    While the company says its efforts will dissuade bot activities in the long run, it recognizes its efforts in the short term will result in cloud servers working overtime, thus consuming more electricity and requiring more cooling — all of which contribute to greater energy consumption.

    The company found a simple solution: to plant trees to offset the carbon emissions from the bot’s activity but also their takedown.

    Reply
  6. Tomi Engdahl says:

    Why you can stop paying for antivirus software
    Microsoft’s Windows Security (formerly Windows Defender) is now on a par with paid solutions such as McAfee and Norton.
    https://www.pcworld.com/article/3434097/why-you-can-stop-paying-for-antivirus-software.html

    Reply
  7. Tomi Engdahl says:

    No, RSA Hasn’t Been Cracked. But Crown Sterling Is Very Confused
    https://securityboulevard.com/2019/09/no-rsa-hasnt-been-cracked-but-crown-sterling-is-very-confused/?fbclid=IwAR3v3BTzUmv-4p-4VGcvw189dy1aXerfXR9ZGZFqg8AINop7yR-ULsy7C-E

    They’re also implying that blockchains and cryptocurrencies are now obsolete.

    Which is nice. But people who actually understand cryptography are using words such as “absurd … bogus … delusional … fraud … scam … shady,” and some even compare the company to Theranos.

    Reply
  8. Tomi Engdahl says:

    WARP is here (sorry it took so long)
    https://blog.cloudflare.com/announcing-warp-plus/

    Today, after a longer than expected wait, we’re opening WARP and WARP Plus to the general public. If you haven’t heard about it yet, WARP is a mobile app designed for everyone which uses our global network to secure all of your phone’s Internet traffic.

    Reply
  9. Tomi Engdahl says:

    That’s naughty, even by scam artists’ standards.

    HACKERS ARE SPREADING MALWARE-INFESTED EMAILS CLAIMING TO OFFER FREE COPIES OF EDWARD SNOWDEN’S NEW BOOK
    https://www.newsweek.com/hackers-spread-emotet-spam-malware-edward-snowden-permanent-record-malwarebytes-1461026

    A new wave of malicious spam this week is claiming to offer a copy of Snowden’s bestseller, titled Permanent Record, in a booby-trapped attachment

    The emails are circulating a software known as Emotet, which has previously been described by a division of U.S. Homeland Security as being “among the most costly and destructive” forms of malware.

    Reply
  10. Tomi Engdahl says:

    No, it wasn’t a virus; it was Chrome that stopped Macs from booting
    Google pulls Chrome update that kept some Macs from booting.
    https://arstechnica.com/information-technology/2019/09/no-it-wasnt-a-virus-it-was-chrome-that-stopped-macs-from-booting/

    Reply
  11. Tomi Engdahl says:

    Germany may be the ‘primary example’ but clearly not the only one

    Edward Snowden: Germany a ‘primary example’ of NSA surveillance cooperation
    https://m.dw.com/en/edward-snowden-germany-a-primary-example-of-nsa-surveillance-cooperation/a-50452863

    In his new book, Edward Snowden describes how US intelligence agencies collect vast amounts of data around the world. Foreign governments often help facilitate the collection, and Germany is no exception.

    Reply
  12. Tomi Engdahl says:

    Putin Begins Installing Equipment To Cut Russia’s Access To World Wide Web
    https://www.forbes.com/sites/zakdoffman/2019/09/24/russia-begins-installing-equipment-to-cut-its-access-to-world-wide-web/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269

    Earlier this year, Russian President Vladimir Putin signed the Russian Internet (RuNet) into law to protect the country’s communications infrastructure in case it was disconnected from the world wide web—or so he said. Critics argued it was opening a door to a Chinese-style firewall disconnecting Russia from the outside world.

    Reply
  13. Tomi Engdahl says:

    Europe shows the way in online privacy
    U.S. antitrust actions and privacy regulation create opportunities for privacy-first innovation
    https://techcrunch.com/2019/09/26/europe-shows-the-way-in-online-privacy/?tpcc=ECFB2019

    By holding industry titans accountable over the privacy and use of our data, regulators are encouraging long overdue disruption of everything from back-end infrastructure to consumer services.

    Reply
  14. Tomi Engdahl says:

    https://thehackernews.com/2019/09/email-attachment-malware.html?m=1

    to protect its users from malicious scripts and executable, Microsoft is planning to blacklist 38 additional file extensions by adding them to its list of file extensions that are blocked from being downloaded as attachments in Outlook on the Web.

    Reply
  15. Tomi Engdahl says:

    NPR has been given exclusive access to nearly a dozen people involved with Operation Glowing Symphony, a classified military operation that launched a cyber attack against ISIS.
    https://www.npr.org/2019/09/26/764790682/how-the-u-s-cracked-into-one-of-the-most-secretive-terrorist-organizations

    Reply
  16. Tomi Engdahl says:

    ” “If someone hacks into your Wi-Fi, they shouldn’t be able to have access to those Nest devices without some sort of wall they have to get over,” said Lamont Westmoreland. ”

    you mean like… Changing the default passwords?
    https://q13fox.com/2019/09/23/felt-so-violated-couple-scared-after-hacker-targets-homes-smart-devices/?fbclid=IwAR3tju9Fgbwsihh3duiOMLE2sx25G_tdLdQ12CSMU0_sJ4Zw2fMt9H-as1Y

    Reply
  17. Tomi Engdahl says:

    AT&T redirected pen-test payloads to the FBI’s Tips portal
    Exclusive: Security researcher gets a nasty surprise while hunting for bugs on AT&T’s websites.
    https://www.zdnet.com/google-amp/article/at-t-redirected-pen-test-payloads-to-the-fbis-tips-portal/?__twitter_impression=true

    One of AT&T’s websites secretly redirected penetration tests to the FBI’s Tips portal, putting security researchers participating in the company’s bug bounty program at risk of breaking the law, ZDNet has learned.

    The secret redirection was found on AT&T’s E-rate portal at erate.att.com

    the researcher got a nasty surprise when a mundane penetration test triggered an alert in his bug-hunting tools, warning that the target website was attempting to redirect the penetration test to a new URL, which was the FBI’s Tips portal.

    The redirection happened when Nux used Sqlmap to find SQL vulnerabilities in the AT&T E-rate portal, but also when he used the NoScript browser extension to test if a cross-site scripting (XSS) vulnerability could relay a more complex exploit.

    There is no distinction between a penetration test and a real-world attack, except the attacker’s intentions. A penetration tester will report the vulnerable entry point to a company, so they can patch it, while an attacker would exploit the vulnerability for malicious purposes.

    By redirecting the penetration test to the FBI’s Tips portal, AT&T had effectively put researchers in a position where they’d be launching uninvited penetration tests at a US government’s website.

    AT&T has removed the redirection over the weekend after ZDNet reached out last week.

    “This surely shouldn’t be a standard practice,” Carey told ZDNet. “I’m confident that the FBI is not cool with attacks being forwarded to their servers.”

    Reply
  18. Tomi Engdahl says:

    A serious flaw in Google Keystone, which controls Chrome updates, is capable of doing major damage to macOS file systems on some computers and has been linked to data corruption that struck Hollywood video editors and others on Monday evening, Variety reported.

    https://gizmodo.com/whoops-google-says-mysterious-wave-of-unbootable-macs-1838430057?utm_campaign=socialflow_gizmodo_facebook&utm_medium=socialflow&utm_source=gizmodo_facebook&fbclid=IwAR10EqkfNva_MfXtrqMVDP34bkyXf5EpnAeKOnfqCTMKD01XqnUkzIcMBm8

    Reply
  19. Tomi Engdahl says:

    Dating app maker Match sued by FTC for fraud
    https://tcrn.ch/2m3m8i3

    They’re just not that into you. Or maybe it was a bot? The U.S. Federal Trade Commission on Wednesday announced it has sued Match Group, the owner of just about all the dating apps — including Match, Tinder, OkCupid, Hinge, PlentyofFish and others — for fraudulent business practices. According to the FTC, Match tricked hundreds of thousands of consumers into buying subscriptions, exposed customers to the risk of fraud and engaged in other deceptive and unfair practices.

    Reply
  20. Tomi Engdahl says:

    Checkm8, a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.

    Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).

    Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG.

    Jailbreak and downgrade iPhone 3GS (new bootrom) with alloc8 untethered bootrom exploit.

    https://github.com/axi0mX/ipwndfu

    Reply
  21. Tomi Engdahl says:

    RGB – really good backdoor

    https://hackaday.com/2019/09/27/leds-light-the-way-to-this-backdoor/

    Gigabyte driver is more of a wrapper that simply exposes the LED bus directly to the user level. It’s intended that user-level code can easily bit-bang WS2812 LEDs without hinderance, but its effect is to provide a gaping hole in the security layers intended to keep malicious code away from the hardware. The cherry on the cake is provided by the discovery of a PIC microcontroller on the bus which can be flashed with new code, providing an attacker with persistent storage unbeknownst to the operating system or CPU.

    Reply
  22. Tomi Engdahl says:

    Germany shuts down illegal data center in former NATO bunker
    https://www.apnews.com/be9947471fb74360b6cf9d1d2b535927

    BERLIN (AP) — German investigators said Friday they have shut down a data processing center installed in a former NATO bunker that hosted sites dealing in drugs and other illegal activities. Seven people were arrested.

    Reply
  23. Tomi Engdahl says:

    Huawei’s rotating Chairman Guo Ping:

    “Prism, prism on the wall, who is the most trustworthy of them all?” Ping asked, drawing laughter and scattered applause. “It is a very important question and if you don’t answer that, you can go and ask Edward Snowden.”

    https://www.bloomberg.com/news/articles/2019-02-26/u-s-huawei-wage-war-of-words-at-telecom-industry-s-top-show

    Reply
  24. Tomi Engdahl says:

    Researchers easily breached voting machines for the 2020 election
    https://engt.co/2mjlVaD

    The voting machines that the US will use in the 2020 election are still vulnerable to hacks. A group of ethical hackers tested a bunch of those voting machines and election systems (most of which they bought on eBay). They were able to crack into every machine, The Washington Post reports. Their tests took place this summer at a Def Con cybersecurity conference, but the group visited Washington to share their findings yesterday.

    Reply
  25. Tomi Engdahl says:

    Google Rolls Out “Orwellian Nightmare” Technology To Spy On You In Your Home
    https://www.zerohedge.com/political/google-rolls-out-orwellian-nightmare-technology-spy-you-your-home

    Google’s new Nest Hub Max is a smart display unit that comes equipped with a 6.5-megapixel facial recognition camera that identifies you and monitors all your actions – inside your own home.

    And the Orwellian icing on the cake is that it is not equipped with a physical shutter to forcibly prevent it from monitoring what’s happening in your home.

    Reply
  26. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    Researchers: new Nodersok malware, which installs Node.js to turn PCs into proxies, has infected thousands of machines, mostly in the US and EU over past month — New Nodersok malware installs Node.js to turn systems into proxies, perform click-fraud. — Thousands of Windows computers across …

    Microsoft: New Nodersok malware has infected thousands of PCs
    https://www.zdnet.com/article/microsoft-new-nodersok-malware-has-infected-thousands-of-pcs/

    New Nodersok malware installs Node.js to turn systems into proxies, perform click-fraud.

    Reply
  27. Tomi Engdahl says:

    France 24:
    Sources: hackers with suspected Chinese links have targeted Airbus, Rolls-Royce, and French tech firm Expleo over the past year in search of commercial secrets

    Airbus hit by series of cyber attacks on suppliers
    https://www.france24.com/en/20190926-airbus-hit-by-series-of-cyber-attacks-on-suppliers

    European aerospace giant Airbus has been hit by a series of attacks by hackers who targeted its suppliers in their search for commercial secrets, security sources told AFP, adding they suspected a China link.

    Reply
  28. Tomi Engdahl says:

    “The danger is the proliferation” of the techniques, he said. “Anybody who wants to influence the 2020 election may be tempted to copy what the Russian operation did in 2016.”
    https://www.nytimes.com/2019/09/26/technology/government-disinformation-cyber-troops.html

    Reply
  29. Tomi Engdahl says:

    Cisco is also telling customers to disable an L2 trace feature in IOS for which public exploit code exists.

    Cisco warning: These routers running IOS have 9.9/10-severity security flaw
    https://www.zdnet.com/article/cisco-warning-these-routers-running-ios-have-9-910-severity-security-flaw/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d8cbda4b1a00400017b02fc&utm_medium=trueAnthem&utm_source=facebook

    Cisco is also telling customers to disable an L2 trace feature in IOS for which public exploit code exists

    Reply
  30. Tomi Engdahl says:

    https://intelnews.org/2019/08/29/01-2618/

    In a move observers describe as unprecedented, a United States government regulator is preparing to recommend blocking the construction of an 8,000-mile long undersea cable linking America with China, allegedly due to national security concerns. Washington has never before halted the construction of undersea cables, which form the global backbone of the Internet by facilitating nearly 100% of Internet traffic. Much of the undersea cable network is in the process of being replaced by modern optical cables that can facilitate faster Internet-based communications than ever before.

    Reply
  31. Tomi Engdahl says:

    Lily Hay Newman / Wired:
    2019 Defcon Voting Village findings reveal detailed vulnerabilities related to six models of voting machines, most of which are still in use — The results of the 2019 Defcon Voting Village are in—and they paint an ugly picture for voting machine security.

    https://www.wired.com/story/voting-village-results-hacking-decade-old-bugs/

    Reply
  32. Tomi Engdahl says:

    New ‘unpatchable’ iPhone exploit could allow permanent jailbreaking on hundreds of millions of devices
    https://www.theverge.com/2019/9/27/20886835/iphone-exploit-checkm8-axi0mx-security-flaw-vunerability-jailbreak-permanent-bootrom-ios

    All devices from the iPhone 4S to the iPhone X are impacted

    Reply
  33. Tomi Engdahl says:

    Trump campaign says it can track your phone
    https://mashable.com/article/trump-campaign-beacons-privacy-policy/

    President Donald Trump’s 2020 campaign website recently added language that gives it permission to use “beacons” to track the location of mobile devices.

    “We may also collect other information based on your location and your Device’s proximity to ‘beacons’ and other similar proximity systems, including, for example, the strength of the signal between the beacon and your Device and the duration that your Device is near the beacon,” reads the portion added to the Trump campaign’s website privacy policy.

    Using beacons, campaigns can micro-target voters. For example, they can encourage voters to go to the polls based on their location. Campaigns can also use this technology to collect additional data by messaging users with questionnaires, email signup forms, and surveys.

    Reply
  34. Tomi Engdahl says:

    Firefox: ‘no UK plans’ to make encrypted browser tool its default
    Critics say DoH privacy technology could enable easier spread of child abuse images
    https://www.theguardian.com/technology/2019/sep/24/firefox-no-uk-plans-to-make-encrypted-browser-tool-its-default

    Reply
  35. Tomi Engdahl says:

    “Because current DNS requests are unencrypted, the road that connects your citizens to their online destination is still open and used by bad actors looking to violate user privacy, attack communications, and spy on browsing activity. People’s most personal information, such as their health-related data, can be tracked, collected, leaked and used against people’s best interest. Your citizens deserve to be protected from that threat.”

    One side-effect of DoH is that it also bypasses UK web filters, which use the same technique, hijacking DNS lookups, to prevent easy access to websites blocked by internet service providers.

    https://www.theguardian.com/technology/2019/sep/24/firefox-no-uk-plans-to-make-encrypted-browser-tool-its-default

    Reply
  36. Tomi Engdahl says:

    There’s now an app to test your phone’s SIM card for both Simjacker and WIBattack

    New SIM card attack disclosed, similar to Simjacker
    There’s now an app to test your phone’s SIM card for both Simjacker and WIBattack
    https://www.zdnet.com/article/new-sim-card-attack-disclosed-similar-to-simjacker/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d8e8da0b1a00400017b1d98&utm_medium=trueAnthem&utm_source=facebook

    Reply
  37. Tomi Engdahl says:

    No, Alexa won’t stop recording you
    https://www.usatoday.com/story/tech/2019/09/28/no-amazon-wont-stop-taping-your-alexa-queries/3777327002/

    You can delete your recordings after the fact, but Amazon will still store them by default. Amazon’s Alexa boss says it makes the assistant smarter.

    Reply
  38. Tomi Engdahl says:

    Asics shop broadcasts porn to passersby for nine hours after hack
    https://www.theguardian.com/world/2019/sep/30/asics-shop-broadcasts-porn-to-passersby-for-nine-hours-after-hack?CMP=soc_567

    Adult content was beamed from the store on New Zealand’s busiest shopping street until employees arrived to open the shop

    Reply
  39. Tomi Engdahl says:

    https://www.realhomes.com/news/ring-video-doorbells-are-being-handed-out-for-free-by-local-police-whats-the-catch

    Not sure if this falls into privacy related or not but seams amazon Have a policy to block donations if you’re required to hand over your ring foottage to a third party.

    Reply
  40. Tomi Engdahl says:

    Amazon bolsters Alexa privacy after user trust takes a hit
    https://www.cnet.com/news/amazon-bolsters-alexa-privacy-after-user-trust-takes-a-hit/

    The company tries to temper customer concerns by unveiling privacy controls like auto-deleting recordings and “Home Mode” for Ring cameras.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*