This posting is here to collect cyber security news in September 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
211 Comments
Tomi Engdahl says:
Dear network operators, please use the existing tools to fix security
https://www.zdnet.com/article/dear-network-operators-please-use-the-existing-tools-to-fix-security/
The internet’s security and stability would be significantly improved if network operators implemented protocols that were already written into technical standards and if vendors provided better tools for fixing security
Tomi Engdahl says:
IE still exist. Please don’t use Internet Explorer…
and still you seem to need to use extra effort to keep it updated in case it get’s started accidentially.
Microsoft urges Windows users to install emergency security patch
https://techcrunch.com/2019/09/24/microsoft-emergency-patch-windows/
Tomi Engdahl says:
Tibetans hit by the same mobile malware targeting Uyghurs
Both iPhone and Android users were targeted by the mobile hacking campaign
https://techcrunch.com/2019/09/24/tibetans-iphone-android-hacks-uyghurs/?tpcc=ECFB2019
Tomi Engdahl says:
Microsoft Confirms New Update Warnings For 800M Windows 10 Users
https://www.forbes.com/sites/gordonkelly/2019/09/22/microsoft-windows-10-warning-optional-updates-upgrade-windows-10/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269
Picked up by BleepingComputer, Microsoft has confirmed it is changing the Windows 10 update experience so users will now be warned which updates they do not need to install. Given that in the last month alone, the aforementioned problems along with screen discolouration and spiking CPU usage were all caused by updates users didn’t need to install, this should make a big difference not just to Windows 10 stability but users’ peace of mind overall.
Tomi Engdahl says:
YouTube Security Warning For 23 Million Creators As ‘Massive’ Hack Attack Confirmed
https://www.forbes.com/sites/daveywinder/2019/09/23/youtube-security-warning-issued-for-23-million-creators-as-massive-hack-attack-confirmed/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269
Massive hack attack targets YouTube content creator accounts
Tomi Engdahl says:
France Outlines Its Approach to Cyberwar
https://www.schneier.com/blog/archives/2019/09/france_outlines.html
Tomi Engdahl says:
Cloudflare has a new plan to fight bots — and climate change
https://tcrn.ch/2l2jZT9
Cloudflare is ratcheting up its fight against bots with a new “fight mode,” which it says will frustrate and disincentivize bot operators from their malicious activity.
Cloudflare gets three billion bot requests each day. Now the company said it has “decided to fight back.”
While the company says its efforts will dissuade bot activities in the long run, it recognizes its efforts in the short term will result in cloud servers working overtime, thus consuming more electricity and requiring more cooling — all of which contribute to greater energy consumption.
The company found a simple solution: to plant trees to offset the carbon emissions from the bot’s activity but also their takedown.
Tomi Engdahl says:
Why you can stop paying for antivirus software
Microsoft’s Windows Security (formerly Windows Defender) is now on a par with paid solutions such as McAfee and Norton.
https://www.pcworld.com/article/3434097/why-you-can-stop-paying-for-antivirus-software.html
Tomi Engdahl says:
No, RSA Hasn’t Been Cracked. But Crown Sterling Is Very Confused
https://securityboulevard.com/2019/09/no-rsa-hasnt-been-cracked-but-crown-sterling-is-very-confused/?fbclid=IwAR3v3BTzUmv-4p-4VGcvw189dy1aXerfXR9ZGZFqg8AINop7yR-ULsy7C-E
They’re also implying that blockchains and cryptocurrencies are now obsolete.
Which is nice. But people who actually understand cryptography are using words such as “absurd … bogus … delusional … fraud … scam … shady,” and some even compare the company to Theranos.
Tomi Engdahl says:
WARP is here (sorry it took so long)
https://blog.cloudflare.com/announcing-warp-plus/
Today, after a longer than expected wait, we’re opening WARP and WARP Plus to the general public. If you haven’t heard about it yet, WARP is a mobile app designed for everyone which uses our global network to secure all of your phone’s Internet traffic.
Tomi Engdahl says:
https://blog.powerdns.com/2019/09/25/centralised-doh-is-bad-for-privacy-in-2019-and-beyond/
Tomi Engdahl says:
That’s naughty, even by scam artists’ standards.
HACKERS ARE SPREADING MALWARE-INFESTED EMAILS CLAIMING TO OFFER FREE COPIES OF EDWARD SNOWDEN’S NEW BOOK
https://www.newsweek.com/hackers-spread-emotet-spam-malware-edward-snowden-permanent-record-malwarebytes-1461026
A new wave of malicious spam this week is claiming to offer a copy of Snowden’s bestseller, titled Permanent Record, in a booby-trapped attachment
The emails are circulating a software known as Emotet, which has previously been described by a division of U.S. Homeland Security as being “among the most costly and destructive” forms of malware.
Tomi Engdahl says:
Couple says hackers took over Google Nest — then raised temps and blasted vulgar music
https://nypost.com/2019/09/26/couple-says-hackers-took-over-google-nest-then-raised-temps-and-blasted-vulgar-music/?utm_campaign=iosapp&utm_source=facebook_app
Tomi Engdahl says:
No, it wasn’t a virus; it was Chrome that stopped Macs from booting
Google pulls Chrome update that kept some Macs from booting.
https://arstechnica.com/information-technology/2019/09/no-it-wasnt-a-virus-it-was-chrome-that-stopped-macs-from-booting/
Tomi Engdahl says:
Germany may be the ‘primary example’ but clearly not the only one
Edward Snowden: Germany a ‘primary example’ of NSA surveillance cooperation
https://m.dw.com/en/edward-snowden-germany-a-primary-example-of-nsa-surveillance-cooperation/a-50452863
In his new book, Edward Snowden describes how US intelligence agencies collect vast amounts of data around the world. Foreign governments often help facilitate the collection, and Germany is no exception.
Tomi Engdahl says:
Putin Begins Installing Equipment To Cut Russia’s Access To World Wide Web
https://www.forbes.com/sites/zakdoffman/2019/09/24/russia-begins-installing-equipment-to-cut-its-access-to-world-wide-web/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269
Earlier this year, Russian President Vladimir Putin signed the Russian Internet (RuNet) into law to protect the country’s communications infrastructure in case it was disconnected from the world wide web—or so he said. Critics argued it was opening a door to a Chinese-style firewall disconnecting Russia from the outside world.
Tomi Engdahl says:
Europe shows the way in online privacy
U.S. antitrust actions and privacy regulation create opportunities for privacy-first innovation
https://techcrunch.com/2019/09/26/europe-shows-the-way-in-online-privacy/?tpcc=ECFB2019
By holding industry titans accountable over the privacy and use of our data, regulators are encouraging long overdue disruption of everything from back-end infrastructure to consumer services.
Tomi Engdahl says:
https://thehackernews.com/2019/09/email-attachment-malware.html?m=1
to protect its users from malicious scripts and executable, Microsoft is planning to blacklist 38 additional file extensions by adding them to its list of file extensions that are blocked from being downloaded as attachments in Outlook on the Web.
Tomi Engdahl says:
NPR has been given exclusive access to nearly a dozen people involved with Operation Glowing Symphony, a classified military operation that launched a cyber attack against ISIS.
https://www.npr.org/2019/09/26/764790682/how-the-u-s-cracked-into-one-of-the-most-secretive-terrorist-organizations
Tomi Engdahl says:
” “If someone hacks into your Wi-Fi, they shouldn’t be able to have access to those Nest devices without some sort of wall they have to get over,” said Lamont Westmoreland. ”
you mean like… Changing the default passwords?
https://q13fox.com/2019/09/23/felt-so-violated-couple-scared-after-hacker-targets-homes-smart-devices/?fbclid=IwAR3tju9Fgbwsihh3duiOMLE2sx25G_tdLdQ12CSMU0_sJ4Zw2fMt9H-as1Y
Tomi Engdahl says:
New federal rules limit police searches of family tree DNA databases
https://www.sciencemag.org/news/2019/09/new-federal-rules-limit-police-searches-family-tree-dna-databases
Tomi Engdahl says:
AT&T redirected pen-test payloads to the FBI’s Tips portal
Exclusive: Security researcher gets a nasty surprise while hunting for bugs on AT&T’s websites.
https://www.zdnet.com/google-amp/article/at-t-redirected-pen-test-payloads-to-the-fbis-tips-portal/?__twitter_impression=true
One of AT&T’s websites secretly redirected penetration tests to the FBI’s Tips portal, putting security researchers participating in the company’s bug bounty program at risk of breaking the law, ZDNet has learned.
The secret redirection was found on AT&T’s E-rate portal at erate.att.com
the researcher got a nasty surprise when a mundane penetration test triggered an alert in his bug-hunting tools, warning that the target website was attempting to redirect the penetration test to a new URL, which was the FBI’s Tips portal.
The redirection happened when Nux used Sqlmap to find SQL vulnerabilities in the AT&T E-rate portal, but also when he used the NoScript browser extension to test if a cross-site scripting (XSS) vulnerability could relay a more complex exploit.
There is no distinction between a penetration test and a real-world attack, except the attacker’s intentions. A penetration tester will report the vulnerable entry point to a company, so they can patch it, while an attacker would exploit the vulnerability for malicious purposes.
By redirecting the penetration test to the FBI’s Tips portal, AT&T had effectively put researchers in a position where they’d be launching uninvited penetration tests at a US government’s website.
AT&T has removed the redirection over the weekend after ZDNet reached out last week.
“This surely shouldn’t be a standard practice,” Carey told ZDNet. “I’m confident that the FBI is not cool with attacks being forwarded to their servers.”
Tomi Engdahl says:
A serious flaw in Google Keystone, which controls Chrome updates, is capable of doing major damage to macOS file systems on some computers and has been linked to data corruption that struck Hollywood video editors and others on Monday evening, Variety reported.
https://gizmodo.com/whoops-google-says-mysterious-wave-of-unbootable-macs-1838430057?utm_campaign=socialflow_gizmodo_facebook&utm_medium=socialflow&utm_source=gizmodo_facebook&fbclid=IwAR10EqkfNva_MfXtrqMVDP34bkyXf5EpnAeKOnfqCTMKD01XqnUkzIcMBm8
Tomi Engdahl says:
Dating app maker Match sued by FTC for fraud
https://tcrn.ch/2m3m8i3
They’re just not that into you. Or maybe it was a bot? The U.S. Federal Trade Commission on Wednesday announced it has sued Match Group, the owner of just about all the dating apps — including Match, Tinder, OkCupid, Hinge, PlentyofFish and others — for fraudulent business practices. According to the FTC, Match tricked hundreds of thousands of consumers into buying subscriptions, exposed customers to the risk of fraud and engaged in other deceptive and unfair practices.
Tomi Engdahl says:
Checkm8, a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip).
Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG.
Jailbreak and downgrade iPhone 3GS (new bootrom) with alloc8 untethered bootrom exploit.
https://github.com/axi0mX/ipwndfu
Tomi Engdahl says:
https://hackaday.com/2019/09/27/leds-light-the-way-to-this-backdoor/
Tomi Engdahl says:
RGB – really good backdoor
https://hackaday.com/2019/09/27/leds-light-the-way-to-this-backdoor/
Gigabyte driver is more of a wrapper that simply exposes the LED bus directly to the user level. It’s intended that user-level code can easily bit-bang WS2812 LEDs without hinderance, but its effect is to provide a gaping hole in the security layers intended to keep malicious code away from the hardware. The cherry on the cake is provided by the discovery of a PIC microcontroller on the bus which can be flashed with new code, providing an attacker with persistent storage unbeknownst to the operating system or CPU.
Tomi Engdahl says:
Germany shuts down illegal data center in former NATO bunker
https://www.apnews.com/be9947471fb74360b6cf9d1d2b535927
BERLIN (AP) — German investigators said Friday they have shut down a data processing center installed in a former NATO bunker that hosted sites dealing in drugs and other illegal activities. Seven people were arrested.
Tomi Engdahl says:
Huawei’s rotating Chairman Guo Ping:
“Prism, prism on the wall, who is the most trustworthy of them all?” Ping asked, drawing laughter and scattered applause. “It is a very important question and if you don’t answer that, you can go and ask Edward Snowden.”
https://www.bloomberg.com/news/articles/2019-02-26/u-s-huawei-wage-war-of-words-at-telecom-industry-s-top-show
Tomi Engdahl says:
https://thehackernews.com/2019/09/bootrom-jailbreak-ios-exploit.html?m=1
Tomi Engdahl says:
Researchers easily breached voting machines for the 2020 election
https://engt.co/2mjlVaD
The voting machines that the US will use in the 2020 election are still vulnerable to hacks. A group of ethical hackers tested a bunch of those voting machines and election systems (most of which they bought on eBay). They were able to crack into every machine, The Washington Post reports. Their tests took place this summer at a Def Con cybersecurity conference, but the group visited Washington to share their findings yesterday.
Tomi Engdahl says:
Google Rolls Out “Orwellian Nightmare” Technology To Spy On You In Your Home
https://www.zerohedge.com/political/google-rolls-out-orwellian-nightmare-technology-spy-you-your-home
Google’s new Nest Hub Max is a smart display unit that comes equipped with a 6.5-megapixel facial recognition camera that identifies you and monitors all your actions – inside your own home.
And the Orwellian icing on the cake is that it is not equipped with a physical shutter to forcibly prevent it from monitoring what’s happening in your home.
Tomi Engdahl says:
Hacker changes Seattle road sign to say ‘Impeach the bastard’
https://thehill.com/blogs/blog-briefing-room/news/463125-hacker-changes-seattle-road-sign-to-say-impeach-the-bastard
Tomi Engdahl says:
https://krebsonsecurity.com/2019/09/mypayrollhr-ceo-arrested-admits-to-70m-fraud/
Tomi Engdahl says:
Catalin Cimpanu / ZDNet:
Researchers: new Nodersok malware, which installs Node.js to turn PCs into proxies, has infected thousands of machines, mostly in the US and EU over past month — New Nodersok malware installs Node.js to turn systems into proxies, perform click-fraud. — Thousands of Windows computers across …
Microsoft: New Nodersok malware has infected thousands of PCs
https://www.zdnet.com/article/microsoft-new-nodersok-malware-has-infected-thousands-of-pcs/
New Nodersok malware installs Node.js to turn systems into proxies, perform click-fraud.
Tomi Engdahl says:
France 24:
Sources: hackers with suspected Chinese links have targeted Airbus, Rolls-Royce, and French tech firm Expleo over the past year in search of commercial secrets
Airbus hit by series of cyber attacks on suppliers
https://www.france24.com/en/20190926-airbus-hit-by-series-of-cyber-attacks-on-suppliers
European aerospace giant Airbus has been hit by a series of attacks by hackers who targeted its suppliers in their search for commercial secrets, security sources told AFP, adding they suspected a China link.
Tomi Engdahl says:
“The danger is the proliferation” of the techniques, he said. “Anybody who wants to influence the 2020 election may be tempted to copy what the Russian operation did in 2016.”
https://www.nytimes.com/2019/09/26/technology/government-disinformation-cyber-troops.html
Tomi Engdahl says:
Cisco is also telling customers to disable an L2 trace feature in IOS for which public exploit code exists.
Cisco warning: These routers running IOS have 9.9/10-severity security flaw
https://www.zdnet.com/article/cisco-warning-these-routers-running-ios-have-9-910-severity-security-flaw/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d8cbda4b1a00400017b02fc&utm_medium=trueAnthem&utm_source=facebook
Cisco is also telling customers to disable an L2 trace feature in IOS for which public exploit code exists
Tomi Engdahl says:
https://intelnews.org/2019/08/29/01-2618/
In a move observers describe as unprecedented, a United States government regulator is preparing to recommend blocking the construction of an 8,000-mile long undersea cable linking America with China, allegedly due to national security concerns. Washington has never before halted the construction of undersea cables, which form the global backbone of the Internet by facilitating nearly 100% of Internet traffic. Much of the undersea cable network is in the process of being replaced by modern optical cables that can facilitate faster Internet-based communications than ever before.
Tomi Engdahl says:
Lily Hay Newman / Wired:
2019 Defcon Voting Village findings reveal detailed vulnerabilities related to six models of voting machines, most of which are still in use — The results of the 2019 Defcon Voting Village are in—and they paint an ugly picture for voting machine security.
https://www.wired.com/story/voting-village-results-hacking-decade-old-bugs/
Tomi Engdahl says:
New ‘unpatchable’ iPhone exploit could allow permanent jailbreaking on hundreds of millions of devices
https://www.theverge.com/2019/9/27/20886835/iphone-exploit-checkm8-axi0mx-security-flaw-vunerability-jailbreak-permanent-bootrom-ios
All devices from the iPhone 4S to the iPhone X are impacted
Tomi Engdahl says:
Trump campaign says it can track your phone
https://mashable.com/article/trump-campaign-beacons-privacy-policy/
President Donald Trump’s 2020 campaign website recently added language that gives it permission to use “beacons” to track the location of mobile devices.
“We may also collect other information based on your location and your Device’s proximity to ‘beacons’ and other similar proximity systems, including, for example, the strength of the signal between the beacon and your Device and the duration that your Device is near the beacon,” reads the portion added to the Trump campaign’s website privacy policy.
Using beacons, campaigns can micro-target voters. For example, they can encourage voters to go to the polls based on their location. Campaigns can also use this technology to collect additional data by messaging users with questionnaires, email signup forms, and surveys.
Tomi Engdahl says:
Firefox: ‘no UK plans’ to make encrypted browser tool its default
Critics say DoH privacy technology could enable easier spread of child abuse images
https://www.theguardian.com/technology/2019/sep/24/firefox-no-uk-plans-to-make-encrypted-browser-tool-its-default
Tomi Engdahl says:
“Because current DNS requests are unencrypted, the road that connects your citizens to their online destination is still open and used by bad actors looking to violate user privacy, attack communications, and spy on browsing activity. People’s most personal information, such as their health-related data, can be tracked, collected, leaked and used against people’s best interest. Your citizens deserve to be protected from that threat.”
One side-effect of DoH is that it also bypasses UK web filters, which use the same technique, hijacking DNS lookups, to prevent easy access to websites blocked by internet service providers.
https://www.theguardian.com/technology/2019/sep/24/firefox-no-uk-plans-to-make-encrypted-browser-tool-its-default
Tomi Engdahl says:
There’s now an app to test your phone’s SIM card for both Simjacker and WIBattack
New SIM card attack disclosed, similar to Simjacker
There’s now an app to test your phone’s SIM card for both Simjacker and WIBattack
https://www.zdnet.com/article/new-sim-card-attack-disclosed-similar-to-simjacker/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d8e8da0b1a00400017b1d98&utm_medium=trueAnthem&utm_source=facebook
Tomi Engdahl says:
https://hackaday.com/2019/09/13/side-channel-attack-shows-vulnerabilities-of-cryptocurrency-wallets/
Tomi Engdahl says:
No, Alexa won’t stop recording you
https://www.usatoday.com/story/tech/2019/09/28/no-amazon-wont-stop-taping-your-alexa-queries/3777327002/
You can delete your recordings after the fact, but Amazon will still store them by default. Amazon’s Alexa boss says it makes the assistant smarter.
Tomi Engdahl says:
Asics shop broadcasts porn to passersby for nine hours after hack
https://www.theguardian.com/world/2019/sep/30/asics-shop-broadcasts-porn-to-passersby-for-nine-hours-after-hack?CMP=soc_567
Adult content was beamed from the store on New Zealand’s busiest shopping street until employees arrived to open the shop
Tomi Engdahl says:
https://www.realhomes.com/news/ring-video-doorbells-are-being-handed-out-for-free-by-local-police-whats-the-catch
Not sure if this falls into privacy related or not but seams amazon Have a policy to block donations if you’re required to hand over your ring foottage to a third party.
Tomi Engdahl says:
Amazon bolsters Alexa privacy after user trust takes a hit
https://www.cnet.com/news/amazon-bolsters-alexa-privacy-after-user-trust-takes-a-hit/
The company tries to temper customer concerns by unveiling privacy controls like auto-deleting recordings and “Home Mode” for Ring cameras.