This posting is here to collect cyber security news in October 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
223 Comments
Tomi Engdahl says:
https://www.wired.co.uk/article/microsoft-windows-ten-security-tips
Tomi Engdahl says:
“The ISPs claim that they do not use the DNS query information that would be encrypted and rendered invisible to them by the use of DoH, but at the same time they are complaining bitterly about the appropriation of that information by the likes of Cloudflare, Google and Mozilla. DoH also infuriated Internet censors in the UK, as it threatens to bypass that country’s filtering methods.”
https://www.internetgovernance.org/2019/09/30/wait-for-it-igp-study-on-the-political-economy-of-doh/
Tomi Engdahl says:
Security Firm Comodo Hacked, as vBulletin Exploit Spawns
https://www.cbronline.com/news/comodo-hacked
Cybersecurity firm Comodo (slogan: “creating trust online”) says hackers exploited a new vulnerability in its user forum to steal the personal data of 245,000 users.
The zero day was dumped on the SecLists security forum on September 23; the exploit developer declining to go down a “responsible disclosure” route.
Another security researcher rapidly followed its publication with a script that scans the internet for vBulletin forums vulnerable to the zero day.
Comodo is unlikely the sole such company affecte
Comodo Hacked: Emails, Names, etc. Leaked
A vulnerability in vBulletin is manna from heaven for hackers as it’s known to be used by organisations such as NASA, games publish EA and games distribution platform Steam.
a zero-day exploits market platform, said the “bugdoor” had been circulating in the exploit community for three years.
Tomi Engdahl says:
IT contractor arrested, Sydney DC raided over sabotage, data breaches
https://www.itnews.com.au/news/software-contractor-arrested-ultimo-dc-raided-over-landmarkwhite-breachs-531758
Riot squad to arrest a software contractor?
Tomi Engdahl says:
The fbi is investigating a cyber attack at Subaru of America. Ransomware on their network was also spread to their parts supplier company
https://www.wishtv.com/news/crime-watch-8/2-lafayette-auto-plants-shut-down-fbi-investigates-ransomware-attack/
Tomi Engdahl says:
How ICE Picks Its Targets in the Surveillance Age
https://www.nytimes.com/2019/10/02/magazine/ice-surveillance-deportation.html
After two officers came to a Pacific Northwest community, longtime residents began to disappear — a testament to the agency’s quiet embrace of big data.
Tomi Engdahl says:
Motorola, known for cellphones, is fast becoming a major player in government surveillance
https://www.nbcnews.com/news/us-news/motorola-company-known-cellphones-fast-becoming-major-player-government-surveillance-n1059551
Motorola Solutions is among the tech firms racing to deliver new ways of monitoring the public.
Tomi Engdahl says:
https://arstechnica.com/tech-policy/2019/09/isps-worry-a-new-chrome-feature-will-stop-them-from-spying-on-you/
Currently, most DNS queries are unencrypted, which raises privacy and security concerns. Google and Mozilla are trying to address these concerns by adding support in their browsers for sending DNS queries over the encrypted HTTPS protocol.
But major Internet service providers have cried foul. In a September 19 letter to Congress, Big Cable and other telecom industry groups warned that Google’s support for DNS over HTTPS (DoH) “could interfere on a mass scale with critical Internet functions, as well as raise data-competition issues.”
On Sunday, The Wall Street Journal reported that the House Judiciary Committee is taking these concerns seriously. In a September 13 letter, the Judiciary Committee asked Google for details about its DoH plans—including whether Google plans to use data collected via the new protocol for commercial purposes.
But Google says that these concerns are groundless. Despite insinuations from telecom companies, Google says, the company has no plans to switch Chrome users to its own DNS servers. And while Google didn’t mention it, the company has plenty of ways to monitor users’ browsing patterns with or without access to their DNS queries.
Tomi Engdahl says:
Attorney General Bill Barr Will Ask Zuckerberg To Halt Plans For End-To-End Encryption Across Facebook’s Apps
https://www.buzzfeednews.com/amphtml/ryanmac/bill-barr-facebook-letter-halt-encryption?__twitter_impression=true
“We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety.”
Tomi Engdahl says:
Facebook encryption threatens public safety, says minister
https://www.bbc.co.uk/news/technology-49919464
UK Home Secretary Priti Patel has sent an open letter to Facebook calling on the firm to rethink its plans to encrypt all messages on its platforms.
The policy threatens “lives and the safety of our children”, she said.
Tomi Engdahl says:
FBI Issues ‘High-Impact’ Cyber Attack Warning
https://www.ic3.gov/media/2019/191002.aspx
Tomi Engdahl says:
Assessing the security of devices by measuring how many difficult things the programmers tried to do
https://boingboing.net/2019/10/03/dumpster-fires-r-us-2.html
Rather than parsing through sourcecode (static analysis) or attempting to disrupt the operations of running code (dynamic analysis), CIT uses “binary analysis,” combing through the compiled firmware of target devices and looking for signs that the programmers who created that firmware made use of techniques that improved security. In other words, they’re not looking at whether the code is secure: they’re looking at whether the programmers took steps to ensure that any errors in their code was protected by hardening techniques.
Tomi Engdahl says:
Iran prepares for cyberwar amid rising tensions, boasts thousands of cyberbattalions
https://fxn.ws/2AJHJjq
Tomi Engdahl says:
Remember the millions of fake net neutrality comments? They weren’t as kosher as the FCC made out
Data was pulled from 2016 credentials hack
https://www.theregister.co.uk/2019/10/04/fake_neutrality_comments/
Tomi Engdahl says:
Virus Bulletin 2019: VoIP Espionage Campaign Hits U.S. Utilities Supplier
https://threatpost.com/voip-espionage-campaign-utilities-supplier/148916/?utm_source=dlvr.it&utm_medium=twitter
An attacker whose motives are unclear compromised an Asterisk server in a highly targeted campaign.
LONDON — A recent attack aimed at a U.S.-based oil, gas and chemical supplier leverages the company’s use of the enterprise-class Asterisk open-source PBX software, used for VoIP services.
Tomi Engdahl says:
Microsoft says Iranian hackers targeted a 2020 presidential candidate
https://techcrunch.com/2019/10/04/microsoft-iran-phosphorous-attack/?tpcc=ECFB2019
Microsoft said it has found evidence that hackers associated with Iran have targeted a 2020 presidential candidate.
The tech giant’s security and trust chief confirmed the attack in a blog post
https://blogs.microsoft.com/on-the-issues/2019/10/04/recent-cyberattacks-require-us-all-to-be-vigilant/
Tomi Engdahl says:
DOJ asks Facebook to halt end-to-end encryption plans (updated)
https://engt.co/2LICyGt
AG Barr wants Mark Zuckerberg to give law enforcement backdoor access to messages.
Tomi Engdahl says:
https://9to5mac.com/2019/10/02/hacked-lightning-cables/?_ga=2.228242969.589128859.1570221199-471518276.1569058944
Tomi Engdahl says:
New Reductor Malware Hijacks HTTPS Traffic
https://threatpost.com/new-reductor-malware-hijacks-https-traffic/148904/
Dubbed Reductor, this malware can manipulate HTTPS traffic by tweaking a browser’s random numbers generator.
Researchers have discovered a new malware strain, dubbed Reductor, that allows hackers to manipulate Hypertext Transfer Protocol Secure (HTTPS) traffic by tweaking a browser’s random numbers generator, used to ensure a private connection between the client and server.
Tomi Engdahl says:
Attackers exploit 0-day vulnerability that gives full control of Android phones
Vulnerable phones include 4 Pixel models, devices from Samsung, Motorola, and others.
https://arstechnica.com/information-technology/2019/10/attackers-exploit-0day-vulnerability-that-gives-full-control-of-android-phones/
Tomi Engdahl says:
DOJ asks Facebook to halt end-to-end encryption plans (updated)
AG Barr wants Mark Zuckerberg to give law enforcement backdoor access to messages
https://www.engadget.com/amp/2019/10/03/doj-facebook-end-to-end-encryption-whatsapp-instagram-messenger/
Tomi Engdahl says:
https://www.technologyreview.com/f/614469/france-plans-to-use-facial-recognition-to-let-citizens-access-government-services/?utm_campaign=site_visitor.unpaid.engagement&utm_source=facebook&utm_medium=social_share&utm_content=2019-10-05&fbclid=IwAR2gjIr5v-KxU8M5DCTgDTosoXZl-kGUBcL6OlwugKI5m9H0UmXMR2BAtdg
Tomi Engdahl says:
QEMU-KVM vhost/vhost_net Guest to Host Kernel Escape Vulnerability
https://blog.kernelcare.com/qemu-kvm-vhost/vhost_net-guest-to-host-kernel-escape-vulnerability
Tomi Engdahl says:
Beijing Launches New Rule: Residents Must Pass Facial Recognition Test to Surf Internet
https://www.theepochtimes.com/beijing-launches-new-rule-residents-must-pass-facial-recognition-test-to-surf-internet_3099181.html
The rule will be implemented from Dec. 1, 2019. In addition, no cell phone or landline number can be transferred to another person privately.
This is an upgraded restriction after the Chinese Ministry of Industry and Information Technology (MIIT) required all applicants to present a valid ID and personal information to register for a cell phone or a landline number since January 2015.
Tomi Engdahl says:
New SIM attacks de-mystified, protection tools now available
https://srlabs.de/bites/sim_attacks_demystified/
Tomi Engdahl says:
SolarPuttyDecrypt
https://voidsec.com/solarputtydecrypt/
Solar-PuTTY is a solarwinds version (with improved GUI and couple more functionalities) of the already well known PuTTY, an SSH (and telnet) client for the Windows platform.
Solar PuTTY, allows its users to store sessions and credentials or private keys for an easy login.
Tomi Engdahl says:
Black activist jailed for his Facebook posts speaks out about secret FBI surveillance
https://www.theguardian.com/world/2018/may/11/rakem-balogun-interview-black-identity-extremists-fbi-surveillance
Tomi Engdahl says:
AMD Ryzen Pro 3000 series desktop CPUs will offer full RAM encryption
Ryzen Pro brings Epyc’s Secure Memory Encryption to the desktop, more or less.
https://arstechnica.com/gadgets/2019/10/amd-ryzen-pro-3000-series-desktop-cpus-will-offer-full-ram-encryption/
Tomi Engdahl says:
Researchers Find New Hack to Read Content Of Password Protected PDF Files
https://thehackernews.com/2019/10/pdf-password-encryption-hacking.html
Tomi Engdahl says:
Why big ISPs aren’t happy about Google’s plans for encrypted DNS
DNS over HTTPS will make it harder for ISPs to monitor or modify DNS queries.
https://arstechnica.com/tech-policy/2019/09/isps-worry-a-new-chrome-feature-will-stop-them-from-spying-on-you/
Tomi Engdahl says:
Amazon may soon be able to track your phone’s location even if you don’t use any of its products or services
https://www.businessinsider.com/amazon-may-soon-be-able-to-track-your-phone-location-2019-9
Amazon’s new mesh network could enable the company to track your phone’s location, even if you don’t use its WiFi or products.
Privacy watchdogs are sounding alarm bells about what that means for the company’s ability to surveil individuals.
Amazon regularly partners with law enforcement, turning over insights from its network of Ring cameras to police.
Tomi Engdahl says:
Rapid Access Tool for many locks
https://www.facebook.com/groups/2600net/permalink/2521516904738086/
Tomi Engdahl says:
Prince Harry is suing The Sun and The Daily Mirror for intercepting private voicemails.
[https://www.foxnews.com/entertainment/prince-harry-sues-tabloids-phone-hacking](https://www.foxnews.com/entertainment/prince-harry-sues-tabloids-phone-hacking)
Tomi Engdahl says:
Google, Xiaomi, and Huawei devices affected by zero-day flaw that unlocks root access
https://thenextweb.com/security/2019/10/04/google-xiaomi-and-huawei-devices-affected-by-zero-day-flaw-that-unlocks-root-access/
Researchers at Google’s security group Project Zero have found an active vulnerability in Android that affects several popular devices including the Pixel 2, Huawei P20 Pro, and Xiaomi Redmi Note 5.
Tomi Engdahl says:
Tom Burt / Microsoft on the Issues:
Microsoft: Iran-linked group, dubbed Phosphorus, attempted to hack 241 accounts belonging to a 2020 presidential campaign and others between Aug. and Sept.
Recent cyberattacks require us all to be vigilant
https://blogs.microsoft.com/on-the-issues/2019/10/04/recent-cyberattacks-require-us-all-to-be-vigilant/
Tomi Engdahl says:
https://hackernoon.com/how-i-hacked-modern-vending-machines-43f4ae8decec
Tomi Engdahl says:
Accessories for the Paranoid uses fake data to stop your devices spying on you
https://www.dezeen.com/2019/06/27/accessories-for-the-paranoid-surveillance-design/
Tomi Engdahl says:
Cybersecurity giant Comodo can’t even keep its own website secure
https://techcrunch.com/2019/10/01/comodo-forum-vbulletin-breach/
Comodo, which bills itself as a “global leader in cybersecurity solutions,” said its forum was hacked.
Tomi Engdahl says:
Jane Zhang / South China Morning Post:
A look at the vast surveillance infrastructure in Chongqing, China, where an estimated 2.58M surveillance cameras cover a population of 15.35M as of 2019
In Chongqing, the world’s most surveilled city, residents are happy to trade privacy for security
https://www.scmp.com/tech/policy/article/3031390/chongqing-worlds-most-surveilled-city-these-residents-are-happy-trade
Whether it is to monitor traffic, prevent petty theft in restaurants or monitor public safety in parks – residents can be sure there is a camera following their every move
As of 2019 Chongqing had about 2.58 million surveillance cameras covering 15.35 million people
Tomi Engdahl says:
Jack Corrigan / Nextgov:
DHS’ new cloud-based HART system, which will house biometric data on 250M+ people via AWS’ GovCloud, promises to significantly expand DHS’ biometric operations — The cloud-based HART system, which will house data on hundreds of millions of people, promises to significantly expand …
Legacy Systems Held DHS’ Biometrics Programs Back. Not Anymore.
https://www.nextgov.com/it-modernization/2019/10/legacy-systems-held-dhs-biometrics-programs-back-not-anymore/160347/
The cloud-based HART system, which will house data on hundreds of millions of people, promises to significantly expand the department’s use of facial recognition and other biometric software, as well as its partnerships with external agencies.
Tomi Engdahl says:
https://thehackernews.com/2019/10/android-kernel-vulnerability.html?m=1
Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world’s most widely used mobile operating system, Android.
What’s more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO Group—infamous for selling zero-day exploits to governments—or one of its customers, to gain control of their targets’ Android devices.
Tomi Engdahl says:
Bill Gates backs $1bn plan to cover earth in video surveillance satellites
https://www.telegraph.co.uk/technology/2018/04/19/bill-gates-backs-1bn-plan-cover-earth-video-surveillance-satellites/
Asatellite company planning to launch a $1bn (£700m) network of satellites to provide “live and unfiltered” coverage of the Earth has been backed by former Microsoft chief executive Bill Gates and Japanese tech giant Softbank.
The tech leaders are backing EarthNow, which plans to launch 500 satellites to cover Earth’s atmosphere in video surveillance and provide live video feedback with only one second of delay.
Tomi Engdahl says:
WhatsApp users urged to update as hackers break into phones just by sending them a GIF
https://www.news.com.au/technology/online/hacking/whatsapp-users-urged-to-update-as-hackers-break-into-phones-just-by-sending-them-a-gif/news-story/6fc5159ad8a406c9d7d7383067d8f645#share-and-comment
Tomi Engdahl says:
How big of a problem are deepfakes, really? Today, an Amsterdam-based startup has published an audit that helps answer that question.
World’s First Deepfake Audit Counts Videos and Tools on the Open Web
https://spectrum.ieee.org/tech-talk/computing/software/the-worlds-first-audit-of-deepfake-videos-and-tools-on-the-open-web
Tomi Engdahl says:
Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC
https://www.vice.com/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec
A new threat actor Kaspersky calls SandCat, believed to be Uzbekistan’s intelligence agency, is so bad at operational security, researchers have found multiple zero-day exploits used by the group, and even caught malware the group was still developing.
Tomi Engdahl says:
No one could prevent another ‘WannaCry-style’ attack, says DHS official
https://tcrn.ch/2OolJCH
The U.S. government may not be able to prevent another global cyberattack like WannaCry, a senior cybersecurity official has said.
“I don’t know that we could ever prevent something like that,” said Manfra, referring to another WannaCry-style attack. “We just have something that completely manifests itself as a worm. I think the original perpetrators didn’t expect probably that sort of impact,” she added.
“Updating your patches would have prevented a fair amount of people from from being a victim,” said Manfra. Yet data shows that two years after the attacks, more than a million computers remained vulnerable to the ransomware.
Manfra said “bad things are going to happen,” but that efforts to mobilize government and the private sector can help combat cyberattacks as they emerge.
Tomi Engdahl says:
It is surprising, but maybe not unforeseen, that iOS’ image of invincibility would one day falter. That day is here, as Android and iOS platforms have traded places, with prices for unpublished #Android #exploits commanding 25% more cash than equivalent iOS zero-days.
https://www.eset.com/blog/consumer/trading-places-exploits-valued-as-commodities/?utm_source=Facebook&utm_medium=cpc&utm_campaign=corporate-blog&utm_term=trading-places&utm_content=blog
Tomi Engdahl says:
Copycat coders create ‘vulnerable’ apps
https://www.bbc.com/news/technology-49960387
Lazy developers who copy solutions to tricky programming problems are creating apps that are vulnerable to attack, research suggests.
A team of computer scientists looked at more than 72,000 chunks of code found on the Stack Overflow website.
But researchers found many of the most copied snippets lacked basic checks that would stop common attacks.
The most widely used insecure code blocks turned up in more than 2,800 separate projects on the Github website, they found.
An Empirical Study of C++ Vulnerabilities in Crowd-Sourced Code Examples
https://arxiv.org/abs/1910.01321
Tomi Engdahl says:
Bloomberg:
Trump admin blacklists eight Chinese tech companies, including video surveillance camera giants, implicated in human rights violations against Muslim minorities — – Move comes as U.S.-China high-level trade talks set to resume — Action targets Chinese surveillance companies, public entities
U.S. Blacklists Eight Chinese Tech Companies on Rights Violations
https://www.bloomberg.com/news/articles/2019-10-07/u-s-blacklists-eight-chinese-companies-including-hikvision-k1gvpq77
The companies include two video surveillance companies — Hangzhou Hikvision Digital Technology Co. and Zhejiang Dahua Technology Co. — that by some accounts control as much as a third of the global market for video surveillance and have cameras all over the world.
Also targeted were SenseTime Group Ltd. — the world’s most valuable artificial intelligence startup — and fellow AI giant Megvii Technology Ltd., which is said to be aiming to raise up to $1 billion in a Hong Kong initial public offering. Backed by Chinese e-commerce giant Alibaba Group Holding Ltd., the pair are at the forefront of China’s ambition to dominate AI in coming years.
Tomi Engdahl says:
New technology uses Wi-Fi signals to identify people on the other side of a wall by the way they walk.
Wi-Fi signals let researchers ID people through walls from their gait
https://nakedsecurity.sophos.com/2019/10/07/wi-fi-signals-let-researchers-id-people-through-walls-from-their-gait/