This posting is here to collect cyber security news in October 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
223 Comments
Tomi Engdahl says:
Mark Zuckerberg admits Facebook scans some of the contents of your private Messenger conversations in the latest blow to the scandal hit firm
http://www.dailymail.co.uk/sciencetech/article-5578619/Facebook-scans-contents-private-Messenger-texts.html?ito=social-facebook
He was informed that their systems had blocked attempts to send inflammatory Messenger instant messages about ethnic cleansing in Myanmar.
About the experience, the 33-year-old billionaire said: ‘In that case, our systems detect what’s going on.
‘We stop those messages from going through.’
The company told the website that it uses the same tools to prevent abuse in messages that are in place across Facebook as a whole.
Users are also able to flag posts or messages that they feel are in violation of the site’s house rules.
This will either cause one of the social network’s community operations team to manually review the content, or automated systems can also make decisions.
Tomi Engdahl says:
https://arstechnica.com/information-technology/2019/10/alexa-and-google-home-abused-to-eavesdrop-and-phish-passwords/
Tomi Engdahl says:
https://www.kyberturvallisuuskeskus.fi/fi/nollapaivahaavoittuvuus-linuxin-realtek-wifi-ajurissa-rtlwifi
Tomi Engdahl says:
https://threatpost.com/new-reductor-malware-hijacks-https-traffic/148904/
Tomi Engdahl says:
https://www.cyberciti.biz/faq/configure-ubuntu-pi-hole-for-cloudflare-dns-over-https/
Tomi Engdahl says:
Firefox 70 arrives with social tracking blocked by default, privacy report, and performance gains on macOS
https://venturebeat.com/2019/10/22/mozilla-firefox-70/
With Firefox 70, Mozilla now also includes social tracking protection under the Standard setting. It blocks cross-site tracking cookies from sites like Facebook, Twitter, and LinkedIn.
Mozilla today estimated that Firefox has blocked more than 450 billion tracking requests since July 2 (some 10 billion every day). While this mainly happens in the background, Mozilla wants to give Firefox users more visibility into how they’re being tracked online.
To access your report, click the shield icon in Firefox’s address bar and then Show Report
“The industry uses dark patterns to push people to ‘consent’ to an unimaginable amount of data collection. These interfaces are designed to push you to allow tracking your behavior as you browse the web,” Selena Deckelmann, Mozilla senior director, said in a statement.
Tomi Engdahl says:
“YOUR CITY HAS BEEN HACKED” — A hacker group going by the name of Shadow Kill Hackers is holding South Africa’s largest city for ransom, demanding 4 bitcoins from Johannesburg authorities, or they’ll upload stolen city data on the internet. The deadline is October 28, 5 pm, local time, according to a message from the hackers. “Your servers and data have been hacked,” the note reads. “We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.”
City of Johannesburg held for ransom by hacker gang
https://www.zdnet.com/article/city-of-johannesburg-held-for-ransom-by-hacker-gang/
Tomi Engdahl says:
These 17 iPhone apps have been removed from the Apple App Store for delivering malware
https://www.zdnet.com/article/these-17-iphone-apps-have-been-removed-from-the-apple-app-store-for-delivering-malware/
Tomi Engdahl says:
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
https://thehackernews.com/2019/10/nginx-php-fpm-hacking.html
The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM
The main vulnerability is an “env_path_info” underflow memory corruption issue in the PHP-FPM module, and chaining it together with other issues could allow attackers to remotely execute arbitrary code on vulnerable web servers.
Tomi Engdahl says:
Watch Edward Snowden detail how phones are used to spy on you
https://www.androidauthority.com/watch-edward-snowden-phones-spying-1045817/?_ga=2.128212164.995104154.1572163524-471518276.1569058944
Smartphones are an important way for governments, tech companies and bad actors to snoop on you, as you leave a digital paper trail. But how does this happen?
Snowden noted that the biggest change in how the government conducts surveillance is that it’s moved to a “mobile-first” approach owing to the prevalence of smartphones.
The whistleblower said that carriers are able to track your device and therefore figure out your identity via cellular towers. Snowden adds that the movements of your phone are the movements of you as a person and are unique, as you go to your home and workplace every day.
Tomi Engdahl says:
Unless your a pedophile, terrorist, or paranoid, this should be good news…?
Trump signs bill renewing NSA’s internet surveillance program
https://www.reuters.com/article/us-usa-trump-cyber-surveillance-idUSKBN1F82MK?fbclid=IwAR3CBtwC2ry3RsC-VFZWlDbMOCxjNV2nDQJM2jDYt0ptUVdmXpPkxy50D7w
Tomi Engdahl says:
FTC has banned a stalkerware company from selling its spouse-spying software unless they take measures to ensure it’s being used only for legitimate purposes. The FTC’s [announcement](https://www.ftc.gov/news-events/press-releases/2019/10/ftc-brings-first-case-against-developers-stalking-apps) said it was the “first action” its taken against a stalkerware app-maker, Retina-X, which is “designed to run surreptitiously in the background and are uniquely suited to illegal and dangerous uses,” according to the agency. [https://www.vice.com/en_us/article/7x5m5a/ftc-bans-retinax-from-selling-stalkerware](https://www.vice.com/en_us/article/7x5m5a/ftc-bans-retinax-from-selling-stalkerware)
Tomi Engdahl says:
Thanks to Michael Gillespie, an obscure programmer at a Nerds on Call repair store, hundreds of thousands of ransomware victims have recovered their files for free.
The Ransomware Superhero of Normal, Illinois
https://www.propublica.org/article/the-ransomware-superhero-of-normal-illinois
Tomi Engdahl says:
FireEye: “APT41 compromised company behind TeamViewer – which enabled them to access *any* system with TeamViewer installed”
https://meterpreter.org/fireeye-apt41-compromised-company-behind-teamviewer-which-enabled-them-to-access-any-system-with-teamviewer-installed/
The well-known remote control software TeamViewer was hacked many years ago, and some of the user computers were controlled by hackers and installed backdoors to steal data. But even now the company does not admit that the server was attacked. On the contrary, the developers said that users were attacked mainly by leaking remote IDs and passwords. However, it is shocking that the security company has once again revealed that TeamViewer has been hacked.
Recently, the leading security company FireEye, Chief Security Architect, Christopher Glyer wrote the news on Twitter that TeamViewer was hacked and leaked the user’s account password. This hacker group is known as APT41,
https://mobile.twitter.com/cglyer/status/1182413194360508419
Tomi Engdahl says:
New cyberattacks targeting sporting and anti-doping organizations
https://blogs.microsoft.com/on-the-issues/2019/10/28/cyberattacks-sporting-anti-doping/
Today we’re sharing that the Microsoft Threat Intelligence Center has recently tracked significant cyberattacks originating from a group we call Strontium, also known as Fancy Bear/APT28, targeting anti-doping authorities and sporting organizations around the world. As the world looks forward with anticipation to the Tokyo Summer Games in 2020, we thought it important to share information about this new round of activity.
At least 16 national and international sporting and anti-doping organizations across three continents were targeted in these attacks which began September 16th
Tomi Engdahl says:
EU data watchdog raises concerns over Microsoft contracts
https://www.euractiv.com/section/digital/news/eu-data-watchdog-raises-concerns-over-microsoft-contracts/
Microsoft’s contracts with European Union institutions do not fully protect data in line with EU law, the European Data Protection Supervisor (EDPS) said in initial findings published on Monday (21 October).
Tomi Engdahl says:
So earlier they were not accepting it but now finally they did.
News link : https://www.indiatoday.in/india/story/kudankulam-nuclear-power-plant-dtrack-north-korea-atms-1614200-2019-10-30
Tomi Engdahl says:
45,000 Android devices infected by new unremovable xHelper malware
https://thenextweb.com/security/2019/10/30/45000-android-devices-infected-by-new-unremovable-xhelper-malware/
A new kind of Android malware capable of reinstalling itself even after being manually removed has reportedly infected more than 45,000 Android devices over the last six months
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware
Tomi Engdahl says:
Hackers hijacked the capital’s surveillance cameras days before Trump’s inauguration and said it was easy
But they didn’t cover their tracks
https://www.theverge.com/2019/10/30/20939885/surveillance-hack-trump-inauguration-ransomware-hackers-washington-dc
An article from The Wall Street Journal details how hackers Alexandru Isvanca and Eveline Cismaru seized control of Washington, DC’s surveillance cameras right before Trump’s inauguration.
In the end, they controlled 126 out of 186 DC police computers, which in turn controlled the surveillance cameras.
The Hapless Shakedown Crew That Hacked Trump’s Inauguration
https://www.wsj.com/articles/the-hapless-shake-down-crew-that-hacked-trumps-inauguration-11572014333
Days before the big event, hackers seized control of the capital’s surveillance cameras and demanded a ransom. Then everything spiraled out of control.
Tomi Engdahl says:
Educational spyware company to school boards: hire us to spy on your kids and we’ll help you sabotage teachers’ strikes
https://boingboing.net/2019/10/23/blame-bill-clinton.html?fbclid=IwAR0pcovb48cDF-_oNvFDTjDNw0x-S2TzIUEEt2gMNfHqsZ-f4E0Q6hrdcHE
Gaggle is one of a handful of creepy companies that sell surveillance software to school districts, which monitor every keystroke and click on school networks — they’re the latest evolution in spy-on-kids tech, which started off by promising that they’d stop kids from seeing porn, then promised they could end bullying, and now advertise themselves as a solution for school shootings, under the banner of being a “Safety Management Platform.”
Gaggle has plenty of competition from the likes of Securely and Goguardian.
Tomi Engdahl says:
Beware! This Android Malware Can’t Be Removed Even After Factory Reset
https://fossbytes.com/android-malware-cant-removed-after-factory-reset/
has affected 45,000 Android devices to date. The malware dubbed xHelper
Spread By Websites That Allow Sideloading Of Apps
Grandad says:
I’m a long time user of Nordvpn, never had any issues while torrenting etc. I’ve read the full blog post about that “hack” and I’m leaning towards giving them the benefit of the doubt… it sounds like their response was the proper one. I feel even more safe now coz I know that they do not log anything
Tomi Engdahl says:
“Worldwide fraud networks have recently shifted to using CS:GO keys to liquidate their gains. At this point, nearly all key purchases that end up being traded or sold on the marketplace are believed to be fraud-sourced,” Valve says.
https://www.vice.com/en_us/article/8xw7nx/nearly-all-counter-strike-microtransactions-are-being-used-for-money-laundering