This posting is here to collect cyber security news in November 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
117 Comments
Tomi Engdahl says:
Your Body’s Bioacoustic Signatures Could Be Used to Identify You
https://www.hackster.io/news/your-body-s-bioacoustic-signatures-could-be-used-to-identify-you-c0c72d1aa9cf
Researchers from South Korea have released a study describing a method of identifying people by using their bodies’ bioacoustic signatures.
Tomi Engdahl says:
Intel disables Hardware Lock Elision on all current CPUs and Linux patches added to allow the sysadmin the option to disable TSX https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c2955f270a84762343000f103e0640d29c7a96f3
Tomi Engdahl says:
Hacker was detected after creating a giant archive file that took up all the free disk space. Had been inside the company’s network for almost two years, undetected.
Company discovered it was hacked after a server ran out of free space
https://www.zdnet.com/article/company-discovered-it-was-hacked-after-a-server-ran-out-of-free-space/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook
Hacker was detected after creating a giant archive file that took up all the free disk space. Had been inside the company’s network for almost two years, undetected.
Tomi Engdahl says:
Who Stole My Face? The Risks Of Law Enforcement Use Of Facial Recognition Software
Who knows what extremes we’ll go to camouflage ourselves in a world where facial surveillance is the norm?
https://abovethelaw.com/2019/11/who-stole-my-face-the-risks-of-law-enforcement-use-of-facial-recognition-software/
Tomi Engdahl says:
Does facial recognition software threaten our freedom?
https://www.kcrw.com/news/shows/to-the-point/does-facial-recognition-software-threaten-our-freedom
Surveillance cameras are capturing what we do on the streets, at airports, in stores, and in much of our public space. Facial recognition software is touted as making us safer. But mass surveillance has downsides of major proportions.
Tomi Engdahl says:
(https://www.theverge.com/2019/11/11/20959865/google-chrome-slow-sites-badge-system-chrome-dev-summit-2019)ntercepting the loading of every single web page users visit doesn’t sound like a feature. It sounds like a privacy concern.
Tomi Engdahl says:
The NSA has stopped collecting location data from US cellphones without a warrant
Intelligence agencies stopped the practice last year
https://www.theverge.com/2019/11/14/20965354/nsa-intelligence-no-warrant-phone-location-data-collection
Tomi Engdahl says:
A VARIANT OF ZOMBIELOAD FLAW HITS INTEL’S NEWEST CASCADE LAKE CHIPS
https://headleaks.com/2019/11/14/a-variant-of-zombieload-flaw-hits-intels-newest-cascade-lake-chips-T283eTNYUUh0OFprQTZrYlpZRDNMdz09
Tomi Engdahl says:
Officials warn about the dangers of using public USB charging stations
Travelers should use only AC charging ports, use USB no-data cables, or “USB condom” devices.
https://www.zdnet.com/article/officials-warn-about-the-dangers-of-using-public-usb-charging-stations/
Travelers are advised to avoid using public USB power charging stations in airports, hotels, and other locations because they may contain dangerous malware
Tomi Engdahl says:
Thousands of hacked Disney+ accounts are already for sale on hacking forums
Hackers began hijacking accounts hours after Disney+ launched earlier this week.
https://www.zdnet.com/article/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums/
Tomi Engdahl says:
The myth of the sophisticated hacker
https://amp.axios.com/sophisticated-hacker-cybersecurity-labour-party-f2137c08-0dec-4413-94d8-8f6729b6ec96.html
On Tuesday, the U.K.’s Labour Party became the latest in a decade-long line of victims to claim they were targeted by a “sophisticated” cyberattack that wasn’t, actually, very sophisticated.
The big picture: It’s the latest lexical stretch for an adjective that’s widely used in reports of cybersecurity incidents — and widely loathed by researchers as a result. If everything is sophisticated, nothing is sophisticated.
Driving the news: Labour ultimately faced what’s known as a denial of service attack, a way of overwhelming servers with a ton of traffic. It’s a digital blunt force attack — harmful, yes, but hardly sophisticated. Labour was not alone.
Tomi Engdahl says:
Nettikansa hämmentyi: Gigantin nettisivuilta pystyy katsomaan kenen tahansa julkiset yhteystiedot
https://www.iltalehti.fi/digiuutiset/a/bd10538a-a08d-4e60-8e55-9664d7ca1edf
Gigantin sivuilla voi hakea puhelinnumerolla kenen tahansa yhteystiedot, jos ne ovat julkisia. Iltalehti on saanut lukijoilta useita yhteydenottoja aiheesta, ja aiheesta on myös keskusteltu eri nettifoorumeilla.
Puhelinnumerolla haettaessa tosiaan avautuivat henkilön etunimi, sukunimi sekä osoitetiedot.
Gigantin markkinointijohtaja Sami Särkelän mukaan Gigantin nettisivun rekisteröitymislomake hakee puhelinnumeron perusteella julkisesti saatavilla olevia yhteystietoja, joita esimerkiksi numeropalvelut käyttävät.
– Suomessa puhelinnumero- ja osoitetiedot ovat lähtökohtaisesti julkisia, jotka kuka vaan voi selvittää esimerkiksi erilaisista numeropalveluista. Meidän sivusto toimii siten, että jos tiedot ovat julkisia, järjestelmä täyttää lomakkeeseen tiedot automaattisesti puhelinnumeron perusteella, Särkelä perustelee.
Tietojen keräämiseen Gigantti käyttää Bisnode-yrityksen yhteystieto- ja henkilömarkkinointirekisteriä.
– Toimintamalli on yleinen verkkokaupoissa ja muissa palveluissa
Tomi Engdahl says:
Andrew Yang wants you to make money off your data by making it your personal property
https://www.businessinsider.com/andrew-yang-data-ownership-property-right-policy-2019-11
Tomi Engdahl says:
Amazon Is an Even Bigger Threat to Privacy Than Facebook
With its Ring doorbell, the tech giant can now see what you buy, what you browse, and who you’re letting into your home
https://gen.medium.com/amazon-is-an-even-bigger-threat-to-privacy-than-facebook-a52638e9e314
Tomi Engdahl says:
Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies
It’s a reward for hacktivists and criminals who break into capitalist institutions, offered by one of the most infamous hackers of all time
https://www.vice.com/amp/en_us/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies
An infamous vigilante hacker known for their hits on surveillance companies is launching a new kind of bug bounty to reward hacktivists who do public interest hacks and leaks.
The hacker, known as Phineas Fisher, published a new manifesto on Friday, offering to pay hackers up to $100,000 in what they called the ‘Hacktivist Bug Hunting Program.” The idea is to pay other hackers who carry out politically motivated hacks against companies that could lead to the disclosure of documents in the public interest. The hacker said he will pay in cryptocurrency, such as Bitcoin or Monero.
To be clear, this is basically a bug bounty that incentivizes criminal activity.
“I think hacking is a powerful tool, and hacktivism has only been used to a fraction of its potential,” Phineas Fisher told Motherboard. “And a little investment can help to develop that, the golden years [of hacktivism] are yet to come.”
“I robbed a bank and gave the money away,” Phineas Fisher wrote in the manifesto.
“In the digital era, robbing a bank is a non-violent act, less risky, and the reward is higher than ever,” they wrote.
Tomi Engdahl says:
Exclusive: Interpol plans to condemn encryption spread, citing predators, sources say
https://www.reuters.com/article/us-interpol-encryption-exclusive-idUSKBN1XR0S7
The international police organization Interpol plans to condemn the spread of strong encryption in a statement Monday saying it protects child sex predators, three people briefed on the matter told Reuters.
Echoing a joint letter last month from the top law enforcement officials in the United States, United Kingdom and Australia, the larger group will cite difficulties in catching child sexual predators as grounds for companies opening up user communications to authorities wielding court warrants.
“Service providers, application developers and device manufacturers are developing and deploying products and services with encryption which effectively conceals sexual exploitation of children occurring on their platforms,” a draft of the resolution seen by Reuters said.
Tomi Engdahl says:
Russia is building one of the world’s largest facial recognition networks
https://codastory.com/authoritarian-tech/russia-facial-recognition-networks/
According to some projections, it may even be bigger than China’s 200 million camera system
Tomi Engdahl says:
How the Iranian Government Shut Off the Internet
After years of centralizing internet control, Iran pulled the plug on connectivity for nearly all of its citizens.
https://www.wired.com/story/iran-internet-shutoff/
Amid widespread demonstrations over rising gasoline prices, Iranians began experiencing internet slowdowns over the past few days that became a near-total internet and mobile data blackout on Saturday. The government is apparently seeking to silence protesters and quell unrest. So how does a country like Iran switch off internet access to a population of more than 80 million? It’s not an easy thing to do.
Though some countries, namely China, architected their internet infrastructure from the start with government control in mind, most don’t have a central set of levers they can pull to influence countrywide access to content or connectivity. But regimes around the world, including those in Russia and Iran, have increasingly been retrofitting traditional private and decentralized networks with cooperation agreements
Tomi Engdahl says:
Pemex ransomware attack: Mexico Oil, Gas Recovery Update.
https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/pemex-recovery-update/
How the Mexican state oil and gas conglomerate is striving to bring
systems back online.
Tomi Engdahl says:
Someone is using the ‘Cozy Bear’ moniker to scare DDoS victims into
bitcoin payments
https://www.cyberscoop.com/cozy-bear-ddos-ransom-akamai/
Multiple companies have reported to the security vendor Akamai that
they were hit with a distributed denial-of-service attack, which
degrades victims web services by overwhelming them with fake traffic.
After a brief DDoS hit, victims say they receive an extortion note
from a group claiming to be Cozy Bear, a state-sponsored Russian
hacking group..
Tomi Engdahl says:
Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies
https://www.vice.com/en_us/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies
Its a reward for hacktivists and criminals who break into capitalist
institutions, offered by one of the most infamous hackers of all time.
Tomi Engdahl says:
Hello Guys ! Are you using Whatsapp ? If yes you could update it to the latest version quickly …
A new bug on Whatsapp, based on MP4 videos flaws, has been revealed by Facebook. This vulnerability could lead to denial of service attacks or remote code execution.
https://headleaks.com/2019/11/19/whatsapp-mp4-videos-flaw-allows-hackers-to-execute-code-remotely-MW5YYm9NOWpTbUFUdzV5U2MyZjI5Zz09
Tomi Engdahl says:
Docker Patched the Most Severe Copy Vulnerability to Date With CVE-2019-14271
https://unit42.paloaltonetworks.com/docker-patched-the-most-severe-copy-vulnerability-to-date-with-cve-2019-14271/
In the last few years, several vulnerabilities in the copy (cp) command were found in various container platforms, including Docker, Podman and Kubernetes. The most severe among those was only recently discovered and disclosed in July. Surprisingly, it gained almost no immediate attention, perhaps due to an ambiguous CVE description and a lack of a published exploit.
CVE-2019-14271 was marked as critical and fixed in Docker version 19.03.1. The following research is an overview of CVE-2019-14271 and the first Proof of Concept (PoC) of the vulnerability.
Tomi Engdahl says:
SECURITY RESEARCHERS FIND OUT-OF-THE-BOX VULNERABILITIES AT 29 ANDROID BRANDS
https://headleaks.com/2019/11/18/security-researchers-find-out-of-the-box-vulnerabilities-at-29-android-brands-Uk41eFlzS3h0ejZOY3M5ZFhsOXFydz09
Security research company Kryptowire has once again made a round-up of vulnerabilities present out of the box in Android phones. This concerns 146 CVE’s on devices from 29 different manufacturers.
Samsung has 33 vulnerabilities, resulting from six pre-installed applications. Two of those six applications are being developed by external parties and Samsung is referring the company to those developers, writes Wired, who spoke with Kryptowire and Samsung.
Regarding the remaining four, Samsung states that the Android Security Framework addresses the vulnerabilities, but Kryptowire maintains that third-party attacks in the supply chain are still possible.
Tomi Engdahl says:
Cops Can Now Get Warrants for Entire DNA Websites
https://futurism.com/cops-warrant-entire-dna-websites
With just a single warrant, a Florida detective obtained access to the DNA profiles of more than a million people — and experts say the case sets a dangerous precedent.
Ancestry.com and 23andMe are the largest consumer DNA sites, holding genetic data on 15 million and 10 million people, respectively. However, they aren’t the only DNA sites out there — a smaller service, GEDmatch, currently has about 1.3 million users, each of whom is able to search the site’s entire database.
Tomi Engdahl says:
Hackers hit UK political parties with back-to-back cyberattacks
https://www.reuters.com/article/us-britain-election-labour-cyber/hackers-hit-uk-political-parties-with-back-to-back-cyberattacks-idUSKBN1XM19I
Hackers hit Britain’s two main political parties with back-to-back cyberattacks on Tuesday, sources told Reuters, attempting to force political websites offline with a flood of malicious traffic just weeks ahead of a national election.
The attacks come after Britain’s security agencies have warned that Russia and other countries may attempt to disrupt the Dec. 12 vote with cyberattacks or divisive political messages on social media, a charge Moscow denies.
Tomi Engdahl says:
RNC FUNDED ROUGHLY 11,000 AUTOMATED CALLS TO JAM UP HOUSE DEMOCRATS’ PHONE LINES AMID IMPEACHMENT BATTLE: REPORT
https://www.newsweek.com/rnc-funded-roughly-11000-automated-calls-jam-house-democrats-phone-lines-amid-impeachment-1469719
Two unnamed sources briefed on the effort told The New York Times that the coordinated phone blast tactic aimed to shape public opinion of the investigation, as well as simply to tie up the phone lines of the elected officials. Approximately 11,000 calls were reportedly made as part of the scheme.
Tomi Engdahl says:
Windows users, beware: This fake update could lock up your PC, or worse
Updating to Windows 10? Don’t fall victim to this spam email attack.
https://www.cnet.com/news/windows-users-beware-this-fake-update-could-lock-up-your-pc-or-worse/
Tomi Engdahl says:
Why ISPs should not get their hands on my router http://www.zoobab.com/berec-routers-consultation Also a link to the security problems http://www.hackitoergosum.org/2010/HES2010-bhenrion-Hacking-the-Belgacom-Box2.pdf
Tomi Engdahl says:
Google Confirms Android Camera Security Threat: ‘Hundreds Of Millions’ Of Users Affected
https://www.forbes.com/sites/daveywinder/2019/11/19/google-confirms-android-camera-security-threat-hundreds-of-millions-of-users-affected/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269
Tomi Engdahl says:
New Phoenix Keylogger tries to stop over 80 security products to avoid detection
Phoenix linked to more than 10,000 infections since the malware’s launch on a hacking forum in July.
https://www.zdnet.com/article/new-phoenix-keylogger-tries-to-stop-over-80-security-products-to-avoid-detection/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook
Tomi Engdahl says:
Army To Review TikTok Security After Warning From Schumer
https://www.forbes.com/sites/isabeltogoh/2019/11/22/army-to-review-tiktok-security-after-warning-from-schumer/?utm_source=FACEBOOK&utm_medium=social&utm_term=Gordie/#676f7264696
TikTok is owned by Chinese tech firm ByteDance and boasts more than 26 million monthly active users in the U.S., most of whom are aged between 16 and 24.
Schumer voiced concerns over TikTok handled users’ personal data, and Chinese laws that require local tech companies to “support and cooperate” with China’s intelligence agencies.
Tangent: The U.S. military has turned to social media platforms like TikTok in recent years in a bid to reach young Americans, and boost the number of recruits after it fell short of its target last year.
Tomi Engdahl says:
Making Reference to ‘State Secrets,’ China Moves to Restrict Vulnerability Disclosures
https://www.caixinglobal.com/2019-11-21/making-reference-to-state-secrets-china-moves-to-restrict-vulnerability-disclosures-101485876.html?cxg=wap&Sfrom=facebook
The Ministry of Public Security and the Cyberspace Administration of China (CAC) are seeking public comment on draft regulations that could restrict public vulnerability disclosures, requiring those who seek to expose computer security issues to instead report them to public security bureaus and the country’s internet regulator first.
Though the authorities have previously cracked down on privacy violations, this marks the first time they have sought to limit discussion of Chinese networks’ vulnerability to hacking.
Spreading information on cybersecurity threats “should have the promotion of online safety awareness and technique as its purpose … and must not harm national security and public interest,”
Tomi Engdahl says:
Chinese spy defects to Australia, alleging election interference and cybercrimes
https://tcrn.ch/2KLvh89
A purported agent of the Chinese intelligence service is seeking asylum in Australia, bringing with him explosive allegations of widespread interference in political affairs in that country, Taiwan and elsewhere. He claims also to have run a cyberterrorism campaign against supporters of Hong Kong independence.
Tomi Engdahl says:
How a bank got hacked (a study in how not to secure your networks)
https://www.csoonline.com/article/3454443/how-a-bank-got-hacked-a-study-in-how-not-to-secure-your-networks.html
Notorious hacker Phineas Phisher claims to have netted hundreds of thousands of pounds sterling in a 2016 hack of the Cayman National Isle of Man Bank. Here’s how he did it and why it’s cause for concern.
Robbing a bank is easier than you might think, especially if you don’t care which bank you rob, according to a “how to rob a bank” manifesto by the apparently vigilante hacker Phineas Phisher. The PwC incident response report, which Phineas Phisher leaked, backs up that claim.
In a press release, Cayman National acknowledged the attack, claiming, “At this time, there is no evidence of financial theft or fraud relating to CNBIOM or CNTIOM clients, or to Cayman National.” It made no reference to a financial loss by the bank itself.
Reviewing the methods Phineas Phisher used offers insight into how vulnerable our financial infrastructure is to attackers and provides a glimpse into how a modestly skilled individual, or group of individuals, got away with a bank heist.
Tomi Engdahl says:
Warning lights for airplanes were exposed to the open internet
Motherboard: Filed under “things you really don’t want on the internet.” A security researcher found a control panel for warning lights, used to help aircraft avoid tall structures, connected to the internet and reported them to the U.S. federal aviation authority.
Lights That Warn Planes of Obstacles Were Exposed to Open Internet
https://www.vice.com/en_us/article/7x5nkg/airplane-warning-lights-hacked?utm_campaign=sharebutton
The panel “provides controls to change the intensity of the light fixtures, turn them on, and turn them off.”
Control panels for lights placed on tall structures to warn airplanes not to hit them were exposed to the open internet, meaning hackers could have turned the lights off.
The news highlights how sensitive systems intended only for internal use by a certain team of people can accidentally be exposed to the wider internet, including those with malicious intent.
Dan found at least 46 control panels online for light systems, including in Baltimore; Tuscola, IL; Decatur, TX; as well as Ontario in Canada, according to a list of IP addresses and other details he provided to Motherboard.
Dan shared some of his correspondence with the FAA and the company that makes the light systems, called Dialight, with Motherboard.
“It appears that this vulnerability allows users to access the control panel of the Obstruction Light Control system, and provides controls to change the intensity of the light fixtures, turn them on, and turn them off,” an FAA official wrote in a letter as part of the vulnerability disclosure process.
“The FAA does not generally govern accessibility and the security of non-federal obstruction lighting systems, however, this vulnerability does create a safety concern that the FAA agrees should be addressed,” the letter reads. The letter says a senior FAA employee replicated the issue and warned a contact at Dialight, who then assembled a team to address the problem. Dialight identified all of their impacted customers, and are assisting with fixes, the letter adds.
Tomi Engdahl says:
Another example of why UN involvement in Internet Governance is a Bad Idea.
“the resolution calls for a check on the “use of information and communications technologies for criminal purposes.” Which activities it aims to curb exactly is unclear.
Thirty-six rights groups argue in a letter that the resolution is so vague that it could lead to the criminalization of ordinary online activities that journalists, human rights groups, and other members of civil society rely on, such as using encrypted chat applications.
The resolution could also “give wide-ranging power to governments to block websites deemed critical of the authorities, or even entire networks, applications and services that facilitate online exchange of and access to information””
“Monday’s resolution was also sponsored by China, Cuba, North Korea, Nicaragua, Syria, Venezuela, and 39 other countries, according to the U.N. General Assembly Third Committee Chair Christian Braun.”
The U.N. passed a resolution that gives Russia greater influence over internet norms
https://www.cyberscoop.com/un-resolution-internet-cybercrime-global-norms/
A cybercrime-focused resolution backed by Russia passed Monday in the United Nations, despite calls from the U.S. that the measure would further hamper efforts to root out crime on the internet.
The resolution, which passed 88-58 with 34 abstentions, aims to establish a group to examine cybercrime and set up a convention to prevent it. However, human rights groups have argued that the resolution is actually an effort by the Kremlin to expand its model of state-backed internet control.
Tomi Engdahl says:
Police can keep Ring camera video forever, and share with whomever they’d like, company tells senator
https://www.stripes.com/police-can-keep-ring-camera-video-forever-and-share-with-whomever-they-d-like-company-tells-senator-1.607928
Tomi Engdahl says:
Sand thieves believed to be behind epidemic of Chinese GPS jamming
https://boingboing.net/2019/11/19/gps-spoofers-r-us.html
Tomi Engdahl says:
Leaked Chinese government documents detail how tech is used to escalate the persecution of Uighurs
https://tcrn.ch/2DfRGX3
Tomi Engdahl says:
Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts
Multiple Mobile Apps
https://blog.trendmicro.com/trendlabs-security-intelligence/patched-gif-processing-vulnerability-cve-2019-11932-still-afflicts-multiple-mobile-apps/
CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was
first disclosed to the public on October 2, 2019 after a researcher
named Awakened discovered that attackers could use maliciously crafted
GIF files to allow remote code execution. The vulnerability was
patched with version 2.19.244 of WhatsApp, but the underlying problem
lies in the library called libpl_droidsonroids_gif.so, . which is part
of the android-gif-drawable package. While this flaw has also been
patched, many applications still use the older version and remain at
risk.
Tomi Engdahl says:
“Debug mode” in popular webdev tool exposes credentials for hundreds of websites, including Donald Trump’s
https://www.comparitech.com/blog/vpn-privacy/debug-mode-exposes-credentials/
Hundreds of websites made using a popular web development tool have exposed sensitive data to anyone with a web browser. They include Donald Trump’s official campaign website, potentially allowing attackers to hijack the site’s email server.
The tool, a PHP framework called Laravel, includes a “debug mode” that lets developers identify errors and misconfigurations before websites go live. The problem is that many developers fail to disable the debug mode after going live, exposing backend website details like database locations, passwords, secret keys, and other sensitive info.
Tomi Engdahl says:
Amazon Ring IS a suspicious object / activity?
Amazon’s Ring Planned Neighborhood “Watch Lists” Built on Facial Recognition
https://theintercept.com/2019/11/26/amazon-ring-home-security-facial-recognition/
RING, AMAZON’S CRIMEFIGHTING surveillance camera division, has crafted plans to use facial recognition software and its ever-expanding network of home security cameras to create AI-enabled neighborhood “watch lists,” according to internal documents reviewed by The Intercept.
The planning materials envision a seamless system whereby a Ring owner would be automatically alerted when an individual deemed “suspicious” was captured in their camera’s frame, something described as a “suspicious activity prompt.”
Tomi Engdahl says:
Just another day in an enterprise IT
HPE Drive (SAS Solid State Drives) fail at 32,768 hours without firmware update https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us Update can be applied using Linux, Windows and VMware ESxi servers. #sysadmin
Tomi Engdahl says:
Report: Cyber Criminals Are Using YouTube To Install Cryptojacking Malware
https://cointelegraph.com/news/cyber-criminals-are-using-youtube-to-install-cryptojacking-malware/amp
Slovakian software security firm Eset has uncovered that cyber criminals behind the Stantinko botnet have been distributing a Monero (XMR) cryptocurrency mining module via Youtube.
On Nov. 26, the major antivirus software supplier Eset reported that the Stantinko botnet operators have expanded their criminal reach from click fraud, ad injection, social network fraud and password stealing attacks, into installing crypto malware on victims’ devices using Youtube.
https://www.welivesecurity.com/2019/11/26/stantinko-botnet-adds-cryptomining-criminal-activities/
Tomi Engdahl says:
Security firm Prosegur: We’ve shut our IT network after Ryuk ransomware attack
https://www.zdnet.com/article/security-firm-prosegur-weve-shut-our-it-network-after-ryuk-ransomware-attack/
Prosegur’s website is back online but customers are complaining that alarms remain offline.
Tomi Engdahl says:
SMS Replacement is Exposing Users to Text, Call Interception Thanks to Sloppy Telecos
https://www.vice.com/en_us/article/j5ywxb/rcs-rich-communications-services-text-call-interception?utm_campaign=sharebutton&fbclid=IwAR37NXHR1sDe3767silUH16vTyJwM4-cJdRKdCP91-uk_zjJuEJuhz-251Q
Researchers from SRLabs found that telecos are implementing the RCS standard in vulnerable ways, which bring back techniques to attack phone networks.
A standard used by phone carriers around the world can leave users open to all sorts of attacks, like text message and call interception, spoofed phone numbers, and leaking their coarse location, new research reveals.
The Rich Communication Services (RCS) standard is essentially the replacement for SMS. The news shows how even as carriers move onto more modern protocols for communication, phone network security continues to be an exposed area with multiple avenues for attack in some implementations of RCS.
Tomi Engdahl says:
Amazon subcontractors in Romania and India are looking at video footage of people’s private homes. The US really lacks adequate data protection laws and opt-outs to consumers.
https://gizmodo.com/human-employees-are-viewing-clips-from-amazons-home-sur-1838945779
Tomi Engdahl says:
Hackers have crafted malware that’s designed to kill people. Here’s what we know about it.
https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/
Tomi Engdahl says:
https://www.rt.com/news/474601-israeli-spy-van-cyprus/