Cyber security new December 2019

This posting is here to collect cyber security news in December 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

 

 

197 Comments

  1. Tomi Engdahl says:

    Now Any Government Can Buy China’s Tools for Censoring the Internet
    Beijing’s ‘autocracy as a service’ is becoming the top choice for governments that want to control the internet
    https://onezero.medium.com/now-any-government-can-buy-chinas-tools-for-censoring-the-internet-18ed862b9138

    Reply
  2. Tomi Engdahl says:

    Labour’s Ben Bradshaw claims he was target of Russian cyber-attack
    Frequent critic of Kremlin interference in the UK was sent suspicious email from Moscow
    https://www.theguardian.com/world/2019/dec/03/labours-ben-bradshaw-claims-he-was-targeted-in-russian-cyber-attack?CMP=share_btn_fb

    Reply
  3. Tomi Engdahl says:

    IBM sounds alarm about more data-wiping malware from Iran
    https://www.cyberscoop.com/iran-destructive-malware-ibm/

    IBM’s security experts said Wednesday they have uncovered previously unknown malware developed by Iranian hackers that was used in a data-wiping attack against unnamed energy and industrial organizations the Middle East.

    The newfound malware, dubbed ZeroCleare, “spread to numerous devices on the affected network, sowing the seeds of a destructive attack that could affect thousands of devices and cause disruption that could take months to fully recover from,” Limor Kessem, an Israel-based analyst with IBM’s X-Force incident response team, wrote in a blog post.

    https://securityintelligence.com/posts/new-destructive-wiper-zerocleare-targets-energy-sector-in-the-middle-east/

    Reply
  4. Tomi Engdahl says:

    An Update on Android TLS Adoption
    https://security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html?m=1

    Android 7 (API level 24) introduced the Network Security Configuration in 2016, allowing app developers to configure the network security policy for their app through a declarative configuration file. To ensure apps are safe, apps targeting Android 9 (API level 28) or higher automatically have a policy set by default that prevents unencrypted traffic for every domain.

    Today, we’re happy to announce that 80% of Android apps are encrypting traffic by default.

    Reply
  5. Tomi Engdahl says:

    Sergiu Gatlan / BleepingComputer:
    Report: BMW discovered and monitored Vietnam-backed hackers who stayed active on its network since at least the spring of 2019; Hyundai was also targeted

    BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets
    https://www.bleepingcomputer.com/news/security/bmw-infiltrated-by-hackers-hunting-for-automotive-trade-secrets/

    The German automotive giant BMW discovered and monitored a group of hackers who infiltrated the company’s networks and stayed active since at least the spring of 2019.

    BMW’s security team spotted the hackers after discovering an instance of the legitimate penetration testing tool Cobalt Strike on a company computer, a tool regularly used in red team testing scenarios to simulate adversaries.

    Reply
  6. Tomi Engdahl says:

    Atlassian scrambles to fix zero-day security hole accidentally
    disclosed on Twitter
    https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/
    Twitter security celeb SwiftOnSecurity on Tuesday inadvertently
    disclosed a zero-day vulnerability affecting enterprise software biz
    Atlassian, a flaw that may be echoed in IBM’s Aspera software.

    Reply
  7. Tomi Engdahl says:

    How Internet resources worth R800 million were stolen and sold on the
    black market
    https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html
    The theft and sale of large swaths of valuable African Internet
    resources was an inside job, Internet investigator Ron Guilmette has
    concluded after five months of detective work.

    Reply
  8. Tomi Engdahl says:

    The hilarious real reason why the F-22 can’t be hacked
    https://www.wearethemighty.com/gear-tech/f-22-cant-be-hacked

    The F-22 is the fastest combat aircraft in the U.S. Air Force, even after the development of the F-35.

    “No one in China knows how to program the ’83 vintage IBM software that runs them,” he said.

    Reply
  9. Tomi Engdahl says:

    In cyber, the US can’t ‘enforce standards that don’t exist’
    https://www.fifthdomain.com/smr/reagan-defense-forum/2019/12/07/in-cyber-the-us-cant-enforce-standards-that-dont-exist/?utm_source=facebook.com&utm_campaign=Socialflow+C4&utm_medium=social

    Lack of international standards for proper behavior in cyberspace prevents the United States and allies from policing adversaries as needed to protect data and systems, the chief of naval operations said during a service chiefs panel at the Reagan National Defense Forum.

    All four chiefs pledged support to Gen. Paul Nakasone, commander of U.S. Cyber Command. But they also acknowledged the challenge that comes with the lack of international doctrine.

    “We have international norms in the maritime; we don’t have those in cyber,”

    “It makes it difficult to enforce standard that don’t exist, and to therefore hold nations accountable for nefarious behavior. It’s a challenge.”

    “Those types of agreements take time,” he added. “Unfortunately, they sometimes follow a catastrophic event.”

    NATO did confirm in 2017 that it could invoke Article 5 of its charter should one or more member nations find themselves under a serious cyberattack that threatens critical military and civilian infrastructure.

    Reply
  10. Tomi Engdahl says:

    I asked a hacker to spy on me via my Amazon account. It took him 5 minutes to break in
    https://kuow.org/stories/primed-season-3-episode-8

    Reply
  11. Tomi Engdahl says:

    https://www.technologyreview.com/f/614906/us-senators-on-encryption-backdoors-we-will-impose-our-will-on-apple-and-facebook/?utm_campaign=site_visitor.unpaid.engagement&utm_source=facebook&utm_medium=social_share&utm_content=2019-12-10

    Apple and Facebook sent representatives today to Washington, DC, where senators pushed them to create lawful back doors to encrypted data.

    A decades-old debate: Government officials have long argued that encryption makes criminal investigations too hard. Companies, they say, should build in special access that law enforcement could use with a court’s permission. Technologists say creating these back doors would weaken digital security for everyone.

    But the heat is on: “My advice to you is to get on with it,” Senator Lindsey Graham told the Silicon Valley giants at today’s Senate Judiciary Committee hearing. “Because this time next year, if we haven’t found a way that you can live with, we will impose our will on you.” Apple and Facebook representatives at the hearing came under fire from senators in both parties, while Manhattan district attorney Cy Vance, one of the biggest advocates of back doors, was treated as a star witness.

    The risks: Apple and Facebook told the committee that back doors would introduce massive privacy and security threats and would drive users to devices from overseas.

    Reply
  12. Tomi Engdahl says:

    Congress warns tech companies: Take action on encryption, or we will
    https://www.cnet.com/news/congress-warns-tech-companies-take-action-on-encryption-or-we-will/?UniqueID=37140E92-1B8A-11EA-9F40-39C3923C408C&ftag=COS-05-10aaa0a&TheTime=2019-12-10T20%3A18%3A23&ServiceType=facebook_page&PostType=link&fbclid=IwAR2O_EQxpEZ17TTcN5dwyiPSvoAAjQntEgOcC81BKKw5OMTYicSkUfqGYCU

    US lawmakers are poised to “impose our will” if tech companies don’t weaken encryption so police can access data.

    Congress sent a warning to tech giants on Tuesday, telling companies including Apple and Facebook that it intends to pass legislation to regulate encryption if Silicon Valley can’t reach an acceptable compromise with law enforcement agencies.

    Reply
  13. Tomi Engdahl says:

    20 years prison for Romanian hackers who infected 400,000 computers
    https://www.hackread.com/20-years-prison-romanian-hackers-infected-computers/

    Two Romanian hackers namely Bogdan Nicolescu and Rady Miclaus will be spending 20 and 18 years respectively in prison for infecting 400,000 computers with cryptominers and stealing sensitive financial and credential data. The duo is said to have stolen millions of dollars from countless unsuspected users.

    Reply
  14. Tomi Engdahl says:

    Are You One Of Avast’s 400 Million Users? This Is Why It Collects And Sells Your Web Habits.
    https://www.forbes.com/sites/thomasbrewster/2019/12/09/are-you-one-of-avasts-400-million-users-this-is-why-it-collects-and-sells-your-web-habits/

    Avast, the multibillion-dollar Czech security company, doesn’t just make money from protecting its 400 million users’ information. It also profits in part because of sales of users’ Web browsing habits and has been doing so since at least 2013.

    That’s led to some labelling its tools “spyware,” the very thing Avast is supposed to be protecting users from. Both Mozilla and Opera were concerned enough to remove some Avast tools from their add-on stores earlier this month, though the anti-virus provider says it’s working with Mozilla to get its products back online.

    But recently appointed chief executive Ondrej Vlcek tells Forbes there’s no privacy scandal here. All that user information that it sells cannot be traced back to individual users, he asserts.

    Here’s how it works, according to Vlcek: Avast users have their Web activity harvested by the company’s browser extensions. But before it lands on Avast servers, the data is stripped of anything that might expose an individual’s identity, such as a name in the URL, as when a Facebook user is logged in. All that data is analysed by Jumpshot, a company that’s 65%-owned by Avast, before being sold on as “insights” to customers. Those customers might be investors or brand managers.

    Avast’s user data sales have attracted concern as recently as last week, though. Adblock Plus founder Wladimir Palant has been tracking Avast’s Web browsing over 2019, and he reported the data slurping to Mozilla and Opera before they removed the add-ons from their stores just last week.

    Reply
  15. Tomi Engdahl says:

    Venäjä käytti kahta eri vakoilukampanjaa tärvelläkseen Ranskan vaalit:
    Macronin toimisto sumutti vakoojia vitseillä
    https://www.hs.fi/ulkomaat/art-2000006337940.html
    Venäjän tiedustelu yritti sotkea Emmanuel Macronin vaalivoiton
    kahdella eri verkkovakoilukampanjalla. Kampanjaväki sumutti vakoojia
    jakamalla heille väärää tietoa.

    Reply
  16. Tomi Engdahl says:

    Don’t pay off Ryuk ransomware, warn infoseccers: Its creators borked
    the decryptor
    https://www.theregister.co.uk/2019/12/10/ryuk_decryptor_broken_latest_strain/
    Oracle DBs particularly vulnerable to fake decryptions, say
    researchers. If you’re an Oracle database user and are tempted to pay
    off a Ryuk ransomware infection to get your files back, for pity’s
    sake, don’t. The criminals behind it have broken their own decryptor,
    meaning nobody will be able to unlock files scrambled by the malicious
    software.

    Reply
  17. Tomi Engdahl says:

    Raju hakkerihyökkäys, virussuojaus oli päivän myöhässä 10 vuoden
    edestä valtion asiakirjoja kaapattiin
    https://www.tivi.fi/uutiset/tv/e9f58ed2-e081-4210-bdb2-5ad2de29e271
    tapahtuneen marraskuun 25. päivänä. Hakkerit onnistuivat
    kryptaamaan jopa 7700 gigatavua tiedostoja yhteensä kymmenen vuoden
    ajalta. Valtionhallinnossa oli käytössä haittaohjelmilta suojaava
    virusohjelmisto, mutta kyseisen haitakkeen tunnistustiedot siihen
    saatiin vasta hyökkäystä seuraavana päivänä
    https://thenextweb.com/hardfork/2019/12/09/bitcoin-ransomware-government-data-argentina/

    Reply
  18. Tomi Engdahl says:

    Intel Patches Plundervolt, High Severity Issues in Platform Update
    https://www.bleepingcomputer.com/news/security/intel-patches-plundervolt-high-severity-issues-in-platform-update/
    Intel addressed 14 security vulnerabilities during the December 2019
    Patch Tuesday, with seven of them being high and medium severity
    security flaws impacting multiple platforms including Windows and
    Linux. The security issues patched today were detailed in the 9
    security advisories published by Intel on its Product Security Center,
    with the company having delivered them to customers through the Intel
    Platform Update (IPU) process. The vulnerabilities disclosed today
    could allow authenticated or privileged users to potentially enable
    information disclosure, trigger denial of service states, escalate
    privileges, or execute malicious code at an elevated level of
    privilege via local access. Each advisory comes with a detailed list
    of all affected products as well as recommendations for vulnerable
    products, and also include contact details for users and researchers
    who would want to report other vulnerabilities found in Intel branded
    tech or products.

    Reply
  19. Tomi Engdahl says:

    https://www.securityweek.com/adobe-patches-critical-flaws-acrobat-brackets-photoshop
    A total of 21 vulnerabilities have been patched in Acrobat and Reader, including critical out-of-bounds write, use-after-free, heap overflow, buffer error, untrusted pointer dereference, and security bypass issues that can be exploited for arbitrary code execution.

    Reply
  20. Tomi Engdahl says:

    Hackers allegedly emptied brokerage accounts with a simple email scam — here’s how to protect yourself
    https://www.cnbc.com/2019/12/11/how-to-protect-your-brokerage-account-from-email-scams.html

    Brooklyn prosecutors said in november that a Lithuanian man and an unknown co-conspirator emptied the brokerage accounts of hapless victims of hundreds of thousands of dollars. It would have been more, but for a handful of investors who made some seemingly simple but savvy moves to stop the fraud from happening

    Reply
  21. Tomi Engdahl says:

    #YOLO WINXP RDP VULN RELEASED WITH NO PATCH (via twitter @[DaveFoose](https://twitter.com/DaveFoose)) [https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1489](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1489)

    Reply
  22. Tomi Engdahl says:

    Google Confirms Critical Android 8, 9 And 10 ‘Permanent’ Denial Of Service Threat
    https://www.forbes.com/sites/daveywinder/2019/12/07/google-confirms-critical-android-8-9-and-10-permanent-denial-of-service-threat/

    The December 2019 Android Security Bulletin has been published by Google and contains details of several vulnerabilities within the Android operating system. In total, three vulnerabilities have been given a critical rating. However, Google has highlighted one of these as being “the most severe,” and for very good reason: a single maliciously crafted message could “cause a permanent denial of service.” If you tend to hang fire when the “a software update is available” notification lands on your Android smartphone, you might want to hit the “yes” button a bit quicker on this occasion. In fact, I’d recommend installing the December security update just as soon as it is available to you. Unfortunately, not all Android devices receive these security updates, and those that do don’t necessarily get them as quickly as they should.

    Reply
  23. Tomi Engdahl says:

    FBI shares security advice for online shopping
    https://www.zdnet.com/article/fbi-shares-security-advice-for-online-shopping/
    FBI: Use credit cards rather than debit cards, don’t use public WiFi,
    keep your devices updated, and more. Ahead of the yearly Christmas
    shopping spree, one of the FBI’s regional offices has published
    yesterday a series of security tips to help users stay safe while they
    shop online.

    Reply
  24. Tomi Engdahl says:

    Beware of bad Santas this Xmas: Piles of insecure smart toys fill
    retailers’ shelves
    https://www.theregister.co.uk/2019/12/11/top_toys_still_toppled_by_security_testing/
    Latest Which? study with NCC Group highlights toys it ain’t smart to
    buy. It seems to come around quicker every year the failure of
    so-called smart toys to meet the most basic of security requirements.
    Which?

    Reply
  25. Tomi Engdahl says:

    https://thehackernews.com/2019/12/nginx-copyright-rumbler.html?m=1

    Russian law enforcement officers have raided the Moscow offices of Nginx—the company behind the world’s second most popular web server software—over a copyright infringement complaint filed by Rambler, a Russian Internet portal and email service provider.

    Over 30% of the websites on the Internet today, including many of the world’s most popular sites like Netflix and Twitch, run on the Nginx server.

    Igor Sysoev created the Nginx web server in the early 2000s and open-sourced it in 2004, after which he founded the company Nginx in 2015 that has now been acquired by F5 Networks, an American technology company, for $ 670 million.

    Reply
  26. Tomi Engdahl says:

    Russian police raid NGINX Moscow office
    Russian search engine Rambler.ru claims full ownership of NGINX code
    https://www.zdnet.com/article/russian-police-raid-nginx-moscow-office/

    Russian police have raided today the Moscow offices of NGINX, Inc., a subsidiary of F5 Networks and the company behind the internet’s most popular web server technology.

    Equipment was seized and employees were detained for questioning.

    Moscow police executed the raid after last week the Rambler Group filed a copyright violation against NGINX Inc., claiming full ownership of the NGINX web server code.

    According to the Netcraft December 2019 Web Server Survey, NGINX has market share of 38%.

    Reply
  27. Tomi Engdahl says:

    Apple Used the DMCA to Take Down a Tweet Containing an iPhone
    Encryption Key
    https://www.vice.com/en_us/article/pkeeay/apple-dmca-take-down-tweet-containing-an-iphone-encryption-key
    Apple asked Twitter to take down a viral tweet posted by an
    independent iPhone security researcher. Then, the company backtracked
    and asked for the tweet to be re-posted. Security researchers are
    accusing Apple of abusing the Digital Millennium Copyright Act (DMCA)
    to take down a viral tweet and several Reddit posts that discuss
    techniques and tools to hack iPhones. On Sunday, a security researcher
    who focuses on iOS and goes by the name Siguza posted a tweet
    containing what appears to be an encryption key that could be used to
    reverse engineer the Secure Enclave Processor, the part of the iPhone
    that handles data encryption and stores other sensitive data.

    Reply
  28. Tomi Engdahl says:

    Hundreds of Counterfeit Sneaker Sites Hacked to Steal Credit Cards
    https://www.bleepingcomputer.com/news/security/hundreds-of-counterfeit-sneaker-sites-hacked-to-steal-credit-cards/
    As the craze for the latest Off-White, Nike, and Adidas sneakers heats
    up, sites selling counterfeit kicks have popped up to capitalize on
    sneakerheads searching for the best deal. To make a bad deal even
    worse, hackers are now targeting these sites to install malicious
    Magecart scripts that also steal your credit card information. When
    shoppers purchase sneakers off of counterfeit sites, they will find
    that they didn’t get the sneakers they were expecting, and in some
    cases, may not get anything at all. In a new report, Malwarebytes has
    discovered a large-scale hacking operation that is targeting these
    counterfeit sneaker sites and infecting them with malicious scripts to
    steal shopper’s credit cards.
    https://blog.malwarebytes.com/threat-analysis/2019/12/hundreds-of-counterfeit-online-shoe-stores-injected-with-credit-card-skimmer/

    Reply
  29. Tomi Engdahl says:

    Cybersecurity: This password-stealing hacking campaign is targeting
    governments around the world
    https://www.zdnet.com/article/cybersecurity-this-password-stealing-hacking-campaign-is-targeting-governments-around-the-world/
    Researchers uncover a phishing campaign attempting to steal login
    credentials from government departments across North America, Europe
    and Asia – and nobody knows who is behind it. A mysterious new
    phishing campaign is targeting government departments and related
    business services around the world in cyber attacks which aim to steal
    the login credentials from the victims.

    Reply
  30. Tomi Engdahl says:

    Hackers Dupe Facial Recognition Systems With Creepy Mask
    https://futurism.com/the-byte/hackers-dupe-facial-recognition-mask

    Researchers at the AI firm Kneron were able to easily fool facial recognition systems at a variety of high security locations — including banks, border crossing checkpoints, and airports — using a high quality mask, Fortune reports.

    They suggest that anybody with the capability of creating such a mask could easily fool these systems as well — a grave reality check for widespread facial recognition tech.

    Using the mask, the researchers fooled payment systems by Chinese tech giants Alibaba and WeChat. Some systems were even easier to fool than that — they managed to get through a self-boarding terminal at Schiphol Airport in the Netherlands by using a picture of a face on a phone screen.

    Reply
  31. Tomi Engdahl says:

    ‘It’s Scary Stuff’: Cyber-Security Expert Says Recording-Device Investigation At Hyatt Hotel Is Not Uncommon
    https://minnesota.cbslocal.com/2019/12/11/its-scary-stuff-cyber-security-expert-says-recording-device-investigation-at-hyatt-hotel-is-not-uncommon/

    MINNEAPOLIS (WCCO) – Police are investigating a report of recording devices found in guest rooms at a Minneapolis hotel.

    The cameras were discovered at the downtown Hyatt Regency on Saturday.

    WCCO’s Esme Murphy spoke with a cyber-security expert who warned: Situations like this are both common and hard to detect.

    “It would be very easy to sneak another device onto a hotel’s Wi-Fi network, stream that video over the internet to the computer where the voyeur is sitting,” Lanterman explained.

    surveillance cameras are getting better, smaller and cheaper and can be installed almost anywhere.

    Reply
  32. Tomi Engdahl says:

    A thief took Facebook hard drives with payroll data from a worker’s car
    https://engt.co/2qNzv8o

    They contained payment info for around 29,000 current and former workers.

    It seems Facebook just couldn’t make it through to the end of the year without another privacy-related incident. Only this time around, its own employees are affected. A thief broke into a payroll worker’s car and stole hard drives that reportedly contained unencrypted payroll information for around 29,000 current and former US employees.

    Reply
  33. Tomi Engdahl says:

    India shuts down internet once again, this time in Assam and Meghalaya
    https://tcrn.ch/2rMpx7E

    India maintained a shutdown of the internet in the states of Assam and Meghalaya on Friday, now into 36 hours, to control protests over a controversial and far-reaching new citizen rule.

    The shutdown of the internet in Assam and Meghalaya, home to more than 32 million people, is the latest example of a worrying worldwide trend employed by various governments: preventing people from communicating on the web and accessing information.

    Reply
  34. Tomi Engdahl says:

    Toys “R” Us Pivots From Teddy Bears to Surveillance
    https://www.vice.com/en_us/article/8844×5/toys-r-us-pivots-from-teddy-bears-to-surveillance?utm_source=viceinstaus&utm_campaign=later-linkinbio-vice&utm_content=later-4420858&utm_medium=social

    The once loved toy giant could have simply died a quiet death. Instead it has been co-opted and transformed into a private equity surveillance project.

    Reply
  35. Tomi Engdahl says:

    Google Confirms Critical Android 8, 9 And 10 ‘Permanent’ Denial Of Service Threat
    https://www.forbes.com/sites/daveywinder/2019/12/07/google-confirms-critical-android-8-9-and-10-permanent-denial-of-service-threat/

    However, Google has highlighted one of these as being “the most severe,” and for very good reason: a single maliciously crafted message could “cause a permanent denial of service.” If you tend to hang fire when the “a software update is available” notification lands on your Android smartphone, you might want to hit the “yes” button a bit quicker on this occasion. In fact, I’d recommend installing the December security update just as soon as it is available to you.

    Reply
  36. Tomi Engdahl says:

    Man who had transplant finds out months later his DNA has changed to that of donor 5,000 miles away

    https://www.nytimes.com/2019/12/07/us/dna-bone-marrow-transplant-crime-lab.html

    Reply
  37. Tomi Engdahl says:

    It turns out that there are essentially no upstream development resources dedicated to x86_32 Linux. Perhaps unsurprisingly, it was
    badly broken.

    i386 architecture will be dropped starting with eoan (Ubuntu 19.10) https://lists.ubuntu.com/archives/ubuntu-devel-announce/2019-June/001261.html

    [oss-security] Lots of bugs in 32-bit x86 Linux entry code
    https://lwn.net/ml/oss-security/CALCETrW1z0gCLFJz-1Jwj_wcT3+axXkP_wOCxY8JkbSLzV80GA@mail.gmail.com/

    It turns out that there are essentially no upstream development
    resources dedicated to x86_32 Linux. Perhaps unsurprisingly, it was
    badly broken.

    I’m not even going to try to enumerate individual bugs here. I’m
    guessing that at least all x86_32 kernels that support PTI are
    vulnerable to privilege escalation via a series of ESPFIX bugs, but
    the missing segment override issue could go back years

    Reply
  38. Tomi Engdahl says:

    If you get a call offering to fix your computer or PayPal/Bank/Tax or any other online account, it is a hoax. No competent professional will ever, ever, volunteer to fix your computer or account. Most like it is a scam to take your money. Do not download any remote control app on your phone from Play/App store to complete KYC or other stuff. Let your elderly friends and family member know it too. Stay safe and avoid scams.

    Most competent professionals don’t even want you to know that they can fix your computer. :-)

    Reply
  39. Tomi Engdahl says:

    I don’t know if these are fake or not but they are funny as hell….https://m.youtube.com/channel/UCm22FAXZMw1BaWeFszZxUKw/videos

    Reply
  40. Tomi Engdahl says:

    Jailed Russian hacker: I hacked Democrats ‘under the command’ of Russian intelligence agents
    https://www.businessinsider.com/russian-hacker-democrats-dnc-intelligence-2017-12?fbclid=IwAR1cPR_kzaIhysYkdfpsW46D0ucQhzPLpynBqubw_71tM3pVc8kR-zSgaRc&r=US&IR=T

    A Russian hacker told a Moscow court in August that he was ordered to hack the Democratic National Committee by Russian intelligence agents at the FSB.
    The hacker was arrested in mid-2016 on charges relating to his work with a notorious hacking collective.

    A Russian hacker believed to be a member of a hacking collective called Lurk said in court over the summer that he was ordered by Russia’s security services, known as the FSB, to hack the Democratic National Committee.

    Reply
  41. Tomi Engdahl says:

    FBI secretly demands a ton of consumer data from credit agencies. Now lawmakers want answers
    https://tcrn.ch/2PiPHrH

    Reply
  42. Tomi Engdahl says:

    Arduino Nano 33 IoT Debugging
    Get your Nano 33 IoT board connected to full GDB debugging so you can solve those bugs and get your project released!
    https://www.hackster.io/visualmicro/arduino-nano-33-iot-debugging-633ad8

    Reply
  43. Tomi Engdahl says:

    WHITE HOUSE VETERANS

    HELPED GULF MONARCHY

    BUILD SECRET

    SURVEILLANCE UNIT

    https://www.reuters.com/investigates/special-report/usa-raven-whitehouse/

    Reply
  44. Tomi Engdahl says:

    H:| Npm team warns of new ‘binary planting’ bug
    https://www.zdnet.com/article/npm-team-warns-of-new-binary-planting-bug/
    Npm bug lets booby-trapped npm (JavaScript) packages plant or alter
    binaries on the victim’s system. The team behind npm, the biggest
    package manager for JavaScript libraries, has issued a security alert
    yesterday, advising all users to update to the latest version (6.13.4)
    to prevent “binary planting” attacks.. Also:
    https://www.theregister.co.uk/2019/12/13/npm_path_traversal_bug/

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*