Cyber security news January 2020

This posting is here to collect cyber security news in January 2020.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

174 Comments

  1. Tomi Engdahl says:

    U.S. legislation on spread of cyber tools passes after Reuters investigation
    https://www.reuters.com/article/us-usa-spying-idUSKBN1Z11KS?taid=5e0ece18b1b456000180a6d9&utm_campaign=trueAnthem:+Trending+Content&utm_medium=trueAnthem&utm_source=twitter

    The legislation directs the State Department to report to Congress within 90 days on how it controls the spread of cyber tools and to disclose any action it has taken to punish companies for violating its policies.

    Reply
  2. Tomi Engdahl says:

    Your smart TV is spying on you. Here are step-by-step instructions to stop it
    https://eu.usatoday.com/story/tech/2020/01/02/amazon-fire-sony-vizio-smart-tvs-spying/2792152001/

    Those smart TVs that sold for unheard of low prices over the holidays come with a catch. The price is super low, but the manufacturers get to monitor what you’re watching and report back to third parties, for a fee.

    Reply
  3. Tomi Engdahl says:

    U.S. Government Issues Warning About Possible Iranian Cyberattacks
    https://www.bleepingcomputer.com/news/security/us-government-issues-warning-about-possible-iranian-cyberattacks/

    “Bottom line: time to brush up on Iranian TTPs and pay close attention to your critical systems, particularly ICS,” he added. “Make sure you’re also watching third party accesses!”

    Reply
  4. Tomi Engdahl says:

    Promiscuous Cookies and Their Impending Death via the SameSite Policy
    https://www.troyhunt.com/promiscuous-cookies-and-their-impending-death-via-the-samesite-policy/

    If a website sets a cookie then you click a link to another page on that same site, will the cookie be automatically sent with the request? Yes.

    What if an attacker sends you a link to that same website in a malicious email and you click that link, will the cookie be sent? Also yes.

    Last one: what if an attacker directs you to a malicious website and upon visiting it your browser makes a post request to the original website that set the cookie – will that cookie still be sent with the request? Yes!

    Cookies just don’t care about how the request was initiated nor from which origin, all they care about is that they’re valid for the requested resource. “Origin” is a key word here too; those last two examples above are “cross-origin” requests

    The “future release of Chrome” is version 80 and it’s scheduled to land on the 4th of Feb which is rapidly approaching. Which brings us to the SameSite cookies mentioned in the console warning above. In a nutshell, they boil down to 3 different ways of handling cookies based on the value set:

    None: what Chrome defaults to today without a SameSite value set
    Lax: some limits on sending cookies on a cross-origin request
    Strict: tight limits on sending cookies on a cross-origin request
    Come version 80, any cookie without a SameSite attribute will be treated as “Lax” by Chrome.

    Reply
  5. Tomi Engdahl says:

    https://www.bbc.com/news/technology-50972890

    A computer virus forced a US maritime base offline for more than 30 hours, the country’s coast guard has revealed.

    Reply
  6. Tomi Engdahl says:

    ‘Iran’ launches cyber-attack on US government website warning ‘we’re always ready’
    https://www.dailystar.co.uk/news/world-news/breaking-iran-launches-cyber-attack-21216337

    A group claiming to be working on behalf of the Iranian government has hacked a US government website where they plastered sinister warnings

    Reply
  7. Tomi Engdahl says:

    First Suleimani Attack By ‘Iranian’ Hackers Hits U.S., Exposing ‘Noisy’ New Threat
    https://www.forbes.com/sites/zakdoffman/2020/01/05/first-suleimani-attack-by-iranian-hackers-hits-us-exposing-noisy-new-threat/#25a5ca016fd3

    It didn’t take long—the first attack on a U.S. government website hit on Saturday, a day after the killing of Qassem Suleimani in Baghdad. The fact there was an attack is not a surprise—speculation has been rife. And the style of the attack is consistent with the nature of the primary cyber threat we now face. Hackers claiming to be linked to Iran targeted a low-level domain—the website of the Federal Depository Library Program—defacing its home page, echoing Teheran’s threats of vengeance alongside imagery of President Trump, Ayatollah Khamenei and the Iranian flag. There is nothing substantive to link the hackers with the regime in Teheran. The FDLP website was taken down shortly after the attack—U.S. law enforcement is now investigating.

    Reply
  8. Tomi Engdahl says:

    UK investigates if cyberattack led to stock exchange outage
    GCHQ isn’t fully convinced the failure was due to a glitch.
    https://www.engadget.com/2020/01/05/uk-investigates-london-stock-exchange-outage-for-cyberattack/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cudGVjaG1lbWUuY29tLw&guce_referrer_sig=AQAAAGMLhYxcbmHgv2gew4L3SDfSx4nZpSYHlCOpKDtYsZPf5h870aeJY7JgE-n0HLFUH3UzDsLFJ9d0bId_sYOxKgkbtNXfI10wVUgeD5t8TnB-4feSDHPPXUuzHNAOVd7QngtjorHZzOHEsabI3z4dIzNALobPnRp65DiIkV_v1ie7

    UK officials are worried that a London Stock Exchange outage in August wasn’t just the glitch that many suspected. Wall Street Journal sources say the GCHQ intelligence agency is investigating the possibility that the failure may have been due to a cyberattack. It’s reportedly taking a close look at the associated code, including time stamps, to determine if there was any suspicious activity. The exchange was in the middle of updating its systems when the outage happened, and there’s a fear this left systems open to attack.

    The exchange contracts development out to third-party teams, and a WSJ contact said it’s concerned about the security of that software chain. There’s a risk that the inadvertent spread of malware or rogue contractors could pose problems.

    Reply
  9. Tomi Engdahl says:

    Bloomberg:
    A look back at cyber attacks on US organizations that were attributed to Iranian hackers, as some fear an increase in such attacks after Soleimani assassination — – Digital warfare likely among Iran’s options for retribution — Cyberfeud between Iran and U.S. dates back more than a decade

    Iran’s Cyber Attack on Billionaire Adelson Provides Lesson on Strategy
    https://www.bloomberg.com/news/articles/2020-01-05/iranian-attack-on-adelson-provides-lesson-on-cyber-strategy

    As the U.S. awaits possible retribution over a recent airstrike that killed a top general, there’s at least one American businessman who can attest, in detail, to what happened after he provoked Iran.

    Now, as Iran vows revenge for the airstrike, the U.S. faces an aggressive adversary in which digital warfare may be among its best options to strike directly at the American population. In the years since the Sands incident, Iranian hackers have continued their attacks, targeting a U.S. presidential campaign, universities, journalists, and even a dam in suburban New York.

    “I’m sure the Iranians are asking their hackers for a list of options,”

    “Cyber-attacks can be tempting if they can find the right American target.”

    Iran is hardly the only U.S. cyber adversary.

    cyber-attacks can also be used to create disruptive effects that can impact millions. In a computer-dependent world, hackers can clog ports, shut down transportation networks, and open dams.

    Iran has shown a willingness to use those types of digital attacks — targeting some of the U.S.’s biggest banks, the world’s top oil producer, and Adelson’s casino empire.

    The U.S. is widely believed to have the ability to shut down power grids, interrupt air travel and create chaos at ports through digital strikes alone. Iran’s hackers and digital arms are less sophisticated, cybersecurity experts say, but the number of U.S.-related targets available to them is huge.

    The digital feud between the U.S. and Iran dates back more than a decade, to when a devastating digital worm called Stuxnet crippled an Iranian uranium processing facility. That attack has been attributed by multiple media outlets to the U.S. and Israel.

    Reply
  10. Tomi Engdahl says:

    Don’t Xiaomi pics of other people’s places! Chinese kitmaker fingers
    dodgy Boxing Day cache update after Google banishes it from Home
    https://www.theregister.co.uk/2020/01/03/google_blocks_xiaomi/
    Xiaomi has blamed some post-Christmas cache digestion problems after
    finding itself plonked on the naughty step by Google which blocked
    the Chinese tech conglomerate’s devices from its Nest Hub and
    Assistant last night.

    Reply
  11. Tomi Engdahl says:

    Police Tracked a Terror Suspect Until His Phone Went Dark After a
    Facebook Warning
    https://www.morningstar.com/news/dow-jones/202001026663/police-tracked-a-terror-suspect-until-his-phone-went-dark-after-a-facebook-warning
    WhatsApp, Facebook Inc.’s popular messaging tool, had just notified
    about 1,400 users — among them the suspected terrorist — that their
    phones had been hacked by an “advanced cyber actor.” An elite
    surveillance team was using spyware from NSO Group, an Israeli
    company, to track the suspect, according to a law-enforcement official
    overseeing the investigation.

    Reply
  12. Tomi Engdahl says:

    Promiscuous Cookies and Their Impending Death via the SameSite Policy
    https://www.troyhunt.com/promiscuous-cookies-and-their-impending-death-via-the-samesite-policy/
    Come version 80, any cookie without a SameSite attribute will be
    treated as “Lax” by Chrome. This is really important to understand
    because put simply, it’ll very likely break a bunch of stuff..
    Enterprise IT administrators may need to implement special policies to
    temporarily revert Chrome Browser to legacy behavior if some services
    such as single sign-on or internal applications are not ready for the
    February launch.

    Reply
  13. Tomi Engdahl says:

    Some researchers have computed the very first chosen-prefix collision for SHA-1. In a nutshell, this means a complete and practical break of the SHA-1 hash function, with dangerous practical implications if you are still using this hash function. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1.

    https://sha-mbles.github.io/

    Reply
  14. Tomi Engdahl says:

    Texas facing 10,000 potential cybersecurity attacks from Iran per minute, Abbott Says
    https://www.star-telegram.com/news/politics-government/article239042893.html

    Texas Gov. Greg Abbott said Tuesday the Texas Department of Information Resources has seen a spike in attempted cyberattacks from Iran on state agency networks at the rate of about 10,000 per minute.

    The increase in activity from that area has come in the last 48 hours, and to the department’s knowledge, none of the probes has been successful

    “We have no way of knowing whether anything is government-based or not, or government-sanctioned. What we’re doing is scanning on our state networks, and we can see where attacks are coming from,” Crawford said.

    “These sorts of attacks happen every day. It happened yesterday. It’s going to happen tomorrow.”

    Reply
  15. Tomi Engdahl says:

    Army says text messages saying ‘You’ve been selected for the military draft’ are fake
    https://www.armytimes.com/news/your-army/2020/01/08/military-draft-text-messages-are-not-from-the-army-officials-warn/?utm_campaign=Socialflow+MIL&utm_source=facebook.com&utm_medium=social

    Fraudulent texts were sent throughout the country this week informing individuals that they have been selected for a military draft, the command said. The phony messages come amid heightened tensions with Iran and after the emergency deployment of 3,500 paratroopers to Kuwait.

    URGENT NEWS: Army Recruiting discredits military draft texts
    https://recruiting.army.mil/News/Article-Display/Article/2051787/urgent-news-army-recruiting-discredits-military-draft-texts/

    Reply
  16. Tomi Engdahl says:

    Iran courted US security expert for years, seeking industrial hacking training
    In emails and WhatsApp messages, Iranian telecom official tried to recruit US researcher.
    https://arstechnica.com/information-technology/2020/01/iran-courted-us-security-expert-for-years-seeking-industrial-hacking-training/

    Iran has over the past decade built up its own organic hacking and cyberwarfare capabilities. But the groups associated with orchestrating Iran’s various cyberwarfare and cyber-espionage activities have also relied significantly on mining the work of others—and in at least one case, they have tried to bring in outside help for the ostensible purpose of training would-be hackers

    Reply
  17. Tomi Engdahl says:

    Microsoft Phishing Scam Exploits Iran Cyberattack Scare
    https://www.bleepingcomputer.com/news/security/microsoft-phishing-scam-exploits-iran-cyberattack-scare/
    An attacker is attempting to take advantage of the recent warnings
    about possible Iranian cyberattacks by using it as a theme for a
    phishing attack that tries to collect Microsoft login credentials.

    Reply
  18. Tomi Engdahl says:

    UK man sentenced to prison for hacking and spying on victims through
    their webcams
    https://www.zdnet.com/article/uk-man-sentenced-to-prison-for-hacking-and-spying-on-victims-through-their-webcams/#ftag=RSSbaffb68
    A UK man was sentenced this week to two years in prison for infecting
    at least three female victims with malware and then watching and
    recording victims via their webcams.

    Reply
  19. Tomi Engdahl says:

    Half of the websites using WebAssembly use it for malicious purposes
    https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes/
    Around half of the websites that use WebAssembly, a new web
    technology, use it for malicious purposes, according to academic
    research published last year.. Paper at
    https://www.sec.cs.tu-bs.de/pubs/2019a-dimva.pdf. The first category
    was WebAssembly code used for cryptocurrency-mining. These types of
    Wasm modules were often found on hacked sites, part of so-called
    cryptojacking (drive-by mining) attacks.. The second category referred
    to WebAssembly code packed inside obfuscated Wasm modules that
    intentionally hid their content. These modules, the research team
    said, were found part of malvertising campaigns.

    Reply
  20. Tomi Engdahl says:

    The Iran Cyber Warfare Threat: Everything You Need To Know
    http://on.forbes.com/61891wbEZ

    When news emerged that Iranian general Qassem Soleimani had been killed in a U.S. airstrike on January 3, speculation about an imminent cyberattack was rife. It quickly led to warnings that Iran would retaliate by hitting the U.S. and its allies with a combination of physical and cyber warfare. 

    Reply
  21. Tomi Engdahl says:

    Alert (AA20-006A)
    Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad
    https://www.us-cert.gov/ncas/alerts/aa20-006a

    The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the United States and Iran’s historic use of cyber offensive activities to retaliate against perceived harm. Foremost, CISA recommends organizations take the following actions:

    Adopt a state of heightened awareness. This includes minimizing coverage gaps in personnel availability, more consistently consuming relevant threat intelligence, and making sure emergency call trees are up to date.
    Increase organizational vigilance. Ensure security personnel are monitoring key internal security capabilities and that they know how to identify anomalous behavior. Flag any known Iranian indicators of compromise and tactics, techniques, and procedures (TTPs) for immediate response.
    Confirm reporting processes. Ensure personnel know how and when to report an incident. The well-being of an organization’s workforce and cyber infrastructure depends on awareness of threat activity. Consider reporting incidents to CISA to help serve as part of CISA’s early warning system (see Contact Information section below).
    Exercise organizational incident response plans. Ensure personnel are familiar with the key steps they need to take during an incident. Do they have the accesses they need? Do they know the processes? Are your various data sources logging as expected? Ensure personnel are positioned to act in a calm and unified manner.

    Iranian Cyber Activity

    Late 2011 to Mid-2013 – DDoS Targeting U.S. Financial Sector: In response to this activity, in March 2016, the U.S. Department of Justice indicted seven Iranian actors employed by companies performing work on behalf of the IRGC for conducting DDoS attacks primarily targeting the public-facing websites of U.S. banks. The attacks prevented customers from accessing their accounts and cost the banks millions of dollars in remediation. [1]
    August/September 2013 – Unauthorized Access to Dam in New York State: In response, in March 2016, the U.S. Department of Justice indicted one Iranian actor employed by a company performing work on behalf of the IRGC for illegally accessing the supervisory control and data acquisition (SCADA) systems of the Bowman Dam in Rye, New York. The access allowed the actor to obtain information regarding the status and operation of the dam. [2]
    February 2014 – Sands Las Vegas Corporation Hacked: Cyber threat actors hacked into the Sands Las Vegas Corporation in Las Vegas, Nevada, and stole customer data, including credit card data, Social Security Numbers, and driver’s license numbers. According to a Bloomberg article from December 2014, the attack also involved a destructive portion, in which the Sands Las Vegas Corporation’s computer systems were wiped. In September 2015, the U.S. Director of National Intelligence identified the Iranian government as the perpetrator of the attack in a Statement for the Record to the House Permanent Select Committee on Intelligence. [3]
    2013 to 2017 – Cyber Theft Campaign on Behalf of IRGC: In response, in March 2018, the U.S. Justice Department indicted nine Iranian actors associated with the Mabna Institute for conducting a massive cyber theft campaign containing dozens of individual incidents, including “many on behalf of the IRGC.” The thefts targeted academic and intellectual property data as well as email account credentials. According to the indictment, the campaign targeted “144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.” [4]

    Reply
  22. Tomi Engdahl says:

    Las Vegas data breach comes amid Homeland Security warning on Iranian cyber threat
    http://news3lv.com/news/local/las-vegas-data-breach-comes-amid-homeland-security-warning-on-iranian-cyber-threat

    The city of Las Vegas experienced a cyber compromise at 4:30 a.m. PST Tuesday. The city’s Information Technologies Department is assessing the extent of the compromise.

    The breach in Las Vegas comes amid tensions with Iran and a warning from Homeland Security of “potentially disruptive and destructive” Iranian cyber operations.

    Local cybersecurity expert and Vice President of Cyber World Institute Garvin Bushell thinks Iran is to blame for the breach in Las Vegas.

    Reply
  23. Tomi Engdahl says:

    We own ɡooɡle.com now and we don’t know what to do with it. (clickbait title but technically true)
    https://www.reddit.com/r/sysadmin/comments/elblzv/we_own_%C9%A1oo%C9%A1lecom_now_and_we_dont_know_what_to_do/?utm_source=share&utm_medium=ios_app&utm_name=iossmf

    This is known as an homograph attack

    Reply
  24. Tomi Engdahl says:

    Firefox 72 Blocks Fingerprinting Scripts by Default
    https://www.securityweek.com/firefox-72-blocks-fingerprinting-scripts-default

    Mozilla this week released Firefox 72 to the stable channel with advanced privacy protections that involve the blocking of fingerprinting scripts by default.

    Long focused on protecting users’ privacy when browsing the Internet, Mozilla launched Enhanced Tracking Protection (ETP) last year, which keeps users safe from cross-site tracking.

    Last week, it also announced that it would let users delete telemetry data, a reaction to the California Consumer Privacy Act (CCPA).

    Reply
  25. Tomi Engdahl says:

    Army says text messages saying ‘You’ve been selected for the military draft’ are fake
    https://www.armytimes.com/news/your-army/2020/01/08/military-draft-text-messages-are-not-from-the-army-officials-warn/?utm_campaign=Socialflow+MIL&utm_source=facebook.com&utm_medium=social

    Fraudulent texts were sent throughout the country this week informing individuals that they have been selected for a military draft, the command said. The phony messages come amid heightened tensions with Iran and after the emergency deployment of 3,500 paratroopers to Kuwait.

    Reply
  26. Tomi Engdahl says:

    36C3 – Technical aspects of the surveillance in and around the Ecuadorian embassy in London
    https://www.youtube.com/watch?v=s_0GVg7V3ng

    Reply
  27. Tomi Engdahl says:

    SPYWARE DISCOVERED ON ALL SAMSUNG PHONES
    https://hackaday.com/2020/01/09/spyware-discovered-on-all-samsung-phones/

    the latest discovery related to pre-loaded software on Samsung phones seems to be of a pretty major security vulnerability.

    This software in question is a “storage cleaner” in the “Device Care” section of the phone, which is supposed to handle file optimization and deletion. This particular application is made by a Chinese company called Qihoo 360 and can’t be removed from the phone without using ADB or having root. The company is known for exceptionally bad practices concerning virus scanning, and the software has been accused of sending all information about files on the phone to servers in China, which could then turn all of the data it has over to the Chinese government. This was all discovered through the use of packet capture and osint

    https://www.reddit.com/r/Android/comments/ektg8u/chinese_spyware_preinstalled_on_all_samsung/

    Reply
  28. Tomi Engdahl says:

    U.S. Funds Free Android Phones For The Poor — But With Permanent Chinese Malware
    https://www.forbes.com/sites/thomasbrewster/2020/01/09/us-funds-free-android-phones-for-the-poor—but-with-permanent-chinese-malware/

    It all sounds ideal for those who don’t have the money to splash on fancy Apple or Google phones. But according to security researchers, there’s a catch: the Android phones come with preinstalled Chinese malware, which effectively opens up a backdoor onto the device and endangers their private data. One of the malware types is impossible to remove, according to the researchers.

    The affected device is a UMX phone shipped by Assurance Wireless and one of the preinstalled malware, according to MalwareBytes senior analyst Nathan Collier, is the creation of a Chinese entity known as Adups. Though the tool looks and operates as a Wireless Update program, it’s capable of auto-installing apps without any user consent, which it starts doing immediately, according to a MalwareBytes analysis of a device, shared with Forbes ahead of publication. Adups hadn’t responded to a request for comment at the time of publication.

    Reply
  29. Tomi Engdahl says:

    Iranian Hackers Have Been ‘Password-Spraying’ the US Grid
    A state-sponsored group called Magnallium has been probing American electric utilities for the past year.
    https://www.wired.com/story/iran-apt33-us-electric-grid/

    Reply
  30. Tomi Engdahl says:

    If anyone is running firefox, you need to update it immediately. There is a nasty zero day exploit in it which just got patched, and it’s being exploited in the wild like crazy right now. Avoid firefox v71.0. Update to v72.0.1 because v72.0 is still vulnerable.

    https://arstechnica.com/information-technology/2020/01/firefox-gets-patch-for-critical-zeroday-thats-being-actively-exploited/

    Reply
  31. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    Researchers: cable modems with Broadcom chips, including an estimated 200M in Europe alone, are vulnerable to the remote exploit codenamed Cable Haunt — Cable modems using Broadcom chips are vulnerable to a new vulnerability named Cable Haunt, researchers say.

    Hundreds of millions of cable modems are vulnerable to new Cable Haunt vulnerability
    https://www.zdnet.com/article/hundreds-of-millions-of-cable-modems-are-vulnerable-to-new-cable-haunt-vulnerability/

    Cable modems using Broadcom chips are vulnerable to a new vulnerability named Cable Haunt, researchers say.

    Cable Haunt impacts Broadcom spectrum analyzers

    The vulnerability impacts a standard component of Broadcom chips called a spectrum analyzer. This is a hardware and software component that protects the cable modem from signal surges and disturbances coming via the coax cable. The component is often used by internet service providers (ISPs) in debugging connection quality.

    On most cable modems, access to this component is limited for connections from the internal network.

    Researchers say that by tricking users into accessing a malicious page via their browser, they can use the browser to relay an exploit to the vulnerable component and execute commands on the device.

    Using Cable Haunt, an attacker could:

    Change default DNS server
    Conduct remote man-in-the-middle attacks
    Hot-swap code or even the entire firmware
    Upload, flash, and upgrade firmware silently
    Disable ISP firmware upgrade
    Change every config file and settings
    Get and Set SNMP OID values
    Change all associated MAC Addresses
    Change serial numbers
    Be exploited in botnet

    While the research team estimated that the number of vulnerable devices is around 200 million across Europe, they believe the total number of exploitable devices to be impossible to quantify.

    “The reason for this, is that the vulnerability originated in reference software, which have seemingly been copied by different cable modems manufacturers, when creating their cable modem firmware,” researchers said. “This means that we have not been able to track the exact spread of the vulnerability, and that it might present itself in slightly different ways for different manufacturers.”
    Proof-of-concept code available

    The four-man research team published a white paper and a dedicated website this week with information about Cable Haunt.

    https://cablehaunt.com/

    Reply
  32. Tomi Engdahl says:

    Judge orders Google to turn over Jussie Smollett emails, private messages, location data
    https://m.washingtontimes.com/news/2020/jan/8/google-ordered-turn-over-jussie-smollett-emails-pr/?fbclid=IwAR0Cy7hmIPr1Z18IX88IburpJpmLti35SddKJiIjh0j0TaSsl60wAHLcIYg

    It remains unclear if Google has turned over the information. In approving the warrants, Toomin ordered Google not to disclose the order

    Reply
  33. Tomi Engdahl says:

    Windows 7 will keep working come January 15. However, now that Microsoft won’t be releasing any more security updates for the operating system, it’s true that Windows 7 will be more vulnerable to attack. No question there.

    https://lifehacker.com/am-i-screwed-if-i-dont-upgrade-windows-7-by-january-15-1840903120

    Reply
  34. Tomi Engdahl says:

    Iranian Hackers Have Been ‘Password-Spraying’ the US Grid
    A state-sponsored group called Magnallium has been probing American electric utilities for the past year.
    https://www.wired.com/story/iran-apt33-us-electric-grid/

    In the wake of the US assassination of Iranian general Qasem Soleimani and the retaliatory missile strike that followed, Iran-watchers have warned that the country could deploy cyberattacks as well, perhaps even targeting US critical infrastructure like the electric grid. A new report lends some fresh details to the nature of that threat: By all appearances, Iranian hackers don’t currently have the capability to start causing blackouts in the US. But they’ve been working to gain access to American electric utilities, long before tensions between the two countries came to a head.

    On Thursday morning, industrial control system security firm Dragos detailed newly revealed hacking activity that it has tracked and attributed to a group of state-sponsored hackers it calls Magnallium. The same group is also known as APT33, Refined Kitten, or Elfin, and has previously been linked to Iran.

    North American Electric Cyber Threat Perspective
    https://dragos.com/resource/north-american-electric-cyber-threat-perspective/

    Reply
  35. Tomi Engdahl says:

    VOTE WATCH
    ‘Online and vulnerable’: Experts find nearly three dozen U.S. voting systems connected to internet
    https://www.nbcnews.com/politics/elections/online-vulnerable-experts-find-nearly-three-dozen-u-s-voting-n1112436

    A team of election security experts used a “Google for servers” to challenge claims that voting machines do not connect to the internet and found some did.

    It was an assurance designed to bolster public confidence in the way America votes: Voting machines “are not connected to the internet.”

    Then Acting Undersecretary for Cybersecurity and Communications at the Department of Homeland Security Jeanette Manfra said those words in 2017, testifying before Congress while she was responsible for the security of the nation’s voting system.

    But that is an overstatement, according to a team of 10 independent cybersecurity experts who specialize in voting systems and elections. While the voting machines themselves are not designed to be online, the larger voting systems in many states end up there, putting the voting process at risk.

    “We found over 35 [voting systems] had been left online and we’re still continuing to find more,”

    “We kept hearing from election officials that voting machines were never on the internet,” he said. “And we knew that wasn’t true. And so we set out to try and find the voting machines to see if we could find them on the internet, and especially the back-end systems that voting machines in the precinct were connecting to to report their results.”

    The three largest voting manufacturing companies — Election Systems &Software, Dominion Voting Systems and Hart InterCivic — have acknowledged they all put modems in some of their tabulators and scanners. The reason? So that unofficial election results can more quickly be relayed to the public. Those modems connect to cell phone networks, which, in turn, are connected to the internet.

    The largest manufacturer of voting machines, ES&S, told NBC News their systems are protected by firewalls and are not on the “public internet.”

    “AT&T and Verizon and so on try and protect as best they can the security of their phone network from the rest of the internet, but it’s still part of the internet,” Appel explained. “There can still be security holes that allow hackers to get into the phone network.”

    The 35 systems Skoglund’s team found represent a fraction of total voting systems nationwide

    For election systems to be online, even momentarily, presents a serious problem, according to Appel.

    “Once a hacker starts talking to the voting machine through the modem, the hacker cannot just change these unofficial election results, they can hack the software in the voting machine and make it cheat in future elections,” he said.

    All the systems Skoglund’s group found online were manufactured by ES&S. The online systems were found in 11 states

    While the company’s website states that “zero” of its voting tabulators are connected to the internet, ES&S told NBC News 14,000 of their DS200 tabulators with online modems are currently in use around the country.

    With the 2020 presidential election only ten months away, Appel and Skoglund believe all modems can and should be removed from election systems.

    “Modems in voting machines are a bad idea,”

    Reply
  36. Tomi Engdahl says:

    CVE-2019-19781 (ADC/Netscaler Gateway RCE) mitigation guide is a technically a self virtual patch you have to apply. Is it the new way for other vendors instead of updating firmware?

    Mitigation Steps for CVE-2019-19781
    https://support.citrix.com/article/CTX267679

    Solution
    The following configuration changes serve as a mitigation to the aforementioned vulnerability.

    Reply
  37. Tomi Engdahl says:

    DuckDuckGo will soon be offered as an option for default search engine on Android devices across the EU. European regulators are forcing Google to present Android users with the option to choose their own default search engine.

    https://www.searchenginejournal.com/duckduckgo-is-now-a-default-search-engine-option-on-android-in-the-eu/343073/

    Reply
  38. Tomi Engdahl says:

    Tesla hacking competition offers $1 million and free car if someone can hijack Model 3
    https://www.livemint.com/auto-news/tesla-hacking-competition-offers-1-million-and-free-car-if-someone-can-hijack-model-3/amp-11578889743038.html?fbclid=IwAR2qSsqc2f-eS9qun0I6CK3O3EI_pA4uuH-ZkRQh9xMYSC8ygIsm5PyrEro

    The Elon Musk-run company is returning to the annual hackers’ competition “Pwn20wn” to be held in Vancouver in March, reports electrek.

    Some Model 3 cars and $1 million in award money will be up for grabs.

    Reply
  39. Tomi Engdahl says:

    Hackers Are Breaking Directly Into Telecom Companies to Take Over Customer Phone Numbers https://ioac.tv/36X5xPm

    Hackers Are Breaking Directly Into Telecom Companies to Take Over Customer Phone Numbers
    https://www.vice.com/en_us/article/5dmbjx/how-hackers-are-breaking-into-att-tmobile-sprint-to-sim-swap-yeh

    SIM swappers have escalated from bribing employees to using remote desktop software to get direct access to internal T-Mobile, AT&T, and Sprint tools.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*