Cyber security news January 2020

This posting is here to collect cyber security news in January 2020.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

174 Comments

  1. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    Researchers: AT&T, T-Mobile, Tracfone, US Mobile, and Verizon use vulnerable procedures for customer support that put users at risk of SIM swapping attacks — Researchers find that 17 of 140 major online services are vulnerable to SIM swapping attacks.

    Academic research finds five US telcos vulnerable to SIM swapping attacks
    https://www.zdnet.com/article/academic-research-finds-five-us-telcos-vulnerable-to-sim-swapping-attacks/

    Researchers find that 17 of 140 major online services are vulnerable to SIM swapping attacks.

    Reply
  2. Tomi Engdahl says:

    SHA-1 Is Terrible, Cable Modems Haunted By Flaw, SIM Swapping Gets Worse – ThreatWire
    https://m.youtube.com/watch?feature=youtu.be&v=HyyQAx8enMs

    A major vulnerability affects modems, SIM swapping is still a huge threat, and SHA1 Still Sucks! All

    Reply
  3. Tomi Engdahl says:

    The NSA found a dangerous flaw in Windows and told Microsoft to fix it
    The secretive security agency identified the vulnerability and is taking public credit as part of an effort to “build trust.”
    https://www.technologyreview.com/s/615046/the-nsa-found-a-dangerous-flaw-in-windows-and-told-microsoft-to-fix-it/

    Reply
  4. Tomi Engdahl says:

    Microsoft Patch Tuesday for January 2020
    https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+January+2020/25710/
    But CVE-2020-0601 isn’t the only vulnerability you should be worried
    about this month. CVE-2020-0609 and CVE-2020-0610 are fixing remote
    code execution vulnerabilities in the Windows Remote Desktop Gateway
    (RD Gateway). Remember BlueKeep? The RD Gateway is used to
    authenticate users and allow access to internal RDP services. As a
    result, RD Gateway is often exposed and used to protect the actual RDP
    . servers from exploitation.

    Reply
  5. Tomi Engdahl says:

    NSA Discloses Serious Windows Vulnerability to Microsoft
    https://www.securityweek.com/nsa-discloses-serious-windows-vulnerability-microsoft

    The U.S. National Security Agency (NSA) has informed Microsoft that Windows is affected by a potentially serious spoofing vulnerability that could allow hackers to make a malicious file appear to come from a trusted source or conduct man-in-the-middle (MitM) attacks.
    Brian Krebs / Krebs on Security:
    Sources: Microsoft is slated to release a Windows update on Tuesday to fix a critical flaw in a crypto
    component present in all versions of Windows

    Cryptic Rumblings Ahead of First 2020 Patch Tuesday
    https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/

    Reply
  6. Tomi Engdahl says:

    Encryption Battle Reignited as US Govt at Loggerheads With Apple
    https://www.securityweek.com/encryption-battle-reignited-us-govt-loggerheads-apple

    Apple and the US government are at loggerheads for the second time in four years over unlocking iPhones connected to a mass shooting, reviving debate over law enforcement access to encrypted devices.

    Attorney General Bill Barr claimed Monday that Apple failed to provide “substantive assistance” in unlocking two iPhones in the investigation into the December shooting deaths of three US sailors at a Florida naval station, which he called an “act of terrorism.”

    Reply
  7. Tomi Engdahl says:

    Stephen Shankland / CNET:
    Google says it will phase out support for third-party cookies in Chrome within two years

    Google Chrome’s privacy changes will hit the web later this year
    https://www.cnet.com/news/google-chromes-privacy-changes-will-hit-the-web-later-this-year/

    The search giant’s online ad business benefits from harvesting your personal data, but its browser team is pushing to make the web private by default.

    Reply
  8. Tomi Engdahl says:

    Patch critical cryptographic vulnerability in Microsoft Windows ASAP. 3rd party apps connecting to the other service that use MS TLS library would be affected too. Apart from usual faking Win updates, fake SSL/TSL certs, MITM and more. Patch it ASAP. Patch Critical Cryptographic Vulnerability in Microsoft Windows [pdf]
    https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF

    Reply
  9. Tomi Engdahl says:

    Microsoft is patching a major Windows 10 flaw discovered by the NSA (updated)
    https://www.engadget.com/2020/01/14/microsoft-patching-flaw-found-by-nsa/

    For a change, the NSA disclosed the vulnerability rather than exploiting it.

    The IT world is waiting on pins and needles today for a high-profile Microsoft Windows 10 security patch, and now we know why. The US National Security Agency (NSA) discovered a serious flaw in Windows 10 that could expose users to surveillance or serious data breaches, according to the Washington Post. That was backed by Krebs on Security, which reported that the NSA confirmed that it did find a major vulnerability that it passed on to Microsoft.

    Reply
  10. Tomi Engdahl says:

    Researchers find 17 Google Play apps that bombard users with battery-draining ads
    https://arstechnica.com/information-technology/2020/01/researchers-find-17-google-play-apps-that-bombard-users-with-battery-draining-ads/

    Apps employed a variety of tricks to avoid detection by Google and infected users.

    https://www.facebook.com/groups/majordomo/permalink/10158232853424522/

    The apps are:

    Car Racing 2019
    4K Wallpaper (Background 4K Full HD)
    Backgrounds 4K HD
    QR Code Reader & Barcode Scanner Pro
    File Manager Pro – Manager SD Card/Explorer
    VMOWO City: Speed Racing 3D
    Barcode Scanner
    Screen Stream Mirroring
    QR Code – Scan & Read a Barcode
    Period Tracker – Cycle Ovulation Women’s
    QR & Barcode Scan Reader
    Wallpapers 4K, Backgrounds HD
    Transfer Data Smart
    Explorer File Manager
    Today Weather Radar
    Mobnet.io: Big Fish Frenzy
    Clock LED

    Reply
  11. Tomi Engdahl says:

    Windows 10 Has a Security Flaw So Severe the NSA Disclosed It
    https://www.wired.com/story/nsa-windows-10-vulnerability-disclosure/

    In a shift toward transparency, the National Security Agency announced a bug that could have left over 900 million PCs vulnerable to attack.

    Reply
  12. Tomi Engdahl says:

    In a technical advisory document, the NSA explains how the vulnerability could enable the invalidation of trust in HTTPS connections, signed files, and emails as well as signed executable code launched as user-mode processes. It further warns that “Remote exploitation tools will likely be made quickly and widely available,” hence the urgency required in applying the Patch Tuesday fix.
    https://www.forbes.com/sites/daveywinder/2020/01/15/us-government-issues-critical-windows-10-update-now-alert/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269
    https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF

    Reply
  13. Tomi Engdahl says:

    Microsoft patches Windows 10 security flaw discovered by the NSA
    https://www.theverge.com/2020/1/14/21065563/microsoft-windows-security-flaw-nsa-patch-attribution-cryptography-update

    The NSA is accepting attribution for the first time in history

    Reply
  14. Tomi Engdahl says:

    As Windows 7 support has ended, here are some choices for Windows 7 users.

    5 Linux Distributions for Windows 7 Users
    https://itsfoss.com/windows-like-linux-distributions/

    Reply
  15. Tomi Engdahl says:

    Win10 Crypto Vulnerability: Cheating in Elliptic Curve Billiards 2

    Analysis of the root cause of the vulnerability (CVE-2020–0601) which is a flawed implementation of the Elliptic Curve Cryptography (ECC) within Microsoft’s code.

    Link: https://medium.com/zengo/win10-crypto-vulnerability-cheating-in-elliptic-curve-billiards-2-69b45f2dcab6

    Reply
  16. Tomi Engdahl says:

    The FBI Got Data From A Locked iPhone 11 Pro Max — So Why Is It Demanding Apple Unlock Older Phones?
    http://on.forbes.com/61891jxy9

    Reply
  17. Tomi Engdahl says:

    Critical Windows 10 vulnerability used to Rickroll the NSA and Github
    Attack demoed less than 24 hours after disclosure of bug-breaking certificate validation.
    https://arstechnica.com/information-technology/2020/01/researcher-develops-working-exploit-for-critical-windows-10-vulnerability/

    Reply
  18. Tomi Engdahl says:

    Someone Took Over a Video Monitor at the Portland Airport to Play Video Games This Morning
    https://www.wweek.com/news/2020/01/16/someone-took-over-a-video-monitor-at-the-portland-airport-to-play-video-games-this-morning/

    Airport staff “politely asked him to stop and he politely asked if he could finish his game and they politely said no.”

    Reply
  19. Tomi Engdahl says:

    Cookies crumbling as Google phases them out
    https://www.bbc.com/news/technology-51106526

    Google is to restrict the number of advertising cookies on websites accessed via its Chrome browser, in response to calls for greater privacy controls.

    It said that it would phase out third-party cookies within the next two years,

    Cookies are small text files that are used to track users across the web.

    It comes as a study suggests that many cookie consent pop-ups are flouting EU privacy laws.

    Cookie consent forms pop up whenever someone visits a website but could their days be numbered?

    Reply
  20. Tomi Engdahl says:

    Varo vaaraa! Tavallisessa usb-kaapelissa voi piileskellä hirvittävä yllätys
    https://www.tivi.fi/uutiset/varo-vaaraa-tavallisessa-usb-kaapelissa-voi-piileskella-hirvittava-yllatys-katso-video/35b951a8-ea7f-458c-a609-99ef95ebc60d

    Tietoturvan parissa työskentelevät ovat jo vuosia tienneet BadUSB-nimellä tunnetusta haavoittuvuudesta. Sen avulla tietokoneen usb-liitäntää voi käyttää erilaisiin hyökkäyksiin. Eräs tuoreista tekniikan sovelluksista kulkee nimellä Evil Crow Cable, silloin hyökkäystekniikka on pakattu ulkoisesti aivan tavalliselta näyttävään usb-kaapeliin.

    Reply
  21. Tomi Engdahl says:

    If you’re still using Windows 7 you should upgrade right now — here’s what you need to know
    https://bit.ly/35THWO7

    Reply
  22. Tomi Engdahl says:

    Privacy experts slam UK’s “disastrous” failure to tackle unlawful adtech
    https://tcrn.ch/38hIsXL

    The UK’s data protection regulator has been slammed by privacy experts for once again failing to take enforcement action over systematic breaches of the law linked to behaviorally targeted ads — despite warning last summer that the adtech industry is out of control.

    Reply
  23. Tomi Engdahl says:

    A hacker is patching Citrix servers to maintain exclusive access
    https://www.zdnet.com/article/a-hacker-is-patching-citrix-servers-to-maintain-exclusive-access/

    FireEye believes this is a bad guy hoarding Citrix servers, rather than a good-guy vigilante looking out for organizations.

    Attacks on Citrix appliances have intensified this week, and multiple threat actors have now joined in and are launching attacks in the hopes of compromising a high-value target, such as a corporate network, government server, or public institution.

    404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor
    https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html

    Reply
  24. Tomi Engdahl says:

    Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday
    https://cyber.dhs.gov/ed/20-02/

    Reply
  25. Tomi Engdahl says:

    U.S. Army Hacked By 52 Hackers In Five Weeks
    https://www.forbes.com/sites/daveywinder/2020/01/16/us-army-hacked-by-52-hackers-in-five-weeksheres-why/

    During five weeks between October 9 and November 15, 2019, the U.S. Army was hacked by a total of 52 hackers. This isn’t as bad as it sounds. A spokesperson at the U.S. Department of Defense Defense Digital Service said the hacking strengthens its security posture. That’s because the 52 hackers were of the ethical variety and participating in the second “Hack the Army” event to have taken place since 2016.

    Reply
  26. Tomi Engdahl says:

    The Secretive Company That Might End Privacy as We Know It
    https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html?smid=nytcore-ios-share

    A little-known start-up helps law enforcement match photos of unknown people to their online images — and “might lead to a dystopian future or something,” a backer says.

    Then Mr. Ton-That — an Australian techie and onetime model — did something momentous: He invented a tool that could end your ability to walk down the street anonymously, and provided it to hundreds of law enforcement agencies, ranging from local cops in Florida to the F.B.I. and the Department of Homeland Security.

    His tiny company, Clearview AI, devised a groundbreaking facial recognition app. You take a picture of a person, upload it and get to see public photos of that person, along with links to where those photos appeared. The system — whose backbone is a database of more than three billion images that Clearview claims to have scraped from Facebook, YouTube, Venmo and millions of other websites — goes far beyond anything ever constructed by the United States government or Silicon Valley giants.

    Reply
  27. Tomi Engdahl says:

    “It’s creepy what they’re doing, but there will be many more of these companies. There is no monopoly on math,” said Al Gidari, a privacy professor at Stanford Law School. “Absent a very strong federal privacy law, we’re all screwed.”

    Mr. Ton-That said his company used only publicly available images. If you change a privacy setting in Facebook so that search engines can’t link to your profile, your Facebook photos won’t be included in the database, he said.

    But if your profile has already been scraped, it is too late.

    Woodrow Hartzog, a professor of law and computer science at Northeastern University in Boston, sees Clearview as the latest proof that facial recognition should be banned in the United States.

    https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html?smid=nytcore-ios-share

    Reply
  28. Tomi Engdahl says:

    The Evil List: Which tech companies are really doing the most harm? Here are the 30 most dangerous, ranked by the people who know. Basically all successful companies. What do you think? Is this a good list?

    https://cyberciti.biz/rd/10.php

    Reply
  29. Tomi Engdahl says:

    An online tool to customise your Firefox experience, enhance privacy, disable telemetry, DoH (100 of other settings) and get rid of annoyances quickly and simply. It will create profile for you

    https://www.cyberciti.biz/rd/7.php

    #opensource #linux #unix #macos #firefox

    Reply
  30. Tomi Engdahl says:

    SIM swap fraud: What it is, why you should care and how to protect yourself
    https://www.cnet.com/how-to/sim-swap-fraud-what-it-is-why-you-should-care-and-how-to-protect-yourself/?UniqueID=D23181BE-3851-11EA-9CF6-DEBCFCA12A29&ServiceType=facebook_page&PostType=link&ftag=COS-05-10aaa0a&TheTime=2020-01-16T11%3A17%3A45

    Phone number theft is something most don’t think is even possible, but it’s all too easy for hackers to do, giving them the keys to take over your online accounts.

    A recently published study showed just how easy it is for hackers and fraudsters to take control of your phone number, potentially leading to thousands of dollars in fraud — that’s your money on the line. The practice of SIM swapping is becoming more common, and despite carriers putting safeguards in place, it’s scary how quickly the researchers were able to take over a phone number.

    hackers know that SIM cards are a fairly easy access point when it comes to taking over someone’s phone number, and in turn, gain access to their online accounts.

    SIM swapping occurs when someone contacts your wireless carrier and is able to convince the call center employee that they are, in fact, you, using your personal data.

    They do this by using data that’s often exposed in hacks, data breaches, or information you publicly share on social networks to trick the call center employ into switching the SIM card linked to your phone number, and replace it with a SIM card in their possession.

    Reply
  31. Tomi Engdahl says:

    FBI: Nation-state actors have breached two US municipalities
    https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/

    The SharePoint CVE-2019-0604 vulnerability has been one of the most targeted security flaws.

    Nation-state hackers breached the networks of two US municipalities last year, the FBI said in a security alert sent to private industry partners last week.

    The hacks took place after attackers used the CVE-2019-0604 vulnerability in Microsoft SharePoint servers to breach the two municipalities’ networks.

    CHINESE NATION-STATE HACKERS HAVE PREVIOUSLY EXPLOITED THIS BUG
    The attacks on US municipalities are not isolated cases, nor are they the first attacks where the CVE-2019-0604 SharePoint vulnerability has been used.

    Throughout 2019, this particular SharePoint vulnerability was one of the most exploited security flaws, by both financially-motivated cybercriminals, but also nation-state-sponsored cyber-espionage groups.

    Reply
  32. Tomi Engdahl says:

    U.S. Government Confirms Critical Browser Zero-Day Security Warning For Windows Users
    https://www.forbes.com/sites/daveywinder/2020/01/18/us-government-confirms-critical-zero-day-security-warning-for-windows-users/

    It’s been a lousy week for Windows users: first, the NSA curveball crypto vulnerability and now confirmation of a zero-day vulnerability that’s being actively exploited with no fix yet.

    advisory confirmed that “Microsoft is aware of limited targeted attacks.” So, what is the critical zero-day vulnerability that’s already being exploited in the wild?

    Microsoft said that a remote code execution (RCE) vulnerability had been found in the scripting engine of the Internet Explorer (IE) web browser. It’s a critical vulnerability, assigned as CVE-2020-0674, that impacts IE across all versions of Windows and can corrupt memory so that an attacker can execute arbitrary code. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” Microsoft warned,

    Reply
  33. Tomi Engdahl says:

    FBI: Nation-state actors have breached two US municipalities
    The SharePoint CVE-2019-0604 vulnerability has been one of the most targeted security flaws.
    https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*