This posting is here to collect cyber security news in January 2020.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
174 Comments
Tomi Engdahl says:
Catalin Cimpanu / ZDNet:
Researchers: AT&T, T-Mobile, Tracfone, US Mobile, and Verizon use vulnerable procedures for customer support that put users at risk of SIM swapping attacks — Researchers find that 17 of 140 major online services are vulnerable to SIM swapping attacks.
Academic research finds five US telcos vulnerable to SIM swapping attacks
https://www.zdnet.com/article/academic-research-finds-five-us-telcos-vulnerable-to-sim-swapping-attacks/
Researchers find that 17 of 140 major online services are vulnerable to SIM swapping attacks.
Tomi Engdahl says:
https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/
Tomi Engdahl says:
SHA-1 Is Terrible, Cable Modems Haunted By Flaw, SIM Swapping Gets Worse – ThreatWire
https://m.youtube.com/watch?feature=youtu.be&v=HyyQAx8enMs
A major vulnerability affects modems, SIM swapping is still a huge threat, and SHA1 Still Sucks! All
Tomi Engdahl says:
The NSA found a dangerous flaw in Windows and told Microsoft to fix it
The secretive security agency identified the vulnerability and is taking public credit as part of an effort to “build trust.”
https://www.technologyreview.com/s/615046/the-nsa-found-a-dangerous-flaw-in-windows-and-told-microsoft-to-fix-it/
Tomi Engdahl says:
Microsoft Patch Tuesday for January 2020
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+January+2020/25710/
But CVE-2020-0601 isn’t the only vulnerability you should be worried
about this month. CVE-2020-0609 and CVE-2020-0610 are fixing remote
code execution vulnerabilities in the Windows Remote Desktop Gateway
(RD Gateway). Remember BlueKeep? The RD Gateway is used to
authenticate users and allow access to internal RDP services. As a
result, RD Gateway is often exposed and used to protect the actual RDP
. servers from exploitation.
Tomi Engdahl says:
NSA Discloses Serious Windows Vulnerability to Microsoft
https://www.securityweek.com/nsa-discloses-serious-windows-vulnerability-microsoft
The U.S. National Security Agency (NSA) has informed Microsoft that Windows is affected by a potentially serious spoofing vulnerability that could allow hackers to make a malicious file appear to come from a trusted source or conduct man-in-the-middle (MitM) attacks.
Brian Krebs / Krebs on Security:
Sources: Microsoft is slated to release a Windows update on Tuesday to fix a critical flaw in a crypto
component present in all versions of Windows
Cryptic Rumblings Ahead of First 2020 Patch Tuesday
https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/
Tomi Engdahl says:
Encryption Battle Reignited as US Govt at Loggerheads With Apple
https://www.securityweek.com/encryption-battle-reignited-us-govt-loggerheads-apple
Apple and the US government are at loggerheads for the second time in four years over unlocking iPhones connected to a mass shooting, reviving debate over law enforcement access to encrypted devices.
Attorney General Bill Barr claimed Monday that Apple failed to provide “substantive assistance” in unlocking two iPhones in the investigation into the December shooting deaths of three US sailors at a Florida naval station, which he called an “act of terrorism.”
Tomi Engdahl says:
Mariella Moon / Engadget:
Facebook will now notify users via email and the Facebook App when their account is used to login into a third-party app or website
https://www.engadget.com/2020/01/14/facebook-third-party-login-notifications/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cudGVjaG1lbWUuY29tLw&guce_referrer_sig=AQAAALV0Sv9Dtat7CSg5M1VDcmDs3laSBrN6pnSXY51iTDgdUOpv-lYk9nRL-QVG3lK9I2zX-C6irKc0ba_3SkXYxzMH5biJ8zsmnbbx_Al8OJvlUuUi7tQ9U7hyaDb4W5fkYb7N57APzv-5-e4D4yl-v7pvi2sPDWAaZGVegejDrtW0
Tomi Engdahl says:
Stephen Shankland / CNET:
Google says it will phase out support for third-party cookies in Chrome within two years
Google Chrome’s privacy changes will hit the web later this year
https://www.cnet.com/news/google-chromes-privacy-changes-will-hit-the-web-later-this-year/
The search giant’s online ad business benefits from harvesting your personal data, but its browser team is pushing to make the web private by default.
Tomi Engdahl says:
Patch critical cryptographic vulnerability in Microsoft Windows ASAP. 3rd party apps connecting to the other service that use MS TLS library would be affected too. Apart from usual faking Win updates, fake SSL/TSL certs, MITM and more. Patch it ASAP. Patch Critical Cryptographic Vulnerability in Microsoft Windows [pdf]
https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
Tomi Engdahl says:
Microsoft is patching a major Windows 10 flaw discovered by the NSA (updated)
https://www.engadget.com/2020/01/14/microsoft-patching-flaw-found-by-nsa/
For a change, the NSA disclosed the vulnerability rather than exploiting it.
The IT world is waiting on pins and needles today for a high-profile Microsoft Windows 10 security patch, and now we know why. The US National Security Agency (NSA) discovered a serious flaw in Windows 10 that could expose users to surveillance or serious data breaches, according to the Washington Post. That was backed by Krebs on Security, which reported that the NSA confirmed that it did find a major vulnerability that it passed on to Microsoft.
Tomi Engdahl says:
Researchers find 17 Google Play apps that bombard users with battery-draining ads
https://arstechnica.com/information-technology/2020/01/researchers-find-17-google-play-apps-that-bombard-users-with-battery-draining-ads/
Apps employed a variety of tricks to avoid detection by Google and infected users.
https://www.facebook.com/groups/majordomo/permalink/10158232853424522/
The apps are:
Car Racing 2019
4K Wallpaper (Background 4K Full HD)
Backgrounds 4K HD
QR Code Reader & Barcode Scanner Pro
File Manager Pro – Manager SD Card/Explorer
VMOWO City: Speed Racing 3D
Barcode Scanner
Screen Stream Mirroring
QR Code – Scan & Read a Barcode
Period Tracker – Cycle Ovulation Women’s
QR & Barcode Scan Reader
Wallpapers 4K, Backgrounds HD
Transfer Data Smart
Explorer File Manager
Today Weather Radar
Mobnet.io: Big Fish Frenzy
Clock LED
Tomi Engdahl says:
Windows 10 Has a Security Flaw So Severe the NSA Disclosed It
https://www.wired.com/story/nsa-windows-10-vulnerability-disclosure/
In a shift toward transparency, the National Security Agency announced a bug that could have left over 900 million PCs vulnerable to attack.
Tomi Engdahl says:
U.S. Government Issues Critical Windows 10 ‘Update Now’ Alert
https://www.forbes.com/sites/daveywinder/2020/01/15/us-government-issues-critical-windows-10-update-now-alert/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269
Tomi Engdahl says:
In a technical advisory document, the NSA explains how the vulnerability could enable the invalidation of trust in HTTPS connections, signed files, and emails as well as signed executable code launched as user-mode processes. It further warns that “Remote exploitation tools will likely be made quickly and widely available,” hence the urgency required in applying the Patch Tuesday fix.
https://www.forbes.com/sites/daveywinder/2020/01/15/us-government-issues-critical-windows-10-update-now-alert/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269
https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
Tomi Engdahl says:
Everything is broken and hackable!
https://thorgate.eu/blog/everything-broken-and-hackable?utm_source=Facebook&utm_medium=Facebook_Mobile_Feed&utm_campaign=Cybersecurity+Blogs&utm_content=everything+is+broken+blog
Tomi Engdahl says:
Microsoft patches Windows 10 security flaw discovered by the NSA
https://www.theverge.com/2020/1/14/21065563/microsoft-windows-security-flaw-nsa-patch-attribution-cryptography-update
The NSA is accepting attribution for the first time in history
Tomi Engdahl says:
Microsoft spots malicious npm package stealing data from UNIX systems
https://www.zdnet.com/article/microsoft-spots-malicious-npm-package-stealing-data-from-unix-systems/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook
Malicious JavaScript package was only active on the npm repository for two weeks.
Tomi Engdahl says:
https://www.facebook.com/groups/majordomo/permalink/10158238365409522/
Best use of CVE-2020-0601 I’ve seen — spoofing CN=* lololol https://twitter.com/hackerfantastic/status/1217656917436379137
Tomi Engdahl says:
New year, new browser – The new Microsoft Edge is out of preview and now available for download
https://blogs.windows.com/windowsexperience/2020/01/15/new-year-new-browser-the-new-microsoft-edge-is-out-of-preview-and-now-available-for-download/
Tomi Engdahl says:
As Windows 7 support has ended, here are some choices for Windows 7 users.
5 Linux Distributions for Windows 7 Users
https://itsfoss.com/windows-like-linux-distributions/
Tomi Engdahl says:
Win10 Crypto Vulnerability: Cheating in Elliptic Curve Billiards 2
Analysis of the root cause of the vulnerability (CVE-2020–0601) which is a flawed implementation of the Elliptic Curve Cryptography (ECC) within Microsoft’s code.
Link: https://medium.com/zengo/win10-crypto-vulnerability-cheating-in-elliptic-curve-billiards-2-69b45f2dcab6
Tomi Engdahl says:
The FBI Got Data From A Locked iPhone 11 Pro Max — So Why Is It Demanding Apple Unlock Older Phones?
http://on.forbes.com/61891jxy9
Tomi Engdahl says:
Critical Windows 10 vulnerability used to Rickroll the NSA and Github
Attack demoed less than 24 hours after disclosure of bug-breaking certificate validation.
https://arstechnica.com/information-technology/2020/01/researcher-develops-working-exploit-for-critical-windows-10-vulnerability/
Tomi Engdahl says:
Someone Took Over a Video Monitor at the Portland Airport to Play Video Games This Morning
https://www.wweek.com/news/2020/01/16/someone-took-over-a-video-monitor-at-the-portland-airport-to-play-video-games-this-morning/
Airport staff “politely asked him to stop and he politely asked if he could finish his game and they politely said no.”
Tomi Engdahl says:
https://arstechnica.com/information-technology/2020/01/researcher-develops-working-exploit-for-critical-windows-10-vulnerability/
Tomi Engdahl says:
https://www.schneier.com/blog/archives/2020/01/critical_window.html
Tomi Engdahl says:
https://www.tivi.fi/uutiset/yksi-datan-salauksen-kivijaloista-murtui-lopullisesti/425f1c3b-06ec-4f0e-a2a3-6dcb1f48da98
SHA-1-tiivistefunktiota vastaan julkaistiin käytännöllinen hyökkäys.
Tomi Engdahl says:
Iran May Deploy Wiper Malware in Response to U.S. Military Strike, Experts Warn
https://spectrum.ieee.org/tech-talk/telecom/security/iran-wiper-malware-cybersecurity-us-military-strike-news-experts-warning
Tomi Engdahl says:
Cookies crumbling as Google phases them out
https://www.bbc.com/news/technology-51106526
Google is to restrict the number of advertising cookies on websites accessed via its Chrome browser, in response to calls for greater privacy controls.
It said that it would phase out third-party cookies within the next two years,
Cookies are small text files that are used to track users across the web.
It comes as a study suggests that many cookie consent pop-ups are flouting EU privacy laws.
Cookie consent forms pop up whenever someone visits a website but could their days be numbered?
Tomi Engdahl says:
Varo vaaraa! Tavallisessa usb-kaapelissa voi piileskellä hirvittävä yllätys
https://www.tivi.fi/uutiset/varo-vaaraa-tavallisessa-usb-kaapelissa-voi-piileskella-hirvittava-yllatys-katso-video/35b951a8-ea7f-458c-a609-99ef95ebc60d
Tietoturvan parissa työskentelevät ovat jo vuosia tienneet BadUSB-nimellä tunnetusta haavoittuvuudesta. Sen avulla tietokoneen usb-liitäntää voi käyttää erilaisiin hyökkäyksiin. Eräs tuoreista tekniikan sovelluksista kulkee nimellä Evil Crow Cable, silloin hyökkäystekniikka on pakattu ulkoisesti aivan tavalliselta näyttävään usb-kaapeliin.
Tomi Engdahl says:
http://blog.joesecurity.org/2020/01/dissecting-agent-tesla-with-deep-net.html?m=1
Tomi Engdahl says:
If you’re still using Windows 7 you should upgrade right now — here’s what you need to know
https://bit.ly/35THWO7
Tomi Engdahl says:
Privacy experts slam UK’s “disastrous” failure to tackle unlawful adtech
https://tcrn.ch/38hIsXL
The UK’s data protection regulator has been slammed by privacy experts for once again failing to take enforcement action over systematic breaches of the law linked to behaviorally targeted ads — despite warning last summer that the adtech industry is out of control.
Tomi Engdahl says:
A hacker is patching Citrix servers to maintain exclusive access
https://www.zdnet.com/article/a-hacker-is-patching-citrix-servers-to-maintain-exclusive-access/
FireEye believes this is a bad guy hoarding Citrix servers, rather than a good-guy vigilante looking out for organizations.
Attacks on Citrix appliances have intensified this week, and multiple threat actors have now joined in and are launching attacks in the hopes of compromising a high-value target, such as a corporate network, government server, or public institution.
404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor
https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html
Tomi Engdahl says:
https://www.forbes.com/sites/daveywinder/2020/01/14/windows-10-extraordinarily-serious-security-warning-for-900-million-users/
Tomi Engdahl says:
Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday
https://cyber.dhs.gov/ed/20-02/
Tomi Engdahl says:
https://www.livemint.com/auto-news/tesla-hacking-competition-offers-1-million-and-free-car-if-someone-can-hijack-model-3-11578889743038.html
Tomi Engdahl says:
U.S. Army Hacked By 52 Hackers In Five Weeks
https://www.forbes.com/sites/daveywinder/2020/01/16/us-army-hacked-by-52-hackers-in-five-weeksheres-why/
During five weeks between October 9 and November 15, 2019, the U.S. Army was hacked by a total of 52 hackers. This isn’t as bad as it sounds. A spokesperson at the U.S. Department of Defense Defense Digital Service said the hacking strengthens its security posture. That’s because the 52 hackers were of the ethical variety and participating in the second “Hack the Army” event to have taken place since 2016.
Tomi Engdahl says:
Google Removed Over 1.7K Joker Malware Infected Apps from Play Store
https://www.bleepingcomputer.com/news/security/google-removed-over-17k-joker-malware-infected-apps-from-play-store/
Tomi Engdahl says:
The Secretive Company That Might End Privacy as We Know It
https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html?smid=nytcore-ios-share
A little-known start-up helps law enforcement match photos of unknown people to their online images — and “might lead to a dystopian future or something,” a backer says.
Then Mr. Ton-That — an Australian techie and onetime model — did something momentous: He invented a tool that could end your ability to walk down the street anonymously, and provided it to hundreds of law enforcement agencies, ranging from local cops in Florida to the F.B.I. and the Department of Homeland Security.
His tiny company, Clearview AI, devised a groundbreaking facial recognition app. You take a picture of a person, upload it and get to see public photos of that person, along with links to where those photos appeared. The system — whose backbone is a database of more than three billion images that Clearview claims to have scraped from Facebook, YouTube, Venmo and millions of other websites — goes far beyond anything ever constructed by the United States government or Silicon Valley giants.
Tomi Engdahl says:
“It’s creepy what they’re doing, but there will be many more of these companies. There is no monopoly on math,” said Al Gidari, a privacy professor at Stanford Law School. “Absent a very strong federal privacy law, we’re all screwed.”
Mr. Ton-That said his company used only publicly available images. If you change a privacy setting in Facebook so that search engines can’t link to your profile, your Facebook photos won’t be included in the database, he said.
But if your profile has already been scraped, it is too late.
Woodrow Hartzog, a professor of law and computer science at Northeastern University in Boston, sees Clearview as the latest proof that facial recognition should be banned in the United States.
https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html?smid=nytcore-ios-share
Tomi Engdahl says:
The Evil List: Which tech companies are really doing the most harm? Here are the 30 most dangerous, ranked by the people who know. Basically all successful companies. What do you think? Is this a good list?
https://cyberciti.biz/rd/10.php
Tomi Engdahl says:
An online tool to customise your Firefox experience, enhance privacy, disable telemetry, DoH (100 of other settings) and get rid of annoyances quickly and simply. It will create profile for you
https://www.cyberciti.biz/rd/7.php
#opensource #linux #unix #macos #firefox
Tomi Engdahl says:
The captcha and the ‘Contact Us’ button are perfect
https://www.facebook.com/126000117413375/posts/3177300132283343/
Tomi Engdahl says:
SIM swap fraud: What it is, why you should care and how to protect yourself
https://www.cnet.com/how-to/sim-swap-fraud-what-it-is-why-you-should-care-and-how-to-protect-yourself/?UniqueID=D23181BE-3851-11EA-9CF6-DEBCFCA12A29&ServiceType=facebook_page&PostType=link&ftag=COS-05-10aaa0a&TheTime=2020-01-16T11%3A17%3A45
Phone number theft is something most don’t think is even possible, but it’s all too easy for hackers to do, giving them the keys to take over your online accounts.
A recently published study showed just how easy it is for hackers and fraudsters to take control of your phone number, potentially leading to thousands of dollars in fraud — that’s your money on the line. The practice of SIM swapping is becoming more common, and despite carriers putting safeguards in place, it’s scary how quickly the researchers were able to take over a phone number.
hackers know that SIM cards are a fairly easy access point when it comes to taking over someone’s phone number, and in turn, gain access to their online accounts.
SIM swapping occurs when someone contacts your wireless carrier and is able to convince the call center employee that they are, in fact, you, using your personal data.
They do this by using data that’s often exposed in hacks, data breaches, or information you publicly share on social networks to trick the call center employ into switching the SIM card linked to your phone number, and replace it with a SIM card in their possession.
Tomi Engdahl says:
FBI: Nation-state actors have breached two US municipalities
https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/
The SharePoint CVE-2019-0604 vulnerability has been one of the most targeted security flaws.
Nation-state hackers breached the networks of two US municipalities last year, the FBI said in a security alert sent to private industry partners last week.
The hacks took place after attackers used the CVE-2019-0604 vulnerability in Microsoft SharePoint servers to breach the two municipalities’ networks.
CHINESE NATION-STATE HACKERS HAVE PREVIOUSLY EXPLOITED THIS BUG
The attacks on US municipalities are not isolated cases, nor are they the first attacks where the CVE-2019-0604 SharePoint vulnerability has been used.
Throughout 2019, this particular SharePoint vulnerability was one of the most exploited security flaws, by both financially-motivated cybercriminals, but also nation-state-sponsored cyber-espionage groups.
Tomi Engdahl says:
U.S. Government Confirms Critical Browser Zero-Day Security Warning For Windows Users
https://www.forbes.com/sites/daveywinder/2020/01/18/us-government-confirms-critical-zero-day-security-warning-for-windows-users/
It’s been a lousy week for Windows users: first, the NSA curveball crypto vulnerability and now confirmation of a zero-day vulnerability that’s being actively exploited with no fix yet.
advisory confirmed that “Microsoft is aware of limited targeted attacks.” So, what is the critical zero-day vulnerability that’s already being exploited in the wild?
Microsoft said that a remote code execution (RCE) vulnerability had been found in the scripting engine of the Internet Explorer (IE) web browser. It’s a critical vulnerability, assigned as CVE-2020-0674, that impacts IE across all versions of Windows and can corrupt memory so that an attacker can execute arbitrary code. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” Microsoft warned,
Tomi Engdahl says:
FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw
https://www.bleepingcomputer.com/news/security/fbi-says-state-actors-hacked-us-govt-network-with-pulse-vpn-flaw/
Tomi Engdahl says:
FBI: Nation-state actors have breached two US municipalities
The SharePoint CVE-2019-0604 vulnerability has been one of the most targeted security flaws.
https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/