This posting is here to collect cyber security news in February 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
208 Comments
Tomi Engdahl says:
Java JDBC(Deserialization) Anti-sequence vulnerability automated exploitation
Original posting (Chinease) :
https://landgrey.me/blog/11/
https://translate.google.co.kr/translate?hl=ko&sl=auto&tl=en&u=https%3A%2F%2Flandgrey.me%2Fblog%2F11%2F
Tomi Engdahl says:
So uhh, does this make the US government liable for creating/funding TOR?
A new bill could punish web platforms for using end-to-end encryption
https://www.theverge.com/2020/1/31/21116788/earn-it-act-section-230-lindsey-graham-draft-bill-encryption
A Section 230 change could have an ulterior motive
A new bill would reduce legal protections for apps and websites, potentially jeopardizing online encryption. The draft bill would form a “National Commission on Online Child Exploitation Prevention” to establish rules for finding and removing child exploitation content. If companies don’t follow these rules, they could lose some protection under Section 230 of the Communications Decency Act, which largely shields companies from liability over users’ posts.
Large web companies have moved toward end-to-end encryption (which keeps data encrypted for anyone outside a conversation, including the companies themselves) in recent years. Facebook has added end-to-end encryption to apps like Messenger and Whatsapp, for example, and it’s reportedly pushing it for other services as well. US Attorney General William Barr has condemned the move, saying it would prevent law enforcement from finding criminals, but Facebook isn’t required to comply. Under the EARN IT Act, though, a committee could require Facebook and other companies to add a backdoor for law enforcement.
Tomi Engdahl says:
Microsoft Teams goes down after Microsoft forgot to renew a certificate
https://www.theverge.com/2020/2/3/21120248/microsoft-teams-down-outage-certificate-issue-status
Microsoft Teams went down this morning for nearly three hours after Microsoft forgot to renew a critical security certificate. Users of Microsoft’s Slack competitor were met with error messages
This was an embarrassing mistake for Microsoft to make for its flagship “Office hub” software, especially as the company started its own TV commercials for Teams recently. It’s also surprising to see Microsoft forget to renew a key certificate for Teams, especially when the company develops software like System Center Operations Manager to monitor for things like certificate expiration.
Tomi Engdahl says:
[CVE-2019-18634] Stack-Based Buffer Overflow in `sudo`
In Sudo before 1.8.26, if pwfeedback is enabled
(pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.)
https://www.openwall.com/lists/oss-security/2020/01/30/6
Tomi Engdahl says:
Thick Client Penetration Testing – Exploiting JAVA Deserialization Vulnerability for Remote Code Execution
https://pentestmag.com/thick-client-penetration-testing-exploiting-java-deserialization-vulnerability-remote-code-execution/
#pentest #magazine #pentestmag #pentestblog #PTblog #thick #client #penetration #testing #exploiting #JAVA #vulnerability #RemoteCodeExecution #RCE #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
Twitter suspends ‘large network’ of fake accounts used to match phone numbers to users
https://techcrunch.com/2020/02/03/twitter-suspends-large-network-of-fake-accounts-used-to-match-phone-numbers-to-users/
Tomi Engdahl says:
Dashlane’s Super Bowl Ad Proves Password Managers Have Arrived
https://www.wired.com/story/dashlane-super-bowl-ad/
This year’s crop of Super Bowl ads includes plenty of the usual
suspects: expensive cars, cheap beers, big tech. But among the
companies coughing up a reported $5.6 million for 30 seconds of Big
Game glory is one name most people have never heard of, selling a
product that many don’t know exists: Dashlane, an app that manages
your passwords.
Tomi Engdahl says:
China fears lead Interior Department to limit use of foreign drones
https://arstechnica.com/tech-policy/2020/01/china-fears-lead-interior-department-to-limit-use-of-foreign-drones/
The Interior Department is preparing a new agency policy that would
drastically limit the use of unmanned aerial vehicles made overseas,
The Wall Street Journal reports. The new policy is due to be formally
announced today. The agency worries that information collected by
drones could be “valuable to foreign entities, organizations, and
governments.”
Tomi Engdahl says:
Exclusive: FBI probes use of Israeli firm’s spyware in personal and government hacks – sources
https://www.reuters.com/article/us-usa-cyber-nso-exclusive/exclusive-fbi-probes-use-of-israeli-firms-spyware-in-personal-and-government-hacks-sources-idUSKBN1ZT38B
The FBI is investigating the role of Israeli spyware vendor NSO Group Technologies in possible hacks on American residents and companies as well as suspected intelligence gathering on governments, according to four people familiar with the inquiry.
Tomi Engdahl says:
Only three of the Top 100 international airports pass basic security checks
https://www.zdnet.com/article/only-three-of-the-top-100-international-airports-pass-basic-security-checks/
Tests involved scanning public websites, mobile apps, and exposures of sensitive airport data on public code repositories and the dark web.
The three are the Amsterdam Schiphol Airport in the Netherlands, the Helsinki Vantaa Airport in Finland, and the Dublin International Airport in Ireland.
According to ImmuniWeb, these three “may serve a laudable example not just to the aviation industry but to all other industries as well.”
Tomi Engdahl says:
An artist wheeled 99 smartphones around in a wagon to create fake traffic jams on Google Maps
https://www.businessinsider.com/google-maps-traffic-jam-99-smartphones-wagon-2020-2?amp
Tomi Engdahl says:
Google has a backdoor to track individual users per Chrome installation ID https://github.com/w3ctag/design-reviews/issues/467#issuecomment-581944600 I don’t understand why Google/Microsoft & some other companies use their users as guinea pigs. No consent. No opt-out. Even software given free of cost argument is hard to swallow.
Tomi Engdahl says:
Twitter warns hackers exploited an API bug on its platform to inappropriately match and learn linked phone numbers of millions of users. Based on IP addresses engaged in the attack, Twitter believes some of them may have ties to state-sponsored actors.
An Incident Impacting your Account Identity
https://privacy.twitter.com/en/blog/2020/an-incident-impacting-your-account-identity
On December 24, 2019 we became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers. We immediately suspended these accounts and are disclosing the details of our investigation to you today because we believe it’s important that you are aware of what happened, and how we fixed it.
Tomi Engdahl says:
DOD contractor Electronic Warfare Associates hit with Ryuk ransomware
https://www.cyberscoop.com/ryuk-ransomware-ewa-dod-contractor/
Electronic Warfare Associates (EWA), a government contractor that works with the Department of Defense, Department of Justice, and Department of Homeland Security, has been hit with a ransomware attack, CyberScoop has learned.
Tomi Engdahl says:
Google’s location tracking finally under formal probe in Europe
https://techcrunch.com/2020/02/04/googles-location-tracking-finally-under-formal-probe-in-europe/?tpcc=ECFB2020
“As such, the DPC has commenced an own-volition Statutory Inquiry, with respect to Google Ireland Limited, pursuant to Section 110 of the Data Protection 2018 and in accordance with the co-operation mechanism outlined under Article 60 of the GDPR. The Inquiry will set out to establish whether Google has a valid legal basis for processing the location data of its users and whether it meets its obligations as a data controller with regard to transparency,” its notice added.
Tomi Engdahl says:
Hackers infiltrated a big Facebook data partner to launch scams
Marketing giant LiveRamp has privileged access to advertising accounts
https://www.cnet.com/news/hackers-infiltrated-a-big-facebook-data-partner-to-launch-scams/#ftag=COS-05-10aaa0i
Tomi Engdahl says:
https://blog.talosintelligence.com/2019/07/sea-turtle-keeps-on-swimming.html?m=1
After several months of activity, the actors behind the “Sea Turtle” DNS hijacking campaign are not slowing down. Cisco Talos recently discovered new details that suggest they regrouped after we published our initial findings and coverage and are redoubling their efforts with new infrastructure. While many actors will slow down once they are discovered, this group appears to be unusually brazen, and will be unlikely to be deterred going forward.
Tomi Engdahl says:
UK Council websites are letting citizens be profiled for ads, study shows
https://tcrn.ch/2Ulji6R
On the same day that a data ethics advisor to the UK government has urged action to regulate online targeting a study conducted by pro-privacy browser Brave has highlighted how Brits are being profiled by the behavioral ad industry when they visit their local Council’s website — perhaps seeking info on local services or guidance about benefits including potentially sensitive information related to addiction services or disabilities.
Brave found that nearly all UK Councils permit at least one company to learn about the behavior of people visiting their sites, finding that a full 409 Councils exposed some visitor data to private companies.
Tomi Engdahl says:
To do the same all you need is a crapload of phones and a bad attitude.
Man Creates Traffic Jams By Wheeling Around 99 Cell Phones In A Trailer
https://www.iflscience.com/technology/man-creates-traffic-jams-by-wheeling-around-99-cell-phones-in-a-trailer/
Tomi Engdahl says:
Linux and macOS PCs hit by serious Sudo vulnerability
https://www.techradar.com/amp/news/linux-and-macos-pcs-hit-by-serious-sudo-vulnerability
Sudo scare part deux, as another flaw is found by an Apple security expert
Linux and macOS systems have been hit by a nasty little bug in the Sudo utility, although the good news is it has already been patched.
Sudo is a tool that provides a specified user permissions above their normal levels, including root (administrative) access, but by leveraging this security flaw, it’s possible a low-privileged user (or malware) could get unauthorized root access, and thus potentially wreak all sorts of havoc on the host system.
The fresh vulnerability (codenamed CVE-2019-18634) relates to Sudo incorrectly handling memory operations when the ‘pwfeedback’ option is enabled in the Sudoers configuration file, as The Hacker News reports. Essentially, when a password is requested, this security measure can be bypassed via a large input that triggers a buffer overflow.
Now, it’s often the case that pwfeedback isn’t enabled by default, but some operating system do have it active off-the-bat in Sudo – for example Linux Mint.
Further note that the buffer overflow flaw only affects Sudo versions previous to 1.8.26. Sudo has already been patched to defend against the exploit with version 1.8.31 (versions 1.8.26 onwards are safe anyway, as the result of another previous change – even though the bug is still present, it can’t actually be leveraged).
https://thehackernews.com/2020/02/sudo-linux-vulnerability.html?m=1
Tomi Engdahl says:
Google says it accidentally sent some users’ private videos to strangers
https://www.cnbc.com/2020/02/04/google-accidentally-sent-some-users-private-videos-to-strangers.html
Google apologized on Tuesday for accidentally sending some users’ private videos to strangers.
People who used Google Takeout between Nov. 21 and Nov. 25 may have received videos that were posted by strangers, Google said.
Tomi Engdahl says:
These activists use makeup to defy mass surveillance
https://i-d.vice.com/en_uk/article/jge5jg/dazzle-club-surveillance-activists-makeup-marches-london-interview?utm_source=mbfb
London is the second most surveilled city in the world. Dazzle Club is the activism group using anti-facial recognition paint to bring awareness towards this.
This was the monthly outing of the Dazzle Club, a collective of artists using anti-facial recognition paint and choreographed walks to explore surveillance and public space in the 21st century.
“You’re trying to obscure the natural highlights and shadows on your face,” says Georgina. “Cameras will reduce you down to pixels. They’ll pick up the bridge of your nose, your forehead, your cheekbones, your mouth and chin. So you have to flatten your face and obscure it.”
The most effective way to do this is via strong lines across the face, mouth and nose that divide up facial symmetry, preventing the facial recognition software from fitting the puzzle pieces of your face together into a coherent picture. Dazzling isn’t foolproof
Tomi Engdahl says:
App made by Clinton campaign veterans’ firm is behind Iowa caucuses debacle
https://www.latimes.com/business/technology/story/2020-02-04/clinton-campaign-vets-behind-2020-iowa-caucus-app-snafu
In 2016, for the first time, precinct chairs used a smartphone app built by Microsoft to relay results to party headquarters, enabling faster reporting than communicating via telephone hotline. This year, with the state party promising to disclose more granular data than in the past, the job of coding the app went to a fledgling tech firm run by veterans of Hillary Clinton’s presidential campaign.
It turned out to be a crushing failure.
Throughout the long night, precinct chairs found themselves unable to get the app to work. Many never figured out how to download or install it in the first place. Those who tried to report their results via a backup phone line wound up on hold, sometimes for more than an hour.
After blaming the delay on “inconsistencies in the reporting of three sets of results,” it wasn’t until well into Tuesday afternoon that the Iowa Democratic Party was confident enough in the accuracy of its figures to begin releasing partial results, drawing complaints that the process had been rendered unfair
The firm behind the app, Shadow Inc., took responsibility in a series of tweets Tuesday.
“We sincerely regret the delay in the reporting of the results of last night’s Iowa caucuses and the uncertainty it has caused to the candidates, their campaigns, and Democratic caucus-goers,”
“We feel really terrible,” Shadow Chief Executive Gerard Niemira told Bloomberg in an interview Tuesday. He blamed the breakdown on a bug in the app’s code, which he said had been discovered and fixed by 10 p.m. But by then, the damage was done.
Tomi Engdahl says:
How SamSam ransomware took down CDOT and how the state fought back — twice
https://coloradosun.com/2020/02/03/how-samsam-ransomware-took-down-cdot-and-how-the-state-fought-back-twice/?fbclid=IwAR1edYPrc9YCPRhiOUZ7aoWzGIDcV0eMzJABqr1vnOyXBzbKSPrxP0FvXj8
When cyberattackers held CDOT files hostage and demanded bitcoin in 2018, the state learned a $1.7 million lesson about cybersecurity
Tomi Engdahl says:
Google Confirms It Paid Hackers $6.5 Million Last Year To Help Keep The Internet Safe
https://www.forbes.com/sites/daveywinder/2020/01/29/google-confirms-it-will-pay-android-pixel-hackers-15-million/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269
Tomi Engdahl says:
Microsoft Teams goes down after Microsoft forgot to renew a
certificate
https://www.theverge.com/2020/2/3/21120248/microsoft-teams-down-outage-certificate-issue-status
Microsoft Teams went down this morning for nearly three hours after
Microsoft forgot to renew a critical security certificate. Users of
Microsoft’s Slack competitor were met with error messages attempting
to sign into the service on Monday morning, with the app noting it had
failed to establish an HTTPS connection to Microsoft’s servers. Read
also:
https://www.tivi.fi/uutiset/tv/4bc9f354-866a-4f48-852b-14b888eae811
Tomi Engdahl says:
https://www.tivi.fi/uutiset/tv/4bc9f354-866a-4f48-852b-14b888eae811
School’s out as ransomware attack downs IT systems at Scotland’s
Dundee and Angus College
https://www.theregister.co.uk/2020/02/04/dundee_angus_college_ransomware/
A further education college in east Scotland has been struck by what
its principal described as a cyber “bomb” in an apparent ransomware
attack so bad that students have been told to stay away and reset
passwords en masse.
Tomi Engdahl says:
Ashley Madison Breach Extortion Scam Targets Hundreds
https://threatpost.com/ashley-madison-breach-extortion-scam-targets-hundreds/152481/
A new extortion attack has targeted hundreds of users affected by the
Ashley Madison breach over the past week. Nearly five years after the
high-profile Ashley Madison data breach, hundreds of impacted website
users are being targeted by a new extortion attack this past week. The
2015 data breach of the adultery website led to 32 million accounts
being publicly dumped online, including victims’ names, passwords,
phones numbers, credit card information and more.
Tomi Engdahl says:
New EmoCheck Tool Checks if You’re Infected With Emotet
https://www.bleepingcomputer.com/news/security/new-emocheck-tool-checks-if-youre-infected-with-emotet/
A new utility has been released by Japan CERT (computer emergency
response team) that allows Windows users to easily check if they are
infected with the Emotet Trojan. The Emotet Trojan is one of the most
actively distributed malware that is spread through phishing emails
with malicious Word document attachments. Read also:
https://github.com/JPCERTCC/EmoCheck
Tomi Engdahl says:
Office 365 to Block Harmful Content Regardless of Custom Configs
https://www.bleepingcomputer.com/news/security/office-365-to-block-harmful-content-regardless-of-custom-configs/
Microsoft is currently working on new features designed to block
malicious content in Office 365 regardless of the custom
configurations set up by administrators or users unless manually
overridden.
Tomi Engdahl says:
Google Bug Sent Private Google Photos Videos to Other Users
https://www.bleepingcomputer.com/news/google/google-bug-sent-private-google-photos-videos-to-other-users/
In a serious privacy lapse, Google is notifying users that videos
stored in their Google Photos account were mistakenly shared with
other unrelated users. Read also:
https://thehackernews.com/2020/02/google-photos-videos.html
Tomi Engdahl says:
Teen takes down ISP with DDoS attacks to get info on one of its
subscribers
https://www.zdnet.com/article/teen-takes-down-isp-with-ddos-attacks-to-get-info-on-one-of-its-subscribers/
Ukrainian police have arrested a 16-year-old from the city of Odessa
last month for attempting to extort a local ISP (internet service
provider) into sharing data on one of its subscribers. Ukrainian
authorities say that when the service provider declined, the teen used
distributed denial of service (DDoS) attacks to take down the ISP’s
network.
Tomi Engdahl says:
These are the top ten software flaws used by crooks: Make sure you’ve
applied the patches
https://www.zdnet.com/article/these-are-the-top-ten-software-flaws-used-by-crooks-make-sure-youve-applied-the-patches/
Hackers are exploiting many of the same security vulnerabilities as
last year and they all impact Microsoft Windows products – but a bug
in Adobe Flash was the most exploited in 2019. Over half of the most
common security vulnerabilities exploited by criminals to conduct
cyber attacks and distribute malware are more than a year old, and
some are over five years old, demonstrating how failure to apply
security updates is leaving organisations vulnerable to hacking and
malicious compromise.
Tomi Engdahl says:
FBI catches hacker that stole Nintendo’s secrets for years
https://arstechnica.com/gaming/2020/02/fbi-catches-hacker-that-stole-nintendos-secrets-for-years/
A 21-year-old California man has pleaded guilty to hacking Nintendo’s
servers multiple times since 2016, using phishing techniques to gain
early access to information about the company’s plans. Read also:
https://www.scmagazine.com/home/security-news/cybercrime/hacker-pleads-guilty-to-stealing-nintendo-secrets/
and
https://www.bleepingcomputer.com/news/security/nintendo-hacker-pleads-guilty-to-child-porn-charges-faces-25-years/
Tomi Engdahl says:
Electric scooters vulnerable to remote hacks
https://www.welivesecurity.com/2020/02/04/electric-scooters-vulnerable-remote-hacks/
University of Texas at San Antonio (UTSA). The review which UTSA said
is “the first review of the security and privacy risks posed by
e-scooters and their related software services and applications”
outlines various attacks scenarios that riders might face, as well as
how to tackle the risks. Many e-scooters rely on a combination of
Bluetooth Low Energy (BLE) and the rider’s smartphone internet
connection to run, as well as send data to the service provider. This
opens up a number of avenues for potential attacks. For example, bad
actors could eavesdrop on the data being broadcasted, which could, in
turn, lead to Man-in-the-Middle (MitM) and replay attacks.
Tomi Engdahl says:
WhatsApp Bug Allowed Attackers to Access the Local File System
https://www.bleepingcomputer.com/news/security/whatsapp-bug-allowed-attackers-to-access-the-local-file-system/
Facebook patched a critical WhatsApp vulnerability that would have
allowed potential attackers to read files from a user’s local file
system, on both macOS and Windows platforms. Read also:
https://www.facebook.com/security/advisories/cve-2019-18426
Tomi Engdahl says:
Medtronic Patches Implanted Device, CareLink Programmer Bugs
https://threatpost.com/medtronic-patches-implanted-device-carelink/152533/
Medtronic has released updates to address known vulnerabilities in its
line of connected medical devices that were initially disclosed last
year and in 2018. The vendor has addressed two sets of bugs. The first
group, disclosed in March of last year, is found in a range of
Medtronic implanted cardiac resynchronization therapy with
defibrillation (CRT-D) devices; and in multiple implantable
cardioverter defibrillators (ICDs). An ICS-CERT advisory last week
gives the most severe of the flaws a CVSS “critical” severity rating
of 9.3.
https://threatpost.com/medtronic-patches-implanted-device-carelink/152533/
Tomi Engdahl says:
‘We Feel Really Terrible,’ Says CEO Whose App Roiled Iowa Caucus
https://www.bloomberg.com/news/articles/2020-02-05/-we-feel-really-terrible-says-ceo-whose-app-roiled-iowa-caucus
The chief executive of the technology company whose app threw the Iowa caucuses into disarray Monday night defended his company but apologized for a technological glitch that angered candidates, left voters baffled and upended the opening act of the 2020 Democratic presidential primary.
“I’m really disappointed that some of our technology created an issue that made the caucus difficult,” said Gerard Niemira, the CEO of political technology company Shadow Inc., in his first interview after the caucus. “We feel really terrible about that.”
Tomi Engdahl says:
Ancestry discloses a rare demand for its genetic data. The company has rebuffed the U.S. government’s attempt, though.
Ancestry Fights The US Government As Feds Try To Grab DNA Data
http://on.forbes.com/6182198Va
Tomi Engdahl says:
Iowa has already won the worst IT rollout award of 2020: Rap for crap caucus app chaps in vote zap flap
Untested tech, no training, last-minute rollout, buggy code – sound familiar?
https://www.theregister.co.uk/2020/02/04/iowa_caucus_software/
Tomi Engdahl says:
Google Takeout a bit too true to its name after potentially 1000s of private videos shared with complete strangers
1% of 1% of users affected, but as it’s Google that’s still in the six figures
https://www.theregister.co.uk/2020/02/05/google_takeout_leak/
Tomi Engdahl says:
The App That Broke the Iowa Caucus
https://www.nytimes.com/2020/02/04/opinion/iowa-caucus-app.html
Democrats desperately need to win the internet to beat Trump. Their first big test was a massive failure.
Tomi Engdahl says:
@rabble:
[Thread] Democratic campaign tech projects suffer from one-off startup-like funding with no money for further development, lack of trust between campaigns, more — If you want to understand what happened with Shadow and the failure of the Iowa Caucus app you have to understand how electoral campaign tech work is done and funded. Let me tell you a story to make sense of it.
https://twitter.com/rabble/status/1224820389387223041
HuffPost:
Sources: Shadow, a company affiliated with Democratic digital nonprofit ACRONYM, built the Iowa caucus app that contributed to delays in reporting results
https://www.huffpost.com/entry/iowa-caucus-app-shadow_n_5e390191c5b687dacc722824?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cudGVjaG1lbWUuY29tLw&guce_referrer_sig=AQAAALbj2ZWIwgmGYXCOxFbL9gCWtD7wunNl1rHpuSqj4FWU2cFELLEt7BkEmHf3jY_ivKRMbbGm6-sjSKBknhGBaQFwkGsPPi9dIFeo4EOIOAz506X-73NcNjFuqmCoztN2O6r3wV8xJLdJbvq1lkbwQzpQyTmn-hnc96n4K4_dxqRB
Tomi Engdahl says:
Cat Zakrzewski / Washington Post:
The delays in the Iowa caucus test tech companies’ policies on falsehoods, as conspiracies flood social media and political figures call it “rigged” on Twitter
Tweets: @jdiamond1, @yaeleisenstat, @mollyj
https://www.washingtonpost.com/news/powerpost/paloma/the-technology-202/2020/02/04/the-technology-202-iowa-caucus-delays-test-tech-companies-policies-on-falsehoods/5e385739602ff15f82798452/
Tomi Engdahl says:
Ex-Google Engineer And Silicon Valley Tech Money Behind Shadow, The App That Brought Chaos To The Iowa Caucus
http://on.forbes.com/618119Hbc
The smartphone app that caused a major delay in reporting results during Iowa’s Democratic caucus was funded by both Democratic presidential candidates and Silicon Valley veterans anxious to use cutting-edge technology to stymie a Trump re-election.
The app that was supposed to count and report caucus results was created by Shadow Inc., a for-profit tech company cofounded in February 2019 by former Google engineer Kirsta Davis and Gerard Niemira, an engineer who worked at San Francisco microlender Kiva.org. Both later worked on Hillary Clinton’s failed 2016 presidential campaign. Washington D.C.-based Shadow was acquired last year by Acronym, a nonprofit also based in D.C. and founded in March 2017 by former journalist Tara McGowan to advance “progressive causes through innovative communications, advertising and organizing programs.” It has an affiliated political action committee called Pacronym.
Tomi Engdahl says:
https://gizmodo.com/ceo-of-creepy-face-recognition-firm-clearview-ai-says-h-1841461190
Hoan Ton-That, the CEO and founder of a face recognition company that he freely admits could help lead to a surveillance “nightmare” and a “dystopian future or something,” says he has a First Amendment right to scrape whatever images he damn well pleases off public websites like Twitter to pad out his company’s supposedly three billion photo database.
Clearview AI has licensed its face surveillance systems to over 600 law enforcement agencies
Tomi Engdahl says:
Introduction to mobile network intrusions from a mobile phone
https://medium.com/mobile-stacks-and-networks-security/introduction-to-mobile-network-intrusions-from-a-mobile-phone-9a8e909cc276
With the introduction of the packet service, mobile user equipment (UE) are able to use the IP communication protocol. Without the right routing and filtering of UE communications, some sensitive assets on the operator’s infrastructure could be exposed, such as core network services.
Mobile operators are generally aware of this kind of attack vector and apply the right mechanisms to avoid any risk from the subscriber context. Nevertheless, those mechanisms are different from an operator to another and their effectiveness varies.
Tomi Engdahl says:
Bug hunter finds cryptocurrency-mining botnet on DOD network
Monero-mining botnet infects one of the DOD’s Jenkins servers.
https://www.zdnet.com/article/bug-hunter-finds-cryptocurrency-mining-botnet-on-dod-network/
Initially, the bug report was filed in relation to a misconfigured Jenkins automation server running on an Amazon Web Services (AWS) server associated with a DOD domain.
Surana discovered that anyone could access the Jenkins server without login credentials.
Full access was apparently possible, including to the filesystem. Surana says the /script folder, part of the Jenkins installation, was also open to anyone.
The DOD secured the vulnerable server, but when revisiting his findings, Surana also realized that the Jenkins server had already been compromised even before he found it.
The researcher told ZDNet he was not awarded a bounty for his report, but this was one of the rare cases where a researcher’s findings were made public.
Tomi Engdahl says:
The FBI Downloaded CIA’s Hacking Tools Using Starbuck’s WiFi
https://m.slashdot.org/story/366790
One of the most interesting details from the yesterday’s Joshua Schulte trial involved how the FBI obtained the Vault 7 and Vault 8 materials they entered into evidence yesterday.
https://www.documentcloud.org/documents/6768407-200204-Schulte-Trial-Transcript.html
Tomi Engdahl says:
5 Zero-day Vulnerabilities in Cisco Discovery Protocol Impacting Tens
of Millions of Devices
https://www.armis.com/cdpwn/
Armis has discovered five critical, zero-day vulnerabilities in
various implementations of the Cisco Discovery Protocol (CDP) that can
allow remote attackers to completely take over devices without any
user interaction. CDP is a Cisco proprietary Layer 2 (Data Link Layer)
network protocol that is used to discover information about locally
attached Cisco equipment. CDP is implemented in virtually all Cisco
products including switches, routers, IP phones and cameras. All those
devices ship from the factory with CDP enabled by default. The CERT
Coordination Center has also issued an advisory.. Also:
https://threatpost.com/critical-cisco-cdpwn-flaws-network-segmentation/152546/.
https://www.zdnet.com/article/cdpwn-vulnerabilities-impact-tens-of-millions-of-enterprise-devices/