This posting is here to collect cyber security news in February 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
208 Comments
Tomi Engdahl says:
The Dark Side of Smart Lighting: Check Point Research Shows How
Business and Home Networks Can Be Hacked from a Lightbulb
https://blog.checkpoint.com/2020/02/05/the-dark-side-of-smart-lighting-check-point-research-shows-how-business-and-home-networks-can-be-hacked-from-a-lightbulb/
Everyone is familiar with the concept of IoT, the Internet of Things,
but how many of you have heard of smart lightbulbs? By using a mobile
app, or your digital home assistant, you can control the light in your
house and even calibrate the color of each lightbulb! These smart
lightbulbs are managed over the air using the familiar WiFi protocol
or ZigBee, a low bandwidth radio protocol.
Tomi Engdahl says:
Faking e-mails: Why it is even possible
https://www.kaspersky.com/blog/36c3-fake-emails/32362/
Phishing and business e-mail compromise attacks rely on fake e-mails.
But why is it so easy for attackers to make them so convincing?
Tomi Engdahl says:
Gamaredon APT Improves Toolset to Target Ukraine Government, Military
https://threatpost.com/gamaredon-apt-toolset-ukraine/152568/
The Gamaredon advanced persistent threat (APT) group has been
supercharging its operations lately, improving its toolset and ramping
up attacks on Ukrainian national security targets.
Tomi Engdahl says:
A hacker has released a 0-day attack against a wide range of DVRs and cameras that use SoCs from Huawei subsidiary HiSilicon.
Huawei Subsidiary Distributes 0-Day Backdoor in DVRs, NVRs, IoT Cameras
https://www.extremetech.com/computing/305830-huawei-subsidiary-hisilicon-distributes-0-day-backdoor-in-dvrs-nvrs-iot-cameras
One issue that’s been of increasing concern to US companies and customers is the fear that Chinese companies will create hard-wired backdoors into the various networking and 5G products they sell in Western markets. Such backdoors could then be exploited for corporate espionage or government surveillance.
Thus far, the evidence for this kind of deliberate backdooring has been mixed. A damning report by Bloomberg last year — one that I initially believed — faded into confused questions over whether the company had accurately reported the situation, along with disagreements over whether the backdoor as described was even technologically possible. A UK report on Huawei’s security practices last year found ample evidence of sloppy coding and poor version control, but turned up no sign of corporate or government backdoors aimed at allowing a coordinated surveillance campaign.
Now, a new report by Vladislav Yarmak explains how Huawei subsidiary HiSilicon has integrated a firmware backdoor into the SoCs it sells to various companies that build digital video cameras (DVRs), network-connected video recorders (NVRs), and other various devices. The backdoor is integrated into the SoC firmware, which means it gets deployed anywhere the SoC is. According to Yarmak, this backdoor has been deployed in at least three different versions since 2013.
Tomi Engdahl says:
https://www.tivi.fi/uutiset/nyt-tuli-haijy-kiristyshaittaohjelma-salaa-tiedostot-ja-sarkee-paikat/99d439eb-2fd3-44e9-919b-75d37a5f5154
New ransomware doesn’t just encrypt data. It also meddles with critical infrastructure
https://arstechnica.com/information-technology/2020/02/new-ransomware-intentionally-meddles-with-critical-infrastructure/
Ekans represents a “new and deeply concerning” evolution in malware targeting control systems.
Tomi Engdahl says:
FBI catches hacker that stole Nintendo’s secrets for years
https://arstechnica.com/gaming/2020/02/fbi-catches-hacker-that-stole-nintendos-secrets-for-years/
Tomi Engdahl says:
Facebook’s use of Onavo spyware faces questions in EU antitrust probe — report
https://techcrunch.com/2020/02/06/facebooks-use-of-onavo-spyware-faces-questions-in-eu-antitrust-probe-report/?tpcc=ECFB2020
Facebook’s use of the Onavo spyware VPN app it acquired in 2013 — and used to inform its 2014 purchase of the then rival WhatsApp messaging platform — is on the radar of Europe’s antitrust regulator, per a report in the Wall Street Journal.
The newspaper reports that the Commission has requested a large volume of internal documents as part of a preliminary investigation into Facebook’s data practices which was announced in December.
Facebook announced it was shutting down Onavo a year ago — in the face of rising controversial about its use of the VPN tool as a data-gathering business intelligence dragnet
Tomi Engdahl says:
Cisco Confirms 5 Serious Security Threats To ‘Tens Of Millions’ Of Network Devices
https://www.forbes.com/sites/daveywinder/2020/02/05/cisco-confirms-5-serious-security-threats-to-tens-of-millions-of-network-devices/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269
A total of five high-rated Cisco vulnerabilities, dubbed collectively as CDPwn, have been confirmed today. With Cisco network devices everywhere from the trading floor to the boardroom, this is one security alert you can’t afford to ignore.
Let’s face it, the last few weeks have been pretty depressing from the security perspective. The travel industry got caught in the ransomware crosshairs, a threat which returned to haunt those businesses which hadn’t patched their systems against a widely discussed Citrix vulnerability. Then there was the Internet Explorer zero-day that had the potential to impact more business users than you might imagine, and now this. Researchers from IoT cybersecurity startup Armis uncovered the previously unreported flaws across various implementations of the Cisco Discovery Protocol (CDP) that is enabled by default in “virtually all” Cisco products. Why is this such a big deal? Because Cisco is one of the technological foundation stones, the backbone of the internet and a huge swathe of enterprise networks. That, my friends, makes for a damn big potential attack surface. The saving grace being that attackers cannot exploit these vulnerabilities from the internet itself, they first need to have access to the local network. The entry point for that initial local foothold could, of course, be an IoT device.
Tomi Engdahl says:
New ransomware doesn’t just encrypt data. It also meddles with critical infrastructure
Ekans represents a “new and deeply concerning” evolution in malware targeting control systems.
https://arstechnica.com/information-technology/2020/02/new-ransomware-intentionally-meddles-with-critical-infrastructure/
Tomi Engdahl says:
Exfiltrating Data from Air-Gapped Computers Using Screen Brightness
https://thehackernews.com/2020/02/hacking-air-gapped-computers.html?m=1
Tomi Engdahl says:
FBI ‘Drive-By’ Hacking Warning Just Got Real: Here’s How This Malicious New Threat Works
Zak DoffmanContributor
https://www.forbes.com/sites/zakdoffman/2020/02/05/fbi-drive-by-hacking-warning-just-got-real-heres-how-this-malicious-new-threat-works/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2020/02/05/nain-alylampun-kautta-tietoverkkohyokkays/
Tomi Engdahl says:
Elon Musk trashes WhatsApp as coming with ‘a free phone hack’
https://mashable.com/article/elon-musk-whatsapp-emoji-hack/?utm_source=social&utm_medium=facebook&utm_campaign=mash-com-fb-main-link&utm_content=tech
“New emoji,” wrote Musk. “Last one comes with free phone hack.”
Musk’s dunk follows multiple high-profile news reports of WhatsApp vulnerabilities. We learned this week that a WhatsApp bug would have let hackers read files on a victim’s computer. And last month a security firm hired by Jeff Bezos claimed that the Amazon CEO’s phone was likely hacked via a WhatsApp exploit.
Tomi Engdahl says:
This Man Created Traffic Jams on Google Maps Using a Red Wagon Full of Phones
https://www.vice.com/en_us/article/9393w7/this-man-created-traffic-jams-on-google-maps-using-a-red-wagon-full-of-phones
By pulling 99 phones down empty streets, artist Simon Weckert made it look like they were gridlocked on Google Maps.
Tomi Engdahl says:
https://screenrant.com/xbox-hacking-security-systems-bounty-program-microsoft/
Tomi Engdahl says:
WhatsApp bug let hackers access computers with only a text message
https://mashable.com/article/whatsapp-vulnerability-hackers-access-computers/?utm_source=social&utm_medium=facebook&utm_campaign=mash-com-fb-main-link&utm_content=tech
Tomi Engdahl says:
VICE:
Pornhub claims it has systems in place to flag harmful videos like Girls Do Porn but an investigation finds even light editing allows such videos to be uploaded
Pornhub Doesn’t Care
https://www.vice.com/en_us/article/9393zp/how-pornhub-moderation-works-girls-do-porn
But even with the official site shut down and its owners in jail or on the run, the ruling has done little to stop the spread of the videos online. Even today, hundreds of Girls Do Porn videos are easy to find, especially on Pornhub, which claims to get 100 billion video views a year and more than 100 million daily visits.
Pornhub claims that victims of nonconsensual porn—as many of the Girls Do Porn videos are—can easily request to remove videos from the site, and that those videos can be “fingerprinted.” Broadly speaking, video fingerprinting is a method for software to identify, extract, and then summarize characteristic components or metadata of a video, allowing that video to be uniquely identified by its “fingerprint.” According to Pornhub, this would automatically prevent future attempts to upload a video that was flagged.
But a Motherboard investigation found that this system can be easily and quickly circumvented with minor editing. Pornhub’s current method for removing Girls Do Porn videos and other forms of non-consensual porn not only puts the onus of finding and flagging videos almost entirely on potentially-traumatized victims—those victims can’t even rely on the system to work.
Pornhub fails a simple test
“It’s not really ‘doing the right thing’ when you only act when it is in your self-interest.”
Overall, we successfully uploaded eight videos that used footage from the same fingerprinted Girls Do Porn episode.
Hany Farid, a University of California, Berkeley professor who worked with Microsoft in 2009 to develop PhotoDNA, a technology used by Google, Facebook, and other internet platforms to automatically detect images of child sexual abuse, said that the fingerprinting technology that Pornhub and other platforms use to detect unwanted videos and images is never perfect. However, he said Pornhub and Vobile’s inability to detect a 30 second portion of the fingerprinted Girls Do Porn video reuploaded to its platform is “pretty bad.”
“Fingerprinting or PhotoDNA are definitely useful tools, and we take full advantage of them in our practice,” Honza Cervenka, an Associate at McAllister Olivarius, a firm that specializes in non-consensual pornography, said. “But the proper solution to this problem isn’t to require victims to play a never-ending game of technological catch-up. Victims are spending much more time than they ought, checking for their own videos. The onus should not be on them, it should be on the sites.”
How to Remove Non-Consensual Videos From Pornhub
https://www.vice.com/en_us/article/epgpqa/how-to-remove-videos-from-pornhub
Removing videos of you that were uploaded to Pornhub without your consent involves filling out a takedown notice and requesting that the videos be digitally fingerprinted.
Tomi Engdahl says:
The journalist said in a statement that he welcomes “the fact that this investigation will not move forward,” but adds that he believes “this decision is insufficient to guarantee the rights of a free press.”
Brazil judge rejects hacking accusation against Greenwald
https://apnews.com/2271bf04ff2db8124c59a6d8d46a42c0
Tomi Engdahl says:
Federal Agencies Use Cellphone Location Data for Immigration Enforcement
https://www.wsj.com/articles/federal-agencies-use-cellphone-location-data-for-immigration-enforcement-11581078600
Commercial database that maps movements of millions of cellphones is deployed by immigration and border authorities
Tomi Engdahl says:
Julian Assange, Chelsea Manning and Edward Snowden nominated for the 2020 Nobel Peace Prize
https://defend.wikileaks.org/2020/02/06/julian-assange-chelsea-manning-and-edward-snowden-nominated-for-the-2020-nobel-peace-prize/?fbclid=IwAR3OBTWykwygdNnmjSjT6wxlNEy_GaIallx7f9iAWuNMMhfmOkadJe1ftCI
Full text of the letter:
Dear Members of the Norwegian Nobel Committee,
We wish to nominate Julian Assange, Chelsea Manning and Edward Snowden for the 2020 Nobel Peace Prize, in honour of their unparalleled contributions to the pursuit of peace, and their immense personal sacrifices to promote peace for all.
The year 2020 began with Julian Assange arbitrarily detained and tortured, at risk of death according to the UN Special Rapporteur on Torture and over 100 medical doctors, for revealing the extent of harm and illegality behind the Iraq and Afghanistan wars. 2020 began with Chelsea Manning in her secound year of renewed imprisonment for resisting to testify to a Grand Jury empaneled against Wikileaks, after having also been imprisoned seven years previously and tortured, following her disclosures that were published by Julian Assange. 2020 began with Edward Snowden in his 7th year of asylum for revealing illegal mass surveillance, in defence of the liberties underpinning revelations such as those made by Chelsea Manning and Julian Assange.
Tomi Engdahl says:
On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address. This vulnerability can lead to theft of personal data and could potentially be used to spread malware (Short-Distance Worm).
On Android 10, this vulnerability is not exploitable for technical reasons and only results in a crash of the Bluetooth daemon.
Android versions even older than 8.0 might also be affected but we have not evaluated the impact.
Users are strongly advised to install the latest available security patch from February 2020.
Critical Bluetooth Vulnerability in Android (CVE-2020-0022)
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address. This vulnerability can lead to theft of personal data and could potentially be used to spread malware (Short-Distance Worm).
On Android 10, this vulnerability is not exploitable for technical reasons and only results in a crash of the Bluetooth daemon.
Android versions even older than 8.0 might also be affected but we have not evaluated the impact.
Users are strongly advised to install the latest available security patch from February 2020. If you have no patch available yet or your device is not supported anymore, you can try to mitigate the impact by some generic behavior rules:
Only enable Bluetooth if strictly necessary. Keep in mind that most Bluetooth enabled headphones also support wired analog audio.
Keep your device non-discoverable. Most are only discoverable if you enter the Bluetooth scanning menu. Nevertheless, some older phones might be discoverable permanently.
Tomi Engdahl says:
Patch Your Philips Hue Lightbulbs To Stop Them From Getting Hacked — And Potentially Everything Else On Your Network
https://m.slashdot.org/story/366766
Four years ago, security researchers showed how a flying drone could hack an entire room full of Philips Hue smart light bulbs from outside a building, by setting off a virus-like chain reaction that jumped from bulb to bulb. Today, we’re learning that vulnerability never got fully fixed — and now, researchers have figured out a way to exploit that very same issue to potentially infiltrate your home or corporate network, unless you install a patch.
https://fortune.com/2020/02/05/philips-hue-smart-lights-vulnerability-flaw/
Tomi Engdahl says:
WhatsApp Desktop patches major security vulnerability
https://www.techradar.com/news/whatsapp-desktop-has-a-worrying-security-flaw
WhatsApp messages on desktop could be modified to inject malicious code or links
Tomi Engdahl says:
Facebook’s Twitter and Instagram accounts hacked
https://www.bbc.com/news/amp/technology-51424352
Facebook’s social media accounts were temporarily taken over by a group of hackers on Friday afternoon.
The hacking group OurMine posted on the Twitter and Instagram accounts for Facebook and Messenger, writing “even Facebook is hackable”.
OurMine claims its attacks are an attempt to show cyber vulnerabilities. In January it hijacked over a dozen accounts for teams in the US National Football League.
Facebook’s own website was not hacked.
Tomi Engdahl says:
Nic Fildes / Financial Times:
Vodafone will remove Huawei systems from its EU core network at a cost of €200M over the next five years, following new UK rules and EU guidelines last month — Vodafone is to strip Huawei systems out of the core of its European network at a cost of €200m as the European telecoms sector moves …
https://t.co/T7byDxqJY3
Tomi Engdahl says:
Toby Helm / The Guardian:
Critics say the claim that the medical data sold by UK’s Department of Health of millions of NHS patients to American drug companies is anonymized is misleading
Revealed: how drugs giants can access your health records
https://www.theguardian.com/technology/2020/feb/08/fears-over-sale-anonymous-nhs-patient-data
Experts say information sold on by Department of Health and Social Care can be traced back to individual medical records
Tomi Engdahl says:
Charging people that will never stand trial – and were more than likely following orders……was it worth the effort other than to remind the public who the perceived enermy is?
BBC News – Equifax: US charges four Chinese military officers over huge hack
https://www.bbc.co.uk/news/world-us-canada-51449778
The US has charged four Chinese military officers over the huge cyber-attack of credit rating giant Equifax.
More than 147 million Americans were affected in 2017 when hackers stole sensitive personal data including names and addresses.
Tomi Engdahl says:
Vodafone to strip Huawei from ‘core’ network at cost of £200m
Move follows new UK rules and EU guidelines on use of Chinese group’s equipment
https://www.ft.com/content/b4bbd752-47f0-11ea-aeb3-955839e06441
Tomi Engdahl says:
A US House candidate says she was hacked — now she’s warning others
https://techcrunch.com/2020/02/10/house-brianna-wu-campaign-hack/?tpcc=ECFB2020
“Two of my non-campaign Google accounts were compromised by someone in Russia,” she said.
Wu isn’t just any other target.
the breach of two of her non-campaign Google accounts was still a wake-up call.
“I don’t believe anyone in Russia is targeting me specifically. I think it’s more likely they target everyone running for office,” she tweeted.
Wu said that both of her accounts had “solid protection measures” in place, including “unique, randomly generated passwords for both accounts.” She said that she reported the intrusions to the FBI.
“The worry is obviously that it could hurt the campaign,”
Politicians and political candidates are frequently targeted by hackers both in the U.S. and overseas.
Tomi Engdahl says:
‘Tens of millions’ of Cisco devices vulnerable to CDPwn flaws: Network segmentation blown apart by security bugs
Enterprises face fear of phone fragging fest as Doom spawns on IP phones
https://www.theregister.co.uk/2020/02/05/cisco_cdpwn_flaws/
Tomi Engdahl says:
Presidential Candidates’ Use of DMARC Improves, but Remains Short of Optimum
https://www.securityweek.com/presidential-candidates-use-dmarc-improves-remains-short-optimum
Presidential candidates’ protection of their domains is improving, but could improve further. More specifically, of the 15 current candidates, eight now protect their domains from email spoofing with enforced DMARC. In May 2019, when there were still 23 candidates, only three were protected by DMARC.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) works with two other email standards (SPF, or Sender Policy Framework, and DKIM, or Domain Keys Identified Mail) to give domain owners control over which senders are allowed to send messages ‘as’ them. The effect is to specify which email servers can name the protected domain in the From field of their messages, thus preventing email spoofing.
Tomi Engdahl says:
Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks
Old Gigabyte code lets file-scrambling RobbinHood go undetected
https://www.theregister.co.uk/2020/02/11/forgotten_gigabte_driver_robbinhood/
Sophos this month reported that an arbitrary read-write flaw in a digitally signed driver for now-deprecated Gigabyte hardware was recently used by ransomware, dubbed Robbinhood, to quietly switch off security safeguards on Windows 7, 8 and 10 machines
while Gigabyte stopped supporting and shipping the driver a while back, the software’s cryptographic signature is still valid. And so, when the ransomware infects a computer – either by some other exploit or by tricking a victim into running it – and loads the driver, the operating system and antivirus packages will allow it because the driver appears legit.
At that point, the ransomware exploits the security flaw in the Gigabyte driver to alter memory to bypass protection mechanisms and inject malicious code into kernel space, completely compromising the box and allowing the file-scrambling component to run unhindered.
“In this attack scenario, the criminals have used the Gigabyte driver as a wedge so they could load a second, unsigned driver into Windows,” Sophos explains. “This second driver then goes to great lengths to kill processes and files belonging to endpoint security products, bypassing tamper protection, to enable the ransomware to attack without interference.”
Specifically, RobbinHood loads the Gigabyte driver, exploits the read-write hole to turn off code-signing checks, loads its own unsigned driver unobstructed, and then instructs it to kill off the processes and files of antivirus products, including their kernel drivers. RobbinHood may well require administrator access to load the vulnerable motherboard driver in the first place, so you may be thinking what’s the point of all of this: if you’re a miscreant with admin access, you can do anything you like.
Tomi Engdahl says:
Here’s why you should never trust those “privacy-focused” email apps
https://www.digitaltrends.com/mobile/third-party-email-apps-spying-inboxes/
A handful of third-party email clients have been found to be scraping their users’ inboxes for profit. A new report by Motherboard reveals that apps such as Edison Email
How Big Companies Spy on Your Emails
https://www.vice.com/en_us/article/pkekmb/free-email-apps-spying-on-you-edison-slice-cleanfox
Multiple confidential documents obtained by Motherboard show the sort of companies that want to buy data derived from scraping the contents of your email inbox.
Tomi Engdahl says:
SAFER INTERNET DAY
https://www.saferinternetday.org/
Get set for Safer Internet Day 2020, taking place on Tuesday, 11
February 2020, when – once again – we’ll join forces across the globe
to work “Together for a better internet”..
https://www.saferinternetday.org/web/finland/sid
Tomi Engdahl says:
As Vault 7 trial begins, Joshua Schulte’s attorneys will argue he’s a whistleblower
https://www.cyberscoop.com/vault-7-trial-joshua-schulte-wikileaks/
Nearly three years after WikiLeaks began publishing secret CIA hacking tools, the legal team for the former agency employee who allegedly stole those files will try to convince a jury he did so in order to reveal the government’s methods for breaking into widely used consumer technology.
Based on the evidence, it will shape up to be a difficult argument. And that’s before you consider the current environment, in which the U.S. justice system has taken a hard-line approach to those who go public with classified information.
It’s also a fresh strategy for the defense. The U.S. has charged former CIA software engineer Joshua Schulte with transmitting files detailing the agency’s arsenal of hacking tools, but until now his lawyers have given no indication that he acted out of conscience.
Tomi Engdahl says:
On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address. This vulnerability can lead to theft of personal data and could potentially be used to spread malware (Short-Distance Worm).
On Android 10, this vulnerability is not exploitable for technical reasons and only results in a crash of the Bluetooth daemon.
Android versions even older than 8.0 might also be affected but we have not evaluated the impact.
Users are strongly advised to install the latest available security patch from February 2020.
Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/dell-supportassist-bug-exposes-business-home-pcs-to-attacks/
Tomi Engdahl says:
https://krebsonsecurity.com/2020/02/dangerous-domain-corp-com-goes-up-for-sale/
Tomi Engdahl says:
Netgear’s routerlogin.com HTTPS cert snafu now has a live proof of concept
And the company reaction is: not even ‘meh’
https://www.theregister.co.uk/2020/02/12/netgear_router_https_cert_poc/
An infosec researcher has published a JavaScript-based proof of concept for the Netgear routerlogin.com vulnerability revealed at the end of January.
Through service workers, scripts that browsers run as background processes, Rashid Saleem reckons he can exploit Netgear routers to successfully compromise admin panel credentials.
There’s just one catch: for Saleem’s method to work, the target has to try to log into their home router after connecting to a compromised Wi-Fi point and downloading malware.
By loading a malicious service worker for the domain routerlogin.com – the default admin panel address for Netgear consumer routers – Saleem said it is possible for a bad actor to capture and read the login credentials by executing a classic man-in-the-middle attack.
As we reported in January, Netgear was bundling valid, signed TLS certificates along with private keys embedded in firmware that anyone could freely download.
https://www.theregister.co.uk/2020/01/20/netgear_exposed_certificates/
Tomi Engdahl says:
U.S. Officials Say Huawei Can Covertly Access Telecom Networks
Trump administration ramps up push for allies to block Chinese company
https://www.wsj.com/articles/u-s-officials-say-huawei-can-covertly-access-telecom-networks-11581452256?mod=business_lead_pos1
Tomi Engdahl says:
Netgear’s routerlogin.com HTTPS cert snafu now has a live proof of
concept
https://www.theregister.co.uk/2020/02/12/netgear_router_https_cert_poc/
An infosec researcher has published a JavaScript-based proof of
concept for the Netgear routerlogin.com vulnerability revealed at the
end of January. Through service workers, scripts that browsers run as
background processes, Rashid Saleem reckons he can exploit Netgear
routers to successfully compromise admin panel credentials.
Tomi Engdahl says:
Jenkins servers can be abused for DDoS attacks
https://www.zdnet.com/article/jenkins-servers-can-be-abused-for-ddos-attacks/
Jenkins, an open source server used to perform automated tasks, can be
abused to launch distributed denial of service (DDoS) attacks. DDoS
attacks are possible because of a vulnerability in the Jenkins
codebase. The bug (tracked as CVE-2020-2100) has been fixed in Jenkins
v2.219, released last month. Details:
https://mediaserver.responsesource.com/mediabank/18328/RadwareERTAlert2020/ERTAlertJenkinsFINALV3.pdf
Tomi Engdahl says:
Internet’s safe-keepers forced to postpone crucial DNSSEC root key signing ceremony – no, not a hacker attack, but because they can’t open a safe
Online security process stalled by offline security screw-up
https://www.theregister.co.uk/2020/02/13/iana_dnssec_ksk_delay/
The organization that keeps the internet running behind-the-scenes was forced to delay an important update to the global network – because it was locked out of one of its own safes.
“During routine administrative maintenance of our Key Management Facility on 11 February, we identified an equipment malfunction,”
“The issue disables access to one of the secure safes that contains material for the ceremony.” In other words, IANA locked itself out.
Staff open up two safes, each roughly one-metre across. One contains a hardware security module that contains the private portion of the KSK. The module is activated, allowing the KSK private key to sign keys, using smart cards assigned to the ceremony participants. These credentials are stored in deposit boxes and tamper-proof bags in the second safe. Each step is checked by everyone else, and the event is livestreamed. Once the ceremony is complete – which takes a few hours – all the pieces are separated, sealed, and put back in the safes inside the secure facility, and everyone leaves.
Fortunately, apart from the inconvenience, there is no impact on the internet itself, particularly in this short term. The current arrangement will simply continue to do its job for three additional days.
Tomi Engdahl says:
Canadian consumers stung by cellphone porting scam: ‘It’s the creepiest thing’
https://trib.al/LKFf0lx
The message read: “Rogers has received a request to transfer your phone number to another Service Provider. If you did not authorize, contact Rogers urgently…” and went on to provide a toll-free telephone number.
The Toronto woman says she hadn’t made any request to transfer her number, a practice known in the wireless industry as porting.
Morgan says the agent promised the company would try to get it back.
But it took about 20 hours before Rogers restored her number.
In that period, she says cyber-thieves were able to use her phone account to change her email passwords and access her banking information. A credit card company reported an unauthorized $700 purchase.
She’s one of a growing number of Canadians to fall victim to this kind of scam, one Canada’s wireless industry says it’s trying to wrestle with.
Tomi Engdahl says:
Catalin Cimpanu / ZDNet:
Google has removed 500+ malicious Chrome extensions from its Web Store, likely affecting millions of users, that were part of a long-running ad fraud network — A network of malicious Chrome extensions was injecting malicious ads in millions of Chrome installs.
https://www.zdnet.com/article/google-removes-500-malicious-chrome-extensions-from-the-web-store/
Tomi Engdahl says:
Call us immediately if your child uses Kali Linux, squawks West Mids Police
Maybe stick to walking the beat instead of infosec advice, eh?
https://www.theregister.co.uk/2020/02/14/silly_police_infosec_parental_advice_poster/
The National Crime Agency has publicly distanced itself from a poster urging parents to call police if their child has installed Kali Linux, Tor or – brace yourself – Discord.
Tomi Engdahl says:
The US says Huawei has been spying through ‘back doors’ designed for law enforcement — which is what the US has been pressuring tech companies to do for years
https://www.businessinsider.com/us-accuses-huawei-of-spying-through-law-enforcement-backdoors-2020-2
Tomi Engdahl says:
8 steps to being (almost) completely anonymous online
How to be completely, absolutely, but not really, only a little bit anonymous.
https://www.csoonline.com/article/2975193/9-steps-completely-anonymous-online.html
Tomi Engdahl says:
How to escalate privileges and steal secrets in Google Cloud Platform
Plundering GCP: a very deep-dive into post-exploitation tactics and techniques.
https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/
Tomi Engdahl says:
Hackers could shut down satellites — or turn them into weapons
https://astronomy.com/news/2020/02/hackers-could-shut-down-satellites–or-turn-them-into-weapons
SpaceX and other companies are rushing to put thousands of small, inexpensive satellites in orbit, but pressure to keep costs low and a lack of regulation leave those satellites vulnerable to hackers.