Cyber security news February 2020

This posting is here to collect cyber security news in February 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

208 Comments

  1. Tomi Engdahl says:

    Emotet Malware Now Hacks Nearby Wi-Fi Networks to Infect New Victims
    https://thehackernews.com/2020/02/emotet-malware-wifi-hacking.html?m=1

    Reply
  2. Tomi Engdahl says:

    Windows 10 users are losing user profiles and desktop files thanks to KB4532693 update bug
    https://betanews.com/2020/02/13/windows-10-kb4532693-lost-user-profile/

    Reply
  3. Tomi Engdahl says:

    US says it can prove Huawei has backdoor access to mobile-phone networks
    US hasn’t made evidence public but reportedly shared it with UK and Germany.
    https://arstechnica.com/tech-policy/2020/02/us-gave-allies-evidence-that-huawei-can-snoop-on-phone-networks-wsj-says/

    Reply
  4. Tomi Engdahl says:

    KBOT: sometimes they come back
    https://securelist.com/kbot-sometimes-they-come-back/96157/

    Although by force of habit many still refer to any malware as a virus, this once extremely common class of threats is gradually becoming a thing of the past. However, there are some interesting exceptions to this trend: we recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, a virus. It is the first “living” virus in recent years that we have spotted in the wild.

    Reply
  5. Tomi Engdahl says:

    If you’re running Windows, I feel bad for you, son. Microsoft’s got 99 problems, better fix each one
    https://www.theregister.co.uk/2020/02/11/patch_tuesday_february_2020/

    Meanwhile, we’re still squashing bugs in Adobe Flash Player… plus stuff from Intel and SAP

    Reply
  6. Tomi Engdahl says:

    US finds Huawei has backdoor access to mobile networks globally, report says
    The Chinese tech giant has reportedly had access to carrier equipment for over a decade
    https://www.cnet.com/news/us-finds-huawei-has-backdoor-access-to-mobile-networks-globally-report-says/

    Reply
  7. Tomi Engdahl says:

    Facebook Said It Wasn’t Listening to Your Conversations. It Was.
    Facebook’s excuse? All the other tech companies were doing it, too.
    https://www.vice.com/en_us/article/wjw889/facebook-said-it-wasnt-listening-to-your-conversations-it-was

    Reply
  8. Tomi Engdahl says:

    JAMMU AND KASHMIR
    ‘VPN for terrorism’: In Kashmir, youth allege their phones are checked by the army for masking apps
    https://scroll.in/article/952355/vpn-for-terrorism-in-kashmir-youth-allege-their-phones-are-checked-by-the-army-for-masking-apps

    Internet service providers in the Valley are asking customers for written undertakings saying they will not access VPN applications.

    Reply
  9. Tomi Engdahl says:

    Critical WordPress Plugin Bug Afflicts 700K Sites
    https://threatpost.com/critical-wordpress-plugin-bug-afflicts-700k-sites/152871/

    The plugin, GDPR Cookie Consent, which helps businesses display cookie banners to show that they are compliant with EU’s privacy regulation, has more than 700,000 active installations – making it a ripe target for attackers. The vulnerability, which does not yet have a CVE number, affects GDPR Cookie Consent version 1.8.2 and below. Earlier this week, after the developer was notified of the critical flaw, the GDPR Cookie Consent plugin was removed from the WordPress.org plugin directory “pending a full review” according to the plugin’s directory page. The new version, 1.8.3, was released by Cookie Law Info, the developer behind the plugin, on Feb. 10.

    “There were a number of code changes, but those relevant to security include a capabilities check added to an AJAX endpoint used in the plugin’s administration pages,

    Reply
  10. Tomi Engdahl says:

    US Cyber Command, DHS, and FBI expose new North Korean malware
    https://www.zdnet.com/article/us-cyber-command-dhs-and-fbi-expose-new-north-korean-malware/

    US government agencies send out alert about new North Korean malware and phishing campaign.

    Reply
  11. Tomi Engdahl says:

    [Write-up]
    CVE-2019-18683: Exploiting a Linux Kernel vulnerability in the V4L2 subsystem

    Link: https://a13xp0p0v.github.io/2020/02/15/CVE-2019-18683.html
    Demo: https://youtu.be/mb4YHyLy0Zc

    Reply
  12. Tomi Engdahl says:

    How a genius hacker made $350,000 exploiting DeFi
    One “decentralized” protocol is now using its admin key to redeem lost funds. And this shows the bigger problem with DeFi.
    https://decrypt.co/19612/how-a-genius-hacker-made-350000-exploiting-defi

    Reply
  13. Tomi Engdahl says:

    Microsoft Issues Warning For Millions Of Windows 10 Users
    https://www.forbes.com/sites/gordonkelly/2020/02/15/microsoft-windows-10-upgrade-problem-update-windows-10-free/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269

    Microsoft continues to secretly offer Windows 10 free, and you can see why. Despite new attempts to overhaul Windows upgrades, the platform continues to anger users with poor quality updates and questionable transparency. And now Microsoft has had to issue another major warning to all Windows 10 users. 

    Pushed to users as part of its latest ‘Patch Tuesday’ updates, Microsoft has confirmed the KB4524244 security update bundled in it can cause system freezes and crashes across every supported version of Windows 10, from Windows 10 Home right through to Enterprise and Server. Unfortunately, KB4524244 was available for four days but Microsoft has now stated it has been pulled for good: 

    “This standalone security update has been removed and will not [be] re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog,” wrote the company on the Windows 10 Health Dashboard.

    Reply
  14. Tomi Engdahl says:

    These activists use makeup to defy mass surveillance
    London is the second most surveilled city in the world. Dazzle Club is the activism group using anti-facial recognition paint to bring awareness towards this.
    https://i-d.vice.com/en_uk/article/jge5jg/dazzle-club-surveillance-activists-makeup-marches-london-interview?fbclid=IwAR27Zgnvh7xKZENTPEqzbuFKrPFXRwtCUqywAr0y2fbhggo1Av0nAzdt9j8

    Reply
  15. Tomi Engdahl says:

    Cute videos, but little evidence: Police say Amazon Ring isn’t much of a crime fighter
    https://www.nbcnews.com/news/all/cute-videos-little-evidence-police-say-amazon-ring-isn-t-n1136026?cid=sm_in

    Hundreds of police departments have signed agreements with Ring to gain access to footage filmed on home surveillance cameras

    Reply
  16. Tomi Engdahl says:

    Israeli army: Hamas hackers tried to ‘seduce’ soldiers
    https://www.usatoday.com/story/news/world/2020/02/16/israeli-army-hamas-hackers-tried-seduce-soldiers/4778608002/

    A military spokesman said Hamas used a number of social media platforms to make contact with unsuspecting soldiers.

    Reply
  17. Tomi Engdahl says:

    https://techdator.net/android-dangerous-malware-xiny-that-is-impossible-to-remove/ Evidently these folks have never heard of offline firmware upgrade. The only big problem is that install over existing identical version isn’t always possible. Manufacturers should really have an ESR version just to avoid this problem.

    Reply
  18. Tomi Engdahl says:

    Singapore Budget 2020: $1b over next 3 years to shore up cyber and data security capabilities
    https://www.straitstimes.com/singapore/singapore-budget-2020-1b-over-next-3-years-to-shore-up-cyber-and-data-security

    This is to safeguard citizens’ data and critical information infrastructure systems, he said, with data security being a vital prerequisite and key enabler of Singapore’s digital economy.

    He said that Singapore must be prepared to deal with cyber threats, as digitalisation becomes more pervasive.

    Reply
  19. Tomi Engdahl says:

    Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world
    Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies
    https://www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/

    Reply
  20. Tomi Engdahl says:

    SHA-1 collision… Now you can execute practical attacks costing around 45k $

    https://sha-mbles.github.io/

    Reply
  21. Tomi Engdahl says:

    When the critical infrastructures just one click away from being paralyzed by malware/ransomware.
    #cybersecurity #malware #phishing #cyberwall

    US natural gas operator shuts down for 2 days after being infected by ransomware
    https://arstechnica.com/information-technology/2020/02/ransomware-infection-shuts-down-us-natural-gas-operator-for-2-days/

    Infection spread to site’s OT network that monitors and controls physical processes.

    A US-based natural gas facility shut down operations for two days after sustaining a ransomware infection that prevented personnel from receiving crucial real-time operational data from control and communication equipment, the Department of Homeland Security said on Tuesday.

    Tuesday’s advisory from the DHS’s Cybersecurity and Infrastructure Security Agency, or CISA, didn’t identify the site except to say that it was a natural gas-compression facility.

    https://www.us-cert.gov/ncas/alerts/aa20-049a

    Reply
  22. Tomi Engdahl says:

    Perfect secrecy is the ultimate goal of cryptography. One group claims to have developed a system that can deliver it—but other experts express serious doubts about the work.

    New Cryptography Method Promising Perfect Secrecy Is Met With Skepticism
    https://spectrum.ieee.org/tech-talk/telecom/security/new-cryptography-method-promises-perfect-secrecy-amidst-skepticism

    A recent research paper has attracted both interest and skepticism for describing how to achieve perfect secrecy in communications by using specially-patterned silicon chips to generate one-time keys that are impossible to recreate.

    research published on 20 December 2019 in the journal Nature Communications claims to demonstrate a “perfect secrecy cryptography” system that can remain secure even against an opponent with access to future quantum computers.

    “Perfect secrecy is the strongest security notion in cryptography,”

    Most attempts to achieve perfect secrecy have focused on the development of quantum key distribution (QKD) systems

    “I like to think of it as a bridge that provides a viable implementation of the ideas of QKD on a classical optical network,”

    Instead of relying on quantum physics to make their digital keys secure, Fratalocchi and his colleagues use chaotic light states to safeguard the secrecy of the keys. To accomplish this, they imprinted the surface of silicon chips with reflective nanodisks in the shape of point patterns (in this case inspired by human fingerprints). The patterned surfaces of the chips act like a maze for laser light waves to bounce around inside as they travel through in a random fashion.

    “Fully chaotic means that any input condition of light entering in the pattern generates chaotic motion, with no exception,”

    The chaotic chip approach of Fratalocchi and his colleagues seems to offer a solution to the problem of securely transmitting keys.

    Reply
  23. Tomi Engdahl says:

    Indian police open case against hundreds in Kashmir for using VPN
    https://tcrn.ch/3bMIn0I

    Local authorities in India-controlled Kashmir have opened a case against hundreds of people who used virtual private networks (VPNs) to circumvent a social media ban in the disputed Himalayan region in a move that has been denounced by human rights and privacy activists.

    Reply
  24. Tomi Engdahl says:

    That laptop on your desk or server on a data center rack isn’t so much a computer as a network of them. Its interconnected devices—from hard drives to webcams to trackpads—have their own dedicated chips and code as well. That’s a problem.
    https://www.wired.com/story/firmware-hacks-vulnerable-pc-components-peripherals/?mbid=social_facebook&utm_brand=wired&utm_medium=social&utm_social-type=owned&utm_source=facebook

    Reply
  25. Tomi Engdahl says:

    Chinese hackers have breached online betting and gambling sites
    https://www.zdnet.com/article/chinese-hackers-have-breached-online-betting-and-gambling-sites/

    Hacks confirmed at gambling and betting websites in Southeast Asia, rumors of other hacks in Europe and the Middle East.

    Reply
  26. Tomi Engdahl says:

    Donald Trump ‘offered Julian Assange a pardon if he denied Russia link to hack’
    https://www.theguardian.com/media/2020/feb/19/donald-trump-offered-julian-assange-pardon-russia-hack-wikileaks?CMP=Share_AndroidApp_Copy_to_clipboard

    WikiLeaks published emails damaging to Hillary Clinton in 2016
    Offer claim made at WikiLeaks founder’s extradition hearing

    Donald Trump offered Julian Assange a pardon if he would say Russia was not involved in leaking Democratic party emails, a court in London has been told

    In September 2017, the White House confirmed that Rohrabacher had called the then chief of staff, John Kelly, to talk about a possible deal with Assange.

    Rohrabacher told the Wall Street Journal that as part of the deal he was proposing, Assange would have to hand over a computer drive or other data storage device that would prove that Russia was not the source of the hacked emails.

    “He would get nothing, obviously, if what he gave us was not proof,” Rohrabacher said.

    Reply
  27. Tomi Engdahl says:

    Why Rudy Giuliani’s Twitter typos are a security fail
    https://www.cnet.com/news/why-rudy-giulianis-twitter-typos-are-a-security-fail/

    When one letter off leads you to malicious advertisements rather than the former cybersecurity czar’s website.

    Sometimes, typing the wrong letter for a website address means sending visitors to a 404 page. When you’re Rudy Giuliani, it means potentially sending hundreds of thousands of followers straight to a virus. 

    Hackers have been taking advantage of typos in tweets by the former New York City mayor, buying the mistyped domain names and redirecting visitors to a fake page designed to spread malware rather than to the original page that Giuliani had meant to type. 

    Reply
  28. Tomi Engdahl says:

    Millions Of Windows And Linux Systems Are Vulnerable To This ‘Hidden’ Cyber Attack
    https://www.forbes.com/sites/daveywinder/2020/02/18/millions-of-windows-and-linux-systems-are-vulnerable-to-this-hidden-cyber-attack/

    Vulnerabilities hidden away are amongst the most valuable, newly-published research reveals how easy they can be to exploit

    While we are almost accustomed to reading government warnings about vulnerabilities in the Windows operating system, Linux cybersecurity threat warnings are less common. Which is partly why this report on the hidden exploit threat within both Linux and Windows systems

    Eclypsium researchers concentrated on unsigned firmware as this is a known attack vector, which can have devastating implications, yet one in which vendors have appeared to be slow taking seriously enough. The unsigned firmware in question was found in peripherals used in computers from Dell, Lenovo and HP as well as other major manufacturers. They also demonstrated a successful attack using a network interface card with, you guessed it, unsigned firmware that is used by the big three server manufacturers.

    “This could lead to implanted backdoors, network traffic sniffing, data exfiltration, and more,”

    Lenovo ThinkPad touchpad and trackpad

    HP wide-vision cameras in the Spectre x360

    Dell XPS 15 9560 wireless adapter

    Linux USB hubs and Broadcom network interface card chipsets

    Eclypsium attack mitigation advice
    It’s important to note that unsigned firmware is an industry-wide problem, and these vendors and products were just a representative sample of a much larger attack surface. Rick Altherr, a principal engineer at Eclypsium, says that there aren’t any security tools that will help consumers find and address unsigned firmware issues, though. “Consumers should start by following basic cybersecurity best practices such as virus scanning, software updates and so forth,” he says,

    Reply
  29. Tomi Engdahl says:

    Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world
    https://www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/

    Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies

    Reply
  30. Tomi Engdahl says:

    Wearable Microphone Jamming
    http://sandlab.cs.uchicago.edu/jammer/

    We engineered a wearable microphone jammer that is capable of disabling microphones in its user’s surroundings, including hidden microphones. Our device is based on a recent exploit that leverages the fact that when exposed to ultrasonic noise, commodity microphones will leak the noise into the audible range. Moreover, our device exploits a synergy between ultrasonic jamming and the naturally occurring movements that users induce on their wearable devices

    Reply
  31. Tomi Engdahl says:

    PERILOUS PERIPHERALS: THE HIDDEN DANGERS INSIDE WINDOWS & LINUX COMPUTERS
    https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/

    Reply
  32. Tomi Engdahl says:

    Security Researchers Publish 12 Vulnerabilities in Common Bluetooth Low Energy SDKs: SweynTooth
    The SweynTooth family includes crash, deadlock, and security bypass vulnerabilities in popular SDKs and the products built on top
    https://www.hackster.io/news/security-researchers-publish-12-vulnerabilities-in-common-bluetooth-low-energy-sdks-sweyntooth-76d91245ff9f

    Reply
  33. Tomi Engdahl says:

    Alert (AA20-049A)
    Ransomware Impacting Pipeline Operations
    https://www.us-cert.gov/ncas/alerts/aa20-049a

    Reply
  34. Tomi Engdahl says:

    Windows 10 update: New PC software is removing files from people’s computers, users say
    https://www.independent.co.uk/life-style/gadgets-and-tech/news/windows-10-update-microsoft-pc-download-kb4524244-a9341071.html?utm_medium=Social&utm_source=Facebook#Echobox=1581969687

    A new Windows update appears to be removing files from users’ PCs.

    The update has since been pulled and will be replaced with an “improved version”, according to Microsoft. But because Windows 10 updates itself automatically, many people may already have it on their computer.

    Reply
  35. Tomi Engdahl says:

    Ransomware-hit US gas pipeline shut for two days
    https://www.bbc.com/news/technology-51564905#

    A ransomware attack on a US natural gas facility meant a pipeline had to be shut down for two days, the US Department of Homeland Security (DHS) has said.

    Reply
  36. Tomi Engdahl says:

    Apple Is Blocking “Asian” And “Teen” Searches Assuming It’s Porn
    https://fossbytes.com/apple-blocking-asian-and-teen-searches-assuming-its-porn/

    IPhone’s built-in adult filter appears to be having a hard time understanding what needs to be blocked and what not. If the adult filter is enabled in an iPhone, then every search, including keywords like “Asian” and “teen” gets blocked by the device assuming it’s porn.

    Reply
  37. Tomi Engdahl says:

    FBI ARRESTS HACKER LINKED TO FORMER REP. KATIE HILL’S CAMPAIGN
    https://theintercept.com/2020/02/21/fbi-arrests-hacker-linked-to-katie-hill-campaign/

    FEDERAL AGENTS HAVE arrested Arthur Dam in connection with a hacking spree that disrupted the 2018 Democratic California primary that ultimately nominated Katie Hill, according to a new criminal complaint.

    During the campaign, the websites of Hill’s opponents, Democrats Jess Phoenix and Bryan Caforio, who was supported by Justice Democrats, were both attacked, though Hill’s never was, raising suspicions at the time that Hill’s campaign was behind them.

    Reply
  38. Tomi Engdahl says:

    IOTA cryptocurrency shuts down entire network after wallet hack
    Hackers exploit vulnerability in official IOTA wallet to steal millions
    https://www.zdnet.com/article/iota-cryptocurrency-shuts-down-entire-network-after-wallet-hack/#ftag=CAD-03-10abf5f

    IOTA Foundation, the nonprofit organization behind the IOTA cryptocurrency, has shut down its entire network this week after hackers exploited a vulnerability in the official IOTA wallet app to steal user funds.

    The attack happened this week, Wednesday, on February 12, 2020

    Reply
  39. Tomi Engdahl says:

    Apple Just Demanded Santander And A $50 Billion US Intelligence Contractor Reveal How They Use iPhone Hacking Tech
    https://www.forbes.com/sites/thomasbrewster/2020/02/22/apple-just-demanded-santander-and-a-50-billion-us-intelligence-contractor-reveal-how-they-use-iphone-hacking-tech/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie/#676f7264696

    Apple lawyers aren’t holding back in trying to learn more about Corellium, the cybersecurity startup it’s suing after the latter created tech producing “virtual” or software versions of iPhones for security and functionality testing.

    In a move that’s sure to raise eyebrows, Apple has subpoenaed Santander Bank and the $50 billion-valued intelligence contractor L3Harris Technologies for information on their use of Corellium, Forbes has learned.

    That Apple is attempting to force two huge companies to cough up data on their use of Corellium shows how far the iPhone maker is willing to go to shut down a company it considers a threat to its copyrighted tech.

    Reply
  40. Tomi Engdahl says:

    How Israel turned into a hacker haven
    https://www.haaretz.com/israel-news/business/.premium-how-israel-turned-into-a-hacker-haven-1.8552090

    Immigrants from Russia and Ukraine find Israel is an easy place to gain citizenship, use stolen credit cards and test new viruses that are then used globally

    “Israel is a special place. It’s a paradise for cybercriminals, especially carders,” said Kremez, referring to hackers who specialize in stealing credit cards. “You can use stolen credit cards in Israel for shopping, to buy electronics, diamonds and luxury goods and then re-sell them.”

    Reply
  41. Tomi Engdahl says:

    Who hacked Nordea Bank or are they just technically incompetent to solve this pretty much European wide glitch?

    This Bank is one of biggest Banks in Finland and Sweden and has operates around Europe. Now mobile and on-line has been out for many hours in their main market. And Bank is prepared to pay compensation to customers who have lost money due to this.

    News:
    https://www.iltalehti.fi/kotimaa/a/2e26ef5a-4dfb-4e34-aa5d-0d02d504bc7f
    https://www.svt.se/nyheter/inrikes/driftstorningar-hos-nordea

    Reply
  42. Tomi Engdahl says:

    EU Commission to staff: Switch to Signal messaging app
    https://www.politico.eu/pro/eu-commission-to-staff-switch-to-signal-messaging-app/

    The move is part of EU’s efforts to beef up cybersecurity, after several high-profile incidents shocked diplomats and officials.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*