This posting is here to collect cyber security news in February 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
208 Comments
Tomi Engdahl says:
Emotet Malware Now Hacks Nearby Wi-Fi Networks to Infect New Victims
https://thehackernews.com/2020/02/emotet-malware-wifi-hacking.html?m=1
Tomi Engdahl says:
New “red team as a service” platform aims to automate hacking tests for company networks
https://arstechnica.com/information-technology/2020/02/the-loyal-opposition-randoris-attack-turns-red-teaming-into-cloud-service/
Tomi Engdahl says:
Israel’s maturing cybersecurity startup ecosystem
https://techcrunch.com/2020/02/11/israels-maturing-cybersecurity-startup-ecosystem/
Tomi Engdahl says:
Windows 10 users are losing user profiles and desktop files thanks to KB4532693 update bug
https://betanews.com/2020/02/13/windows-10-kb4532693-lost-user-profile/
Tomi Engdahl says:
Huawei equipment has secret “back doors,” U.S. officials claim
https://www.axios.com/huawei-equipment-has-secret-back-doors-us-says-6aa91d3e-6d9e-4575-9066-a688567722d5.html?utm_source=facebook&utm_medium=social&utm_campaign=organic&utm_content=1100
Tomi Engdahl says:
US says it can prove Huawei has backdoor access to mobile-phone networks
US hasn’t made evidence public but reportedly shared it with UK and Germany.
https://arstechnica.com/tech-policy/2020/02/us-gave-allies-evidence-that-huawei-can-snoop-on-phone-networks-wsj-says/
Tomi Engdahl says:
PETOS NIMELTÄ MINERVA
https://suomenkuvalehti.fi/jutut/ulkomaat/suomi-osti-salauslaitteita-sveitsilaisyhtiolta-cia-luki-viestit-kymmenien-vuosien-ajan/
Tomi Engdahl says:
KBOT: sometimes they come back
https://securelist.com/kbot-sometimes-they-come-back/96157/
Although by force of habit many still refer to any malware as a virus, this once extremely common class of threats is gradually becoming a thing of the past. However, there are some interesting exceptions to this trend: we recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, a virus. It is the first “living” virus in recent years that we have spotted in the wild.
Tomi Engdahl says:
If you’re running Windows, I feel bad for you, son. Microsoft’s got 99 problems, better fix each one
https://www.theregister.co.uk/2020/02/11/patch_tuesday_february_2020/
Meanwhile, we’re still squashing bugs in Adobe Flash Player… plus stuff from Intel and SAP
Tomi Engdahl says:
US finds Huawei has backdoor access to mobile networks globally, report says
The Chinese tech giant has reportedly had access to carrier equipment for over a decade
https://www.cnet.com/news/us-finds-huawei-has-backdoor-access-to-mobile-networks-globally-report-says/
Tomi Engdahl says:
Facebook Said It Wasn’t Listening to Your Conversations. It Was.
Facebook’s excuse? All the other tech companies were doing it, too.
https://www.vice.com/en_us/article/wjw889/facebook-said-it-wasnt-listening-to-your-conversations-it-was
Tomi Engdahl says:
JAMMU AND KASHMIR
‘VPN for terrorism’: In Kashmir, youth allege their phones are checked by the army for masking apps
https://scroll.in/article/952355/vpn-for-terrorism-in-kashmir-youth-allege-their-phones-are-checked-by-the-army-for-masking-apps
Internet service providers in the Valley are asking customers for written undertakings saying they will not access VPN applications.
Tomi Engdahl says:
Critical WordPress Plugin Bug Afflicts 700K Sites
https://threatpost.com/critical-wordpress-plugin-bug-afflicts-700k-sites/152871/
The plugin, GDPR Cookie Consent, which helps businesses display cookie banners to show that they are compliant with EU’s privacy regulation, has more than 700,000 active installations – making it a ripe target for attackers. The vulnerability, which does not yet have a CVE number, affects GDPR Cookie Consent version 1.8.2 and below. Earlier this week, after the developer was notified of the critical flaw, the GDPR Cookie Consent plugin was removed from the WordPress.org plugin directory “pending a full review” according to the plugin’s directory page. The new version, 1.8.3, was released by Cookie Law Info, the developer behind the plugin, on Feb. 10.
“There were a number of code changes, but those relevant to security include a capabilities check added to an AJAX endpoint used in the plugin’s administration pages,
Tomi Engdahl says:
US Cyber Command, DHS, and FBI expose new North Korean malware
https://www.zdnet.com/article/us-cyber-command-dhs-and-fbi-expose-new-north-korean-malware/
US government agencies send out alert about new North Korean malware and phishing campaign.
Tomi Engdahl says:
[Write-up]
CVE-2019-18683: Exploiting a Linux Kernel vulnerability in the V4L2 subsystem
Link: https://a13xp0p0v.github.io/2020/02/15/CVE-2019-18683.html
Demo: https://youtu.be/mb4YHyLy0Zc
Tomi Engdahl says:
How a genius hacker made $350,000 exploiting DeFi
One “decentralized” protocol is now using its admin key to redeem lost funds. And this shows the bigger problem with DeFi.
https://decrypt.co/19612/how-a-genius-hacker-made-350000-exploiting-defi
Tomi Engdahl says:
Microsoft Issues Warning For Millions Of Windows 10 Users
https://www.forbes.com/sites/gordonkelly/2020/02/15/microsoft-windows-10-upgrade-problem-update-windows-10-free/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269
Microsoft continues to secretly offer Windows 10 free, and you can see why. Despite new attempts to overhaul Windows upgrades, the platform continues to anger users with poor quality updates and questionable transparency. And now Microsoft has had to issue another major warning to all Windows 10 users.
Pushed to users as part of its latest ‘Patch Tuesday’ updates, Microsoft has confirmed the KB4524244 security update bundled in it can cause system freezes and crashes across every supported version of Windows 10, from Windows 10 Home right through to Enterprise and Server. Unfortunately, KB4524244 was available for four days but Microsoft has now stated it has been pulled for good:
“This standalone security update has been removed and will not [be] re-offered from Windows Update, Windows Server Update Services (WSUS) or Microsoft Update Catalog,” wrote the company on the Windows 10 Health Dashboard.
Tomi Engdahl says:
These activists use makeup to defy mass surveillance
London is the second most surveilled city in the world. Dazzle Club is the activism group using anti-facial recognition paint to bring awareness towards this.
https://i-d.vice.com/en_uk/article/jge5jg/dazzle-club-surveillance-activists-makeup-marches-london-interview?fbclid=IwAR27Zgnvh7xKZENTPEqzbuFKrPFXRwtCUqywAr0y2fbhggo1Av0nAzdt9j8
Tomi Engdahl says:
Cute videos, but little evidence: Police say Amazon Ring isn’t much of a crime fighter
https://www.nbcnews.com/news/all/cute-videos-little-evidence-police-say-amazon-ring-isn-t-n1136026?cid=sm_in
Hundreds of police departments have signed agreements with Ring to gain access to footage filmed on home surveillance cameras
Tomi Engdahl says:
Israeli army: Hamas hackers tried to ‘seduce’ soldiers
https://www.usatoday.com/story/news/world/2020/02/16/israeli-army-hamas-hackers-tried-seduce-soldiers/4778608002/
A military spokesman said Hamas used a number of social media platforms to make contact with unsuspecting soldiers.
Tomi Engdahl says:
https://techdator.net/android-dangerous-malware-xiny-that-is-impossible-to-remove/ Evidently these folks have never heard of offline firmware upgrade. The only big problem is that install over existing identical version isn’t always possible. Manufacturers should really have an ESR version just to avoid this problem.
Tomi Engdahl says:
Singapore Budget 2020: $1b over next 3 years to shore up cyber and data security capabilities
https://www.straitstimes.com/singapore/singapore-budget-2020-1b-over-next-3-years-to-shore-up-cyber-and-data-security
This is to safeguard citizens’ data and critical information infrastructure systems, he said, with data security being a vital prerequisite and key enabler of Singapore’s digital economy.
He said that Singapore must be prepared to deal with cyber threats, as digitalisation becomes more pervasive.
Tomi Engdahl says:
Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world
Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies
https://www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/
Tomi Engdahl says:
SHA-1 collision… Now you can execute practical attacks costing around 45k $
https://sha-mbles.github.io/
Tomi Engdahl says:
When the critical infrastructures just one click away from being paralyzed by malware/ransomware.
#cybersecurity #malware #phishing #cyberwall
US natural gas operator shuts down for 2 days after being infected by ransomware
https://arstechnica.com/information-technology/2020/02/ransomware-infection-shuts-down-us-natural-gas-operator-for-2-days/
Infection spread to site’s OT network that monitors and controls physical processes.
A US-based natural gas facility shut down operations for two days after sustaining a ransomware infection that prevented personnel from receiving crucial real-time operational data from control and communication equipment, the Department of Homeland Security said on Tuesday.
Tuesday’s advisory from the DHS’s Cybersecurity and Infrastructure Security Agency, or CISA, didn’t identify the site except to say that it was a natural gas-compression facility.
https://www.us-cert.gov/ncas/alerts/aa20-049a
Tomi Engdahl says:
Perfect secrecy is the ultimate goal of cryptography. One group claims to have developed a system that can deliver it—but other experts express serious doubts about the work.
New Cryptography Method Promising Perfect Secrecy Is Met With Skepticism
https://spectrum.ieee.org/tech-talk/telecom/security/new-cryptography-method-promises-perfect-secrecy-amidst-skepticism
A recent research paper has attracted both interest and skepticism for describing how to achieve perfect secrecy in communications by using specially-patterned silicon chips to generate one-time keys that are impossible to recreate.
research published on 20 December 2019 in the journal Nature Communications claims to demonstrate a “perfect secrecy cryptography” system that can remain secure even against an opponent with access to future quantum computers.
“Perfect secrecy is the strongest security notion in cryptography,”
Most attempts to achieve perfect secrecy have focused on the development of quantum key distribution (QKD) systems
“I like to think of it as a bridge that provides a viable implementation of the ideas of QKD on a classical optical network,”
Instead of relying on quantum physics to make their digital keys secure, Fratalocchi and his colleagues use chaotic light states to safeguard the secrecy of the keys. To accomplish this, they imprinted the surface of silicon chips with reflective nanodisks in the shape of point patterns (in this case inspired by human fingerprints). The patterned surfaces of the chips act like a maze for laser light waves to bounce around inside as they travel through in a random fashion.
“Fully chaotic means that any input condition of light entering in the pattern generates chaotic motion, with no exception,”
The chaotic chip approach of Fratalocchi and his colleagues seems to offer a solution to the problem of securely transmitting keys.
Tomi Engdahl says:
Indian police open case against hundreds in Kashmir for using VPN
https://tcrn.ch/3bMIn0I
Local authorities in India-controlled Kashmir have opened a case against hundreds of people who used virtual private networks (VPNs) to circumvent a social media ban in the disputed Himalayan region in a move that has been denounced by human rights and privacy activists.
Tomi Engdahl says:
That laptop on your desk or server on a data center rack isn’t so much a computer as a network of them. Its interconnected devices—from hard drives to webcams to trackpads—have their own dedicated chips and code as well. That’s a problem.
https://www.wired.com/story/firmware-hacks-vulnerable-pc-components-peripherals/?mbid=social_facebook&utm_brand=wired&utm_medium=social&utm_social-type=owned&utm_source=facebook
Tomi Engdahl says:
Chinese hackers have breached online betting and gambling sites
https://www.zdnet.com/article/chinese-hackers-have-breached-online-betting-and-gambling-sites/
Hacks confirmed at gambling and betting websites in Southeast Asia, rumors of other hacks in Europe and the Middle East.
Tomi Engdahl says:
Donald Trump ‘offered Julian Assange a pardon if he denied Russia link to hack’
https://www.theguardian.com/media/2020/feb/19/donald-trump-offered-julian-assange-pardon-russia-hack-wikileaks?CMP=Share_AndroidApp_Copy_to_clipboard
WikiLeaks published emails damaging to Hillary Clinton in 2016
Offer claim made at WikiLeaks founder’s extradition hearing
Donald Trump offered Julian Assange a pardon if he would say Russia was not involved in leaking Democratic party emails, a court in London has been told
In September 2017, the White House confirmed that Rohrabacher had called the then chief of staff, John Kelly, to talk about a possible deal with Assange.
Rohrabacher told the Wall Street Journal that as part of the deal he was proposing, Assange would have to hand over a computer drive or other data storage device that would prove that Russia was not the source of the hacked emails.
“He would get nothing, obviously, if what he gave us was not proof,” Rohrabacher said.
Tomi Engdahl says:
Why Rudy Giuliani’s Twitter typos are a security fail
https://www.cnet.com/news/why-rudy-giulianis-twitter-typos-are-a-security-fail/
When one letter off leads you to malicious advertisements rather than the former cybersecurity czar’s website.
Sometimes, typing the wrong letter for a website address means sending visitors to a 404 page. When you’re Rudy Giuliani, it means potentially sending hundreds of thousands of followers straight to a virus.
Hackers have been taking advantage of typos in tweets by the former New York City mayor, buying the mistyped domain names and redirecting visitors to a fake page designed to spread malware rather than to the original page that Giuliani had meant to type.
Tomi Engdahl says:
https://krebsonsecurity.com/2020/02/hackers-were-inside-citrix-for-five-months/
Tomi Engdahl says:
Millions Of Windows And Linux Systems Are Vulnerable To This ‘Hidden’ Cyber Attack
https://www.forbes.com/sites/daveywinder/2020/02/18/millions-of-windows-and-linux-systems-are-vulnerable-to-this-hidden-cyber-attack/
Vulnerabilities hidden away are amongst the most valuable, newly-published research reveals how easy they can be to exploit
While we are almost accustomed to reading government warnings about vulnerabilities in the Windows operating system, Linux cybersecurity threat warnings are less common. Which is partly why this report on the hidden exploit threat within both Linux and Windows systems
Eclypsium researchers concentrated on unsigned firmware as this is a known attack vector, which can have devastating implications, yet one in which vendors have appeared to be slow taking seriously enough. The unsigned firmware in question was found in peripherals used in computers from Dell, Lenovo and HP as well as other major manufacturers. They also demonstrated a successful attack using a network interface card with, you guessed it, unsigned firmware that is used by the big three server manufacturers.
“This could lead to implanted backdoors, network traffic sniffing, data exfiltration, and more,”
Lenovo ThinkPad touchpad and trackpad
HP wide-vision cameras in the Spectre x360
Dell XPS 15 9560 wireless adapter
Linux USB hubs and Broadcom network interface card chipsets
Eclypsium attack mitigation advice
It’s important to note that unsigned firmware is an industry-wide problem, and these vendors and products were just a representative sample of a much larger attack surface. Rick Altherr, a principal engineer at Eclypsium, says that there aren’t any security tools that will help consumers find and address unsigned firmware issues, though. “Consumers should start by following basic cybersecurity best practices such as virus scanning, software updates and so forth,” he says,
Tomi Engdahl says:
Fax machines and coffee pots – the surprising ways you could be hacked
http://theconversation.com/fax-machines-and-coffee-pots-the-surprising-ways-you-could-be-hacked-101937
Tomi Engdahl says:
Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world
https://www.zdnet.com/article/iranian-hackers-have-been-hacking-vpn-servers-to-plant-backdoors-in-companies-around-the-world/
Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies
Tomi Engdahl says:
Wearable Microphone Jamming
http://sandlab.cs.uchicago.edu/jammer/
We engineered a wearable microphone jammer that is capable of disabling microphones in its user’s surroundings, including hidden microphones. Our device is based on a recent exploit that leverages the fact that when exposed to ultrasonic noise, commodity microphones will leak the noise into the audible range. Moreover, our device exploits a synergy between ultrasonic jamming and the naturally occurring movements that users induce on their wearable devices
Tomi Engdahl says:
U.S. Government Issues Powerful Cyberattack Warning As Gas Pipeline Forced Into Two Day Shut Down
https://www.forbes.com/sites/kateoflahertyuk/2020/02/19/us-government-issues-powerful-cyberattack-warning-as-gas-pipeline-forced-into-two-day-shut-down/
Tomi Engdahl says:
Pentagon, FBI, DHS jointly expose a North Korean hacking effort
https://www.cyberscoop.com/hidden-cobra-malware-north-korea-fbi-dhs-dod-virus-total/
Tomi Engdahl says:
PERILOUS PERIPHERALS: THE HIDDEN DANGERS INSIDE WINDOWS & LINUX COMPUTERS
https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/
Tomi Engdahl says:
Security Researchers Publish 12 Vulnerabilities in Common Bluetooth Low Energy SDKs: SweynTooth
The SweynTooth family includes crash, deadlock, and security bypass vulnerabilities in popular SDKs and the products built on top
https://www.hackster.io/news/security-researchers-publish-12-vulnerabilities-in-common-bluetooth-low-energy-sdks-sweyntooth-76d91245ff9f
Tomi Engdahl says:
Alert (AA20-049A)
Ransomware Impacting Pipeline Operations
https://www.us-cert.gov/ncas/alerts/aa20-049a
Tomi Engdahl says:
Windows 10 update: New PC software is removing files from people’s computers, users say
https://www.independent.co.uk/life-style/gadgets-and-tech/news/windows-10-update-microsoft-pc-download-kb4524244-a9341071.html?utm_medium=Social&utm_source=Facebook#Echobox=1581969687
A new Windows update appears to be removing files from users’ PCs.
The update has since been pulled and will be replaced with an “improved version”, according to Microsoft. But because Windows 10 updates itself automatically, many people may already have it on their computer.
Tomi Engdahl says:
Ransomware-hit US gas pipeline shut for two days
https://www.bbc.com/news/technology-51564905#
A ransomware attack on a US natural gas facility meant a pipeline had to be shut down for two days, the US Department of Homeland Security (DHS) has said.
Tomi Engdahl says:
Apple Is Blocking “Asian” And “Teen” Searches Assuming It’s Porn
https://fossbytes.com/apple-blocking-asian-and-teen-searches-assuming-its-porn/
IPhone’s built-in adult filter appears to be having a hard time understanding what needs to be blocked and what not. If the adult filter is enabled in an iPhone, then every search, including keywords like “Asian” and “teen” gets blocked by the device assuming it’s porn.
Tomi Engdahl says:
FBI ARRESTS HACKER LINKED TO FORMER REP. KATIE HILL’S CAMPAIGN
https://theintercept.com/2020/02/21/fbi-arrests-hacker-linked-to-katie-hill-campaign/
FEDERAL AGENTS HAVE arrested Arthur Dam in connection with a hacking spree that disrupted the 2018 Democratic California primary that ultimately nominated Katie Hill, according to a new criminal complaint.
During the campaign, the websites of Hill’s opponents, Democrats Jess Phoenix and Bryan Caforio, who was supported by Justice Democrats, were both attacked, though Hill’s never was, raising suspicions at the time that Hill’s campaign was behind them.
Tomi Engdahl says:
IOTA cryptocurrency shuts down entire network after wallet hack
Hackers exploit vulnerability in official IOTA wallet to steal millions
https://www.zdnet.com/article/iota-cryptocurrency-shuts-down-entire-network-after-wallet-hack/#ftag=CAD-03-10abf5f
IOTA Foundation, the nonprofit organization behind the IOTA cryptocurrency, has shut down its entire network this week after hackers exploited a vulnerability in the official IOTA wallet app to steal user funds.
The attack happened this week, Wednesday, on February 12, 2020
Tomi Engdahl says:
Apple Just Demanded Santander And A $50 Billion US Intelligence Contractor Reveal How They Use iPhone Hacking Tech
https://www.forbes.com/sites/thomasbrewster/2020/02/22/apple-just-demanded-santander-and-a-50-billion-us-intelligence-contractor-reveal-how-they-use-iphone-hacking-tech/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie/#676f7264696
Apple lawyers aren’t holding back in trying to learn more about Corellium, the cybersecurity startup it’s suing after the latter created tech producing “virtual” or software versions of iPhones for security and functionality testing.
In a move that’s sure to raise eyebrows, Apple has subpoenaed Santander Bank and the $50 billion-valued intelligence contractor L3Harris Technologies for information on their use of Corellium, Forbes has learned.
That Apple is attempting to force two huge companies to cough up data on their use of Corellium shows how far the iPhone maker is willing to go to shut down a company it considers a threat to its copyrighted tech.
Tomi Engdahl says:
How Israel turned into a hacker haven
https://www.haaretz.com/israel-news/business/.premium-how-israel-turned-into-a-hacker-haven-1.8552090
Immigrants from Russia and Ukraine find Israel is an easy place to gain citizenship, use stolen credit cards and test new viruses that are then used globally
“Israel is a special place. It’s a paradise for cybercriminals, especially carders,” said Kremez, referring to hackers who specialize in stealing credit cards. “You can use stolen credit cards in Israel for shopping, to buy electronics, diamonds and luxury goods and then re-sell them.”
Tomi Engdahl says:
Who hacked Nordea Bank or are they just technically incompetent to solve this pretty much European wide glitch?
This Bank is one of biggest Banks in Finland and Sweden and has operates around Europe. Now mobile and on-line has been out for many hours in their main market. And Bank is prepared to pay compensation to customers who have lost money due to this.
News:
https://www.iltalehti.fi/kotimaa/a/2e26ef5a-4dfb-4e34-aa5d-0d02d504bc7f
https://www.svt.se/nyheter/inrikes/driftstorningar-hos-nordea
Tomi Engdahl says:
EU Commission to staff: Switch to Signal messaging app
https://www.politico.eu/pro/eu-commission-to-staff-switch-to-signal-messaging-app/
The move is part of EU’s efforts to beef up cybersecurity, after several high-profile incidents shocked diplomats and officials.