Cyber security news March 2020

This posting is here to collect cyber security news in March 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

112 Comments

  1. Tomi Engdahl says:

    Facebook OAuth Framework Vulnerability
    https://www.amolbaikar.com/facebook-oauth-framework-vulnerability/

    “Login with Facebook” feature follows the OAuth 2.0 Authorization Protocol to exchange the tokens between facebook.com and third-party website. The flaw could allow an attackers to hijack the OAuth flow and steal the access tokens which they could use to take over user accounts. Malicious websites can steal access_token for the most common apps at the same time and could gain access to multiple services, third-party websites. Such as Instagram, Oculus, Netflix, Tinder, Spotify, etc.

    Reply
  2. Tomi Engdahl says:

    Shodan Pentesting Guide
    Delving deep into Shodan’s mine
    https://community.turgensec.com/shodan-pentesting-guide/

    Reply
  3. Tomi Engdahl says:

    All the networks. Found by Everyone.
    https://www.wigle.net/

    Reply
  4. Tomi Engdahl says:

    Chrome 80 update cripples top cybercrime marketplace
    90% of all stolen credentials on the Genesis Store came from the AZORult malware. Now, the malware doesn’t work in Chrome 80.

    https://www.zdnet.com/article/chrome-80-update-cripples-top-cybercrime-marketplace/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook

    Reply
  5. Tomi Engdahl says:

    Ex-NSA hacker made four pieces of state-created Mac malware run his own code
    https://9to5mac.com/2020/03/02/state-created-mac-malware/

    Security researcher and former NSA hacker Patrick Wardle has demonstrated a way to modify state-created Mac malware to run his own code instead of the payloads from the government servers.

    Reply
  6. Tomi Engdahl says:

    Legal services giant Epiq Global offline after ransomware attack
    https://tcrn.ch/32IjqQ5

    Reply
  7. Tomi Engdahl says:

    Letsencrypt will be revoking a lot of certificates in next 24hrs due to the CAA bug.

    The bug: when a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times

    [https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864](https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864)

    Reply
  8. Tomi Engdahl says:

    Let’s Encrypt discovered a bug in their system. Sadly, this means they need to revoke the certificates that were affected by this bug on 04/March/2020. It is believed that 3,048,289, currently-valid TLS certificates are affected. Here is how to find if you are affected and how to fix it your certificates. https://www.cyberciti.biz/security/letsencrypt-is-revoking-certificates-on-march-4/

    Reply
  9. Tomi Engdahl says:

    Robinhood’s downtime as a stress test for the consumer fintech boom
    https://techcrunch.com/2020/03/04/robinhoods-downtime-as-a-stress-test-for-the-consumer-fintech-boom/

    Earlier this week, the popular free stock trading service Robinhood suffered downtime over a two-day period. The company, a well-funded unicorn taking on incumbents in its industry, failed to operate properly when the public markets were surging on Monday (bad) and falling on Tuesday (very bad).

    Reply
  10. Tomi Engdahl says:

    The Graham-Blumenthal Bill: A New Path for DOJ to Finally Break Encryption
    https://www.eff.org/deeplinks/2020/03/graham-blumenthal-bill-new-path-doj-finally-break-encryption

    Members of Congress are about to introduce a bill that will undermine the law that undergirds free speech on the Internet. If passed, the bill known as the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, will fulfill a long-standing dream of U.S. law enforcement. If passed, it could largely mark the end of private, encrypted messaging on the Internet.

    The Department of Justice and the FBI have long seen encryption as a threat.

    U.S. law enforcement agencies spent the next 25 years villainizing the widespread adoption of encryption and highlighting a series of awful criminal acts in their efforts to scare elected officials into requiring backdoors.

    In recent years, they’ve used acts of terrorism like the mass shootings in San Bernardino and Pensacola to press for draconian changes to the law.

    William Barr have blamed encryption for sexual crimes against children. Not only are these crimes horrific to hear about, but they are nearly impossible to get objective information about.

    Meanwhile, we face immense challenges to building secure systems, and strong encryption is one the best tools we have available to protect ourselves. Encryption preserves the ability to have private, secure communications in an increasingly insecure world. Members of the government, the military and law enforcement themselves use encryption to protect their communications, as do journalists, activists and those at risk of domestic abuse, among many others. We should not sacrifice the power of these fundamental technologies, even in the name of important law enforcement goals.

    What “best practices” would that commission demand in the name of protecting children? We know that offering backdoors to encryption would be high on the list. Attorney General William Barr has demanded “lawful access” to encrypted messages, over and over again. So have his predecessors.

    The ability to have a private conversation is fundamental in a democratic society, and Congress should not be disincentivizing these companies from developing secure platforms.

    Reply
  11. Tomi Engdahl says:

    Critical Android Security Risk Confirmed, Millions Of Devices Can Be ‘Rooted’ — Update Now, If You Can
    https://www.forbes.com/sites/daveywinder/2020/03/04/critical-android-security-risk-confirmed-millions-of-devices-can-be-rooted—update-now-if-you-can/

    The March 2020 Android security update bulletin has arrived, and it contains confirmation from Google of an elevation-of-privilege vulnerability (CVE-2020-0069) that not only affects millions of Android devices but which is also being actively exploited by cybercriminals.

    known to be within the command queue driver of several 64-bit chips produced by the Taiwanese manufacturer, MediaTek. Details first began to emerge online early in 2019, and an exploit script was published in April 2019 that could enable an attacker to “get root” of a vulnerable device. Unsurprisingly then, the vulnerability has been deemed critical with a CVSS v3.0 score of 9.3.

    Real-world risk as the exploit is in the wild
    So, this isn’t some highly convoluted, easy in the labs but the real-world is different, type exploit as seen in the recent $5 smartphone hack story. This is the real deal; a vulnerability that potentially affects millions of devices and being actively exploited by cybercriminals as you are reading this

    Reply
  12. Tomi Engdahl says:

    Beware Of This New Windows 10 Ransomware Threat Hiding In Plain Sight
    https://www.forbes.com/sites/daveywinder/2020/03/05/beware-of-this-new-windows-10-ransomware-threat-hiding-in-plain-sight/

    Windows Explorer as part of their ransomware attack process.

    A strain of the Mailto (NetWalker) ransomware can inject malicious code right into Windows Explorer, researchers at security solutions company Quick Heal discovered. By using a technique of “process hollowing” to achieve this process code injection, the ransomware actors hope to evade detection.

    Reply
  13. Tomi Engdahl says:

    Intel CPU Security Alert For Millions Of Users As ‘Unfixable’ Crypto Flaw Revealed
    https://www.forbes.com/sites/daveywinder/2020/03/05/intel-cpu-security-alert-for-millions-of-users-as-unfixable-crypto-flaw-revealed/

    If your computer isn’t running an up to date Intel 10th generation CPU, then I’ve got some bad news; an “unfixable” crypto vulnerability with impossible to detect exploits has been confirmed. Researchers have uncovered an Intel CPU read-only memory (ROM) vulnerability with the potential for attackers to compromise encryption keys and steal data.

    Reply
  14. Tomi Engdahl says:

    Alleged Vault 7 leaker trial finale: Want to know the CIA’s password for its top-secret hacking tools? 123ABCdef
    https://www.theregister.co.uk/2020/03/05/cia_leak_trial/

    Tales of terrible security, poor compartmentalization, and more, emerge from the Schulte hearings

    Reply
  15. Tomi Engdahl says:

    This Small Company Is Turning Utah Into a Surveillance Panopticon
    https://www.vice.com/en_us/article/k7exem/banjo-ai-company-utah-surveillance-panopticon

    Banjo is applying artificial intelligence to government-owned surveillance and traffic cameras across the entire state of Utah to tell police about “anomalies.”

    Reply
  16. Tomi Engdahl says:

    Backdoor malware is being spread through fake security certificate alerts
    https://www.zdnet.com/article/backdoor-malware-is-being-spread-through-fake-security-certificate-alerts/

    Victims of this new technique are invited to install a malicious “security certificate update” when they visit compromised websites.

    Reply
  17. Tomi Engdahl says:

    NEW INTEL CSME CPU BUG IS ‘UNFIXABLE’ SECURITY VULNERABILITY AFFECTING CHIPSETS RELEASED OVER LAST FIVE YEARS
    https://www.newsweek.com/intel-csme-cpu-bug-unfixable-security-vulnerability-chipsets-five-years-1490746

    Reply
  18. Tomi Engdahl says:

    Ransomware Attackers Use Your Cloud Backups Against You
    https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/

    Backups are one the most, if not the most, important defense against ransomware, but if not configured properly, attackers will use it against you.

    Recently the DoppelPaymer Ransomware operators published on their leak site the Admin user name and password for a non-paying victim’s Veeam backup software.

    Reply
  19. Tomi Engdahl says:

    Hackers Can Use Ultrasonic Waves to Secretly Control Voice Assistant Devices
    https://thehackernews.com/2020/03/voice-assistants-ultrasonic-waves.html

    Reply
  20. Tomi Engdahl says:

    WARNING! A new critical 17-years-old RCE vulnerability opens nearly all popular #Linux based operating systems and many other embedded devices to remote hackers.

    https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html?m=1

    The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.

    Discovered by IOActive security researcher Ilja Van Sprundel, the critical issue is a stack buffer overflow vulnerability that exists due to a logical error in the Extensible Authentication Protocol (EAP) packet parser of the pppd software

    The vulnerability, tracked as CVE-2020-8597 with CVSS Score 9.8, can be exploited by unauthenticated attackers to remotely execute arbitrary code on affected systems and take full control over them.
    For this, all an attacker needs to do is to send an unsolicited malformed EAP packet to a vulnerable ppp client or a server over a direct serial link, ISDN, Ethernet, SSH, SOcket CAT, PPTP, GPRS, or ATM networks.

    According to the researcher, Point-to-Point Protocol Daemon versions 2.4.2 through 2.4.8 — all versions released in the last 17 years — are vulnerable to this new remote code execution vulnerability.

    Some of the widely-used, popular Linux distributions, listed below, have already been confirmed impacted, and many other projects are most likely affected as well.
    Debian
    Ubuntu
    SUSE Linux
    Fedora
    NetBSD
    Red Hat Enterprise Linux

    Users with affected operating systems and devices are advised to apply security patches as soon as possible, or when it becomes available.
    At the time of writing, The Hacker News is not aware of any public proof-of-concept exploit code

    Reply
  21. Tomi Engdahl says:

    [Cybercriminals exploit coronavirus panic by creating hundreds of fraudulent websites offering fake information and home test kits to steal users' data and make cash](https://www.dailymail.co.uk/sciencetech/article-8076199/Hackers-exploit-coronavirus-creating-hundreds-fake-websites-steal-data-make-profit.html)

    Reply
  22. Tomi Engdahl says:

    Dan Goodin / Ars Technica:
    An unfixable flaw in nearly all Intel chips released in last five years allows sophisticated attackers access to mask ROM of its chipsets and microprocessors

    5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable
    Converged Security and Management Engine flaw may jeopardize Intel’s root of trust.
    https://arstechnica.com/information-technology/2020/03/5-years-of-intel-cpus-and-chipsets-have-a-concerning-flaw-thats-unfixable/

    Reply
  23. Tomi Engdahl says:

    Microsoft Issues Windows 10 Update Warning
    https://www.forbes.com/sites/gordonkelly/2020/03/07/microsoft-windows-10-warning-crashes-boot-audio-slowdown-problems-upgrade-windows-10-free/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Valerie/#76616c657269

    Windows 10 users, yes it has been a rocky spell, but you need to be on high alert yet again. Here’s everything you need to know. 

    Picked up by both BleepingComputer and Windows Latest, the early problems with Microsoft’s new KB4535996 Windows 10 update are now spiralling out of control. Here are the main issues you need to be aware of: 

    Boot Problems And Crashes
    Blue screen crashes at login
    Performance issues
    Sound and audio hardware issues
    Microsoft Visual Studio signtool.exe stops working

    Microsoft has stated that they are aware of the issue and are working on a resolution for release in mid-March.

    Windows 10 KB4535996 Update Issues: Crashes, Slowdowns, Audio, More

    https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4535996-update-issues-crashes-slowdowns-audio-more/

    Reply
  24. Tomi Engdahl says:

    Pulled from interwebz because hackers were using the computing power for mining crypto.
    Their words

    BLACKOUT ON UNIVERSITY OF KENTUCKY’S CAMPUS TO STOP HACKERS
    https://www.wtvq.com/2020/03/08/blackout-university-kentuckys-campus-stop-hackers/

    – As University of Kentucky Hospital tries to fight against the coronavirus, the university also fought off a cyber security threat.

    the hackers were using UK’s computing power to mine cryptocurrency.

    Blanton says no personal health or private information was accessed or downloaded, but it slowed down UK healthcare systems for several weeks.

    Reply
  25. Tomi Engdahl says:

    British Columbia
    Hackers infiltrate computer systems at B.C. paper mills
    https://www.cbc.ca/news/canada/british-columbia/paper-excellence-canada-malware-infection-1.5474274?__vfz=medium%3Dsharebar

    Employees at the Crofton Mill north of Victoria, B.C., on Vancouver Island are having to use paper production machines in manual mode after the company’s computer systems were infiltrated by malware.

    “If you don’t have that, you can’t do anything,” said Kissack, adding the software that was infected is critical to operations because it communicates to the mill machines how much paper they need to produce and in what dimensions it needs to be cut.

    “Our paper mills didn’t have the ability to run, because they didn’t know what it was that they should be manufacturing,” explained Kissack.

    Kissack said, for now, the company is trying to do what it can by “going back old school” and trying to run the machines in manual mode. Even the fax machine is seeing a renaissance moment while email is down.

    Reply
  26. Tomi Engdahl says:

    Hackers can clone millions of Toyota, Hyundai, and Kia keys
    Encryption flaws in common anti-theft feature expose vehicles from major OEMs.
    https://arstechnica.com/cars/2020/03/hackers-can-clone-millions-of-toyota-hyundai-and-kia-keys/

    Reply
  27. Tomi Engdahl says:

    A newly discovered malware campaign suggests that hackers have themselves become the targets of other hackers, who are infecting and repackaging popular hacking tools with malware.

    Hackers are targeting other hackers by infecting their tools with malware
    https://blog.cyberknowtz.com/hackers-are-targeting-other-hackers-by-infecting-their-tools-with-malware

    https://www.cybereason.com/blog/whos-hacking-the-hackers-no-honor-among-thieves

    Reply
  28. Tomi Engdahl says:

    Hacking Tools Are Being Infected With Malware
    BY MATTHEW HUMPHRIES 10 MAR 2020, 11:27 A.M.
    https://uk.pcmag.com/web-sites/125185/hacking-tools-are-being-infected-with-malware

    Hackers realized they can gain access to compromised systems and sensitive data by hacking other hackers.

    Reply
  29. Tomi Engdahl says:

    Firefox Bug Opens iPhone AirPods to Third-Party Snooping
    https://threatpost.com/firefox-bug-opens-airpods-to-snooping/153569/

    While rated moderate, Melick identified a Firefox flaw (CVE-2020-6812) impacting iPhone users in a novel way. “[This is] a vulnerability that would allow a website with camera or microphone access to gather information on the user through the connected AirPods,” wrote the researcher.

    Reply
  30. Tomi Engdahl says:

    Microsoft Issues Windows 10 Update Warning
    https://www.forbes.com/sites/gordonkelly/2020/03/10/microsoft-windows-10-warning-crashes-boot-audio-slowdown-problems-upgrade-windows-10-free/

    Windows 10 users, yes it has been a rocky spell, but you need to be on high alert yet again. Here’s everything you need to know. 

    Reply
  31. Tomi Engdahl says:

    De Blasio must ditch encrypted messaging app, watchdog groups say
    https://nypost.com/2020/03/09/de-blasio-must-ditch-encrypted-messaging-app-watchdog-groups-say/?utm_campaign=iosapp&utm_source=facebook_app

    It’s municipal government — not Mission Impossible!

    Good government groups demanded Monday that Mayor Bill de Blasio end his staff’s use of messaging apps that encrypt and automatically delete messages, because they provide a powerful and easy tool to circumvent the state’s open government laws.

    “We believe that messaging apps like Signal, Telegram and Confide do not preserve public records that can be disclosed under the Freedom of Information Law,” they added.

    A slew of prominent good government groups signed onto the letter, including Reinvent Albany, Common Cause, the League of Women Voters and the New York News Publishers Association, which includes the New York Times and Wall Street Journal.

    “City Hall abides by the rules for record retention. Use of a messaging app doesn’t change that,” said City Hall press secretary Freddi Goldstein. “The mayor is using Signal in his personal capacity, not to conduct government business.”

    Reply
  32. Tomi Engdahl says:

    Chinese company develops facial recognition tech that can ID people wearing masks
    https://nypost.com/2020/03/09/chinese-company-develops-facial-recognition-tech-that-can-id-people-wearing-masks/?utm_campaign=iosapp&utm_source=facebook_app

    BEIJING – A Chinese company says it has developed the country’s first facial recognition technology that can identify people when they are wearing a mask, as most are these days because of the coronavirus and help in the fight against the disease.

    China employs some of the world’s most sophisticated systems of electronic surveillance, including facial recognition.

    But the coronavirus, which emerged in Hubei province late last year, has resulted in almost everyone wearing a surgical mask outdoors in the hope of warding off the virus – posing a particular problem for surveillance.

    Reply
  33. Tomi Engdahl says:

    Microsoft Leaks Info on Wormable Windows SMBv3 CVE-2020-0796 Flaw
    https://www.bleepingcomputer.com/news/security/microsoft-leaks-info-on-wormable-windows-smbv3-cve-2020-0796-flaw/

    Microsoft leaked info on a security update for a ‘wormable’ pre-auth remote code execution vulnerability found in the Server Message Block 3.0 (SMBv3) network communication protocol that reportedly should have been disclosed as part of this month’s Patch Tuesday.

    Reply
  34. Tomi Engdahl says:

    Beware of ‘Coronavirus Maps’ – It’s a malware infecting PCs to steal passwords
    https://thehackernews.com/2020/03/coronavirus-maps-covid-19.html

    Reply
  35. Tomi Engdahl says:

    Federal employees may soon be ordered to work from home. That could pose serious cybersecurity risks
    https://www.washingtonpost.com/nation/2020/03/13/federal-employees-may-soon-be-ordered-work-home-that-could-pose-serious-cybersecurity-risks/?utm_campaign=wp_main&utm_medium=social&utm_source=facebook

    Hundreds of thousands of federal workers and congressional staff may soon be asked to work remotely full time as the coronavirus spreads, putting reams of sensitive government data at higher risk of hacking and threatening to overwhelm outdated government computer systems.

    The surge in telework will mark a first-of-its-kind test for the government, which has struggled to update and secure its arcane technology systems after a string of damaging data breaches during the Obama administration.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*