Cyber Security News May 2020

This posting is here to collect cyber security news in May 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

222 Comments

  1. Tomi Engdahl says:

    Shadowserver, an Internet Guardian, Finds a Lifeline
    https://www.wired.com/story/shadowserver-funding-trend-micro-internet-society/
    Ten weeks ago, Shadowserver’s main source of funding dried up. Now,
    it’s back on level footing.

    Reply
  2. Tomi Engdahl says:

    Setting this image as wallpaper could soft-brick your phone
    https://www.androidauthority.com/image-wallpaper-crash-soft-brick-1124505/

    Here’s a cool and a bit scary story for you this Sunday morning.

    Simply setting this image as wallpaper on your phone could cause it to crash and become unable to boot.

    The issue was reported by well-known leaker Ice Universe on Twitter and confirmed by dozens of other users.

    I was able to replicate the issue on a Google Pixel 2. After setting the image in question as a wallpaper, the phone immediately crashed. It attempted to reboot, but the screen would constantly turn on and off, making it impossible to pass the security screen.

    Restarting the device in safe mode (by holding down the volume button during boot-up) did not fix the issue.

    A factory reset did bring my Pixel 2 back to normal, but obviously that meant losing all my data.

    Many users on Twitter report running into the issue. As user Sebastian noted, the issue can also be reproduced on the emulator bundled with Android Studio.

    At this point, it’s not clear what’s causing it, but considering it’s happening on devices from multiple brands, including Google, it’s possible that the image somehow conflicts into an underlying issue with the Android OS. It’s also possible that it was specially crafted to take advantage of an existing vulnerability.

    Reply
  3. Tomi Engdahl says:

    Critical Android flaw lets attackers hijack almost any app, steal data
    https://www.welivesecurity.com/2020/05/27/critical-android-flaw-lets-attackers-hijack-almost-any-app-steal-data/?utm_source=facebook&utm_medium=organic&utm_campaign=wls&utm_term=android-critical-flaw&utm_content=news

    Left unpatched, the vulnerability could expose almost all Android users to the risk of having their personal data intercepted by attackers

    Researchers have found a critical flaw that affects nearly all devices running Android 9.0 or older, which implies that over 90% of Android users could be vulnerable. If exploited, the security hole allows hackers to hijack almost any app and steal victims’ sensitive data, according to researchers at Promon, who uncovered the vulnerability and dubbed it StrandHogg 2.0.

    The good news is that malware exploiting the vulnerability has not been observed in the wild. Importantly, Google provided a patch to Android device makers in April 2020, with the fix – for Android versions 8.0, 8.1 and 9.0 – being rolled out to the public as part of the latest assortment of monthly security updates throughout this month. Promon notified Google about the vulnerability in early December 2019.

    Indexed as CVE-2020-0096, the elevation of privilege flaw resides in the Android system component and can be abused through a method called reflection that allows malicious apps to impersonate legitimate applications while the victim is none the wiser.

    https://source.android.com/security/bulletin/2020-05-01

    Reply
  4. Tomi Engdahl says:

    List of well-known web sites that port scan their visitors
    https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/
    Last weekend, news heavily circulated that eBay.com was port scanning
    visitors’ computers when they browsed their site. To see what other
    sites may be using this script, BleepingComputer reached out to
    DomainTools, a cybersecurity company specializing in web domain and
    DNS threat intelligence. Of the sites we tested, we saw Citibank, TD
    Bank, Ameriprise, Chick-fil-A, Lendup, BeachBody, Equifax IQ connect,
    TIAA-CREF, Sky, GumTree, and WePay port scanning our computers.

    Reply
  5. Tomi Engdahl says:

    New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based
    Attacks Effective
    https://thehackernews.com/2020/05/noise-resilient-flush-attack.html
    Modern Intel and AMD processors are susceptible to a new form of
    side-channel attack. The new variant aims to improve the accuracy of
    these attacks even in a noisy multi-core system. It also works
    seamlessly against non-Linux Operating Systems, like macOS.

    Reply
  6. Tomi Engdahl says:

    Highly-targeted attacks on industrial sector hide payload in images
    https://www.bleepingcomputer.com/news/security/highly-targeted-attacks-on-industrial-sector-hide-payload-in-images/
    Attackers looking to steal employee credentials from organizations
    tied to the industrial sector deployed highly-targeted operations that
    delivered malicious PowerShell scripts in images. Victims in multiple
    countries (Japan, the U.K., Germany, Italy) were identified. Some of
    them supply equipment and software solutions to industrial
    enterprises.

    Reply
  7. Tomi Engdahl says:

    Microsoft bans Trend Micro driver from Windows 10 for “cheating”
    hardware tests
    https://www.itpro.co.uk/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
    Microsoft has blocked a free antivirus tool developed by Trend Micro
    after the security firm was accused of designing its driver to “cheat”
    hardware tests through coding trickery.

    Reply
  8. Tomi Engdahl says:

    New Octopus Scanner malware spreads via GitHub supply chain attack
    https://www.bleepingcomputer.com/news/security/new-octopus-scanner-malware-spreads-via-github-supply-chain-attack/
    Security researchers have found a new malware that finds and backdoors
    open-source NetBeans projects hosted on the GitHub web-based code
    hosting platform to spread to Windows, Linux, and macOS systems and
    deploy a Remote Administration Tool (RAT). While investigating this
    malware, GitHub Security Lab researchers found 26 open source projects
    compromised by Octopus Scanner

    Reply
  9. Tomi Engdahl says:

    200K sites with buggy WordPress plugin exposed to takeover attacks and
    wiped sites
    https://www.bleepingcomputer.com/news/security/200k-sites-with-buggy-wordpress-plugin-exposed-to-wipe-attacks/
    PageLayer is a WordPress plugin with over 200, 000+ active
    installations according to numbers available on its WordPress plugins
    repository entry.

    Reply
  10. Tomi Engdahl says:

    Hack-For-Hire Criminals Spoof WHO To Target Google Credentials
    https://threatpost.com/hack-hire-spoof-who-google-credentials/156100/
    Hack-for-hire organizations are the latest group of cybercriminals to
    take advantage of the ongoing coronavirus pandemic, using COVID-19 as
    a lure in phishing emails bent on stealing victims’ Google
    credentials.

    Reply
  11. Tomi Engdahl says:

    Google Threat Analysis Group: Updates about government-backed hacking
    and disinformation
    https://blog.google/threat-analysis-group/updates-about-government-backed-hacking-and-disinformation
    Last month, we sent 1, 755 warnings to users whose accounts were
    targets of government-backed attackers.

    Reply
  12. Tomi Engdahl says:

    Virus Apps Expose Tension Between Privacy and Need for Data
    https://www.securityweek.com/virus-apps-expose-tension-between-privacy-and-need-data

    As more governments turn to tracing apps in the fight against the coronavirus, a deep-rooted tension between the need for public health information and privacy rights has been thrust into the spotlight.

    Track-and-trace technology is being touted as a silver bullet that will allow economies to reopen and people to emerge from home confinement, with health authorities keeping tabs on the virus’s spread.

    But many fear personal data gathered by governments or companies in the name of pandemic control will be abused for political or commercial gain, or outright oppression in authoritarian states.

    “If we are not careful, the epidemic might mark an important watershed in the history of surveillance,” Israeli historian Yuval Noah Harari wrote in The Financial Times at the height of the coronavirus outbreak.

    Reply
  13. Tomi Engdahl says:

    The Security of Your Android Device May Depend on Where You Live
    https://www.securityweek.com/security-your-android-device-may-depend-where-you-live

    Region-specific Default Configurations and Settings for Android Devices Cause Varied Security Posture for Mobile Users

    Reply
  14. Tomi Engdahl says:

    Israeli Cyber Chief: Major Attack on Water Systems Thwarted
    https://www.securityweek.com/israeli-cyber-chief-major-attack-water-systems-thwarted

    Israel’s national cyber chief Thursday officially acknowledged the country had thwarted a major cyber attack last month against its water systems, an assault widely attributed to arch-enemy Iran, calling it a “synchronized and organized attack” aimed at disrupting key national infrastructure.

    Reply
  15. Tomi Engdahl says:

    Anonymous Hacked Chicago Police Dept Radios And Played NWA’s ‘F The Police’ During Protests
    https://brobible.com/culture/article/anonymous-hacked-chicago-police-dept-scanners-radios-nwa/

    On Saturday night while many cities in the US protested police brutality, hacktivist group Anonymous resurfaced to support those criticizing the Minneapolis Police Department in the wake of the death of George Floyd at the hands of police officer Derek Chauvin.

    https://www.dailydot.com/debug/anonymous-chicago-cops-radios-fck-tha-police/

    Reply
  16. Tomi Engdahl says:

    DON’T TRACK ME, BRO — As the Minnesota protests have spilled across the country, fueled by protestors angered over the police killing of an unarmed Minneapolis man named George Floyd, the protests have morphed into marches and demonstrations that have turned violent everywhere from New York City to Los Angeles. Curfews are being imposed in major cities around the US at the time of this writing, and at least eight states, as well as the District of Columbia, have requested the National Guard to assist local law enforcement.

    Minnesota is now using contact tracing to track protestors, as demonstrations escalate
    https://www.google.com/amp/s/bgr.com/2020/05/30/minnesota-protest-contact-tracing-used-to-track-demonstrators/amp/

    Minnesota protests are continuing to escalate and inspire similar demonstrations around the country in the wake of police killing an unarmed Minneapolis man this week named George Floyd.
    Minnesota officials say they’re using contact tracing to better understand who the protestors are and where they’re coming from.
    Contact tracing has previously been used as part of a comprehensive coronavirus response.

    Reply
  17. Tomi Engdahl says:

    Counter Threat Unit Researchers Publish Threat Group Definitions
    https://www.secureworks.com/blog/counter-threat-unit-researchers-publish-threat-group-definitions
    Today, the Secureworks® Counter Threat Unit (CTU) research team began
    publishing Threat Group profiles on the Secureworks website. The
    profiles include a summary of the groups, their objectives, other
    aliases by which the groups are known, and the malware they use. Both
    criminal and government-sponsored Threat Groups are included.. Threat
    Profiles: https://www.secureworks.com/research/threat-profiles

    Reply
  18. Tomi Engdahl says:

    Anonymous hack Chicago police radios to play NWA’s ‘Fuck Tha Police’
    The hacktivist group announced their return over the weekend
    https://www.nme.com/news/music/anonymous-hack-chicago-police-radios-to-play-nwas-fuck-tha-police-2680017?fbclid=IwAR2txftXsL-2Uv6UggfTYocIsjs6uWeuBIEdpnSfbmzIalFW6aeFMxH61gk

    Notorious hacker group Anonymous hacked into the Chicago Police Department’s radios and played NWA‘s ‘Fuck Tha Police’ down the line, according to online reports.

    The move comes after the group announced their return to social media on Saturday (May 30) in line with global protests over the death of George Floyd in Minneapolis last week

    Reply
  19. Tomi Engdahl says:

    All the security features added in the Windows 10 May 2020 update
    Windows 10 v2004 comes with Windows Sandbox improvements, WiFi 6, WPA3, and Windows Hello in Safe Mode.
    https://www.zdnet.com/article/all-the-security-features-added-in-the-windows-10-may-2020-update/

    Reply
  20. Tomi Engdahl says:

    New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD
    Eighteen of the 26 bugs impact Linux. Eleven have been patched already.
    https://www.zdnet.com/article/new-fuzzing-tool-finds-26-usb-bugs-in-linux-windows-macos-and-freebsd/
    https://etn.fi/index.php/13-news/10830-tutkijat-loysivat-26-usb-haavoittuvuutta-linux-reikaisin
    Lausannessa sijaitsevan EPFL:n eli polyteknisen korkeakoulun tutkijat ovat kehittämällään työkalulla löytäneet peräti 26 haavoittuvuutta USB-ajurien protokollista. Kaikkiaan bugeja löytyi 26. Huomattavaa on se, että bugeista 18 löytyi Linux-käyttöjärjestelmistä.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*