Cyber Security News May 2020

This posting is here to collect cyber security news in May 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

222 Comments

  1. Tomi Engdahl says:

    In A Pandemic Crisis, All Sectors Need To Be On High Cyber Alert – An Interview With Ian Thornton-Trump

    https://pentestmag.com/in-a-pandemic-crisis-all-sectors-need-to-be-on-high-cyber-alert-an-interview-with-ian-thornton-trump/

    #pentest #magazine #pentestmag #pentestblog #PTblog #interview #COVID19 #pandemic #cybersecurity #infosecurity #infosec

    Reply
  2. Tomi Engdahl says:

    Samsung patches 0-click vulnerability impacting all smartphones sold
    since 2014
    https://www.zdnet.com/article/samsung-patches-0-click-vulnerability-impacting-all-smartphones-sold-since-2014/#ftag=RSSbaffb68
    The security flaw resides in how the Android OS flavor running on
    Samsung devices handles the custom Qmage image format (.qmg), which
    Samsung smartphones started supporting on all devices released since
    late 2014. Jurczyk says the Qmage bug can be exploited in a zero-click
    scenario, without any user interaction. This happens because Android
    redirects all images sent to a device to the Skia library for
    processing — such as generating thumbnail previews — without a
    user’s knowledge. The researcher discovered the vulnerability in
    February and reported the issue to Samsung. The South Korean phone
    maker patched the bug in its May 2020 security updates.

    Reply
  3. Tomi Engdahl says:

    For 8 years, a hacker operated a massive IoT botnet just to download
    Anime videos
    https://www.zdnet.com/article/for-8-years-a-hacker-operated-a-massive-iot-botnet-just-to-download-anime-videos/#ftag=RSSbaffb68
    The botnet consisted solely of D-Link NAS and NVR devices and the
    botnet peaked at 10, 000 bots in 2015.

    Reply
  4. Tomi Engdahl says:

    Bank is ‘robbed’ by a monkey: Staff discover ATM ripped out from the wall … but CCTV shows Indian premises were targeted by curious animal
    https://www.dailymail.co.uk/news/article-8296581/Bank-robbed-monkey-India.html

    State Bank of India ATM located close to presidential palace hit by a ‘thief’

    Police were called after the front of the machine was pulled open Wednesday

    Officers reviewed CCTV and found the robber was actually a curious monkey

    Reply
  5. Tomi Engdahl says:

    Microsoft Investigating GitHub Account Hacking Claims
    https://www.securityweek.com/microsoft-investigating-github-account-hacking-claims

    Microsoft says it’s investigating claims that its GitHub account has been hacked, and while some say the leaked files appear to be legitimate, it’s unlikely that they contain any sensitive information.

    A post offering some of the files for free on a hacker forum claims that the data is 54 GB compressed and 500 GB uncompressed, but software engineer Rafael Rivera, who also confirmed that the files appear to be real, said there are only roughly 63 GB of files when uncompressed.

    The leaked data includes source code for Azure, Office, and some Windows runtime files and APIs, Under the Breach said, adding that while the leaked files did not appear to include anything sensitive they could hold keys and passwords left by mistake in the code.

    Reply
  6. Tomi Engdahl says:

    Security researcher Bob Diachenko discovered one of NSO’s contact-tracing systems on the internet, unprotected and without a password, for anyone to access. After he contacted the company, NSO pulled the unprotected database offline. Diachenko said he believes the database contains dummy data.

    https://techcrunch.com/2020/05/07/nso-group-fleming-contact-tracing/amp/?guccounter=1&guce_referrer=aHR0cHM6Ly90LmNvLzZ1YjZIcjRGVGk_YW1wPTE&guce_referrer_sig=AQAAACP9Evr-V76D1NsRpsMApArOcwKsoY8vn4pJ3QRT4ddT0eX5rrSRj_u5DZGgo2PECiX5HYqMUOV9TkhdyEB-AoYc9976UhIGyeej4B7-6eEWRNIw8FyV_eYl6KnsloWxiVxm7I9hi5JdARt_T6QR6-lJ-9q6fi_p9WwU5MPLFA1x

    Reply
  7. Tomi Engdahl says:

    Ari Levy / CNBC:
    Zoom is acquiring Keybase, a 25-person startup, to add end-to-end encryption to video calls, the first acquisition in the company’s nine-year history — – Zoom is acquiring Keybase, a 25-person start-up in New York, to add end-to-end encryption to video calls.

    Zoom buys Keybase — its first acquisition — as part of 90-day plan to fix security flaws
    https://www.cnbc.com/2020/05/07/zoom-buys-keybase-in-first-deal-as-part-of-plan-to-fix-security.html

    Lauren Feiner / CNBC:
    Zoom reaches agreement with NY AG over security concerns; Zoom agrees to maintain security protocols, including protections for students, admits no wrongdoing
    Zoom strikes a deal with NY AG office, closing the inquiry into its security problems
    https://www.cnbc.com/2020/05/07/zoom-strikes-a-deal-with-ny-ag-office-closing-security-inquiry.html

    Reply
  8. Tomi Engdahl says:

    California identifies nail salons as source of coronavirus community spread, Gov. Newsom says
    https://www.cnbc.com/2020/05/07/coronavirus-california-identifies-nail-salons-as-source-of-spread-gov-newsom-says.html

    Community spread of the coronavirus in California began in a nail salon, Gov. Gavin Newsom said Thursday, as other states allow their manicurists to reopen.
    “This whole thing started in the state of California, the first community spread, in a nail salon,” Newsom said at a news briefing. “I’m very worried about that.”
    State health directors have put some “red flags” on nail salons as a high-risk business, Newsom added, likening them to gyms and hair salons.

    Reply
  9. Tomi Engdahl says:

    Cisco: These 12 high-severity bugs in ASA and Firepower security software need patching
    https://www.zdnet.com/article/cisco-these-12-high-severity-bugs-in-asa-and-firepower-security-software-need-patching/

    Cisco has disclosed a dozen high-severity flaws affecting its Adaptive Security Appliance (ASA) software and Firepower Threat Defense (FTD) software.

    The updates address eight denial-of-service issues affecting its security software, an information disclosure vulnerability, a memory-leak flaw, a path-traversal vulnerability, and an authentication bypass.

    The bug with the highest CVSS score of 9.1 in this ASA and FTD disclosure bundle is a path-traversal vulnerability in ASA and FTD software, which is tracked as CVE-2020-3187 and was reported by Mikhail Klyuchnikov of security company Positive Technologies.

    An attacker can exploit the issue by sending a crafted HTTP request containing directory traversal character sequences, allowing the attacker to view or delete files on the system.

    However, Cisco notes that when the device is reloaded after exploitation, any files that were deleted are restored. Also, the attacker can only view and delete files with the web services file system, which is enabled when the device is configured with WebVPN or AnyConnect features

    The authentication bypass, tracked as CVE-2020-3125, is because Cisco’s ASA doesn’t properly verify the identity of the Kerberos authentication protocol key distribution center (KDC) when it successfully receives an authentication response.

    Reply
  10. Tomi Engdahl says:

    This Script Sends Junk Data to Ohio’s Website for Snitching on Workers
    https://www.vice.com/en_us/article/wxqemy/this-script-sends-junk-data-to-ohios-website-for-snitching-on-workers?utm_content=1588989605&utm_medium=social&utm_source=VICE_facebook

    An anonymous hacker wrote a script to sabotage Ohio’s ‘COVID-19 Fraud’ website, which allows companies to report employees and prevent them from collecting unemployment insurance.

    The script works by automatically generating fake information and entering it into the form. For example, the companies are taken from a list of the top 100 employers in the state of Ohio—including Wendy’s, Macy’s, and Kroger—and names and addresses are randomly created using freely-available generators found online. Once all the data is entered, the script has to defeat a CAPTCHA-like anti-spam measure at the end of the form.

    The anonymous hacker told Motherboard they created the script as a form of direct action against the exploitation of working people during the COVID-19 crisis.

    Reply
  11. Tomi Engdahl says:

    It’s Not Just Zoom. Google Meet, Microsoft Teams, and Webex Have Privacy Issues, Too.
    https://www.consumerreports.org/video-conferencing-services/videoconferencing-privacy-issues-google-microsoft-webex/

    CR evaluated videoconferencing privacy policies and found these services may collect more data than consumers realize

    Reply
  12. Tomi Engdahl says:

    Attacking SCADA: Vulnerabilities in Schneider Electric SoMachine and
    M221 PLC (CVE-2017-6034 and CVE-2020-7489)
    https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vulnerabilities-in-schneider-electric-somachine-and-m221-plc/
    SCADA/OT security has been a growing concern for quite some time. This
    technology controls some of our most essential services and utilities,
    like our nuclear plants and electric grids. While most of these
    implementations are protected to a certain extent by unique
    complexity, 24/7 monitoring, and built-in fault tolerance and
    redundancy, vulnerabilities and attacks targeting them should not be
    discounted.

    Reply
  13. Tomi Engdahl says:

    As Remote Work Becomes the Norm, Security Fight Moves to Cloud,
    Endpoints
    https://www.darkreading.com/cloud/as-remote-work-becomes-the-norm-security-fight-moves-to-cloud-endpoints/d/d-id/1337774
    As states and cities look to lifting stay-at-home orders, the
    increased level of employees working remotely will not disappear. That
    means many businesses will be moving more of their infrastructure to
    the cloud and having to deal with the security challenges that come
    from a hybrid infrastructure, experts said this week.

    Reply
  14. Tomi Engdahl says:

    Hackers Target WHO by Posing as Think Tank, Broadcaster
    https://www.bloomberg.com/news/articles/2020-05-07/hackers-target-who-by-posing-as-think-tank-broadcaster
    The messages began arriving in World Health Organization employees
    inboxes in early April, seemingly innocuous emails about the
    coronavirus from news organizations and researchers. But a close
    examination revealed that they contained malicious links, and some
    security experts have traced the emails to a hacking group in Iran
    believed to be sponsored by the government.

    Reply
  15. Tomi Engdahl says:

    India’s Covid-19 Contact Tracing App Could Leak Patient Locations
    The system’s use of GPS data could let hackers pinpoint who reports a positive diagnosis.
    https://www.wired.com/story/india-covid-19-contract-tracing-app-patient-location-privacy/

    AS COUNTRIES AROUND the world rush to build smartphone apps that can help track the spread of Covid-19, privacy advocates have cautioned that those systems could, if implemented badly, result in a dangerous mix of health data and digital surveillance. India’s new contact tracing app may serve as a lesson in those privacy pitfalls: Security researchers say it could reveal the location of Covid-19 patients not only to government authorities but to any hacker clever enough to exploit its flaws.

    Independent security researcher Baptiste Robert published a blog post today sounding that warning about India’s Health Bridge app, or Aarogya Setu, created by the government’s National Informatics Centre.

    https://medium.com/@fs0c131y/aarogya-setu-the-story-of-a-failure-3a190a18e34

    Reply
  16. Tomi Engdahl says:

    Gartner named Synopsys a leader for fourth year in a row in Gartner’s Magic Quadrant for Application Security Testing (AST). The other three quadrants are visionaries, challengers, and niche players. Application security testing market is “the buyers and sellers of products and services designed to analyze and test applications for security vulnerabilities,” according to Gartner.

    https://news.synopsys.com/2020-05-01-Synopsys-Named-a-Leader-in-the-Gartner-Magic-Quadrant-for-Application-Security-Testing-for-Fourth-Consecutive-Year

    Reply
  17. Tomi Engdahl says:

    Andy Greenberg / Wired:
    Researcher: PCs with Thunderbolt ports have an unpatchable flaw letting hackers with physical access circumvent data safeguards; some new PCs are not affected — The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and affects any PC manufactured before 2019.

    Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking
    The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and it affects any PC manufactured before 2019.
    https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/

    Security paranoiacs have warned for years that any laptop left alone with a hacker for more than a few minutes should be considered compromised. Now one Dutch researcher has demonstrated how that sort of physical access hacking can be pulled off in an ultra-common component: The Intel Thunderbolt port found in millions of PCs.

    On Sunday, Eindhoven University of Technology researcher Björn Ruytenberg revealed the details of a new attack method he’s calling Thunderspy. On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer—and even its hard disk encryption—to gain full access to the computer’s data. And while his attack in many cases requires opening a target laptop’s case with a screwdriver, it leaves no trace of intrusion and can be pulled off in just a few minutes. That opens a new avenue to what the security industry calls an “evil maid attack,” the threat of any hacker who can get alone time with a computer in, say, a hotel room. Ruytenberg says there’s no easy software fix, only disabling the Thunderbolt port altogether.

    Reply
  18. Tomi Engdahl says:

    Oklahoma University’s Virtual Graduation Ceremony Disrupted by Racist Hacker
    https://time.com/5834845/oklahoma-city-university-zoom-racism-hacker/?utm_source=facebook&utm_medium=social&utm_campaign=editorial&utm_term=u.s._&linkId=88324707&fbclid=IwAR2Gxq3twCbYPlm0GQ5UafTq5fx17IT8YAsy8YRgCPeZIk8htcqNiDvOtAk

    Oklahoma City University’s virtual graduation was disrupted on Saturday when a hacker interrupted the ceremony by displaying a swastika and a racial slur during the school’s Zoom call.

    More than 650 people were watching the ceremony.

    “It’s bad enough we couldn’t have a live ceremony, and then this happened,”

    Reply
  19. Tomi Engdahl says:

    April 2020s Most Wanted Malware: Agent Tesla Remote Access Trojan
    Spreading Widely In COVID-19 Related Spam Campaigns
    https://blog.checkpoint.com/2020/05/11/april-2020s-most-wanted-malware-agent-tesla-remote-access-trojan-spreading-widely-in-covid-19-related-spam-campaigns/
    Our latest Global Threat Index for April 2020 has found several
    COVID-19 related spam campaigns distributing a new variant of the
    Agent Tesla remote access trojan, moving it up to 3rd place in the
    Index, impacting 3% of organizations worldwide. The new variant of
    Agent Tesla has been modified to steal Wi-Fi passwords in addition to
    other information such as Outlook email credentials from target PCs.

    Reply
  20. Tomi Engdahl says:

    Package delivery giant Pitney Bowes confirms second ransomware attack
    in 7 months
    https://www.zdnet.com/article/package-delivery-giant-pitney-bowes-confirms-second-ransomware-attack-in-7-months/
    Package and mail delivery giant Pitney Bowes has suffered a second
    ransomware attack in the past seven months, ZDNet has learned. The
    incident came to light today after a ransomware gang known as Maze
    published a blog post claiming to have breached and encrypted the
    company’s network.. Also:
    https://www.bleepingcomputer.com/news/security/maze-ransomware-fails-to-encrypt-pitney-bowes-steals-files/

    Reply
  21. Tomi Engdahl says:

    Microsoft and Intel project converts malware into images before
    analyzing it
    https://www.zdnet.com/article/microsoft-and-intel-project-converts-malware-into-images-before-analyzing-it/
    Microsoft and Intel have recently collaborated on a new research
    project that explored a new approach to detecting and classifying
    malware. Called STAMINA (STAtic Malware-as-Image Network Analysis),
    the project relies on a new technique that converts malware samples
    into grayscale images and then scans the image for textural and
    structural patterns specific to malware samples.

    Microsoft and Intel project converts malware into images before analyzing it
    https://www.zdnet.com/article/microsoft-and-intel-project-converts-malware-into-images-before-analyzing-it/

    Microsoft and Intel Labs work on STAMINA, a new deep learning approach for detecting and classifying malware.

    Reply
  22. Tomi Engdahl says:

    Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking
    https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/
    SECURITY PARANOIACS HAVE warned for years that any laptop left alone
    with a hacker for more than a few minutes should be considered
    compromised. Now one Dutch researcher has demonstrated how that sort
    of physical access hacking can be pulled off in an ultra-common
    component: The Intel Thunderbolt port found in millions of PCs.. Also:
    https://thehackernews.com/2020/05/thunderbolt-vulnerabilities.html.
    https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/.
    https://www.zdnet.com/article/thunderbolt-flaws-affect-millions-of-computers-even-locking-unattended-devices-wont-help/.
    https://www.bleepingcomputer.com/news/security/new-thunderbolt-security-flaws-affect-systems-shipped-before-2019/

    Reply
  23. Tomi Engdahl says:

    Ransomware Hit ATM Giant Diebold Nixdorf
    https://krebsonsecurity.com/2020/05/ransomware-hit-atm-giant-diebold-nixdorf/
    Diebold Nixdorf, a major provider of automatic teller machines (ATMs)
    and payment technology to banks and retailers, recently suffered a
    ransomware attack that disrupted some operations. The company says the
    hackers never touched its ATMs or customer networks, and that the
    intrusion only affected its corporate network.

    Reply
  24. Tomi Engdahl says:

    Venäläishakkereiden jättipotti? Kolmen vuoden viestit kopioitu
    https://www.tivi.fi/uutiset/tv/7a6d0622-1d9f-473d-8179-177ff018d5b9
    Saksassa on kerrottu tempusta, johon syylliseksi tai vähintään
    takapiruksi epäillään Venäjän sotilastiedustelupalvelua GRU:ta. Kyse
    on liittokansleri Angela Merkelin sähköpostilaatikoiden murtamisesta.

    Reply
  25. Tomi Engdahl says:

    WordPress plugin bugs can let hackers take over almost 1M sites
    https://www.bleepingcomputer.com/news/security/wordpress-plugin-bugs-can-let-hackers-take-over-almost-1m-sites/
    Two high severity vulnerabilities found in the Page Builder WordPress
    plugin installed on more than 1,000,000 sites can let hackers create
    new admin accounts, plant backdoors, and ultimately take over the
    compromised websites.

    Reply
  26. Tomi Engdahl says:

    Threat Spotlight: Astaroth Maze of obfuscation and evasion reveals
    dark stealer
    https://blog.talosintelligence.com/2020/05/astaroth-analysis.html
    Cisco Talos is detailing an information stealer, Astaroth, that has
    been targeting Brazil with a variety of lures, including COVID-19 for
    the past nine to 12 months. Complex maze of obfuscation and
    anti-analysis/evasion techniques implemented by Astaroth inhibit both
    detection and analysis of the malware family. I: Creative use of
    YouTube channel descriptions for encoded and encrypted command and
    control communications (C2) implemented by Astaroth.

    Reply
  27. Tomi Engdahl says:

    DEF CON is canceled… No, for real. The in-person event is canceled. We’re not joking. It’s canceled. We mean it
    Virus knocks hackers online: Show will try going virtual amid pandemic
    https://www.theregister.co.uk/2020/05/08/defcon_canceled_coronavirus/

    Reply
  28. Tomi Engdahl says:

    When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security
    https://thunderspy.io/

    Thunderspy targets devices with a Thunderbolt port. If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep.

    Thunderspy is stealth, meaning that you cannot find any traces of the attack. It does not require your involvement, i.e., there is no phishing link or malicious piece of hardware that the attacker tricks you into using. Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption. All the attacker needs is 5 minutes alone with the computer, a screwdriver, and some easily portable hardware.

    We have found 7 vulnerabilities in Intel’s design and developed 9 realistic scenarios how these could be exploited by a malicious entity to get access to your system, past the defenses that Intel had set up for your protection.

    Reply
  29. Tomi Engdahl says:

    “Thunderbolt is a proprietary I/O protocol promoted by Intel and included in a number of laptops, desktops, and other systems. As an external interconnect, it allows exposing the system’s internal PCI Express (PCIe) domain to external devices. This enables high-bandwidth, low-latency use cases, such as external graphics cards. Being PCIe-based, Thunderbolt devices possess Direct Memory Access-enabled I/O, allowing complete access to the state of a PC and the ability to read and write all of system memory.” https://thunderspy.io/assets/reports/breaking-thunderbolt-security-bjorn-ruytenberg-20200417.pdf

    Reply
  30. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/10762-koronaroskaposteilla-kalastellaan-wifi-salasanoja

    Huhtikuussa haittaohjelmaa jaettiin liitetiedostona useissa koronavirusaiheisissa roskapostikampanjoissa, jotka houkuttelivat uhria lataamaan haitallisen tiedoston tarjoamalla mielenkiintoista tietoa pandemiasta. Esimerkiksi Maailman terveysjärjestö WHO:n nimissä lähetetyn viestin aiheena olivat koronavirusrokotteet.

    Check Pointin tutkijat varoittavat myös, että ”MVPower DVR Remote Code Execution” oli yhä yleisin hyväksikäytetty haavoittuvuus. Sitä esiintyi 46 prosentissa yritysverkoista maailmanlaajuisesti. Tätä seurasi ”OpenSSL TLS DTLS Heartbeat Information Disclosure”, jonka esiintyvyys oli 41 prosenttia. Kolmannella sijalla oli “Command Injection over HTTP Payload”, esiintyvyydeltään 40 prosenttia.

    Suomessa huhtikuun yleisin haittaohjelma oli modulaarinen Emotet-troijalainen, jota esiintyi 1,8 prosentissa maan yritysverkoista. Toisella sijalla oli Mirai, joka on tunnettu IoT (Internet of Things) -laitteiden tartuttamisesta ja massiivisista DDoS-hyökkäyksistä. Maan kolmanneksi yleisin haittaohjelma oli kryptovaluutan louhija XMRig.

    Reply
  31. Tomi Engdahl says:

    Vulnerabilities in ‘Page Builder’ Plugin Expose 1 Million WordPress Websites
    https://www.securityweek.com/vulnerabilities-page-builder-plugin-expose-1-million-wordpress-websites

    Two high-severity vulnerabilities addressed recently in SiteOrigin’s Page Builder WordPress plugin could allow an attacker to execute code in a website administrator’s browser.

    WordPress plugin bugs can let hackers take over almost 1M sites
    https://www.bleepingcomputer.com/news/security/wordpress-plugin-bugs-can-let-hackers-take-over-almost-1m-sites/
    Two high severity vulnerabilities found in the Page Builder WordPress
    plugin installed on more than 1,000,000 sites can let hackers create
    new admin accounts, plant backdoors, and ultimately take over the
    compromised websites.

    Reply
  32. Tomi Engdahl says:

    U.S. Cyber Command Shares More North Korean Malware Variants
    https://www.securityweek.com/us-cyber-command-shares-more-north-korean-malware-variants

    The United States Cyber Command (USCYBERCOM) has uploaded five malware samples to VirusTotal total today, which it has attributed to the North Korean threat group Lazarus

    Reply
  33. Tomi Engdahl says:

    Microsoft May 2020 Patch Tuesday
    https://isc.sans.edu/forums/diary/Microsoft+May+2020+Patch+Tuesday/26114/
    This month we got an average Patch Tuesday with patches for 111
    vulnerabilities total. Sixteen of them are critical and, according to
    Microsoft, none of them was previously disclosed or are being
    exploited. Amongst critical vulnerabilities, there is a remote code
    execution (RCE) on Media Foundation caused by a memory corruption
    vulnerability (CVE-2020-1126). To exploit the vulnerability, an
    attacker has to convince the victim to open a specially crafted
    document or access a malicious webpage. It affects Windows 10, Windows
    Server 2016, and 2019.. Also:
    https://www.zdnet.com/article/microsoft-may-2020-patch-tuesday-fixes-111-vulnerabilities/.
    https://www.bleepingcomputer.com/news/microsoft/may-2020-patch-tuesday-microsoft-fixes-111-vulnerabilities-13-critical/.
    https://threatpost.com/microsoft-111-bugs-may-patch-tuesday/155669/

    Reply
  34. Tomi Engdahl says:

    Tuhansissa Android-sovelluksissa karmea virhe: Nimet, osoitteet ja
    jopa henkilötunnukset vaarassa
    https://www.is.fi/digitoday/tietoturva/art-2000006504944.html
    opa 24 000 Android-sovellusta virallisessa Google Play -latauskaupassa
    vaarantaa käyttäjien arkaluonteisia tietoja tahattomasti,
    Comparitech-verkkosivusto selvitti. Syynä on sovelluskehityksessä
    käytetyn Firebase-työkalun huolimaton käyttö, ja kehittäjien tulisi
    ensi tilassa tarkistaa asetuksensa.

    Reply
  35. Tomi Engdahl says:

    Out-of-date, insecure open-source software is everywhere
    https://www.zdnet.com/article/out-of-date-insecure-open-source-software-is-everywhere/
    Open source rules. Everyone from Apple to Microsoft to Zoom uses it.
    Don’t believe me? Synopsys, a software and silicon design company,
    which also covers intellectual property, reported in its 2020 Open
    Source Security and Risk Analysis (OSSRA) report that nearly all (99%)
    of audited codebases contained at least one open-source component.

    Reply
  36. Tomi Engdahl says:

    Researchers Analyze Entry Points, Vectors for Manufacturing System Attacks
    https://www.securityweek.com/researchers-analyze-entry-points-vectors-manufacturing-system-attacks

    It’s not uncommon for traditional malware to make its way into industrial environments and in many cases they are detected by existing security solutions, but sophisticated attackers looking to target industrial organizations are more likely to launch attacks that specifically target operational technology (OT) systems to make their attack more efficient and less likely to be detected.

    Reply
  37. Tomi Engdahl says:

    One of the rare instances where a DDoS led to meaningful change

    Ohio Has Stopped Kicking Workers Off Unemployment After A Hacker Targeted Its Website
    https://www.vice.com/en_us/article/n7wwdw/ohio-has-stopped-kicking-workers-off-unemployment-after-a-hacker-targeted-its-website

    The state is reconsidering its policy after a hacker released a script that automatically submits junk data to its ‘COVID-19 fraud’ website, which allows employers to report workers who refuse to work during the pandemic.

    The state of Ohio won’t deny unemployment benefits to people who refuse to work during the COVID-19 pandemic after people targeted the website it was using to track these workers, according to officials at the state’s Department of Job and Family Services (ODJFS).

    The state previously set up a “fraud” website encouraging employers to report those who refused to go back on the job, angering workers and labor rights advocates.

    State officials say they are now reconsidering the policy after Motherboard reported that a hacker created a script to flood the “COVID-19 Fraud” website with junk data, with the goal of making it impossible to process these claims.

    Reply
  38. Tomi Engdahl says:

    Senate Votes to Allow FBI to Look at Your Web Browsing History Without a Warrant
    The government just got even more power to spy on your internet habits as millions remain quarantined at home.
    https://www.vice.com/en_us/article/jgxxvk/senate-votes-to-allow-fbi-to-look-at-your-web-browsing-history-without-a-warrant

    Reply
  39. Tomi Engdahl says:

    Ransomware now demands extra payment to delete stolen files
    https://www.bleepingcomputer.com/news/security/ransomware-now-demands-extra-payment-to-delete-stolen-files/
    A ransomware family has begun a new tactic of not only demanding a
    ransom for a decryptor but also demanding a second ransom not to
    publish files stolen in an attack. For years, ransomware operators
    have been claiming to steal data before encrypting a company’s network
    and then threatening to release the data if a victim does not pay.

    Reply
  40. Tomi Engdahl says:

    Intel Improves Hardware Shield in New 10th Gen Core vPro Processors
    https://www.securityweek.com/intel-improves-hardware-shield-new-10th-gen-core-vpro-processors

    Intel on Wednesday announced its new 10th Gen Core vPro processors, which include an enhanced version of Hardware Shield that provides advanced threat detection capabilities.

    According to Intel, its new Core vPro processors are designed to provide better performance, built-in security features, and fast and reliable connectivity with integrated Wi-Fi 6.

    In terms of security, the new processors include Hardware Shield, a component of the vPro platform that is designed to improve the security of a device by locking down the hardware to protect the BIOS and preventing attackers from compromising the operating system through malicious code injections.

    The Hardware Shield in the latest vPro version brings new threat detection capabilities that leverage the power of the GPU in order to ensure minimal impact on the CPU’s performance.

    “Intel Hardware Shield now includes advanced threat detection and extended protection beyond system memory to help improve the detection of advanced threats while reducing false positives and minimizing performance impact,” Intel told SecurityWeek.

    Reply
  41. Tomi Engdahl says:

    Beware of Sick Behavior Masquerading as Coronavirus
    https://www.securityweek.com/beware-sick-behavior-masquerading-coronavirus

    As early as January, phishing emails containing phony COVID-19 public health warnings were circulating in Japan.

    Other forms of cyberattack, including a denial of service attack against the U.S. Department of Health and Human services on March 15, and a fraudulent website distributing a new variant of ransomware named “CoronaVirus” identified a few days later, also occurred. And misleading mobile apps began to proliferate. Altogether, we uncovered 376 Android mobile apps related to COVID-19. Many of them, it turned out, were benign. But others contained spyware to collect sensitive user data and insisted on receiving dangerous permissions.

    We discovered multiple apps that demanded access to perform account authentication, to capture and collect photos, to receive packets not directly addressed to the device, to create network sockets, remove accounts, delete passwords, request authentication tokens, and write to the phone’s embedded sim card. Seeking the ability to access a user’s contact list is a particularly dangerous form of permission because, among other things, it enables someone who secures that information to impersonate you and anyone else on that list in malicious ways.

    We also found a number of app download links that claimed to be specific to COVID-19 but which actually served up entirely different applications, some of which were rigged with malicious files requiring an extensive number of dangerous permissions. The files they would download included riskware, adware, potentially unwanted programs, contact collection tools, and SMS management capabilities.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*