Cyber Security News May 2020

This posting is here to collect cyber security news in May 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

222 Comments

  1. Tomi Engdahl says:

    White Supremacists Built a Website to Doxx Interracial Couples — and It’s Going to Be Hard to Take Down
    https://www.vice.com/en_us/article/n7ww4w/white-supremacists-built-a-website-to-doxx-interracial-couples-and-its-going-to-be-hard-to-take-down?utm_source=vicenewsfacebook&fbclid=IwAR2pXdcmF0zaGfxP5hiDhYGo1invX9B_hrKM-z17nCJvNA5mFBnq1ei457c

    Racists have published a hate-filled database targeting white women dating black and brown men as “traitors” — and some are being harassed online.

    On May 5, Allison, whose real name is being withheld for her safety, received a strange DM. It was from a woman she didn’t know, who informed her that she was on a disturbing website that was compiling information about white women in interracial relationships.

    When she went to the website, she found her name, photos, and social media handles under the label “traitors.”

    “It was weird, and strange, and creepy,” said Allison, 28. “I was thinking, ‘Who takes the time to do this?’”

    The website names, shames, and effectively promotes violence against interracial couples and families — and it’s been circulated in some of the darkest corners of the internet

    White supremacists have long invoked “racial purity” to justify horrific racism and brutal acts of violence against nonwhite people.

    “A website like this is concerning for reasons even beyond the repulsive hate it promotes. The site is yet another example of how certain online spaces are being designed to literally facilitate harassment,”

    Reply
  2. Tomi Engdahl says:

    Joka kolmannen suomalaisen sähköpostiosoite löytyy darkwebistä
    https://etn.fi/index.php/13-news/10767-joka-kolmannen-suomalaisen-sahkopostiosoite-loytyy-darkwebista

    Ruotsin johtavan tietovuotoihin erikoistuneen Defentryn keräämän datan perusteella useamman kuin joka kolmannen (37 %) suomalaisen sähköpostiosoite ja salasana löytyvät hakkereiden suosimasta pimeästä verkosta. MySafety on avannut Hakkeroitu.fi-palvelun, jossa voi tarkistaa, ovatko henkilökohtaiset tiedot vuotaneet nettiin.

    MySafety muistuttaa, että nettirikollisuus ja identiteettivarkaudet ovat lisääntyneet merkittävästi koronaepidemian aikana ja kuluttajilla on akuutti tarve suojautua niitä vastaan. Lisääntyneen tietoisuuden lisäksi suojautumiseen tarvitaan konkreettisia työkaluja. Tähän tarpeeseen maksuton Hakkeroitu.fi-palvelu vastaa.

    Defentryn datasta ilmenee, että suomalaisten käyttämistä sähköpostiosoitteista pimeästä verkosta löytyy salasanoineen eniten gmail-osoitteita, toiseksi eniten hotmail-osoitteita ja kolmanneksi eniten live-osoitteita.

    Reply
  3. Tomi Engdahl says:

    https://www.pandasecurity.com/mediacenter/mobile-news/perils-of-video-calls/
    Governments across the world have been instructing people to work from
    home as much as possible to limit the spread of the deadly Covid-19
    virus. As a result, weve seen an increase in the use of video
    conferencing services to host virtual meetings between colleagues. And
    families are also getting together online to stay in touch using the
    same tools.

    Reply
  4. Tomi Engdahl says:

    Access-as-a-Service Remote Access Markets in the Cybercrime
    Underground
    https://ke-la.com/access-as-a-service-remote-access-markets-in-the-cybercrime-underground/
    Remote Access Markets are automated stores that allow attackers to
    exchange access credentials to compromised websites and services. As
    such, they represent an endless stream of opportunities for attackers;
    buying access to an organization as a service lowers the skill bar for
    further exploitation and exposes organizations to a plethora wave of
    online threats from ransomware to card skimming.

    Reply
  5. Tomi Engdahl says:

    Scammers steal $10 million from Norway’s state investment fund
    https://www.bleepingcomputer.com/news/security/scammers-steal-10-million-from-norways-state-investment-fund/
    Fraudsters running business email compromise scams were able to
    swindle Norfund, Norways state investment fund, out of $10 million.
    The attackers took their time before pulling the trigger and took
    action to ensure that the theft would be discovered long after they
    got the money.

    Reply
  6. Tomi Engdahl says:

    COVID-19 blamed for 238% surge in cyberattacks against banks
    https://www.zdnet.com/article/covid-19-blamed-for-238-surge-in-cyberattacks-against-banks/
    The coronavirus pandemic has been connected to a 238% surge in
    cyberattacks against banks, new research claims. On Thursday, VMware
    Carbon Black released the third edition of the Modern Bank Heists
    report, which says that financial organizations experienced a massive
    uptick in cyberattack attempts between February and April this year –
    the same months in which COVID-19 began to spread rapidly across the
    globe.

    Reply
  7. Tomi Engdahl says:

    Huawei denies involvement in buggy Linux kernel patch proposal
    https://www.zdnet.com/article/huawei-denies-involvement-in-buggy-linux-kernel-patch-proposal/
    Huawei denied on Monday having any official involvement in an insecure
    patch submitted to the Linux kernel project over the weekend; patch
    that introduced a “trivially exploitable” vulnerability. The buggy
    patch was submitted to the official Linux kernel project via its
    mailing list on Sunday. Named HKSP (Huawei Kernel Self Protection),
    the patch allegedly introduced a series of security-hardening options
    to the Linux kernel.

    Reply
  8. Tomi Engdahl says:

    UK electricity middleman hit by cyber-attack
    Elexon said the incident only impacted its internal IT network, employee laptops, and company email server.
    https://www.zdnet.com/article/uk-electricity-middleman-hit-by-cyber-attack/

    Elexon, a crucial middleman in the UK power grid network, reported that it fell victim to a cyber-attack earlier today.

    Reply
  9. Tomi Engdahl says:

    Criminal group that hacked law firm threatens to release Trump documents
    https://www.nbcnews.com/tech/security/criminal-group-hacked-law-firm-threatens-release-trump-documents-n1208366?fbclid=IwAR0OHNtMfoVqT9oicHvHVBJNoe2fgEXlfHdB1uh55WjZDr-925_7AIPZkl0

    A known criminal enterprise released a large set of stolen files, at least some of which appeared legitimate.

    A cybercriminal gang that hacked a major entertainment law firm claims it will release information on President Donald Trump if it doesn’t receive $42 million in ransom.

    The group, a known criminal enterprise, didn’t offer any proof it had information compromising to Trump. It did, however, release a large set of stolen files from the law firm, Grubman Shire Meiselas & Sacks. NBC News reviewed some of the documents, and they appear legitimate.

    The law firm said that Trump is not a client and has never been. A spokesperson for the firm said it wasn’t clear which of its clients have been compromised.

    The group uses ransomware — a type of malicious software — to break into a victim’s networks and encrypt them, demanding a fee to unlock them. If the victim doesn’t pay up, the group slowly leaks out unencrypted versions of files stolen from those networks to prompt payment.

    Though the gang tends to release legitimately hacked files, they left no clue of whether they actually had compromising information on Trump or whether this was a ploy to put more pressure on the law firm to pay.

    “On the one hand, I think it’s bulls—,” said Brett Callow, who studies ransomware gangs at the antivirus company Emsisoft. “But on the other hand, getting a rep for bluffing isn’t helpful to extortionists. They need their victims to believe that their threats are real and will be carried through.”

    Grubman, Shire, Meiselas & Sacks said in a statement Friday that law firms have not been immune to escalating attacks by foreign cybercriminals. “Despite our substantial investment in state-of-the-art technology security, foreign cyberterrorists have hacked into our network and are demanding $42 million as ransom,”

    Reply
  10. Tomi Engdahl says:

    U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs
    https://krebsonsecurity.com/2020/05/u-s-secret-service-massive-fraud-against-state-unemployment-insurance-programs/

    A memo seen by KrebsOnSecurity that the Secret Service circulated to field offices around the United States on Thursday says the ring has been filing unemployment claims in different states using Social Security numbers and other personally identifiable information (PII) belonging to identity theft victims, and that “a substantial amount of the fraudulent benefits submitted have used PII from first responders, government personnel and school employees.”

    The Service’s memo suggests the crime ring is operating in much the same way as crooks who specialize in filing fraudulent income tax refund requests with the states and the U.S. Internal Revenue Service (IRS), a perennial problem that costs the states and the U.S. Treasury hundreds of millions of dollars in revenue each year.

    “Between March and April, the number of fraudulent claims for unemployment benefits jumped 27-fold to 700,” the state Employment Security Department (ESD) told The Seattle Times.

    Reply
  11. Tomi Engdahl says:

    The UK accidentally left secret plans for its COVID-19 contact-tracing app on an open Google Drive
    https://www.businessinsider.com/uk-leaves-plans-contact-tracing-app-open-google-drive-2020-5

    The UK government accidentally left documents outlining the the potential future for its contact-tracing app on a publicly accessible Google Drive, Wired UK reports.

    According to the documents future versions of the app might ask for more data, track geolocation, and allow people to set a “COVID-19 status.”

    The drive was spotted by Wired UK, and contained documents including one entitled “Product Direction: Release One” and labelled “OFFICIAL – SENSITIVE.”

    A link to the open drive was included in a batch of documents published intended to detail the data and privacy protections and risks of the contact-tracing app, known as a Data Privacy Impact Assessment (DPIA).

    The Google Drive has now been made private after Wired alerted the Department of Health and NHSX (the digital wing of the NHS) to the fact it was accessible.

    Reply
  12. Tomi Engdahl says:

    UK electricity middleman hit by cyber-attack
    https://www.zdnet.com/article/uk-electricity-middleman-hit-by-cyber-attack/

    Elexon said the incident only impacted its internal IT network, employee laptops, and company email server.

    Reply
  13. Tomi Engdahl says:

    https://www.bleepingcomputer.com/news/software/zoom-global-outage-preventing-meetings-video-and-audio/

    Zoom has a global outage that is preventing users from joining meetings or see video and hear audio once they have joined. There is currently no indication as to when the issue will be resolved.

    Reply
  14. Tomi Engdahl says:

    Danger zone! Brit research supercomputer ARCHER’s login nodes exploited in cyber-attack, admins reset passwords and SSH keys
    https://www.theregister.co.uk/2020/05/13/uk_archer_supercomputer_cyberattack/

    Assault on TOP500-listed machine may have hit Euro HPC too, warn sysops

    Updated One of Britain’s most powerful academic supercomputers has fallen victim to a “security exploitation” of its login nodes, forcing the rewriting of all user passwords and SSH keys.

    Reply
  15. Tomi Engdahl says:

    Hackers Can Inject Code Into WordPress Sites via Flaw in Product Review Plugin
    https://www.securityweek.com/hackers-can-inject-code-wordpress-sites-flaw-product-review-plugin

    A vulnerability addressed recently in the WP Product Review Lite plugin for WordPress could be abused by unauthenticated attackers to hack websites.

    WP Product Review Lite is designed for creating product reviews on WordPress websites. It supports the creation of a top products review widget and also allows monetization through the addition of a “buy now” button in posts. The plugin has more than 40,000 installations.

    Last week, the team of developers behind the plugin addressed an unauthenticated persistent Cross-Site Scripting (XSS) vulnerability that could have been exploited to inject code into all of a website’s product pages.

    Unauthenticated Stored Cross Site Scripting in WP Support Review
    https://labs.sucuri.net/unauthenticated-stored-cross-site-scripting-in-wp-support-review/

    Reply
  16. Tomi Engdahl says:

    Crypto-Mining Campaign Hits European Supercomputers
    https://www.securityweek.com/crypto-mining-campaign-hits-european-supercomputers

    Several supercomputers across Europe were taken offline last week after being targeted in what appears to be a crypto-mining campaign.

    In a notice on Saturday, the Swiss National Supercomputing Centre (CSCS) revealed that it too has been hit, along with other “HPC [High Performance Computing] and academic data centres of Europe and around the world.”

    Reply
  17. Tomi Engdahl says:

    FBI finds al Qaeda link after breaking encryption on Pensacola attacker’s iPhone
    https://edition.cnn.com/2020/05/18/politics/pensacola-shooting-al-qaeda/index.html

    The Saudi military trainee who killed three US sailors and wounded several others in a terror attack last year on a military base in Pensacola, Florida, was in touch with a suspected al Qaeda operative, according to multiple US officials briefed on the matter.

    Reply
  18. Tomi Engdahl says:

    This Service Helps Malware Authors Fix Flaws in their Code
    https://krebsonsecurity.com/2020/05/this-service-helps-malware-authors-fix-flaws-in-their-code/
    Enter malware testing services like the one operated by RedBear, the
    administrator of a Russian-language security site called Krober[.]biz,
    which frequently blogs about security weaknesses in popular malware
    tools.. RedBears service is marketed not only to malware creators, but
    to people who rent or buy malicious software and services from other
    cybercriminals. A chief selling point of this service is that, crooks
    being crooks, you simply cant trust them to be completely honest.

    Reply
  19. Tomi Engdahl says:

    One million brute force attacks on RDP connections every day
    https://www.pandasecurity.com/mediacenter/security/brute-force-rdp/
    Even before the current situation, this kind off RDP cyberattack was
    extremely common: There were around 150,000 attempts every day.
    However, at the start of March, when the stricter lockdown measures
    came into effect, almost a million attempted brute force attacks on
    RDP connections were registered every day

    Reply
  20. Tomi Engdahl says:

    Israel behind cyberattack that caused ‘total disarray’ at Iran port – report
    https://www.timesofisrael.com/israel-said-behind-cyberattack-that-caused-total-disarray-at-iran-port-report/

    Washington Post cites officials saying Jerusalem carried out ‘highly accurate’ hack, apparently in retaliation for Iranian attempt to target Israeli water infrastructure

    Reply
  21. Tomi Engdahl says:

    Colorado’s unemployment system, slammed with coronavirus claims, inadvertently exposed people’s private data
    https://coloradosun.com/2020/05/18/colorado-unemployment-private-data-released/

    The unauthorized access is blamed on a vendor’s technical issue and was identified and blocked within an hour after it was noticed on Saturday, according to the Colorado Department of Labor and Employment

    Reply
  22. Tomi Engdahl says:

    Suit: ADT employee spied on customers’ home security systems
    https://apnews.com/6e885b29749e2db50f8f628f212cb37c

    Two federal class-action lawsuits have been filed against ADT, one of the largest security companies in the country, alleging that an employee spied on customers and children over a seven-year period through their home security cameras.

    The lawsuits, filed Monday, allege ADT showed negligence and breached contracts by failing to provide security, among other concerns. Both lawsuits say the employee was able to view customers’ intimate and private moments, including when they were nude or partially dressed.

    The breach was discovered in March after an ADT customer in DeSoto, Texas, reported an unauthorized email address on her account. An internal investigation discovered the employee’s personal email address was added on 220 ADT customers’ accounts in the Dallas-Fort Worth area.

    “We took immediate action and put measures in place to prevent this from happening again,” ADT said in a written statement Monday.

    “I am just horrified that a company that holds itself as the number one security option allowed this to happen,” attorney Amy Carter said. “They gave access to someone’s home when they were seeking additional security.”

    Reply
  23. Tomi Engdahl says:

    European supercomputers hacked to mine cryptocurrency
    https://www.welivesecurity.com/2020/05/18/european-supercomputers-hacked-mine-cryptocurrency/
    Multiple supercomputers across Europe that are working on COVID-19
    research have been targeted by cryptocurrency-mining attacks over the
    past week. The reports of the incursions started pouring in last
    Monday, when supercomputers in the United Kingdom and Germany were
    among the first victims.

    Reply
  24. Tomi Engdahl says:

    Verizon Data Breach Report: DoS Skyrockets, Espionage Dips
    https://threatpost.com/verizon-data-breach-report-dos-skyrockets-espionage-dips/155843/
    Denial of Service (DoS), ransomware, and financially-motivated data
    breaches were the winners in this years Verizon DBIR.

    Reply
  25. Tomi Engdahl says:

    Emil Protalinski / VentureBeat:
    Google launches Chrome 83 with updated safety and privacy settings, third-party cookies blocked in Incognito mode, DNS-over-HTTPS support, and new dev features — Google today launched Chrome 83 for Windows, Mac, Linux, Android, and iOS. Chrome 83 includes redesigned safety and privacy settings …

    Chrome 83 arrives with redesigned security settings, third-party cookies blocked in Incognito
    https://venturebeat.com/2020/05/19/google-chrome-83/

    Reply
  26. Tomi Engdahl says:

    NXNSAttack: New DNS Vulnerability Allows Big DDoS Attacks
    https://www.securityweek.com/nxnsattack-new-dns-vulnerability-allows-big-ddos-attacks

    Several major providers of DNS services and software have been working to address a serious DNS vulnerability that could allow malicious actors to launch significant distributed denial-of-service (DDoS) attacks.

    The vulnerability, dubbed NXNSAttack

    entities that operate their own DNS resolver need to update their software as soon as possible to prevent attacks.

    Various CVE identifiers have been assigned by the impacted vendors, including CVE-2020-8616 (BIND), CVE-2020-12662 (Unbound), CVE-2020-12667 (Knot) and CVE-2020-10995 (PowerDNS).

    In the case of NXNSAttack, a remote attacker can amplify network traffic by sending DNS queries to a vulnerable resolver, which queries an authoritative server controller by the attacker. The attacker’s server delegates to fake server names pointing to the victim’s DNS domain, causing the resolver to generate queries towards the victim’s DNS server. The attack can result in an amplification factor of over 1,620.

    Reply
  27. Tomi Engdahl says:

    Researchers Divulge Details on Five Windows Zero Days
    https://www.securityweek.com/researchers-divulge-details-five-windows-zero-days

    Security researchers working with Trend Micro’s Zero Day Initiative (ZDI) have published information on

    five unpatched vulnerabilities in Microsoft Windows, including four considered high risk.

    Tracked as CVE-2020-0916, CVE-2020-0986, and CVE-2020-0915, and featuring a CVSS score of 7.0, the first

    three of these zero-day vulnerabilities could allow an attacker to escalate privileges on the affected

    system.

    The security flaws were identified in the user-mode printer driver host process splwow64.exe

    Reply
  28. Tomi Engdahl says:

    LMAOOOOOOOO they left RCE unpatched for 15 years because “it’s probably not exploitable”

    “In 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default installation. We recently re-discovered these vulnerabilities and were able to exploit one of them remotely in a default installation.”

    https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt

    Reply
  29. Tomi Engdahl says:

    Cyberattack hits internal IT systems of key player in British power market
    https://www.cyberscoop.com/elexon-cyberattack-uk-electricity-market/

    Elexon, a company that facilitates transactions on the British electricity market, said Thursday that a cyberattack had hit its internal computers, cutting off email access for employees.

    The company grappled with the digital attack throughout Thursday, tweeting that it had identified the “root cause” of the incident.

    “The attack is to our internal IT systems and Elexon’s laptops only,” the company said. It was unclear who was responsible for the cyberattack.

    The attack didn’t affect the external IT systems that the company uses to track trading between producers and suppliers of electricity, Elexon said.

    Reply
  30. Tomi Engdahl says:

    Thunderspy: What it is, why it’s not scary, and what to do about it
    https://arstechnica.com/information-technology/2020/05/thunderspy-what-is-is-why-its-not-scary-and-what-to-do-about-it/

    Evil maids can use the Thunderbolt port to access your computer; many restrictions apply.

    Reply
  31. Tomi Engdahl says:

    European supercomputers hacked in mysterious cyberattacks
    https://www.bleepingcomputer.com/news/security/european-supercomputers-hacked-in-mysterious-cyberattacks/

    Several high-performance computers (HPCs) and data centers used for research projects have been shut down this week across Europe due to security incidents.

    Reply
  32. Tomi Engdahl says:

    Oklahoma University’s Virtual Graduation Ceremony Disrupted by Racist Hacker

    https://time.com/5834845/oklahoma-city-university-zoom-racism-hacker/

    Reply
  33. Tomi Engdahl says:

    CVE-2020-11108: How I Stumbled into a Pi-hole RCE+LPE
    https://frichetten.com/blog/cve-2020-11108-pihole-rce/

    Reply
  34. Tomi Engdahl says:

    Alert Regarding Vulnerabilities (CVE-2020-8616, CVE-2020-8617) in ISC
    BIND 9
    https://www.jpcert.or.jp/english/at/2020/at200023.html
    If you are operating an affected version of ISC BIND 9, please
    consider updating to a version that addresses these vulnerabilities by
    referring to the information in “III. Solution”. III. ISC has released
    versions of ISC BIND 9 that address these vulnerabilities.
    Distributors are likely to provide their own versions that address the
    vulnerabilities. Consider updating to an updated version after
    thorough testing. Read also:
    https://www.theregister.co.uk/2020/05/21/nxnaattack_bug_disclosed/.
    And:
    https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/

    Reply
  35. Tomi Engdahl says:

    Vigilante hackers target ‘scammers’ with ransomware, DDoS attacks
    https://www.bleepingcomputer.com/news/security/vigilante-hackers-target-scammers-with-ransomware-ddos-attacks/
    A hacker has been taking justice into their own hands by targeting
    “scam” companies with ransomware and denial of service attacks.

    Reply
  36. Tomi Engdahl says:

    BlockFi discloses failed hack attempt after SIM swapping incident
    https://www.zdnet.com/article/blockfi-discloses-failed-hack-attempt-after-sim-swapping-incident/
    BlockFi says a hacker SIM swapped an employee to gain access to its
    platform, but the hacker failed in their attempt to steal BlockFi
    customer funds.

    Reply
  37. Tomi Engdahl says:

    Crooks Tap Google Firebase in Fresh Phishing Tactic
    https://threatpost.com/crooks-tap-google-firebase-in-fresh-phishing-tactic/155967/
    Cybercriminals are taking advantage of the Google name and the cloud
    to convince victims into handing over their login details. A series of
    phishing campaigns using Google Firebase storage URLs have surfaced,
    showing that cybercriminals continue to leverage the reputation of
    Google’s cloud infrastructure to dupe victims. Google Firebase is a
    mobile and web application development platform. Firebase Storage
    meanwhile provides secure file uploads and downloads for Firebase
    apps. Using the Firebase storage API, companies can store data in a
    Google cloud storage bucket.

    Reply
  38. Tomi Engdahl says:

    Vulnerability Spotlight: Memory corruption vulnerability in GNU Glibc
    leaves smart vehicles open to attack
    https://blog.talosintelligence.com/2020/05/cve-2020-6096.html
    Modern automobiles are complex machines, merging both mechanical and
    computer systems under one roof. As automobiles become more advanced,
    additional sensors and devices are added to help the vehicle
    understand its internal and external environments. These sensors
    provide drivers with real-time information, connect the vehicle to the
    global fleet network and, in some cases, actively use and interpret
    this telemetry data to drive the vehicle. In our case, a vulnerability
    in the ARMv7 implementation of memcpy() that was able to cause the
    program to enter an undefined state and ultimately allow for remote
    code execution. When exploited, this memcpy() vulnerability causes
    program execution to continue in scenarios where a segmentation fault
    or crash should have occurred. This unexpected behavior can result in
    a scenario where program execution continues with corrupted runtime
    state leading to exploitation opportunities. Read also:
    https://blogs.cisco.com/security/talos/vulnerability-spotlight-memory-corruption-vulnerability-in-gnu-glibc-leaves-smart-vehicles-open-to-attack

    Reply
  39. Tomi Engdahl says:

    Most Bluetooth Devices Vulnerable to Impersonation Attacks
    https://www.darkreading.com/iot/most-bluetooth-devices-vulnerable-to-impersonation-attacks/d/d-id/1337880
    Vulnerabilities in the Bluetooth authentication process give attackers
    a way to insert rogue devices between two securely paired devices,
    academic researchers find. Security researchers from three
    universities in Europe have found multiple weaknesses in the
    ubiquitous Bluetooth protocol that could allow attackers to
    impersonate a paired device and establish a secure connection with a
    victim. Most standard Bluetooth devices are vulnerable to the issue,
    according to the researchers, who successfully tested a
    proof-of-concept attack they developed against 31 Bluetooth devices
    from major hardware and software vendors. Bluetooth chips from Apple,
    Intel, Qualcomm, Cypress, Broadcomm, and others are all vulnerable to
    the attacks. Adversaries can impersonate any Bluetooth-enabled device
    from smartphones and laptops to IoT devices, the researchers say.

    Reply
  40. Tomi Engdahl says:

    Thousands of Israeli sites defaced with code seeking permission to
    access users’ webcams
    https://www.zdnet.com/article/thousands-of-israeli-sites-defaced-with-code-seeking-permission-to-access-users-webcams/
    Thousands of Israeli websites have been defaced earlier today to show
    an anti-Israeli message and with malicious code seeking permission to
    access visitors’ webcams. More than 2, 000 websites are believed to
    have been defaced. Most of the websites were hosted on uPress, a local
    Israeli WordPress hosting service.

    Reply
  41. Tomi Engdahl says:

    Check Point released an open-source fix for common Linux memory
    corruption security hole
    https://www.zdnet.com/article/check-point-released-an-open-source-fix-for-common-linux-memory-corruption-security-hole/
    For years, there’s been a security problem with how the GNU C Library
    dealt with single-linked-lists. Now, Check Point has released a patch,
    which will fix the problem once and for all.

    Reply
  42. Tomi Engdahl says:

    AVOID SCAMS RELATED TO ECONOMIC PAYMENTS, COVID-19
    https://www.cisa.gov/publication/avoid-scams-related-economic-payments-covid-19
    Original release date: May 21, 2020. In March, Congress passedand the
    President signedthe Coronavirus Aid, Relief, and Economic Security
    (CARES) Act, a $2 trillion economic relief package intended to support
    American businesses and individuals economically burdened by the
    coronavirus pandemic. A provision of the law includes sending economic
    impact payments to eligible Americans. CISA, U.S. Department of the
    Treasury, the IRS, and the United States Secret Service (USSS) urge
    all Americans to be on the lookout for criminal fraud related to these
    economic impact paymentsparticularly fraud using coronavirus lures to
    steal personal and financial information, as well as the economic
    impact payments themselvesand for adversaries seeking to disrupt
    payment efforts. Read also:
    https://www.cisa.gov/sites/default/files/publications/Avoid_Scams_Related_to_Economic_Payments_COVID-19.pdf

    Reply
  43. Tomi Engdahl says:

    Santahaminan upseerikerho tarjosi “solidia pilsneriä” Olutsovellus
    paljasti sotilaiden liikkeet, mutta jopa sään tarkkailu voi olla
    tietoturvariski
    https://www.hs.fi/ulkomaat/art-2000006514953.html
    Aiemmin sotilaat kärähtivät paikkatiedoista lenkkeilysovelluksessa,
    nyt on vuorossa oluenmaistelusovellus. Toisinaan ei tarvita edes
    yksittäistä sovellusta, niin monesta kolosta tietoa vuotaa.’

    Untappd

    Esimerkin etsi Untappd-sovelluksen tiedoista Helsingin Sanomat. Aikaa kului varttitunti.

    Avoimiin lähteisiin erikoistunut selvitysryhmä Bellingcat tutustui Untappdiin paljon tarkemmin ja julkaisi löytönsä tiistaina. Untappdilla on noin kahdeksan miljoonaa käyttäjää. He ovat enimmäkseen Yhdysvalloista ja Euroopasta.

    Käyttäjien joukosta Bellingcat onnistui tunnistamaan esimerkiksi Yhdysvaltojen armeijan lennokkilentäjän ja hänen työhönsä liittyvät sotilastukikohdat sekä Yhdysvalloissa että ulkomailla. laivastoupseerin, jolla oli asiaa sekä pahamaineiseen Guantanamon pidätyskeskukseen että Yhdysvaltojen puolustusministeriöön sekä tiedusteluvirkailijan, jolla oli yli 7 000 paikkamerkintää.

    Santahaminan upseerikerholle on tehty yhteensä 60 paikkamerkintää

    Military And Intelligence Personnel Can Be Tracked With The Untappd Beer App
    https://www.bellingcat.com/news/2020/05/18/military-and-intelligence-personnel-can-be-tracked-with-the-untappd-beer-app/

    Surprise! The beer-rating app Untappd can be used to track the location history of military personnel. The social network has over eight million mostly European and North American users, and its features allow researchers to uncover sensitive information about said users at military and intelligence locations around the world.

    For people in the military, neither drinking beer nor using social media is newsworthy on its own. But Untappd users log hundreds, often thousands of time-stamped location data points.

    Examples of users that can be tracked this way include a U.S. drone pilot, along with a list of both domestic and overseas military bases he has visited, a naval officer, who checked in at the beach next to Guantanamo’s bay detention center as well as several times at the Pentagon, and a senior intelligence officer with over seven thousand check-ins, domestic and abroad. Senior officials at the U.S. Department of Defense and the U.S. Air Force are included as well.

    Cross-referencing these check-ins with other social media makes it easy to find these individuals’ homes. Their profiles and the pictures they post also reveal family, friends, and colleagues.

    Tapping Untappd

    At first glance Untappd’s data might seem useless as its location data is not strict, meaning users are free to check in to locations from up to 60 miles away. This is a problem at well-known spots in more populated areas. For example, the NSA and MI6 headquarters have many check-ins from users who were in the vicinity, but who were likely not inside these buildings.

    Moreover, it can be difficult to find locations of interest, as Untappd’s search functions only list venues such as hotels, bars, and restaurants.

    Given these issues, how can one still manage to find sensitive government locations as well as the individuals who actually visited them?

    Here is how this works: When users drink beer, they can “check in” to Untappd by taking a picture of their beverage and logging their location as well as the date and time. Searching for a location brings up only bars, restaurants and shops. Once you begin the process of “checking in” a beer, however, Untappd allows more locations to be selected.

    Locations have their own profiles, showing all users who have checked in there, along with the date and time of their check-in. These locations are drawn from Foursquare’s application programming interface (API), and are highly categorized. Searching for military locations does not bring up results. Yet by finding members of the military and piggybacking, you can find other military locations.

    Beginning with a simple search in both Untappd and Google, we can easily find the landing strip at Camp Peary.

    Reply
  44. Tomi Engdahl says:

    The Washington Post: Israelin tekemä kyber­isku aiheutti seka­sorron
    iranilaisessa satamassa toukokuun alussa
    https://www.hs.fi/ulkomaat/art-2000006512971.html
    Lehden mukaan kyberisku oli kosto Iranille, joka oli yrittänyt iskeä
    israelilaisiin vesilaitoksiin huhtikuussa.

    Reply
  45. Tomi Engdahl says:

    Officials: Israel linked to a disruptive cyberattack on Iranian port
    facility
    https://www.washingtonpost.com/national-security/officials-israel-linked-to-a-disruptive-cyberattack-on-iranian-port-facility/2020/05/18/9d1da866-9942-11ea-89fd-28fb313d1886_story.html
    On May 9, shipping traffic at Irans bustling Shahid Rajaee port
    terminal came to an abrupt and inexplicable halt. Computers that
    regulate the flow of vessels, trucks and goods all crashed at once,
    ­creating massive backups on waterways and roads leading to the
    facility.. After waiting a day, Iranian officials acknowledged that an
    unknown foreign hacker had briefly knocked the ports computers
    off­line. Now, more than a week later, a more complete explanation has
    come to light: The port was the victim of a substantial cyberattack
    that U.S. and foreign government officials say appears to have
    originated with Irans archenemy, Israel.

    Reply
  46. Tomi Engdahl says:

    Victory! German Mass Surveillance Abroad is Ruled Unconstitutional
    https://www.eff.org/deeplinks/2020/05/victory-german-mass-surveillance-abroad-ruled-unconstitutional
    In a landmark decision, the German Constitutional Court has ruled that
    mass surveillance of telecommunications outside of Germany conducted
    on foreign nationals is unconstitutional. Thanks to the chief legal
    counsel, Gesellschaft fr Freiheitsrechte (GFF), this a major victory
    for global civil liberties, but especially those that live and work in
    Europe. Many will now be protected after lackluster 2016 surveillance
    reforms continued to authorize the surveillance on EU states and
    institutions for the purpose of “foreign policy and security, ” and
    permitted the BND to collaborate with the NSA.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*