This posting is here to collect cyber security news in June 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
204 Comments
Tomi Engdahl says:
Ethernet Vulnerabilities in Safety Instrumented Systems (SIS): A Key
Difference
https://www.dragos.com/blog/industry-news/ethernet-vulnerabilities-in-safety-instrumented-systems-sis-a-key-difference/
Dragos reported issues to Schneider Electric concerning security
defects in the Triconex Safety Instrumented System (SIS) network
communication module. These modules, sold under the name Tricon
Communication Module (TCM), are used to connect the SIS to Ethernet
networks. The defects can be used to deny service to the SIS or to
pre-stage future logic attacks.
Tomi Engdahl says:
Windows 10 Cumulative Updates KB4557957 & KB4560960 Released
https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4557957-and-kb4560960-released/
The June 2020 Patch Tuesday updates are now rolling out and you can
download and install the latest security fixes on supported versions
of Windows 10.. see also
https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2020-patch-tuesday-largest-ever-with-129-fixes/
Tomi Engdahl says:
Dan Goodin / Ars Technica:
New Intel chip flaws disclosed: one can leak secure enclave data and the second allows cross core info
leakage; both have patches that partially fix the issues
Plundering of crypto keys from ultrasecure SGX sends Intel scrambling again
Intel’s speculative execution flaws go deeper and are harder to fix than we thought.
https://arstechnica.com/information-technology/2020/06/new-exploits-plunder-crypto-keys-and-more-from-
intels-ultrasecure-sgx/
For the past two years, modern CPUs—particularly those made by Intel—have been under siege by an unending series of attacks that make it possible for highly skilled attackers to pluck passwords, encryption keys, and other secrets out of silicon-resident memory. On Tuesday, two separate academic teams disclosed two new and distinctive exploits that pierce Intel’s Software Guard eXtension, by far the most sensitive region of the company’s processors.
Tomi Engdahl says:
GnuTLS patches huge security hole that hung around for two years – worse than Heartbleed, says Google cryptoboffin
Maybe it’s time to get it gone
https://www.theregister.com/2020/06/10/gnutls_patches_security_hole/
GnuTLS, a widely used open source library implementing Transport Layer Security, last week fixed a bug that had been hiding in the code for almost two years that made resumed TLS 1.3 sessions vulnerable to attack.
The TLS handshake requires two round-trips between client and server to establish a secure connection. Session tickets provide a way to resume previously established connections with only one round-trip. But this convenience comes at a cost – it’s less secure, as described by Google cryptographer Filippo Valsorda.
An attacker capable of exploiting this vulnerability could bypass authentication under TLS 1.3 and could recover previous conversations under TLS 1.2.
The bug, introduced in GnuTLS 3.6.4 (Sep. 24, 2018), was fixed in GnuTLS 3.6.14 (June 3, 2020).
Tomi Engdahl says:
Kana Inagaki / Financial Times:
Honda says a cyberattack on its network forced it to suspend global production and give many staffers a day off; some vehicle factories remain closed — Japanese manufacturer forced to suspend global operations for a day following disruption — Japanese carmaker Honda said on Tuesday …
https://www.ft.com/content/da60f3da-9669-4d50-ac33-144adac28f4b
Tomi Engdahl says:
Facebook Helped the FBI Hack a Child Predator
https://www.vice.com/amp/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez?__twitter_impression=true
Facebook paid a cybersecurity firm six figures to develop a zero-day in Tails to identify a man who extorted and threatened girls.
Tomi Engdahl says:
Multiple US agencies have purchased this mysterious mobile eavesdropping device
By Joel Khalili 8 hours ago
Very little is known about the ‘Crossbow’ device
https://global.techradar.com/en-za/news/multiple-us-agencies-have-purchased-this-mysterious-mobile-eavesdropping-device
Multiple US federal agencies have obtained a mysterious new eavesdropping device thought to be designed to monitor 4G-enabled mobile phones.
Very little is known about the ‘Crossbow’ device, other than it iterates on the Stingray ISMI-catchers manufactured by Harris, used to trace location data and listen in on phone calls.
Procurement documents show the US Marshals placed an order with Harris for Crossbow devices worth $1.7 million, while the US Army and Navy made similar purchases worth circa $380,000.
Mobile surveillance
ISMI-catchers, or international mobile subscriber identity-catchers, are able to mimic the qualities of a cellphone tower and, by this mechanism, record the SIM card identity, eavesdrop on calls, access text messages and capture location data.
The devices allow law enforcement agencies, including in the UK, to monitor the movement of known criminals without their knowledge.
In targeting a specific individual, however, it is possible ISMI-catchers also intercept data relating to civilian users – and are also said to interfere with calls to emergency numbers.
“The public, judges, and lawmakers cannot provide effective oversight without basic information about the capabilities of this new military-grade equipment,” said Alexia Ramirez, ACLU member.
Tomi Engdahl says:
Report: Facebook Helped the FBI Exploit Vulnerability in a Secure Linux Distro for Child Predator Sting
https://gizmodo.com/report-facebook-helped-the-fbi-exploit-vulnerability-i-1843988377?utm_campaign=Gizmodo&utm_content=&utm_medium=SocialMarketing&utm_source=facebook
Tomi Engdahl says:
https://thehackernews.com/2020/06/hacker-for-hire-belltrox-india.html?m=1
Tomi Engdahl says:
https://www.businessinsider.com/online-voting-system-can-be-hacked-to-alter-votes-report-2020-6
Tomi Engdahl says:
Snake Ransomware Delivers Double-Strike on Honda, Energy Co.
https://threatpost.com/snake-ransomware-honda-energy/156462/
The ICS/SCADA-focused malware is likely behind a duo of attacks this
week, on Honda and a South American energy company, researchers said.
Tomi Engdahl says:
Fake Black Lives Matter voting campaign spreads Trickbot malware
https://www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/
A phishing email campaign asking you to vote anonymously about Black
Lives Matter is spreading the TrickBot information-stealing malware
Tomi Engdahl says:
IBM Cloud global outage caused by “incorrect” BGP routing
https://www.bleepingcomputer.com/news/technology/ibm-cloud-global-outage-caused-by-incorrect-bgp-routing/
On June 9th, 2020, IBM Cloud data centers suffered a global outage
that caused connectivity issues for many of the web sites and
platforms utilizing the service, including BleepingComputer.
Tomi Engdahl says:
Ransomware: Hackers took just three days to find this fake industrial
network and fill it with malware
https://www.zdnet.com/article/ransomware-hackers-took-just-three-days-to-find-this-fake-industrial-network-and-fill-it-with-malware/
Industrial control networks are coming under attack from a range of
ransomware attacks, security researchers have warned, after an
experiment revealed the speed at which hackers are uncovering
vulnerabilities in critical infrastructure.
Tomi Engdahl says:
Expiring SSL certs expected to break smart TVs, fridges, and IoTs
https://www.bleepingcomputer.com/news/security/expiring-ssl-certs-expected-to-break-smart-tvs-fridges-and-iots/
On May 30th, select Roku streaming channels stopped working, leaving
impacted customers clueless with no idea what was wrong.. The same day
payment platforms Stripe and Spreedly experienced disruptions and
blamed it on expiring Certificate Authority (CA) root certificates..
We always knew SSL certificates came with an expiration date, but we
didn’t plan for the fact it’d be happening this year!
Tomi Engdahl says:
Protecting IoT devices and OT Networks from a Cyber Pandemic
https://blog.checkpoint.com/2020/06/11/protecting-iot-devices-and-ot-networks-from-a-cyber-pandemic/
Tomi Engdahl says:
Expiring SSL certs expected to break smart TVs, fridges, and IoTs
https://www.bleepingcomputer.com/news/security/expiring-ssl-certs-expected-to-break-smart-tvs-fridges-and-iots/
On May 30th, select Roku streaming channels stopped working, leaving
impacted customers clueless with no idea what was wrong.. The same day
payment platforms Stripe and Spreedly experienced disruptions and
blamed it on expiring Certificate Authority (CA) root certificates..
We always knew SSL certificates came with an expiration date, but we
didn’t plan for the fact it’d be happening this year!
Protecting IoT devices and OT Networks from a Cyber Pandemic
https://blog.checkpoint.com/2020/06/11/protecting-iot-devices-and-ot-networks-from-a-cyber-pandemic/
Tomi Engdahl says:
Authorities Probe Radio, Website Disruptions During Protests
https://www.securityweek.com/authorities-probe-radio-website-disruptions-during-protests
Authorities are investigating interference with police radio communications, websites and networks used by law enforcement and other officials during recent U.S. protests over the death of George Floyd in Minneapolis.
Although the efforts to disrupt police radios and take down websites in Minnesota, Illinois and Texas aren’t considered technically difficult hacks, federal intelligence officials warned that law enforcement should be ready for such tactics as protests continue.
Authorities have not yet identified anyone responsible or provided details about how the disruptions were carried out. But officials were particularly concerned by interruptions to police radio frequencies during the last weekend of May as dispatchers tried to direct responses to large protests and unrest that overshadowed peaceful demonstrations.
During protests in Dallas on May 31, someone gained access to the police department’s unencrypted radio frequency and disrupted officers’ communications by playing music over their radios, according to a June 1 intelligence assessment from the U.S. Department of Homeland Security.
Tomi Engdahl says:
Honda Shuts Down Factories After Cyberattack
Welcome to a new era of ransomware warfare.
https://www.popularmechanics.com/technology/security/a32825656/honda-cybersecurity-attack/?utm_campaign=socialflowFBPOP&utm_medium=social-media&utm_source=facebook
On June 9, Honda was hit with a cyberattack that put some manufacturing systems offline.
No customer data was subject to the breach, the automaker tells Popular Mechanics.
Security researchers believe this was a ransomware attack, wherein adversaries request digital payment to restore access to a network.
Honda manufacturing plants in Ohio and Turkey went offline on Tuesday, June 9 after a cyberattack compromised some of the Japanese automaker’s facilities. While cybersecurity researchers say a ransomware attack is most likely to blame, it’s unclear whether the attack targeted information technology systems or industrial control systems themselves.
“Honda has experienced a cyberattack that has affected production operations at some U.S. plants,”
“When the malware executes, it will try to resolve to a hardcoded hostname (mds.honda.com). If, and only if it does, will the file encryption begin,” the researchers say.
Ekans has only been around since about December 2019, Dragos says, but it points to a brazen leap from IT systems to industrial control systems. That makes the possible fallout from such cyberattacks physical in nature, and potentially dangerous.
Tomi Engdahl says:
Dark Basin
Uncovering a Massive Hack-For-Hire Operation
https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/
Tomi Engdahl says:
How to use ‘dot’ glitch to skip paywalls and watch YouTube without ads
https://www.cultofmac.com/713895/watch-youtube-without-ads-bypass-firewalls/
Adding a single character to a URL can let you bypass some websites’ metered paywalls and watch YouTube videos without having to endure those annoying ads.
The simple hack — typing a “dot” immediately after the “.com” in a site’s URL — doesn’t work on every single website out there. But it does give you an advertisement-free pass to many of them.
It appears to work without fail on YouTube. And it seems pretty effective at eliminating those “you’ve read all your free articles for the month” warnings that some websites serve up in a bid to push subscriptions.
Workarounds like this come and go, as websites adapt to the latest developments. Ad-fueled websites and services constantly play a cat-and-mouse game with ad blockers and similar technologies.
Tomi Engdahl says:
T-Mobile, Fortnite, Instagram, Comcast, And Chase Bank Have All Experienced Outages. Some Believe The U.S. Has Been Hit By Large-Scale DDoS Attack—Others Are Skeptical.
https://www.forbes.com/sites/jessedamiani/2020/06/15/t-mobile-fortnite-instagram-comcast-and-chase-bank-have-all-experienced-outages-some-believe-the-us-has-been-hit-by-large-scale-ddos-attack-others-are-skeptical/
On June 15, a flurry of reports on a number of different services in the U.S. have indicated that the country may be experiencing a coordinated DDoS, or “distributed denial of service” attack. These attacks are malicious attempts to disrupt or shut down targeted servers by overwhelming them with traffic from multiple sources.
According to outage aggregator Downdetector, users reported outages in major mobile carriers (T-Mobile, Metro, Verizon, AT&T, Sprint, Consumer Cellular, US Cellular), Internet providers (Spectrum, Comcast, CenturyLink, Cox), social media platforms (Facebook, Instagram, Twitter, Snapchat, Twitter), games and game services (Fortnite, Roblox, Call of Duty, Steam, Xbox Live, Playstation Network), streaming services (Netflix, Hulu, HBO Now, Twitch), banks (Chase Bank, Bank of America), delivery services (Doordash), and other major platforms like Google and Zoom.
Tomi Engdahl says:
No, There Wasn’t a Major DDoS Cyberattack on the U.S.—Despite ‘Anonymous’ Claims, Experts Say
https://www.newsweek.com/cyberattack-ddos-anonymous-hacking-group-t-mobile-outage-websites-offline-explained-1511082
Security experts say there is no evidence the U.S. was hit by a major DDoS cyberattack this week—despite rampant social media speculation.
Yesterday, rumors circulated on Twitter after telecom operators, games, social networks, banks and other apps suffered unexplained outages. Those affected appeared to include T-Mobile, Fortnite, Instagram, AT&T, Twitch and Facebook Messenger.
hacktivist group Anonymous said the U.S. was “under a major DDoS attack” and shared a link to a Digital Attack Map that is designed to illustrate the scope of global DDoS threats.
there did not appear to be a coordinated attack on the U.S. by any foreign nation. Instead, outages were traced to T-Mobile.
According to Prince, T-Mobile was making network changes today but they “went badly,” causing a “series of cascading failures” for users’ voice and data networks.
Cyber researcher Brian Krebs commented on Twitter: “I have found no indication these outages are DDoS related. Rather, there may be Sprint/T-Mobile issues related to a wonky update in the systems from the Sprint side to help merge with T-Mobile.”
T-Mobile completed its merger with telecom Sprint in April.
Tomi Engdahl says:
South African bank to replace 12m cards after employees stole master key
https://www.zdnet.com/google-amp/article/south-african-bank-to-replace-12m-cards-after-employees-stole-master-key/?__twitter_impression=true
Postbank says employees printed its master key at one of its data centers and then used it to steal $3.2 million.
Postbank, the banking division of South Africa’s Post Office, has lost more than $3.2 million from fraudulent transactions and will now have to replace more than 12 million cards for its customers after employees printed and then stole its master key.
The master key is a 36-digit code (encryption key) that allows its holder to decrypt the bank’s operations and even access and modify banking systems. It is also used to generate keys for customer cards.
The internal report said that between March and December 2019, the rogue employees used the master key to access accounts and make more than 25,000 fraudulent transactions, stealing more than $3.2 million (56 million rand) from customer balances.
Following the discovery of the breach, Postbank will now have to replace all customer cards that have been generated with the master key, an operation the bank suspects it would cost it more than one billion rands (~$58 million).
Improper internal security procedures
“According to the report, it seems that corrupt employees have had access to the Host Master Key (HMK) or lower level keys,” the security researcher behind Bank Security, a Twitter account dedicated to banking fraud, told ZDNet today in an interview.
Tomi Engdahl says:
Chinese researchers have moved us a step closer to practical quantum cryptography using satellite links. Your move, hackers.
Quantum Satellite Links Extend More Than 1,000 Kilometers
https://spectrum.ieee.org/tech-talk/aerospace/satellites/entangled-satellite
A space-based, virtually unhackable quantum Internet may be one step closer to reality due to satellite experiments that linked ground stations more than 1,000 kilometers apart, a new study finds.
The maximum distance over which researchers have thus far generated quantum cryptography links between stations on Earth is roughly 144 kilometers.
Tomi Engdahl says:
‘Hey Siri, I’m getting pulled over’: iPhone feature will record police interaction, send location
https://www.fox29.com/news/hey-siri-im-getting-pulled-over-iphone-feature-will-record-police-interaction-send-location
LOS ANGELES – A feature exclusively available for Apple users called “Shortcuts,” which was launched in 2018, allows users to conduct tasks on their phones that would normally require multiple actions with a single voice command of the iPhone’s artificial intelligence capability, Siri.
Tomi Engdahl says:
T-Mobile experienced a ‘voice and data issue’ that caused widespread outages for customers around the US
https://www.businessinsider.com/verizon-sprint-att-t-mobile-service-down-some-areas-us-2020-6?r=US&IR=T
T-Mobile customers around the US were experiencing outages on Monday afternoon.
The service tracker Downdetector had 93,000 reports T-Mobile outages by 3 p.m. ET on Monday. Phone users also reported issues with their cell service on social media.
T-Mobile said at the time its engineers were “working to resolve a voice and data issue.” While issues were reported with other carriers, including AT&T and Verizon, both carriers said their service was operating normally.
Tomi Engdahl says:
Slovak police found wiretapping devices connected to the Govnet
government network
https://securityaffairs.co/wordpress/104567/intelligence/slovak-govnet-network-wiretapping-devices.html
Slovak police seized wiretapping devices connected to Govnet
government network and arrested four individuals, including the head
of a government agency.
Tomi Engdahl says:
Misconfigured Kubeflow workloads are a security risk
https://www.microsoft.com/security/blog/2020/06/10/misconfigured-kubeflow-workloads-are-a-security-risk/
In this blog, we’ll reveal a new campaign that was observed recently
by ASC that targets Kubeflow, a machine learning toolkit for
Kubernetes. We observed that this attack effected on tens of
Kubernetes clusters. Kubeflow has grown and become a popular framework
for running machine learning tasks in Kubernetes. Nodes that are used
for ML tasks are often relatively powerful, and in some cases include
GPUs. This fact makes Kubernetes clusters that are used for ML tasks a
perfect target for crypto mining campaigns, which was the aim of this
attack.
Tomi Engdahl says:
Protocol Vulnerability Threatens Mobile Networks
https://www.darkreading.com/vulnerabilities—threats/protocol-vulnerability-threatens-mobile-networks/d/d-id/1338068
A protocol that allows millions of customers to use their mobile
phones for data applications can also allow criminals to launch
denial-of-service (DoS), user impersonation, and fraud cyberattacks.
And according to a new report, the protocol, GTP, is as much a
vulnerability for certain 5G networks as it is for 2G, 3G, and 4G
cellular infrastructures. PDF Report:
https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf
Tomi Engdahl says:
Which hacker group is attacking your corporate network? Don’t guess,
check!
https://www.kaspersky.com/blog/kaspersky-threat-attribution-engine/35852/
We have released a new solution that provides businesses with code
similarity analysis and gives technical evidence for APT attribution.
Tomi Engdahl says:
Cisco discloses technical details for Firefox code execution flaw
https://securityaffairs.co/wordpress/104595/hacking/cisco-firefox-code-execution.html
Cisco Talos experts released technical details on a recently addressed
vulnerability in Firefox that could be exploited for code execution.
also:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1053.
(CVE-2020-12405, 2020-06-02 – Vendor Patched)
Tomi Engdahl says:
Hackers are quick to notice exposed Elasticsearch servers
https://www.bleepingcomputer.com/news/security/hackers-are-quick-to-notice-exposed-elasticsearch-servers/
Bad guys find unprotected Elasticsearch servers exposed on the web
faster than search engines can index them. A study found that threat
actors are mainly going for cryptocurrency mining and credential
theft. For the duration of the experiment, a honeypot with a fake
database recorded more than 150 unauthorized requests, the first one
occurring less than 12 hours since being exposed.
Tomi Engdahl says:
Russia says Germany has not provided any evidence of Bundestag hack
https://www.zdnet.com/article/russia-says-germany-has-not-provided-any-evidence-of-bundestag-hack/
Russian officials said this week that German authorities have failed
to produce the evidence that Russian military hackers breached the
German Parliament in 2015.
Tomi Engdahl says:
U.S. lawmakers ask Zoom to clarify China ties after it suspends
accounts
https://www.reuters.com/article/us-zoom-video-commn-privacy/u-s-lawmakers-ask-zoom-to-clarify-china-ties-after-it-suspends-accounts-idUSKBN23I3GP
The California-based firm has come under heavy scrutiny after three
U.S. and Hong Kong-based activists said their accounts had been
suspended and meetings disrupted after they tried to hold events
related to the anniversary of China’s Tiananmen Square crackdown.
Tomi Engdahl says:
Yrityksen verkkoon kytketty älykello voi aiheuttaa riskin Etätyön
räjähdysmäinen kasvu herätti yritykset pohtimaan tietoturvaa
https://studio.kauppalehti.fi/studiovieras/fortinet-yrityksen-verkkoon-kytketty-alykello-voi-aiheuttaa-riskin-etatyon-rajahdysmainen-kasvu-heratti-yritykset-pohtimaan-tietoturvaa
Kotikonttorilla tietoturva ei ole samalla tasolla kuin työpaikalla, ja
poikkeusolojen keskellä ihmiset ovat myös alttiimpia sosiaalisen
hakkeroinnin johdatteluille. “Teknologian lisäksi ihmisten
kouluttaminen hyviin tietoturvakäytäntöihin on nyt kriittistä”,
muistuttaa Fortinetin vanhempi tietoturva-asiantuntija Timo Lohenoja.
Tomi Engdahl says:
Fraudster gets maximum jail time for news site DDoS extortion
https://www.bleepingcomputer.com/news/security/fraudster-gets-maximum-jail-time-for-news-site-ddos-extortion/
Iranian-born U.S. citizen Andrew Rakhshan, previously convicted in
Canada for fraud, was sentenced to the maximum sentence of five years
and ordered to pay over $500, 000 after being found guilty of
launching several distributed denial of service (DDoS) attacks against
news websites.
Tomi Engdahl says:
Lamphone attack lets threat actors recover conversations from your
light bulb
https://www.zdnet.com/article/lamphone-attack-lets-threat-actors-recover-conversations-from-your-light-bulb/
Academics record light variations in a light bulb to recover the sound
waves (speech, conversations, songs) from a room 25 meters (80 feet)
away. The technique, which they named Lamphone, revolves around the
principle that objects vibrate when soundwave hits their surface. When
this happens in a light bulb, academics say the vibrations also create
small flickers in light emissions. They say that by using powerful
sensors, they can record the light variations and reverse-engineer the
sound waves that hit the light bulb’s surface.
Tomi Engdahl says:
Black Kingdom ransomware hacks networks with Pulse VPN flaws
https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/
Operators of Black Kingdom ransomware are targeting enterprises with
unpatched Pulse Secure VPN software or initial access on the network,
security researchers have found.
Tomi Engdahl says:
Privnotes.com Is Phishing Bitcoin from Users of Private Messaging
Service Privnote.com
https://krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/
For the past year, a site called Privnotes.com has been impersonating
Privnote.com, a legitimate, free service that offers private,
encrypted messages which self-destruct automatically after they are
read. Until recently, I couldn’t quite work out what Privnotes was up
to, but today it became crystal clear: Any messages containing bitcoin
addresses will be automatically altered to include a different bitcoin
address, as long as the Internet addresses of the sender and receiver
of the message are not the same.
Tomi Engdahl says:
Fake govt-issued COVID-19 contact tracing apps spread spyware
https://www.hackread.com/fake-govt-covid-19-contact-tracing-apps-spread-spyware/
IT security researchers at Anomali have discovered yet another scam in
which attackers are using fake COVID-19 contact tracing apps to infect
Android devices.
Tomi Engdahl says:
Extortionists threaten to destroy sites in fake ransom attacks
https://www.bleepingcomputer.com/news/security/extortionists-threaten-to-destroy-sites-in-fake-ransom-attacks/
Scammers are targeting website owners with blackmail messages asking
them to pay ransoms between $1, 500 and $3, 000 in bitcoins to avoid
having their sites’ databases leaked and their reputation destroyed.
As the fraudsters falsely claim, they exfiltrate the databases to
attacker-controlled servers using credentials harvested after
exploiting a vulnerability found within the sites’ software.
Tomi Engdahl says:
AWS Hit With a Record 2.3 Tbps DDoS Attack
https://www.cbronline.com/news/record-ddos-attack-aws
AWS says it was hit with a record DDoS attack of 2.3 Tbps earlier this
year, with the (unsuccessful) attempt to knock cloud services offline
continuing for three days in February. To put the scale of the attempt
in context, it is nearly double the 1.3 Tbps attack that blasted
GitHub in 2018, or the circa 1 Tbps Mirai botnet DDoS that famously
knocked Dyn offline in 2016.
Tomi Engdahl says:
Complexity and size of DDoS attacks have increased
https://www.helpnetsecurity.com/2020/06/15/2019-ddos-attacks/
The complexity and size of DDoS attacks in 2019 has increased
significantly compared to 2018. A report published by NaWas by NBIP
concludes that despite the number of attacks has decreased slightly
over 2019, their complexity and size has increased significantly.
Tomi Engdahl says:
Intel adds CPU-level malware protection to Tiger Lake processors
https://www.bleepingcomputer.com/news/security/intel-adds-cpu-level-malware-protection-to-tiger-lake-processors/
Intel today announced a new CPU-level security capability known as
Control-Flow Enforcement Technology (Intel CET) that offers protection
against malware using control-flow hijacking attack methods on devices
with Intel’s future Tiger Lake mobile processors. “Intel CET is
designed to protect against the misuse of legitimate code through
control-flow hijacking attackswidely used techniques in large classes
of malware, ” Intel VP & GM of Client Security Strategy and
Initiatives Tom Garrison said.
Tomi Engdahl says:
South African bank to replace 12m cards after employees stole master
key
https://www.zdnet.com/article/south-african-bank-to-replace-12m-cards-after-employees-stole-master-key/
Postbank, the banking division of South Africa’s Post Office, has lost
more than $3.2 million from fraudulent transactions and will now have
to replace more than 12 million cards for its customers after
employees printed and then stole its master key.
Tomi Engdahl says:
T-Mobile confirms nationwide outage impacting millions of customers
https://abc13.com/tmobile-outage-is-out-t-mobile-down/6248980/
T-Mobile customers are dealing with a nationwide outage of its voice
and data network. The phone carrier’s president of technology, Neville
Ray, confirmed the outage Monday afternoon. “Our engineers are working
to resolve a voice and data issue that has been affecting customers
around the country. We’re sorry for the inconvenience and hope to have
this fixed shortly, ” Ray tweeted. The outage has not only impacted
the company’s more than 86 million customers. It has also impacted
contact with emergency services. also:
https://www.reuters.com/article/us-t-mobile-us-regulator/fcc-chair-calls-t-mobile-u-s-network-outage-unacceptable-vows-probe-idUSKBN23N0CP.
also:
https://www.t-mobile.com/news/update-for-customers-on-network-issues.
also:
https://www.bleepingcomputer.com/news/security/t-mobile-outage-caused-by-configuration-error-not-a-ddos-attack/
Tomi Engdahl says:
SMBleedingGhost Writeup Part II: Unauthenticated Memory Read Preparing
the Ground for an RCE
https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-part-ii-unauthenticated-memory-read-preparing-the-ground-for-an-rce/
In the previous blog post we mentioned that although the Microsoft
Security Advisory describes the bug as a Remote Code Execution (RCE)
vulnerability, there is no public POC that demonstrates RCE through
this bug. This was true until chompie1337 released the first public
RCE POC, based on the writeup of Ricerca Security. Our POC uses a
different method, and doesn’t involve physical memory access. Instead,
we use the SMBleed (CVE-2020-1206) bug to help with the exploitation.
Tomi Engdahl says:
Amnesty calls out countries with ‘most dangerous’ contact tracing apps
https://www.zdnet.com/article/amnesty-calls-out-countries-with-most-dangerous-contact-tracing-apps/
Norway, Bahrain, and Kuwait have been singled out for having “the most
invasive” COVID-19 contact tracing apps in an Amnesty International
study that assessed apps from Europe, Middle East, and North Africa,
but does not include those from Asia or the US.
Tomi Engdahl says:
Nyt napsahti ikävästi suomalaistenkin suosima ruokalähettipalvelu
korkattiin, yli 700 000 asiakkaan koti tiedetään nyt sentilleen
https://www.tivi.fi/uutiset/tv/93890368-cde5-4140-b2c7-da53d70f82c0
Data Breach Today sanoo, että hakkerit ovat korkanneet
ruokalähettipalvelu Foodoran. Rosvot saivat saaliikseen 727 000
käyttäjän yksityistietoja kaikkiaan 14 maasta. Korjattu 13:00 -
Jutussa sanottiin aiemmin hakkerien vieneen asiakasdataa
Liechtensteinistä. Uskomme tämän olleen Data Breach Todayn virhe, joka
päätyi meille asti: alkuperäisjutun mukana olleen kuvan mukaan ko.
tietokanta ei ole LI eli Liechtenstein vaan FI eli Suomi.. lue myös:
https://www.iltalehti.fi/ulkomaat/a/791959a7-f099-4338-8e1f-ec1ca157aa52.
lue myös: https://yle.fi/uutiset/3-11405147