Cyber security news June 2020

This posting is here to collect cyber security news in June 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

cybergedeon_flame_color

204 Comments

  1. Tomi Engdahl says:

    Ethernet Vulnerabilities in Safety Instrumented Systems (SIS): A Key
    Difference
    https://www.dragos.com/blog/industry-news/ethernet-vulnerabilities-in-safety-instrumented-systems-sis-a-key-difference/
    Dragos reported issues to Schneider Electric concerning security
    defects in the Triconex Safety Instrumented System (SIS) network
    communication module. These modules, sold under the name Tricon
    Communication Module (TCM), are used to connect the SIS to Ethernet
    networks. The defects can be used to deny service to the SIS or to
    pre-stage future logic attacks.

    Reply
  2. Tomi Engdahl says:

    Windows 10 Cumulative Updates KB4557957 & KB4560960 Released
    https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4557957-and-kb4560960-released/
    The June 2020 Patch Tuesday updates are now rolling out and you can
    download and install the latest security fixes on supported versions
    of Windows 10.. see also
    https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2020-patch-tuesday-largest-ever-with-129-fixes/

    Reply
  3. Tomi Engdahl says:

    Dan Goodin / Ars Technica:
    New Intel chip flaws disclosed: one can leak secure enclave data and the second allows cross core info

    leakage; both have patches that partially fix the issues
    Plundering of crypto keys from ultrasecure SGX sends Intel scrambling again
    Intel’s speculative execution flaws go deeper and are harder to fix than we thought.
    https://arstechnica.com/information-technology/2020/06/new-exploits-plunder-crypto-keys-and-more-from-

    intels-ultrasecure-sgx/

    For the past two years, modern CPUs—particularly those made by Intel—have been under siege by an unending series of attacks that make it possible for highly skilled attackers to pluck passwords, encryption keys, and other secrets out of silicon-resident memory. On Tuesday, two separate academic teams disclosed two new and distinctive exploits that pierce Intel’s Software Guard eXtension, by far the most sensitive region of the company’s processors.

    Reply
  4. Tomi Engdahl says:

    GnuTLS patches huge security hole that hung around for two years – worse than Heartbleed, says Google cryptoboffin
    Maybe it’s time to get it gone
    https://www.theregister.com/2020/06/10/gnutls_patches_security_hole/

    GnuTLS, a widely used open source library implementing Transport Layer Security, last week fixed a bug that had been hiding in the code for almost two years that made resumed TLS 1.3 sessions vulnerable to attack.

    The TLS handshake requires two round-trips between client and server to establish a secure connection. Session tickets provide a way to resume previously established connections with only one round-trip. But this convenience comes at a cost – it’s less secure, as described by Google cryptographer Filippo Valsorda.

    An attacker capable of exploiting this vulnerability could bypass authentication under TLS 1.3 and could recover previous conversations under TLS 1.2.

    The bug, introduced in GnuTLS 3.6.4 (Sep. 24, 2018), was fixed in GnuTLS 3.6.14 (June 3, 2020).

    Reply
  5. Tomi Engdahl says:

    Kana Inagaki / Financial Times:
    Honda says a cyberattack on its network forced it to suspend global production and give many staffers a day off; some vehicle factories remain closed — Japanese manufacturer forced to suspend global operations for a day following disruption — Japanese carmaker Honda said on Tuesday …
    https://www.ft.com/content/da60f3da-9669-4d50-ac33-144adac28f4b

    Reply
  6. Tomi Engdahl says:

    Facebook Helped the FBI Hack a Child Predator
    https://www.vice.com/amp/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez?__twitter_impression=true

    Facebook paid a cybersecurity firm six figures to develop a zero-day in Tails to identify a man who extorted and threatened girls.

    Reply
  7. Tomi Engdahl says:

    Multiple US agencies have purchased this mysterious mobile eavesdropping device
    By Joel Khalili 8 hours ago

    Very little is known about the ‘Crossbow’ device
    https://global.techradar.com/en-za/news/multiple-us-agencies-have-purchased-this-mysterious-mobile-eavesdropping-device

    Multiple US federal agencies have obtained a mysterious new eavesdropping device thought to be designed to monitor 4G-enabled mobile phones.

    Very little is known about the ‘Crossbow’ device, other than it iterates on the Stingray ISMI-catchers manufactured by Harris, used to trace location data and listen in on phone calls.

    Procurement documents show the US Marshals placed an order with Harris for Crossbow devices worth $1.7 million, while the US Army and Navy made similar purchases worth circa $380,000.

    Mobile surveillance
    ISMI-catchers, or international mobile subscriber identity-catchers, are able to mimic the qualities of a cellphone tower and, by this mechanism, record the SIM card identity, eavesdrop on calls, access text messages and capture location data.

    The devices allow law enforcement agencies, including in the UK, to monitor the movement of known criminals without their knowledge.

    In targeting a specific individual, however, it is possible ISMI-catchers also intercept data relating to civilian users – and are also said to interfere with calls to emergency numbers.

    “The public, judges, and lawmakers cannot provide effective oversight without basic information about the capabilities of this new military-grade equipment,” said Alexia Ramirez, ACLU member.

    Reply
  8. Tomi Engdahl says:

    Snake Ransomware Delivers Double-Strike on Honda, Energy Co.
    https://threatpost.com/snake-ransomware-honda-energy/156462/
    The ICS/SCADA-focused malware is likely behind a duo of attacks this
    week, on Honda and a South American energy company, researchers said.

    Reply
  9. Tomi Engdahl says:

    Fake Black Lives Matter voting campaign spreads Trickbot malware
    https://www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/
    A phishing email campaign asking you to vote anonymously about Black
    Lives Matter is spreading the TrickBot information-stealing malware

    Reply
  10. Tomi Engdahl says:

    IBM Cloud global outage caused by “incorrect” BGP routing
    https://www.bleepingcomputer.com/news/technology/ibm-cloud-global-outage-caused-by-incorrect-bgp-routing/
    On June 9th, 2020, IBM Cloud data centers suffered a global outage
    that caused connectivity issues for many of the web sites and
    platforms utilizing the service, including BleepingComputer.

    Reply
  11. Tomi Engdahl says:

    Ransomware: Hackers took just three days to find this fake industrial
    network and fill it with malware
    https://www.zdnet.com/article/ransomware-hackers-took-just-three-days-to-find-this-fake-industrial-network-and-fill-it-with-malware/
    Industrial control networks are coming under attack from a range of
    ransomware attacks, security researchers have warned, after an
    experiment revealed the speed at which hackers are uncovering
    vulnerabilities in critical infrastructure.

    Reply
  12. Tomi Engdahl says:

    Expiring SSL certs expected to break smart TVs, fridges, and IoTs
    https://www.bleepingcomputer.com/news/security/expiring-ssl-certs-expected-to-break-smart-tvs-fridges-and-iots/
    On May 30th, select Roku streaming channels stopped working, leaving
    impacted customers clueless with no idea what was wrong.. The same day
    payment platforms Stripe and Spreedly experienced disruptions and
    blamed it on expiring Certificate Authority (CA) root certificates..
    We always knew SSL certificates came with an expiration date, but we
    didn’t plan for the fact it’d be happening this year!

    Reply
  13. Tomi Engdahl says:

    Expiring SSL certs expected to break smart TVs, fridges, and IoTs
    https://www.bleepingcomputer.com/news/security/expiring-ssl-certs-expected-to-break-smart-tvs-fridges-and-iots/
    On May 30th, select Roku streaming channels stopped working, leaving
    impacted customers clueless with no idea what was wrong.. The same day
    payment platforms Stripe and Spreedly experienced disruptions and
    blamed it on expiring Certificate Authority (CA) root certificates..
    We always knew SSL certificates came with an expiration date, but we
    didn’t plan for the fact it’d be happening this year!

    Protecting IoT devices and OT Networks from a Cyber Pandemic
    https://blog.checkpoint.com/2020/06/11/protecting-iot-devices-and-ot-networks-from-a-cyber-pandemic/

    Reply
  14. Tomi Engdahl says:

    Authorities Probe Radio, Website Disruptions During Protests
    https://www.securityweek.com/authorities-probe-radio-website-disruptions-during-protests

    Authorities are investigating interference with police radio communications, websites and networks used by law enforcement and other officials during recent U.S. protests over the death of George Floyd in Minneapolis.

    Although the efforts to disrupt police radios and take down websites in Minnesota, Illinois and Texas aren’t considered technically difficult hacks, federal intelligence officials warned that law enforcement should be ready for such tactics as protests continue.

    Authorities have not yet identified anyone responsible or provided details about how the disruptions were carried out. But officials were particularly concerned by interruptions to police radio frequencies during the last weekend of May as dispatchers tried to direct responses to large protests and unrest that overshadowed peaceful demonstrations.

    During protests in Dallas on May 31, someone gained access to the police department’s unencrypted radio frequency and disrupted officers’ communications by playing music over their radios, according to a June 1 intelligence assessment from the U.S. Department of Homeland Security.

    Reply
  15. Tomi Engdahl says:

    Honda Shuts Down Factories After Cyberattack
    Welcome to a new era of ransomware warfare.
    https://www.popularmechanics.com/technology/security/a32825656/honda-cybersecurity-attack/?utm_campaign=socialflowFBPOP&utm_medium=social-media&utm_source=facebook

    On June 9, Honda was hit with a cyberattack that put some manufacturing systems offline.
    No customer data was subject to the breach, the automaker tells Popular Mechanics.
    Security researchers believe this was a ransomware attack, wherein adversaries request digital payment to restore access to a network.

    Honda manufacturing plants in Ohio and Turkey went offline on Tuesday, June 9 after a cyberattack compromised some of the Japanese automaker’s facilities. While cybersecurity researchers say a ransomware attack is most likely to blame, it’s unclear whether the attack targeted information technology systems or industrial control systems themselves.

    “Honda has experienced a cyberattack that has affected production operations at some U.S. plants,”

    “When the malware executes, it will try to resolve to a hardcoded hostname (mds.honda.com). If, and only if it does, will the file encryption begin,” the researchers say.

    Ekans has only been around since about December 2019, Dragos says, but it points to a brazen leap from IT systems to industrial control systems. That makes the possible fallout from such cyberattacks physical in nature, and potentially dangerous.

    Reply
  16. Tomi Engdahl says:

    How to use ‘dot’ glitch to skip paywalls and watch YouTube without ads
    https://www.cultofmac.com/713895/watch-youtube-without-ads-bypass-firewalls/

    Adding a single character to a URL can let you bypass some websites’ metered paywalls and watch YouTube videos without having to endure those annoying ads.

    The simple hack — typing a “dot” immediately after the “.com” in a site’s URL — doesn’t work on every single website out there. But it does give you an advertisement-free pass to many of them.

    It appears to work without fail on YouTube. And it seems pretty effective at eliminating those “you’ve read all your free articles for the month” warnings that some websites serve up in a bid to push subscriptions.

    Workarounds like this come and go, as websites adapt to the latest developments. Ad-fueled websites and services constantly play a cat-and-mouse game with ad blockers and similar technologies.

    Reply
  17. Tomi Engdahl says:

    T-Mobile, Fortnite, Instagram, Comcast, And Chase Bank Have All Experienced Outages. Some Believe The U.S. Has Been Hit By Large-Scale DDoS Attack—Others Are Skeptical.
    https://www.forbes.com/sites/jessedamiani/2020/06/15/t-mobile-fortnite-instagram-comcast-and-chase-bank-have-all-experienced-outages-some-believe-the-us-has-been-hit-by-large-scale-ddos-attack-others-are-skeptical/

    On June 15, a flurry of reports on a number of different services in the U.S. have indicated that the country may be experiencing a coordinated DDoS, or “distributed denial of service” attack. These attacks are malicious attempts to disrupt or shut down targeted servers by overwhelming them with traffic from multiple sources.

    According to outage aggregator Downdetector, users reported outages in major mobile carriers (T-Mobile, Metro, Verizon, AT&T, Sprint, Consumer Cellular, US Cellular), Internet providers (Spectrum, Comcast, CenturyLink, Cox), social media platforms (Facebook, Instagram, Twitter, Snapchat, Twitter), games and game services (Fortnite, Roblox, Call of Duty, Steam, Xbox Live, Playstation Network), streaming services (Netflix, Hulu, HBO Now, Twitch), banks (Chase Bank, Bank of America), delivery services (Doordash), and other major platforms like Google and Zoom.

    Reply
  18. Tomi Engdahl says:

    No, There Wasn’t a Major DDoS Cyberattack on the U.S.—Despite ‘Anonymous’ Claims, Experts Say
    https://www.newsweek.com/cyberattack-ddos-anonymous-hacking-group-t-mobile-outage-websites-offline-explained-1511082

    Security experts say there is no evidence the U.S. was hit by a major DDoS cyberattack this week—despite rampant social media speculation.

    Yesterday, rumors circulated on Twitter after telecom operators, games, social networks, banks and other apps suffered unexplained outages. Those affected appeared to include T-Mobile, Fortnite, Instagram, AT&T, Twitch and Facebook Messenger.

    hacktivist group Anonymous said the U.S. was “under a major DDoS attack” and shared a link to a Digital Attack Map that is designed to illustrate the scope of global DDoS threats.

    there did not appear to be a coordinated attack on the U.S. by any foreign nation. Instead, outages were traced to T-Mobile.

    According to Prince, T-Mobile was making network changes today but they “went badly,” causing a “series of cascading failures” for users’ voice and data networks.

    Cyber researcher Brian Krebs commented on Twitter: “I have found no indication these outages are DDoS related. Rather, there may be Sprint/T-Mobile issues related to a wonky update in the systems from the Sprint side to help merge with T-Mobile.”

    T-Mobile completed its merger with telecom Sprint in April.

    Reply
  19. Tomi Engdahl says:

    South African bank to replace 12m cards after employees stole master key
    https://www.zdnet.com/google-amp/article/south-african-bank-to-replace-12m-cards-after-employees-stole-master-key/?__twitter_impression=true

    Postbank says employees printed its master key at one of its data centers and then used it to steal $3.2 million.

    Postbank, the banking division of South Africa’s Post Office, has lost more than $3.2 million from fraudulent transactions and will now have to replace more than 12 million cards for its customers after employees printed and then stole its master key.

    The master key is a 36-digit code (encryption key) that allows its holder to decrypt the bank’s operations and even access and modify banking systems. It is also used to generate keys for customer cards.

    The internal report said that between March and December 2019, the rogue employees used the master key to access accounts and make more than 25,000 fraudulent transactions, stealing more than $3.2 million (56 million rand) from customer balances.

    Following the discovery of the breach, Postbank will now have to replace all customer cards that have been generated with the master key, an operation the bank suspects it would cost it more than one billion rands (~$58 million).

    Improper internal security procedures
    “According to the report, it seems that corrupt employees have had access to the Host Master Key (HMK) or lower level keys,” the security researcher behind Bank Security, a Twitter account dedicated to banking fraud, told ZDNet today in an interview.

    Reply
  20. Tomi Engdahl says:

    Chinese researchers have moved us a step closer to practical quantum cryptography using satellite links. Your move, hackers.

    Quantum Satellite Links Extend More Than 1,000 Kilometers
    https://spectrum.ieee.org/tech-talk/aerospace/satellites/entangled-satellite

    A space-based, virtually unhackable quantum Internet may be one step closer to reality due to satellite experiments that linked ground stations more than 1,000 kilometers apart, a new study finds.

    The maximum distance over which researchers have thus far generated quantum cryptography links between stations on Earth is roughly 144 kilometers.

    Reply
  21. Tomi Engdahl says:

    ‘Hey Siri, I’m getting pulled over’: iPhone feature will record police interaction, send location
    https://www.fox29.com/news/hey-siri-im-getting-pulled-over-iphone-feature-will-record-police-interaction-send-location

    LOS ANGELES – A feature exclusively available for Apple users called “Shortcuts,” which was launched in 2018, allows users to conduct tasks on their phones that would normally require multiple actions with a single voice command of the iPhone’s artificial intelligence capability, Siri. 

    Reply
  22. Tomi Engdahl says:

    T-Mobile experienced a ‘voice and data issue’ that caused widespread outages for customers around the US
    https://www.businessinsider.com/verizon-sprint-att-t-mobile-service-down-some-areas-us-2020-6?r=US&IR=T

    T-Mobile customers around the US were experiencing outages on Monday afternoon.
    The service tracker Downdetector had 93,000 reports T-Mobile outages by 3 p.m. ET on Monday. Phone users also reported issues with their cell service on social media.
    T-Mobile said at the time its engineers were “working to resolve a voice and data issue.” While issues were reported with other carriers, including AT&T and Verizon, both carriers said their service was operating normally.

    Reply
  23. Tomi Engdahl says:

    Slovak police found wiretapping devices connected to the Govnet
    government network
    https://securityaffairs.co/wordpress/104567/intelligence/slovak-govnet-network-wiretapping-devices.html
    Slovak police seized wiretapping devices connected to Govnet
    government network and arrested four individuals, including the head
    of a government agency.

    Reply
  24. Tomi Engdahl says:

    Misconfigured Kubeflow workloads are a security risk
    https://www.microsoft.com/security/blog/2020/06/10/misconfigured-kubeflow-workloads-are-a-security-risk/
    In this blog, we’ll reveal a new campaign that was observed recently
    by ASC that targets Kubeflow, a machine learning toolkit for
    Kubernetes. We observed that this attack effected on tens of
    Kubernetes clusters. Kubeflow has grown and become a popular framework
    for running machine learning tasks in Kubernetes. Nodes that are used
    for ML tasks are often relatively powerful, and in some cases include
    GPUs. This fact makes Kubernetes clusters that are used for ML tasks a
    perfect target for crypto mining campaigns, which was the aim of this
    attack.

    Reply
  25. Tomi Engdahl says:

    Protocol Vulnerability Threatens Mobile Networks
    https://www.darkreading.com/vulnerabilities—threats/protocol-vulnerability-threatens-mobile-networks/d/d-id/1338068
    A protocol that allows millions of customers to use their mobile
    phones for data applications can also allow criminals to launch
    denial-of-service (DoS), user impersonation, and fraud cyberattacks.
    And according to a new report, the protocol, GTP, is as much a
    vulnerability for certain 5G networks as it is for 2G, 3G, and 4G
    cellular infrastructures. PDF Report:
    https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf

    Reply
  26. Tomi Engdahl says:

    Which hacker group is attacking your corporate network? Don’t guess,
    check!
    https://www.kaspersky.com/blog/kaspersky-threat-attribution-engine/35852/
    We have released a new solution that provides businesses with code
    similarity analysis and gives technical evidence for APT attribution.

    Reply
  27. Tomi Engdahl says:

    Cisco discloses technical details for Firefox code execution flaw
    https://securityaffairs.co/wordpress/104595/hacking/cisco-firefox-code-execution.html
    Cisco Talos experts released technical details on a recently addressed
    vulnerability in Firefox that could be exploited for code execution.
    also:
    https://talosintelligence.com/vulnerability_reports/TALOS-2020-1053.
    (CVE-2020-12405, 2020-06-02 – Vendor Patched)

    Reply
  28. Tomi Engdahl says:

    Hackers are quick to notice exposed Elasticsearch servers
    https://www.bleepingcomputer.com/news/security/hackers-are-quick-to-notice-exposed-elasticsearch-servers/
    Bad guys find unprotected Elasticsearch servers exposed on the web
    faster than search engines can index them. A study found that threat
    actors are mainly going for cryptocurrency mining and credential
    theft. For the duration of the experiment, a honeypot with a fake
    database recorded more than 150 unauthorized requests, the first one
    occurring less than 12 hours since being exposed.

    Reply
  29. Tomi Engdahl says:

    Russia says Germany has not provided any evidence of Bundestag hack
    https://www.zdnet.com/article/russia-says-germany-has-not-provided-any-evidence-of-bundestag-hack/
    Russian officials said this week that German authorities have failed
    to produce the evidence that Russian military hackers breached the
    German Parliament in 2015.

    Reply
  30. Tomi Engdahl says:

    U.S. lawmakers ask Zoom to clarify China ties after it suspends
    accounts
    https://www.reuters.com/article/us-zoom-video-commn-privacy/u-s-lawmakers-ask-zoom-to-clarify-china-ties-after-it-suspends-accounts-idUSKBN23I3GP
    The California-based firm has come under heavy scrutiny after three
    U.S. and Hong Kong-based activists said their accounts had been
    suspended and meetings disrupted after they tried to hold events
    related to the anniversary of China’s Tiananmen Square crackdown.

    Reply
  31. Tomi Engdahl says:

    Yrityksen verkkoon kytketty älykello voi aiheuttaa riskin Etätyön
    räjähdysmäinen kasvu herätti yritykset pohtimaan tietoturvaa
    https://studio.kauppalehti.fi/studiovieras/fortinet-yrityksen-verkkoon-kytketty-alykello-voi-aiheuttaa-riskin-etatyon-rajahdysmainen-kasvu-heratti-yritykset-pohtimaan-tietoturvaa
    Kotikonttorilla tietoturva ei ole samalla tasolla kuin työpaikalla, ja
    poikkeusolojen keskellä ihmiset ovat myös alttiimpia sosiaalisen
    hakkeroinnin johdatteluille. “Teknologian lisäksi ihmisten
    kouluttaminen hyviin tietoturvakäytäntöihin on nyt kriittistä”,
    muistuttaa Fortinetin vanhempi tietoturva-asiantuntija Timo Lohenoja.

    Reply
  32. Tomi Engdahl says:

    Fraudster gets maximum jail time for news site DDoS extortion
    https://www.bleepingcomputer.com/news/security/fraudster-gets-maximum-jail-time-for-news-site-ddos-extortion/
    Iranian-born U.S. citizen Andrew Rakhshan, previously convicted in
    Canada for fraud, was sentenced to the maximum sentence of five years
    and ordered to pay over $500, 000 after being found guilty of
    launching several distributed denial of service (DDoS) attacks against
    news websites.

    Reply
  33. Tomi Engdahl says:

    Lamphone attack lets threat actors recover conversations from your
    light bulb
    https://www.zdnet.com/article/lamphone-attack-lets-threat-actors-recover-conversations-from-your-light-bulb/
    Academics record light variations in a light bulb to recover the sound
    waves (speech, conversations, songs) from a room 25 meters (80 feet)
    away. The technique, which they named Lamphone, revolves around the
    principle that objects vibrate when soundwave hits their surface. When
    this happens in a light bulb, academics say the vibrations also create
    small flickers in light emissions. They say that by using powerful
    sensors, they can record the light variations and reverse-engineer the
    sound waves that hit the light bulb’s surface.

    Reply
  34. Tomi Engdahl says:

    Black Kingdom ransomware hacks networks with Pulse VPN flaws
    https://www.bleepingcomputer.com/news/security/black-kingdom-ransomware-hacks-networks-with-pulse-vpn-flaws/
    Operators of Black Kingdom ransomware are targeting enterprises with
    unpatched Pulse Secure VPN software or initial access on the network,
    security researchers have found.

    Reply
  35. Tomi Engdahl says:

    Privnotes.com Is Phishing Bitcoin from Users of Private Messaging
    Service Privnote.com
    https://krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/
    For the past year, a site called Privnotes.com has been impersonating
    Privnote.com, a legitimate, free service that offers private,
    encrypted messages which self-destruct automatically after they are
    read. Until recently, I couldn’t quite work out what Privnotes was up
    to, but today it became crystal clear: Any messages containing bitcoin
    addresses will be automatically altered to include a different bitcoin
    address, as long as the Internet addresses of the sender and receiver
    of the message are not the same.

    Reply
  36. Tomi Engdahl says:

    Fake govt-issued COVID-19 contact tracing apps spread spyware
    https://www.hackread.com/fake-govt-covid-19-contact-tracing-apps-spread-spyware/
    IT security researchers at Anomali have discovered yet another scam in
    which attackers are using fake COVID-19 contact tracing apps to infect
    Android devices.

    Reply
  37. Tomi Engdahl says:

    Extortionists threaten to destroy sites in fake ransom attacks
    https://www.bleepingcomputer.com/news/security/extortionists-threaten-to-destroy-sites-in-fake-ransom-attacks/
    Scammers are targeting website owners with blackmail messages asking
    them to pay ransoms between $1, 500 and $3, 000 in bitcoins to avoid
    having their sites’ databases leaked and their reputation destroyed.
    As the fraudsters falsely claim, they exfiltrate the databases to
    attacker-controlled servers using credentials harvested after
    exploiting a vulnerability found within the sites’ software.

    Reply
  38. Tomi Engdahl says:

    AWS Hit With a Record 2.3 Tbps DDoS Attack
    https://www.cbronline.com/news/record-ddos-attack-aws
    AWS says it was hit with a record DDoS attack of 2.3 Tbps earlier this
    year, with the (unsuccessful) attempt to knock cloud services offline
    continuing for three days in February. To put the scale of the attempt
    in context, it is nearly double the 1.3 Tbps attack that blasted
    GitHub in 2018, or the circa 1 Tbps Mirai botnet DDoS that famously
    knocked Dyn offline in 2016.

    Reply
  39. Tomi Engdahl says:

    Complexity and size of DDoS attacks have increased
    https://www.helpnetsecurity.com/2020/06/15/2019-ddos-attacks/
    The complexity and size of DDoS attacks in 2019 has increased
    significantly compared to 2018. A report published by NaWas by NBIP
    concludes that despite the number of attacks has decreased slightly
    over 2019, their complexity and size has increased significantly.

    Reply
  40. Tomi Engdahl says:

    Intel adds CPU-level malware protection to Tiger Lake processors
    https://www.bleepingcomputer.com/news/security/intel-adds-cpu-level-malware-protection-to-tiger-lake-processors/
    Intel today announced a new CPU-level security capability known as
    Control-Flow Enforcement Technology (Intel CET) that offers protection
    against malware using control-flow hijacking attack methods on devices
    with Intel’s future Tiger Lake mobile processors. “Intel CET is
    designed to protect against the misuse of legitimate code through
    control-flow hijacking attackswidely used techniques in large classes
    of malware, ” Intel VP & GM of Client Security Strategy and
    Initiatives Tom Garrison said.

    Reply
  41. Tomi Engdahl says:

    South African bank to replace 12m cards after employees stole master
    key
    https://www.zdnet.com/article/south-african-bank-to-replace-12m-cards-after-employees-stole-master-key/
    Postbank, the banking division of South Africa’s Post Office, has lost
    more than $3.2 million from fraudulent transactions and will now have
    to replace more than 12 million cards for its customers after
    employees printed and then stole its master key.

    Reply
  42. Tomi Engdahl says:

    T-Mobile confirms nationwide outage impacting millions of customers
    https://abc13.com/tmobile-outage-is-out-t-mobile-down/6248980/
    T-Mobile customers are dealing with a nationwide outage of its voice
    and data network. The phone carrier’s president of technology, Neville
    Ray, confirmed the outage Monday afternoon. “Our engineers are working
    to resolve a voice and data issue that has been affecting customers
    around the country. We’re sorry for the inconvenience and hope to have
    this fixed shortly, ” Ray tweeted. The outage has not only impacted
    the company’s more than 86 million customers. It has also impacted
    contact with emergency services. also:
    https://www.reuters.com/article/us-t-mobile-us-regulator/fcc-chair-calls-t-mobile-u-s-network-outage-unacceptable-vows-probe-idUSKBN23N0CP.
    also:
    https://www.t-mobile.com/news/update-for-customers-on-network-issues.
    also:
    https://www.bleepingcomputer.com/news/security/t-mobile-outage-caused-by-configuration-error-not-a-ddos-attack/

    Reply
  43. Tomi Engdahl says:

    SMBleedingGhost Writeup Part II: Unauthenticated Memory Read Preparing
    the Ground for an RCE
    https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-part-ii-unauthenticated-memory-read-preparing-the-ground-for-an-rce/
    In the previous blog post we mentioned that although the Microsoft
    Security Advisory describes the bug as a Remote Code Execution (RCE)
    vulnerability, there is no public POC that demonstrates RCE through
    this bug. This was true until chompie1337 released the first public
    RCE POC, based on the writeup of Ricerca Security. Our POC uses a
    different method, and doesn’t involve physical memory access. Instead,
    we use the SMBleed (CVE-2020-1206) bug to help with the exploitation.

    Reply
  44. Tomi Engdahl says:

    Amnesty calls out countries with ‘most dangerous’ contact tracing apps
    https://www.zdnet.com/article/amnesty-calls-out-countries-with-most-dangerous-contact-tracing-apps/
    Norway, Bahrain, and Kuwait have been singled out for having “the most
    invasive” COVID-19 contact tracing apps in an Amnesty International
    study that assessed apps from Europe, Middle East, and North Africa,
    but does not include those from Asia or the US.

    Reply
  45. Tomi Engdahl says:

    Nyt napsahti ikävästi suomalaistenkin suosima ruokalähettipalvelu
    korkattiin, yli 700 000 asiakkaan koti tiedetään nyt sentilleen
    https://www.tivi.fi/uutiset/tv/93890368-cde5-4140-b2c7-da53d70f82c0
    Data Breach Today sanoo, että hakkerit ovat korkanneet
    ruokalähettipalvelu Foodoran. Rosvot saivat saaliikseen 727 000
    käyttäjän yksityistietoja kaikkiaan 14 maasta. Korjattu 13:00 -
    Jutussa sanottiin aiemmin hakkerien vieneen asiakasdataa
    Liechtensteinistä. Uskomme tämän olleen Data Breach Todayn virhe, joka
    päätyi meille asti: alkuperäisjutun mukana olleen kuvan mukaan ko.
    tietokanta ei ole LI eli Liechtenstein vaan FI eli Suomi.. lue myös:
    https://www.iltalehti.fi/ulkomaat/a/791959a7-f099-4338-8e1f-ec1ca157aa52.
    lue myös: https://yle.fi/uutiset/3-11405147

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*