Cyber security news June 2020

This posting is here to collect cyber security news in June 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

cybergedeon_flame_color

204 Comments

  1. Tomi Engdahl says:

    Sextortion to The Next Level
    https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/
    The bad guys create fake accounts on dating websites pretending to be
    young women looking for new contacts and probably more. It’s clear
    that it does not take a while before being contacted by people looking
    for extramarital relations. They initiate contact and grab interesting
    information about the victim. In such a scenario, collected pieces of
    evidence are totally legit: name, mobile phone, location, sexual
    preferences, etc. Details are published on the forum, as well as
    conversations and pictures. To be “unlisted”, they have to register on
    the forum and pay some money to “help the project”.

    Reply
  2. Tomi Engdahl says:

    Super secretive Russian disinfo operation discovered dating back to
    2014
    https://www.zdnet.com/article/super-secretive-russian-disinfo-operation-discovered-dating-back-to-2014/
    Social media research group Graphika published today a 120-page report
    [PDF] unmasking a new Russian information operation of which very
    little has been known so far. Codenamed Secondary Infektion, the group
    is different from the Internet Research Agency (IRA), the Sankt
    Petersburg company (troll farm) that has interfered in the US 2016
    presidential election. Graphika says this new and separate group has
    been operating since 2014 and has been relying on fake news articles,
    fake leaks, and forged documents to generate political scandals in
    countries across Europe and North America. also:
    https://secondaryinfektion.org/. also:
    https://www.wired.com/story/russia-secondary-infektion-disinformation/

    Reply
  3. Tomi Engdahl says:

    New Java STRRAT ships with.crimson ransomware module
    https://www.gdatasoftware.com/blog/strrat-crimson
    This Java based malware installs RDPWrap, steals credentials, logs
    keystrokes and remote controls Windows systems. It may soon be capable
    to infect without Java installed.

    Reply
  4. Tomi Engdahl says:

    NY Attorney General warns Apple, Google to police COVID-19 tracing apps in their souks – or she will herself
    Worry about user privacy also results in Norway pulling its virus tracker
    https://www.theregister.com/2020/06/17/new_york_coronavirus_tracing/

    Reply
  5. Tomi Engdahl says:

    Tens of millions of Internet-of-Things, network-connected gizmos at risk of remote hijacking? Computer, engage shocked mode
    Collection of bugs, dubbed Ripple20, sink widely used TCP/IP stack
    https://www.theregister.com/2020/06/17/ripple_20_disclosure/

    A bunch of flaws in a commonly used TCP/IP software stack have put potentially tens of millions of Internet-of-Things devices, healthcare equipment, industrial control systems, and other network-connected gear at risk of remote attack, it is claimed.

    The vulnerabilities are dubbed Ripple20 – because hey, what’s a bug reveal without a marketing push these days? – and were found and reported by infosec outfit JSOF. The team’s disclosure this week of the security holes lightly details 19 CVE-listed bugs in a TCP/IP stack developed by US outfit Treck for embedded systems.

    https://www.jsof-tech.com/ripple20/

    Reply
  6. Tomi Engdahl says:

    Amnesty Sounds Alarm Over Gulf, Norway Virus Apps
    https://www.securityweek.com/amnesty-sounds-alarm-over-gulf-norway-virus-apps

    Amnesty International warned Tuesday that contact-tracing technology developed to contain the novel coronavirus threatens users’ privacy, highlighting Bahraini, Kuwaiti and Norwegian apps as “among the most dangerous”.

    Many countries have turned to smartphones to trace people’s movements and track their contacts, allowing officials to monitor coronavirus infections and spot new outbreaks.

    But detailed technical analysis of 11 such apps around the world showed that Bahrain, Kuwait and Norway’s offerings were “carrying out live or near-live tracking of users’ locations”, the rights group said.

    Bahraini and Kuwaiti officials told AFP Tuesday that the apps were for the “sole” purpose of combatting the spread of the COVID-19 disease.

    Reply
  7. Tomi Engdahl says:

    Palo Alto Networks Unveils New Firewalls, IoT Security Solution
    https://www.securityweek.com/palo-alto-networks-unveils-new-firewalls-iot-security-solution

    Palo Alto Networks on Wednesday unveiled a new firewall powered by machine learning, a firewall for Kubernetes, and an IoT security solution.

    Palo Alto Networks has announced a new next-generation firewall (NGFW) that uses machine learning (ML) to help organizations detect and block threats. These firewalls are powered by the latest version of the company’s firewall operating system, PAN-OS 10.0, which is expected to become available in mid-July.

    PAN-OS 10.0 also introduces CN-Series firewalls, which are specifically designed for Kubernetes container environments.

    “As the industry’s first NGFW built specifically for Kubernetes environments, CN-Series firewalls leverage deep container context to protect inbound, outbound and east-west traffic between container trust zones (i.e. between namespaces, or between PCI-infected apps and non-PCI apps), along with other components of enterprise IT environments,” explained Mukesh Gupta, VP of product management at Palo Alto Networks.

    The network security company also announced IoT Security, a new IoT security solution that is offered as a subscription to customers of the new ML-powered NGFW.

    Reply
  8. Tomi Engdahl says:

    Trump’s 2020 Reelection App Exposed Secrets, Keys
    https://www.securityweek.com/trumps-2020-reelection-app-exposed-secrets-keys

    An analysis of the “Official Trump 2020” application revealed that keys to various parts of the app were being exposed to attacks, Website Planet reports.

    The application, developed for President Donald Trump’s reelection campaign, is available for download on both Android and iOS devices.

    While investigating the app, Website Planet’s cybersecurity analysts Noam Rotem and Ran Locar discovered that the Android APK was exposing information such as Twitter application keys and secrets, Google apps and maps keys, and Branch.io (mobile analytics) keys.

    The exposed keys, the analysts reveal, provided them with access to various parts of the application, but not to user accounts. According to them, an attacker would need two other keys, which were not being exposed, “to access any user account, including, potentially, President Trump’s.”

    Reply
  9. Tomi Engdahl says:

    AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever
    The previous record for the largest DDoS attack ever recorded was of 1.7 Tbps, recorded in March 2018.
    https://www.zdnet.com/article/aws-said-it-mitigated-a-2-3-tbps-ddos-attack-the-largest-ever/

    Reply
  10. Tomi Engdahl says:

    Exclusive: Massive spying on users of Google’s Chrome shows new security weakness
    https://uk.reuters.com/article/uk-alphabet-google-chrome-exclusive-idUKKBN23P0JM

    A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions.

    Reply
  11. Tomi Engdahl says:

    China behind major cyber attack on Australian governments and businesses
    https://www.abc.net.au/news/2020-06-19/foreign-cyber-hack-targets-australian-government-and-business/12372470

    Federal Government agencies believe that China is the nation behind ongoing cyber attacks on Australian institutions, including hospitals and state-owned utilities, in recent months.

    Reply
  12. Tomi Engdahl says:

    Sapiens pays $250,000 in Bitcoin to hackers who took over its computers
    The Israel-based software company has not alerted the exchange authorities in the U.S. or Israel
    https://m.calcalistech.com/Article.aspx?guid=3833070

    Reply
  13. Tomi Engdahl says:

    NSA launches pilot program to secure defense contractors
    https://fcw.com/articles/2020/06/18/williams-nsa-dns-pilot.aspx?m=1

    The National Security Agency is testing a secure domain name system model to better secure companies in the defense industrial base, whose networks house critical weapons technology information.

    Anne Neuberger, the NSA’s cybersecurity director, announced the agency began a pilot program, Secure DNS, during Defense One’s Tech Summit June 18. The pilot, which has been ongoing for a little more than a month, can reduce malware attacks 92% on a given network, she said.

    Reply
  14. Tomi Engdahl says:

    Ransomware: Hackers took just three days to find this fake industrial network and fill it with malware
    Researchers set up a tempting honeypot to monitor how cyber criminals would exploit it. Then it came under attack.

    https://www.zdnet.com/article/ransomware-hackers-took-just-three-days-to-find-this-fake-industrial-network-and-fill-it-with-malware/

    Reply
  15. Tomi Engdahl says:

    The FBI used a Philly protester’s Etsy profile, LinkedIn, and other internet history to charge her with setting police cars ablaze
    https://www.inquirer.com/news/philly-protests-arrests-fbi-lore-elisabeth-blumenthal-george-floyd-20200617.html?scrolla=5eb6d68b7fedc32c19ef33b4

    As demonstrators shouted, fires burned outside City Hall, and Philadelphia convulsed with outrage over the death of George Floyd, television news helicopters captured footage of a masked woman with a peace sign tattoo and wearing a light blue T-shirt setting a police SUV ablaze.

    More than two weeks after that climactic May 30 moment, federal authorities say they’ve identified the arsonist as 33-year-old Philadelphia massage therapist Lore Elisabeth Blumenthal by following the intricate trail of bread crumbs she left through her social media history and online shopping patterns over the years.

    Reply
  16. Tomi Engdahl says:

    Security surprise: Four zero-days spotted in attacks on researchers’
    fake networks
    https://www.zdnet.com/article/security-four-zero-day-attacks-spotted-in-attacks-against-honeypot-systems/
    Four new zero-day attacks were discovered when hackers employed them
    against fake systems set up by researchers studying hacking attempts
    on industrial systems. Industrial control systems (ICS) are used to
    manage a vast range of critical devices, anything from chemical
    processing through to power generation or even building automation
    like fire-suppression systems.

    Reply
  17. Tomi Engdahl says:

    Advisory 2020-008: Copy-paste compromises – tactics, techniques and
    procedures used to target multiple Australian networks
    https://www.cyber.gov.au/threats/advisory-2020-008-copy-paste-compromises-tactics-techniques-and-procedures-used-target-multiple-australian-networks
    The Australian Government is currently aware of, and responding to, a
    sustained targeting of Australian governments and companies by a
    sophisticated state-based actor. The title Copy-paste compromises is
    derived from the actors heavy use of proof-of-concept exploit code,
    web shells and other tools copied almost identically from open
    source.. The actor has been identified leveraging a number of initial
    access vectors, with the most prevalent being the exploitation of
    public-facing infrastructure primarily through the use of remote code
    execution vulnerability in unpatched versions of Telerik UI.. Other
    vulnerabilities in public-facing infrastructure leveraged by the actor
    include exploitation of a deserialisation vulnerability in Microsoft
    Internet Information Services (IIS), a 2019 SharePoint vulnerability
    and the 2019 Citrix vulnerability.

    Australia cyber attacks: PM Morrison warns of ‘sophisticated’ state
    hack
    https://www.bbc.com/news/world-australia-46096768
    Australia’s government and institutions are being targeted by ongoing
    sophisticated state-based cyber hacks, Prime Minister Scott Morrison
    says.. Mr Morrison said the cyber attacks were widespread, covering
    “all levels of government” as well as essential services and
    businesses. He declined to identify a specific state actor and said no
    major personal data breaches had been made. The attacks have happened
    over many months and are increasing, he said.. Also:
    https://www.zdnet.com/article/prime-minister-says-australia-is-under-cyber-attack-from-state-based-actor/.
    https://www.theregister.com/2020/06/19/australia_state_cyberattack/.
    https://www.pm.gov.au/media/statement-malicious-cyber-activity-against-australian-networks.
    https://yle.fi/uutiset/3-11409999

    Reply
  18. Tomi Engdahl says:

    Hackers use fake Windows error logs to hide malicious payload
    https://www.bleepingcomputer.com/news/security/hackers-use-fake-windows-error-logs-to-hide-malicious-payload/
    Hackers have been using fake error logs to store ASCII characters
    disguised as hexadecimal values that decode to a malicious payload
    designed to prepare the ground for script-based attacks. The trick is
    part of a longer chain with intermediary PowerShell commands that
    ultimately delivers a script for reconnaissance purposes.

    Reply
  19. Tomi Engdahl says:

    Microsoft Defender ATP now detects Windows 10 UEFI malware
    https://www.bleepingcomputer.com/news/security/microsoft-defender-atp-now-detects-windows-10-uefi-malware/
    Microsoft has announced that its Microsoft Defender Advanced Threat
    Protection (ATP) enterprise endpoint security platform is now capable
    of detecting and protecting customers from Unified Extensible Firmware
    Interface (UEFI) malware with the help of a new UEFI scanner.

    Reply
  20. Tomi Engdahl says:

    Google Analytics as a data exfiltration channel
    https://www.kaspersky.com/blog/web-skimming-with-ga/35986/
    Web skimming, a fairly common method of getting cardholder data from
    visitors of online stores, is a time-honored cybercriminal practice.
    Recently, however, our experts discovered a rather dangerous
    innovation involving the use of Google Analytics to exfiltrate stolen
    data. Lets explore why this is dangerous and how to deal with it..
    More details on the attack mechanism and indicators of compromise:
    https://securelist.com/web-skimming-with-google-analytics/97414/.
    Also:
    https://www.bleepingcomputer.com/news/security/hackers-use-google-analytics-to-steal-credit-cards-bypass-csp/

    Reply
  21. Tomi Engdahl says:

    Encrypted Phone Network Says It’s Shutting Down After Police Hack
    https://www.vice.com/en_us/article/5dz9qx/encrochat-hacked-shutting-down-encrypted-phone
    Someone in control of an email address long associated with Encrochat,
    a company that sells custom encrypted phones often used by organized
    criminals, tells Motherboard the company is shutting down after a law
    enforcement hacking operation against its customers. The news comes as
    law enforcement agencies have arrested multiple criminal users of
    Encrochat across Europe in what appears to be a large scale,
    coordinated operation against the phone network and its users.

    Reply
  22. Tomi Engdahl says:

    Hijacking DLLs in Windows
    https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows
    DLL Hijacking is a popular technique for executing malicious payloads.
    This post lists nearly 300 executables vulnerable to relative path DLL
    Hijacking on Windows 10 (1909), and shows how with a few lines of
    VBScript some of the DLL hijacks can be executed with elevated
    privileges, bypassing UAC.

    Reply
  23. Tomi Engdahl says:

    Alfred Ng / CNET:
    Senate Republicans introduce bill calling for an end to “warrant-proof” encryption, citing apps like WhatsApp that use end-to-end encryption — The proposed legislation is Congress’ latest attempt to weaken encryption from tech giants. — A group of Senate Republicans are looking …

    Republicans push bill requiring tech companies to help access encrypted data
    https://www.cnet.com/news/republicans-push-bill-requiring-tech-companies-to-help-access-encrypted-data/

    The proposed legislation is Congress’ latest attempt to weaken encryption from tech giants.

    Reply
  24. Tomi Engdahl says:

    Red Hats kernel has a flaw in Authenticated Encryption with Associated Data
    > (AEAD), a form of encryption technique which
    > simultaneously assures the confidentiality and authenticity of data with
    > below details.
    >
    > A buffer over-read flaw was found in crypto_authenc_extractkeys in
    > crypto/authenc.c in the IPsec Cryptographic algorithm’s
    > module, authenc. When a payload is longer than 4 bytes, and is not
    > following 4-byte alignment boundary guidelines, it causes
    > a buffer over-read threat, leading to a system crash. This flaw allows a
    > local attacker with user privileges to cause a denial
    > of service.

    https://www.openwall.com/lists/oss-security/2020/06/23/2

    The fix on github https://github.com/torvalds/linux/commit/8f9c469348487844328e162db57112f7d347c49f

    Reply
  25. Tomi Engdahl says:

    Russell Brandom / The Verge:
    Open Technology Fund, the US digital speech advocate that funded Signal, faces turmoil after the abrupt firing of entire leadership team and resignation of CEO

    A new Trump appointee has put internet freedom projects in crisis mode
    https://www.theverge.com/2020/6/23/21300424/open-technology-fund-usagm-circumvention-tools-china-censorship-michael-pack?scrolla=5eb6d68b7fedc32c19ef33b4

    ‘There are so many countries and individuals who need this support right now,’ says former OTF president

    One of the US government’s strongest forces for internet freedom is in danger, and supporters are calling on the public for help. The Open Technology Fund (OTF), a small US organization devoted to protecting digital speech across the world, has helped support nearly all of the most prominent encryption projects at various points — including Signal, Tails, Qubes, and the Tor Project. But after the abrupt firing of the fund’s entire leadership team, current recipients say their contractually promised funding is now at risk.

    “Very concretely, this would mean that we wouldn’t be able to upgrade the app’s security architecture, putting our users at risk,” Raphael Mimoun, who operates the evidence-protection app Tella, told The Verge. “Without OTF support, it’s unclear how and where technologists and activists would meet, and whether the internet freedom community would even survive.”

    Reply
  26. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    Microsoft releases the first public preview of its Defender antivirus Android app, as Microsoft Defender ATP for Linux becomes generally available for all users — UPDATE: Microsoft Defender ATP for Linux has also exited public preview and is now generally available for all users.

    Microsoft releases first public preview of its Defender antivirus on Android
    https://www.zdnet.com/article/microsoft-releases-first-public-preview-of-its-defender-antivirus-on-android/

    UPDATE: Microsoft Defender ATP for Linux has also exited public preview and is now generally available for all users.

    Reply
  27. Tomi Engdahl says:

    Microsoft Chief Says EU ‘Most Influential’ on Tech Rules
    https://www.securityweek.com/microsoft-chief-says-eu-most-influential-tech-rules

    Microsoft president Brad Smith on Tuesday said Europe was the global leader on setting rules for big tech, two years after the EU implemented the GDPR, its landmark data privacy law.

    Smith spoke at an online debate with European Commission vice president Vera Jourova, the top EU official who was in charge of the data privacy rules when they became reality in 2018.

    Brussels introduced the General Data Protection Regulation (GDPR) to give people more control over data and their privacy settings.

    The rules also gave EU regulators the power to fine and punish internet actors — including Facebook, Google or Uber — who broke the rules on protecting personal data.

    “I do continue to see the trends from Brussels being the most influential in the world,” Smith said during the debate hosted by the Brussels-based CERRE think tank.

    “Even when you look at something like the Australian law last year … it was clearly influenced by a lot of thinking that had been taking place for a couple of years in Brussels,” he said.

    Reply
  28. Tomi Engdahl says:

    XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
    https://blog.trendmicro.com/trendlabs-security-intelligence/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers/
    We have recently detected variants of two existing Linux botnet
    malware types targeting exposed Docker servers; these are XORDDoS
    malware (detected by Trend Micro as Backdoor.Linux.XORDDOS.AE) and
    Kaiji DDoS malware (detected by Trend Micro as DDoS.Linux.KAIJI.A)..
    Having Docker servers as their target is a new development for both
    XORDDoS and Kaiji; XORDDoS was known for targeting Linux hosts on
    cloud systems, while recently discovered Kaiji was first reported to
    affect internet of things (IoT) devices.

    Reply
  29. Tomi Engdahl says:

    80,000 printers are exposing their IPP port online
    https://www.zdnet.com/article/80000-printers-are-exposing-their-ipp-port-online/
    For years, security researchers have warned that every device left
    exposed online without being protected by a firewall is an attack
    surface. Hackers can deploy exploits to forcibly take control over the
    device, or they can just connect to the exposed port if no
    authentication is required. Devices hacked this way are often enslaved
    in malware botnets, or they serve as initial footholds and backdoors
    into larger corporate networks (Russian hackers already use this
    technique). However, despite this being common knowledge among
    cyber-security and IT experts, we still have a large number of devices
    that are left exposed online unsecured.

    Reply
  30. Tomi Engdahl says:

    What did it take for stubborn IBM to fix flaws in its Data Risk
    Manager security software? Someone dropping zero-days
    https://www.theregister.com/2020/06/23/ibm_data_risk_manager/
    IBM is under fire for refusing to patch critical vulnerabilities in
    its Data Risk Manager product until exploit code was publicly
    disclosed. In what seems a shortsighted move, when a proactive
    approach may have been better, Big Blue turned down a privately
    disclosed report of flaws in its enterprise security software only to
    issue fixes after details of the holes emerged online.

    Reply
  31. Tomi Engdahl says:

    Firmware Flaw Allows Attackers to Evade Security on Some Home Routers
    https://www.darkreading.com/vulnerabilities—threats/firmware-flaw-allows-attackers-to-evade-security-on-some-home-routers/d/d-id/1338150
    Wired and wireless routers used by “millions” of home and
    small-business users are vulnerable to a firmware attack that can
    downgrade the devices to a less secure version that then allows the
    devices to be further compromised, cybersecurity firm NanoLock
    Security announced on Monday. While few details of the vulnerability
    have been released by the company, NanoLock claims that the issue
    affects devices sold by Japanese networking and storage firm Buffalo
    and its US subsidiary Buffalo Americas, as well as “many other similar
    routers.”

    Reply
  32. Tomi Engdahl says:

    Here’s a headline we never thought we’d write 20 years ago: Microsoft readies antivirus for Linux, Android
    Redmond knows a thing or two about tackling malware – amirite, Windows fans?!
    https://www.theregister.com/2020/06/23/microsoft_defender_atp_linux/
    Catalin Cimpanu / ZDNet:
    Microsoft releases the first public preview of its Defender antivirus Android app, as Microsoft Defender ATP for Linux becomes generally available for all users — UPDATE: Microsoft Defender ATP for Linux has also exited public preview and is now generally available for all users.
    Microsoft releases first public preview of its Defender antivirus on Android
    https://www.zdnet.com/article/microsoft-releases-first-public-preview-of-its-defender-antivirus-on-android/
    UPDATE: Microsoft Defender ATP for Linux has also exited public preview and is now generally available for all users.

    Reply
  33. Tomi Engdahl says:

    The Trump 2020 app is a voter surveillance tool of extraordinary power
    https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/

    Both presidential campaigns use apps to capture data, but Trump’s asks to scoop up your identity, your location, and control of your phone’s Bluetooth function.

    • The Trump campaign app uses data to sidestep online platforms
    • Biden’s app accesses phone contacts to build “relational organizing”
    • The Trump app’s inspiration appears to come from India’s Narendra Modi

    Ahead of President Trump’s rally in Tulsa, Oklahoma, his 2020 re-election campaign manager Brad Parscale tweeted about the event. “Just passed 800,000 tickets,” he wrote. “Biggest data haul and rally signup of all time by 10x. Saturday is going to be amazing!”

    Parscale’s numbers for the rally—originally scheduled for Juneteenth and still set to occur just miles from the site of one of American history’s deadliest acts of racial violence—have come in for criticism after only 6,200 people actually turned up, with sign-up numbers supposedly inflated by pranking teens and K-pop fans. But even on the surface, his claim was confusing: the venue holds only 19,000 people. So what was the campaign doing signing up so many people for tickets?

    The clue lies in Parscale’s use of the phrase “data haul.”

    Data collection and targeted online messaging were integral to the 2016 US presidential election, and they will be again in 2020. But there has been a shift. In the same way that candidates in the last cycle used Facebook to reach and persuade voters, ongoing research from our team at the propaganda research lab at UT Austin’s Center for Media Engagement suggests that 2020 will be defined by the use of bespoke campaign apps. Purpose-built applications distributed through the App Store and Google Play Store allow the Trump and Biden teams to speak directly to likely voters. They also allow them to collect massive amounts of user data without needing to rely on major social-media platforms or expose themselves to fact-checker oversight of particularly divisive or deceptive messaging.

    Trump 2020: A data-hungry channel for disproven claims
    The Official Trump 2020 app, which has been downloaded approximately 780,000 times according to the measurement service Apptopia, launched in mid-April.

    Data collection—as Parscale’s comment suggested—is perhaps the most powerful thing the Trump 2020 app does. On signing up, users are required to provide a phone number for a verification code, as well as their full name, email address, and zip code. They are also highly encouraged to share the app with their existing contacts. This is part of a campaign strategy for reaching the 40 to 50 million citizens expected to vote for Trump’s reelection: to put it bluntly, the campaign says it intends to collect every single one of these voters’ cell-phone numbers.

    The app has already received some criticism, not least from security researchers who found it had left information exposed that could allow hackers to access the user data. The response to this made the campaign’s priorities clear: they rapidly fixed the bug once it had been disclosed, but still maximized the data they themselves could collect.

    Team Joe: Your contacts are critical
    Team Joe, the app put together by Joe Biden’s campaign, has some surface similarities to the Trump app, but it is a very different proposition. It does some things that the Trump app does, including sending users notifications of upcoming campaign events or training sessions for digital activists. But where the Trump app has range of uses, from spreading tailored campaign messages to airing live streams of rallies, Team Joe is largely built for a single purpose: relational organizing. This concept is spelled out in the Team Joe Digital Tool Kit:

    “Relational organizing is when volunteers leverage their existing networks and relationships in support of our candidate, Joe Biden. Friend-to-friend contact is one of the most effective methods for having meaningful conversations about our campaign, and it is an efficient way to persuade and identify supporters

    Reply
  34. Tomi Engdahl says:

    Using Shell Links as zero-touch downloaders and to initiate network
    connections
    https://isc.sans.edu/forums/diary/Using+Shell+Links+as+zerotouch+downloaders+and+to+initiate+network+connections/26276/
    Probably anyone who has used any modern version of Windows is aware of
    their file-based shortcuts, also known as LNKs or Shell Link files.
    Although they were intended as a simple feature to make Windows a bit
    more user-friendly, over the years, a significant number[1] of
    vulnerabilities were identified in handling of LNKs. Many of these
    vulnerabilities lead to remote code execution and one (CVE-2010-2568)
    was even used in creation of the Stuxnet worm.

    Reply
  35. Tomi Engdahl says:

    New Bill Targeting Warrant-Proof Encryption Draws Ire
    https://threatpost.com/new-bill-targeting-warrant-proof-encryption-draws-ire/156877/
    The Lawful Access to Encrypted Data Act is being decried as an awful
    idea by security experts. Privacy advocates are decrying a new bill,
    which would force tech companies to unlock encrypted devices if
    ordered to do so by law enforcement with a court issued warrant. The
    Lawful Access to Encrypted Data Act was introduced on Tuesday by
    Senate Judiciary Committee Chairman Lindsey Graham (R-SC),

    Reply
  36. Tomi Engdahl says:

    Glupteba the malware that gets secret messages from the Bitcoin
    blockchain
    https://nakedsecurity.sophos.com/2020/06/24/glupteba-the-bot-that-gets-secret-messages-from-the-bitcoin-blockchain/
    Heres a SophosLabs technical paper that should tick all your jargon
    boxes!. Our experts have deconstructed a strain of malware called
    Glupteba that uses just about every cybercrime trick youve heard of,
    and probably several more besides. Like a lot of malware these days.
    Glupteba is whats known a zombie or bot (short for software robot)
    that can be controlled from afar by the crooks who wrote it.

    Reply
  37. Tomi Engdahl says:

    https://www.zdnet.com/article/cryptocore-hacker-group-has-stolen-more-than-200m-from-cryptocurrency-exchanges/
    CryptoCore hacker group has stolen more than $200m from cryptocurrency
    exchanges. An organized hacker group believed to be operating out of
    Eastern Europe has stolen around $200 million from online
    cryptocurrency exchanges, cyber-security firm ClearSky said in a
    report shared with ZDNet today. Or Blatt, Research Team Leader at
    ClearSky, told ZDNet the group, which ClearSky has been tracking under
    the name of CryptoCore, has been active since 2018.. Also:
    https://www.bleepingcomputer.com/news/security/cryptocore-hackers-made-over-200m-breaching-crypto-exchanges/

    Reply
  38. Tomi Engdahl says:

    Koronakriisi pani porttiskannaajat liikkeelle kohteena etenkin ssh
    https://www.tivi.fi/uutiset/tv/b25327ce-f8d2-49c0-ac87-4d338d6c2169
    Esineiden internetin laitteisiin kohdistuneet tietoturvauhkat ovat
    kasvaneet kevään aikana voimakkaasti. Tietoturvayhtiö Cujo.AI:n
    tietoturvalaboratorio havaitsi huhtikuun alkupuolella 120 miljoonaa
    uhkaa viikkotasolla. Huhtitoukokuun vaihteessa uhkien määrä oli
    kasvanut 83 prosenttia 212 miljoonaan uhkaan viikkotasolla.
    Käytännössä uhkat viittaavat tilanteisiin, joissa hyökkääjä pyrkii
    saamaan etäohjattavan järjestelmän käyttöönsä.

    Reply
  39. Tomi Engdahl says:

    VMware fixes critical vulnerability in Workstation and Fusion
    https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-vulnerability-in-workstation-and-fusion/
    VMware released security updates to fix multiple vulnerabilities in
    VMware ESXi, Workstation, and Fusion, with one of them being a
    critical bug in default configurations of Workstation and Fusion
    having 3D graphics enabled.. The U.S. Cybersecurity and Infrastructure
    Security Agency (CISA) also issued an alert today warning that an
    “attacker could exploit some of these vulnerabilities to take control
    of an affected system,” and encouraging users and administrators to
    update as soon as possible.

    Critical vulnerability with a 9.3 CVSSv3 base score

    The critical security issue tracked as CVE-2020-3962 is a use-after-free flaw in the SVGA device that could allow local attackers to execute arbitrary code on the hypervisor from a virtual machine after successful exploitation.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*