Cyber security news June 2020

This posting is here to collect cyber security news in June 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

cybergedeon_flame_color

204 Comments

  1. Tomi Engdahl says:

    new users after 18 months, as part of a broader expansion of its privacy options — A compromise between privacy and ad-targeting data — On Wednesday, Google announced broad changes in its default data practices for new users …

    Google will now auto-delete location and search history by default for new users
    https://www.theverge.com/2020/6/24/21301718/google-auto-delete-location-search-history-default-myactivity?scrolla=5eb6d68b7fedc32c19ef33b4

    A compromise between privacy and ad-targeting data

    Reply
  2. Tomi Engdahl says:

    United States wants HTTPS for all government sites, all the time
    https://nakedsecurity.sophos.com/2020/06/23/united-states-wants-https-for-all-government-sites-all-the-time/

    The US government just announced its plans for HTTPS on all dot-gov sites.

    HTTPS, of course, is short for for “secure HTTP”, and it’s the system that puts the padlock in your browser’s address bar.

    Actually, the government is going one step further than that.

    As well as saying all dot-gov sites should be available over HTTPS, the government wants to get to the point that all of its web servers are publicly committed to use HTTPS by default.

    That paves the way to retiring HTTP altogether and preventing web users from making unencrypted connection to government sites at all.

    Reply
  3. Tomi Engdahl says:

    Russell Brandom / The Verge:
    Google says it will auto-delete location and search data by default for new users after 18 months, as part of a broader expansion of its privacy options

    Google will now auto-delete location and search history by default for new users
    https://www.theverge.com/2020/6/24/21301718/google-auto-delete-location-search-history-default-myactivity?scrolla=5eb6d68b7fedc32c19ef33b4

    A compromise between privacy and ad-targeting data

    Reply
  4. Tomi Engdahl says:

    As organizations get back to business, cyber criminals look for new
    angles to exploit
    https://blog.checkpoint.com/2020/06/25/as-organizations-get-back-to-business-cyber-criminals-look-for-new-angles-to-exploit/
    Criminals are using COVID-19 training for employees as phishing bait.
    Non coronavirus-related headline news (including Black Lives Matter)
    being used in phishing scams. Weekly cyber-attacks increase 18%
    compared to May average. However, Covid-19 related cyber-attacks down
    24% compared to May.

    Reply
  5. Tomi Engdahl says:

    Patch time! NVIDIA fixes kernel driver holes on Windows and Linux
    https://nakedsecurity.sophos.com/2020/06/25/patch-time-nvidia-fixes-kernel-driver-holes-on-windows-and-linux/
    The latest security patches from NVIDIA, the maker of high-end
    graphics cards, are out. Both Windows and Linux are affected. NVIDIA
    hasnt yet given out any real details about the bugs, but 12 different
    CVE-tagged flaws have been fixed, numbered sequentially from
    CVE-2020-5962 to CVE-2020-5973.. Also:
    https://threatpost.com/nvidia-windows-gamers-graphics-driver-bugs/156911/.
    https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-flaws-in-windows-linux-drivers/

    Reply
  6. Tomi Engdahl says:

    Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and
    Critical Vulnerabilities to Infect Windows Devices
    https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/
    On May 29, 2020, Unit 42 researchers discovered a new variant of a
    hybrid cryptojacking malware from numerous incidents of CVE-2019-9081
    exploitation in the wild. A closer look revealed the malware, which
    weve dubbed Lucifer, is capable of conducting DDoS attacks and
    well-equipped with all kinds of exploits against vulnerable Windows
    hosts.

    Reply
  7. Tomi Engdahl says:

    Chinese bank forced western companies to install malware-laced tax
    software
    https://www.zdnet.com/article/chinese-bank-forced-western-companies-to-install-malware-laced-tax-software/
    A Chinese bank has forced at least two western companies to install
    malware-laced tax software on their systems, cyber-security firm
    Trustwave said in a report published today. The two companies are a
    UK-based technology/software vendor and a major financial institution,
    both of which had recently opened offices in China. “Discussions with
    our client revealed that [the malware] was part of their bank’s
    required tax software,” Trustwave said today.. Also:
    https://www.darkreading.com/threat-intelligence/goldenspy-malware-hidden-in-tax-software-spies-on-companies-doing-business-in-china/d/d-id/1338174

    Reply
  8. Tomi Engdahl says:

    Web skimmer hides within EXIF metadata, exfiltrates credit cards via
    image files
    https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/
    They say a picture is worth a thousand words. Threat actors must have
    remembered that as they devised yet another way to hide their credit
    card skimmer in order to evade detection. When we first investigated
    this campaign, we thought it may be another one of those favicon
    tricks, which we had described in a previous blog. However, it turned
    out to be different and even more devious. We found skimming code
    hidden within the metadata of an image file (a form of steganography)
    and surreptitiously loaded by compromised online stores.

    Reply
  9. Tomi Engdahl says:

    Vulnerable Powerline Extenders Underline Lax IoT Security
    https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security/
    Multiple vulnerabilities have been found in Tenda PA6 Wi-Fi Powerline
    extender, version 1.0.1.21. This device is part of Tendas PH5
    Powerline Extender Kit and extends the wireless network through homes
    existing electrical circuitry.

    Reply
  10. Tomi Engdahl says:

    Ransomware crims to sell off ‘scandalous’ files swiped from Mariah
    Carey, Nicki Minaj, Puff Daddy’s legal eagles
    https://www.theregister.com/2020/06/24/celebrity_ransomware_blackmail/
    $600k starting bid, say public extortionists, or $42m to keep schtum.
    Ransomware criminals claiming to have siphoned confidential docs on
    Nicki Minaj, Mariah Carey, and Lebron James from an American law firm
    are threatening to auction off the info.

    Reply
  11. Tomi Engdahl says:

    LG Electronics allegedly hit by Maze ransomware attack
    https://www.bleepingcomputer.com/news/security/lg-electronics-allegedly-hit-by-maze-ransomware-attack/
    Maze ransomware operators have claimed on their website that they
    breached and locked the network of the South Korean multinational LG
    Electronics. The details of the attack have not been released but the
    hackers stated that they have stolen from the company proprietary
    information for projects that involve big U.S. Companies.

    Reply
  12. Tomi Engdahl says:

    DHS has sent hundreds of vulnerability notifications to medical sector during coronavirus pandemic
    https://www.nbcnews.com/tech/security/dhs-has-sent-hundreds-vulnerability-notifications-medical-sector-during-coronavirus-n1232167

    A government cybersecurity expert said the government has a secret list of research institutions to give prioritized protections.

    Reply
  13. Tomi Engdahl says:

    Guy Who Reverse-Engineered TikTok Reveals The Scary Things He Learned, Advises People To Stay Away From It
    https://www.boredpanda.com/tik-tok-reverse-engineered-data-information-collecting/

    Facebook got itself into a sensitive data scandal when it did shady business with Cambridge Analytica, Instagram confirmed a security issue exposing user accounts and phone numbers, but these apps are basically online security havens compared to TikTok, according to one senior software engineer with about 15 years of professional experience.

    Bangorlol thinks that we as a society have normalized giving away our personal information and have no expectations of privacy and security anymore, so giving TikTok our data together with our money is nothing surprising. “The general consensus among most ‘normal’ people is that they can’t/won’t be targeted, so it’s fine. Or that they have nothing to hide, so ‘why should I even care?’ I think the apathy is sourced from people just not understanding the security implications (at all levels) of handing over our data to a foreign government that doesn’t discriminate against who they target, and also doesn’t really have the best track record when it comes to human rights,” he said.

    Reply
  14. Tomi Engdahl says:

    US Cybercom Virtual War Game Girds Against Increased Threats
    https://www.securityweek.com/us-cybercom-virtual-war-game-girds-against-increased-threats

    Foreign hackers are taking advantage of the coronavirus pandemic to undermine institutions and threaten critical infrastructure, a top U.S. military cyber official said Thursday.

    The comments from Coast Guard Rear Adm. John Mauger of U.S. Cyber Command came a day after Defense Department officials briefed reporters on virtual war games that digital combatants from U.S. and allied militaries have been holding to sharpen their abilities to counter online threats with real-world impact.

    “We’ve seen increased adversary activity” since the pandemic began, Mauger said on a conference call, declining to discuss the threat in more specific detail. “We’re one part of the whole of government effort to defend our democracy in this complex cyber environment.”

    Reply
  15. Tomi Engdahl says:

    LG Electronics Victim of Maze Ransomware Attack, Source Code Stolen: Report
    https://gadgets.ndtv.com/mobiles/news/lg-electronics-maze-ransomware-attack-python-code-locked-at-t-telecommunications-hack-2252187

    LG Electronics’ Python code seems to have been stolen and the hackers claim a total of 40GB of data has been stolen.

    Reply
  16. Tomi Engdahl says:

    Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room
    https://thehackernews.com/2020/06/lamphone-light-bulb-spy.html

    Reply
  17. Tomi Engdahl says:

    FBI Expands Ability to Collect Cellphone Location Data, Monitor Social Media, Recent Contracts Show
    https://theintercept.com/2020/06/24/fbi-surveillance-social-media-cellphone-dataminr-venntel/

    The federal law enforcement agency’s records show a growing focus on harnessing the latest private sector tools for mass surveillance, including recent contracts with companies that monitor social media posts and collect cellphone location data.

    Reply
  18. Tomi Engdahl says:

    Warning—Apple Suddenly Catches TikTok Secretly Spying On Millions Of iPhone Users
    https://outline.com/8zv84P

    Reply
  19. Tomi Engdahl says:

    Credit card skimmers are now being buried in image file metadata on e-commerce websites
    https://www.zdnet.com/article/your-credit-card-information-is-now-being-stolen-through-image-files/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook

    Magecart attackers are suspected of using an interesting technique to steal your financial data.

    Reply
  20. Tomi Engdahl says:

    Chinese bank requires foreign firm to install app with covert backdoor
    https://arstechnica.com/information-technology/2020/06/chinese-bank-requires-foreign-firm-to-install-app-with-covert-backdoor/
    A multinational tech company gets schooled in the risks of doing
    business in China.

    Reply
  21. Tomi Engdahl says:

    Nvidia squashes display driver code execution, information leak bugs
    https://www.zdnet.com/article/nvidia-squashes-display-driver-code-execution-information-leak-bugs/
    The vulnerabilities impact both Windows and Linux machines.

    Reply
  22. Tomi Engdahl says:

    Almost 300 Windows 10 executables vulnerable to DLL hijacking
    https://www.bleepingcomputer.com/news/security/nearly-300-windows-10-executables-vulnerable-to-dll-hijacking/
    A simple VBScript may be enough to allow users to gain administrative
    privileges and bypass UAC entirely on Windows 10. The vulnerability
    referred to here is relative path DLL hijacking, which is when an
    attacker can cause a legitimate Windows executable to load an
    arbitrary DLL of the attacker’s choice, most likely with malicious
    intent.

    Reply
  23. Tomi Engdahl says:

    Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL
    https://www.zdnet.com/article/adobe-mastercard-visa-warn-online-store-owners-of-magento-1-x-eol/#ftag=RSSbaffb68
    Almost 110, 000 online stores are still running the
    soon-to-be-outdated Magento 1.x CMS. Mastercard said that 77% of the
    companies investigated in these incidents were not in compliance with
    PCI DSS requirement 6, the rule that requires store owners to run
    up-to-date systems.

    Reply
  24. Tomi Engdahl says:

    Journalist’s phone hacked by new invisible’ technique: All he had to
    do was visit one website. Any website
    https://www.thestar.com/news/canada/2020/06/21/journalists-phone-hacked-by-new-invisible-technique-all-he-had-to-do-was-visit-one-website-any-website.html
    The white iPhone with chipped paint that Moroccan journalist Omar Radi
    used to stay in contact with his sources also allowed his government
    to spy on him.

    Reply
  25. Tomi Engdahl says:

    Microsoft quietly created a Windows 10 File Recovery tool, how to use
    https://www.bleepingcomputer.com/news/microsoft/microsoft-quietly-created-a-windows-10-file-recovery-tool-how-to-use/
    Microsoft has created a Windows 10 File Recovery Tool that recovers
    deleted files and forgot to tell anyone.

    Reply
  26. Tomi Engdahl says:

    A Popular Study Tool Accidentally Exposed Millions Of Student Records
    https://www.forbes.com/sites/leemathews/2020/06/28/oneclass-accidentally-exposed-millions-of-student-records/
    An improperly-secured online database has left the private information
    of more than a million students exposed. Researchers at vpnMentor say
    the data belonged to OneClass, a tool that lets students share class
    notes and study guides.

    Reply
  27. Tomi Engdahl says:

    Chinese malware used in attacks against Australian orgs
    https://www.bleepingcomputer.com/news/security/chinese-malware-used-in-attacks-against-australian-orgs/
    The Australian government released an advisory late last week about
    increased cyber activity from a state actor against networks belonging
    to its agencies and companies in the country.

    Reply
  28. Tomi Engdahl says:

    Apple declined to implement 16 Web APIs in Safari due to privacy
    concerns
    https://www.zdnet.com/article/apple-declined-to-implement-16-web-apis-in-safari-due-to-privacy-concerns/
    Apple said these 16 new Web APIs add new user fingerprinting
    opportunities for online advertisers.

    Reply
  29. Tomi Engdahl says:

    Far-right thugs exploit Black Lives Matter movement, warns UK anti-extremism chief
    https://www.theguardian.com/world/2020/jun/28/far-right-thugs-exploit-black-lives-matter-movement-warns-uk-anti-extremism-chief

    Home Office commissioner Sara Khan reveals surge in online hate material since death of George Floyd

    Reply
  30. Tomi Engdahl says:

    Ransomware is now your biggest online security nightmare. And it’s
    about to get worse
    https://www.zdnet.com/article/ransomware-is-now-your-biggest-online-security-nightmare-and-its-about-to-get-worse/
    Criminals understand our weaknesses and how to exploit them. That
    means ransomware isn’t going away.

    Reply
  31. Tomi Engdahl says:

    Ransomware: Attacks that start with phishing emails are suddenly back
    in fashion again
    https://www.zdnet.com/article/ransomware-attacks-that-start-with-phishing-emails-are-suddenly-back-in-fashion-again/
    Email was once the mainmethod for delivering ransomware. Now familiar
    and new forms of ransomware are using it again. Ransomware attacks via
    email are on the rise again, with several new and familiar forms of
    ransomware recently being distributed with the aid of malicious
    payloads in phishing messages.

    Reply
  32. Tomi Engdahl says:

    Beware “secure DNS” scam targeting website owners and bloggers
    https://nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targeting-website-owners-and-bloggers/
    If you run a website or a blog, you probably use a cloud provider or a
    dedicated hosting company to manage your server and deliver the
    content to your readers, viewers and listeners.

    Reply
  33. Tomi Engdahl says:

    Palo Alto Networks patches critical vulnerability in firewall OS
    https://www.bleepingcomputer.com/news/security/palo-alto-networks-patches-critical-vulnerability-in-firewall-os/
    Palo Alto Networks disclosed a critical vulnerability found in the
    operating system (PAN-OS) of all its next-generation firewalls that
    could allow unauthenticated network-based attackers to bypass
    authentication. Only affects devices where SAML authentication is
    enabled

    Reply
  34. Tomi Engdahl says:

    Tuesday’s Magento 1 EOL Leaves Clock Ticking on 100K Online Stores
    https://threatpost.com/tuesdays-magento-1-eol-100k-online-stores/157000/
    Adobe and payment-card companies are making last-minute pleas for
    e-commerce sites to update to Magento 2, to avoid Magecart attacks and
    more.

    Reply
  35. Tomi Engdahl says:

    Apple strong-arms entire CA industry into one-year certificate
    lifespans
    https://www.zdnet.com/article/apple-strong-arms-entire-ca-industry-into-one-year-certificate-lifespans/
    Apple, Google, and Mozilla reduce the lifespan for HTTPS certificates
    to 398 days, against the wishes of Certificate Authorities.

    Reply
  36. Tomi Engdahl says:

    Remote access at risk: Pandemic pulls more cyber‑crooks into the brute‑forcing game
    https://www.welivesecurity.com/2020/06/29/remote-access-risk-pandemic-cybercrooks-bruteforcing-game/

    Poorly secured remote access attracts mostly ransomware gangs, but can provide access to coin miners and backdoors too

    ESET telemetry confirms this trend in an uptick in the number of unique clients who reported brute-force attack attempts blocked via ESET’s network attack detection technology.

    Before the lockdown, most employees worked from the office and used infrastructure monitored and controlled by their IT department. But the coronavirus pandemic has brought a major shift to the status quo. Today, a huge proportion of “office” work occurs via home devices with workers accessing sensitive company systems through Windows’ Remote Desktop Protocol (RDP) – a proprietary solution created by Microsoft to allow connecting to the corporate network from remote computers.

    Despite the increasing importance of RDP (as well as other remote access services), organizations often neglect its settings and protection. Employees use easy-to-guess passwords and with no additional layers of authentication or protection, there is little that can stop cybercriminals from compromising an organization’s systems.

    Reply
  37. Tomi Engdahl says:

    Apple, Google, and Mozilla reduce the lifespan for HTTPS certificates to 398 days, against the wishes of Certificate Authorities.

    Apple strong-arms entire CA industry into one-year certificate lifespans
    https://www.zdnet.com/article/apple-strong-arms-entire-ca-industry-into-one-year-certificate-lifespans/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook

    Apple, Google, and Mozilla reduce the lifespan for HTTPS certificates to 398 days, against the wishes of Certificate Authorities.

    Reply
  38. Tomi Engdahl says:

    COVID-19 Breach Bubble’ Waiting to Pop?
    https://krebsonsecurity.com/2020/06/covid-19-breach-bubble-waiting-to-pop/
    The COVID-19 pandemic has made it harder for banks to trace the source
    of payment card data stolen from smaller, hacked online merchants. On
    the plus side, months of quarantine have massively decreased demand
    for account information that thieves buy and use to create physical
    counterfeit credit cards. But fraud experts say recent developments
    suggest both trends are about to change and likely for the worse.

    Reply
  39. Tomi Engdahl says:

    Stinker, emailer, trawler, spy: How an engineer stole top US chip
    designs, smuggled them to China to set up a rival fab
    https://www.theregister.com/2020/06/30/avago_spying_guilty/
    Chinese chap swiped communications blueprints from
    what-is-now-Broadcom on behalf of Beijing. An engineer-turned-spy
    stole confidential blueprints of American wireless electronics on
    behalf of the Chinese government to run a rival factory churning out
    the components in the Middle Kingdom.

    Reply
  40. Tomi Engdahl says:

    DDoS and dingoes: Australia to bolster cyber-defences with 500 hackers
    amid China spat
    https://www.theregister.com/2020/06/30/australia_cyber_defence_fund/
    Australia will hire 500 hackers as part of a AU$1.35bn (£754m, $925m)
    boost to protect the nation’s networks from a wave of cyber attacks.

    Reply
  41. Tomi Engdahl says:

    Google removes 25 Android apps caught stealing Facebook credentials
    The malicious apps were downloaded more than 2.34 million times.
    https://www.zdnet.com/article/google-removes-25-android-apps-caught-stealing-facebook-credentials/

    According to a report from French cyber-security firm Evina shared with ZDNet today, the apps posed as step counters, image editors, video editors, wallpaper apps, flashlight applications, file managers, and mobile games.

    The apps offered a legitimate functionality, but they also contained malicious code.

    Reply
  42. Tomi Engdahl says:

    Apple: We’re defending your privacy by nixing 16 browser APIs. Rivals:
    You mean defending your bottom line
    https://www.theregister.com/2020/06/29/apple_web_developers/
    iGiant accused of holding back web progress to protect its 30% app cut

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*