This posting is here to collect cyber security news in July 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
208 Comments
Tomi Engdahl says:
It’s happened again: AT&T sued for allegedly transferring victim’s number to thieves in $1.9m cryptocoin heist
Man claims life savings lost in theft aided by telco staff
https://www.theregister.com/2020/07/01/att_sim_swap_lawsuit_shapiro/
AT&T has been sued for a second time over allegations its staff gave thieves control of a specific individual’s cellphone number to steal a large chunk of cryptocurrency.
Seth Shapiro’s $1.9m claim follows in the footsteps of Michael Terpin, who sued the gigantic US cellular network in 2018 for more or less the same thing: staff ported a subscriber’s phone number to a hacker’s SIM – a so-called SIM swap scam – allowing the miscreant to steal what Terpin claims in his case was $24m in cryptocurrency.
But while Terpin’s court battle was allowed to move forward, Shapiro is still fighting AT&T lawyers to get his legal challenge past its first stage and approved by a judge for trial.
A criminal investigation led to charges against two AT&T employees who, it is alleged, assisted in shifting Shapiro’s number to the crooks. But Shapiro wants his money back, and is suing AT&T for “an egregious violation of the law and its own promises” when it allowed the alleged SIM swap.
“AT&T failed to implement sufficient data security systems and procedures and failed to supervise its own personnel, instead standing by as its employees used their position at the company to gain unauthorized access to Mr Shapiro’s account in order to rob, extort and threaten him in exchange for money,” the lawsuit, filed in California, argued.
Tomi Engdahl says:
Rachel Lerman / Washington Post:
California will enforce its digital privacy law, which went into effect on January 1, starting today, despite industry calls for delay because of the pandemic — Measure took effect in January, with a six-month grace period — California’s privacy law, often called the broadest law …
California begins enforcing digital privacy law, despite calls for delay
Measure took effect in January, with a six-month grace period
https://www.washingtonpost.com/technology/2020/07/01/ccpa-enforcement-california/
Tomi Engdahl says:
Two vulnerabilities in the Windows Codecs Library affected customers using several iterations of Windows 10 and Windows Server, an easy attack vector to social engineer victims into running malicious media files downloaded from the Internet.
For those unaware, Codecs is a collection of support libraries that help the Windows operating system to play, compress and decompress various audio and video file extensions.
The two newly disclosed security vulnerabilities, assigned [CVE-2020-1425](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425) and [CVE-2020-1457](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1457), are both remote code execution bugs that could allow an attacker to execute arbitrary code and control the compromised Windows computer. Exploiting both flaws requires an attacker to trick a user running an affected Windows system into clicking on a specially crafted image file designed to be opened with any app that uses the built-in Windows Codec Library.
Tomi Engdahl says:
Microsoft releases urgent patch for high-risk Windows 10 flaws
Two vulnerabilities in the Windows Codecs Library affected customers using several iterations of Windows 10 and Windows Server
https://www.itpro.co.uk/security/vulnerability/356295/microsoft-patches-high-risk-flaws-that-can-be-exploited-with-a
Tomi Engdahl says:
Experts: COVID Multiplying Risks To Critical Infrastructure
https://www.forbes.com/sites/paulfroberts/2020/07/01/experts-covid-multiplying-risks-to-critical-infrastructure/#211646c86250
Former DHS Secretary Michael Chertoff warned on Tuesday that changes wrought by the COVID global pandemic are exacerbating vulnerabilities in the global economy, including the risk of crippling cyber attacks on critical infrastructure like the electric grid.
COVID has enhanced countries’ reliance on the Internet and digital technologies, as governments and businesses have become “virtual” by necessity. But that has only highlighted the lack of coordination and cooperation between nations and critical industries, exposing the fragility of the global system and the need for greater resilience, Chertoff said.
Chertoff warned that hostile nations like Russia and China are increasingly relying on digital means to project power abroad. The two countries were engaging in more overt and aggressive actions online before COVID hit
Tomi Engdahl says:
China’s Software Stalked Uighurs Earlier and More Widely, Researchers
Learn
https://www.nytimes.com/2020/07/01/technology/china-uighurs-hackers-malware-hackers-smartphones.html
A new report revealed a broad campaign that targeted Muslims in China
and their diaspora in other countries, beginning as early as 2013.
Report:
https://blog.lookout.com/multiyear-surveillance-campaigns-discovered-targeting-uyghurs
Tomi Engdahl says:
Did a Chinese Hack Kill Canada’s Greatest Tech Company?
https://www.bloomberg.com/news/features/2020-07-01/did-china-steal-canada-s-edge-in-5g-from-nortel
Nortel was once a world leader in wireless technology. Then came a
hack and the rise of Huawei.
Tomi Engdahl says:
Microsoft releases urgent security updates for Windows 10 Codecs bugs
https://www.bleepingcomputer.com/news/security/microsoft-releases-urgent-security-updates-for-windows-10-codecs-bugs/
Microsoft has released two out-of-band security updates to address
remote code execution security vulnerabilities affecting the Microsoft
Windows Codecs Library on several Windows 10 and Windows Server
versions. Exploitation of these vulnerabilities requires a program to
process a specially crafted image file.
Tomi Engdahl says:
Windows POS malware uses DNS to smuggle stolen credit cards
https://www.bleepingcomputer.com/news/security/windows-pos-malware-uses-dns-to-smuggle-stolen-credit-cards/
A Windows Point-of-Sale (POS) malware has been discovered using the
DNS protocol to smuggle stolen credit cards to a remote server under
attacker’s control.
Tomi Engdahl says:
Windows POS malware uses DNS to smuggle stolen credit cards
https://www.bleepingcomputer.com/news/security/windows-pos-malware-uses-dns-to-smuggle-stolen-credit-cards/
A Windows Point-of-Sale (POS) malware has been discovered using the
DNS protocol to smuggle stolen credit cards to a remote server under
attacker’s control.
Into the Rabbit Hole Offensive DNS Tunneling Rootkits
https://www.fortinet.com/blog/threat-research/into-the-rabbit-hole-offensive-dns-tunneling-rootkits
Tomi Engdahl says:
https://www.securityweek.com/google-details-memory-related-security-improvements-android-11
Tomi Engdahl says:
https://www.securityweek.com/attack-surface-growing-healthcare-industry
Tomi Engdahl says:
Chinese Companies Huawei and ZTE Declared National Security Threats by FCC
https://www.securityweek.com/chinese-companies-huawei-and-zte-declared-national-security-threats-fcc
The U.S. Federal Communications Commission (FCC) on Tuesday designated Chinese telecommunications companies Huawei and ZTE as national security threats.
In response to the announcement, China asked the U.S. to stop “oppressing Chinese companies,” accusing Washington of “abusing state power” and claiming that there was no evidence of wrongdoing.
The FCC said the move is part of efforts to protect the country’s communications networks from security risks. The action targets Huawei and ZTE, along with their affiliates, parents and subsidiaries.
By declaring the Chinese companies national security threats, the FCC is banning U.S. organizations from acquiring equipment or services using money from the agency’s Universal Service Fund.
The FCC decided in November 2019 that it would ban the use of its funds to purchase services or equipment from companies that pose a threat to national security, specifically to communication networks and the telecoms supply chain.
Huawei and ZTE are now covered by the rule, with the FCC arguing that they have “substantial ties to the Chinese government,” they are required by Chinese laws to assist espionage operations, and their equipment is affected by vulnerabilities.
China: US ‘Oppressing Chinese Companies’ in New Huawei Move
https://www.securityweek.com/china-us-oppressing-chinese-companies-new-huawei-move
China on Wednesday demanded Washington stop “oppressing Chinese companies” after U.S. regulators declared telecom equipment suppliers Huawei and ZTE to be national security threats.
Tomi Engdahl says:
Zoom Got Big Fast. Then Videobombers Made It Rework Security
https://www.securityweek.com/zoom-got-big-fast-then-videobombers-made-it-rework-security
Back in March as the coronavirus pandemic gathered steam in the U.S., a largely unheralded video-conferencing service suddenly found itself in the spotlight.
And just as quickly as Zoom became a household name for connecting work colleagues, church and school groups, friends, family, book clubs and others during stay-at-home lockdowns, it also gained a reputation for lax security as intrusive “videobombers” barged into private meetings or just spied on intimate conversations.
On April 1, following a wave of lawsuits over privacy breaches, CEO Eric Yuan ordered a halt to work on new features and vowed to fix the service’s weaknesses in 90 days. That time is up, and Zoom is ready to take a bow.
Tomi Engdahl says:
CEO Report: 90 Days Done, What’s Next for Zoom
https://blog.zoom.us/ceo-report-90-days-done-whats-next-for-zoom/
Tomi Engdahl says:
Tällainen on Suomen tunnetuin hakkeri – poikkeukselliset kyvyt herättivät huomiota jo teininä, huijasi jopa USA:n ilmavoimia ja jäi lopulta kiinni FBI-agentille https://www.is.fi/kotimaa/art-2000006559072.html
Tomi Engdahl says:
Euro police forces infiltrated encrypted phone biz – and now ‘criminal’ EncroChat users are being rounded up
Continental capers lead to 750 UK arrests
https://www.theregister.com/2020/07/02/encrochat_op_venetic_encrypted_phone_arrests/
French and Dutch police have boasted of infiltrating and killing off encrypted chat service EncroChat, alleging it was used by organised crime gangs to plot murders, sell drugs, launder criminal profits and more.
The encrypted chat platform is alleged by British, French and Dutch law enforcement agencies to have been used by around 60,000 people in total – many of whom, it is alleged, were members of organised crime gangs using the network to plan their crimes.
EncroChat was a reseller of encrypted phones as well as a mobile network operator – potentially an MVNO, if Motherboard’s description of its operations is accurate. Its handsets, said to be BQ Aquaris X2 Android units running two OSes side by side – one innocent, one with privacy features enabled – had a custom messaging app which routed messages through a central server.
The phones also had a panic button feature, where entering a certain PIN to the unlock screen would wipe the device. Handsets were said to cost around £1,500 for a six-month contract.
There is no evidence in the public domain so far to support British police claims that all 10,000 of EncroChat’s UK users were criminals. Such devices are of interest to legitimate users (journalists, lawyers, academics, domestic and foreign political campaigners – to name just a few) as well as criminals, though the UK state is notably hostile to the idea of encrypted comms that its agents can’t read whenever they feel like it.
Tomi Engdahl says:
Hundreds arrested after encrypted messaging network takeover
https://www.bleepingcomputer.com/news/security/hundreds-arrested-after-encrypted-messaging-network-takeover/
European law enforcement agencies arrested hundreds of suspects in
several countries including France, Netherlands, the UK, Norway, and
Sweden after infiltrating the EncroChat encrypted mobile communication
network used by organized crime groups. EncroChat phones used by
international criminal networks around the world to exchange encrypted
data and millions of messages came with dual operating systems
(Android OS and the EncroChat OS).
Tomi Engdahl says:
Hacker ransoms 23k MongoDB databases and threatens to contact GDPR
authorities
https://www.zdnet.com/article/hacker-ransoms-23k-mongodb-databases-and-threatens-to-contact-gdpr-authorities/
The hacker has attempted to ransom nearly 47% of all MongoDB databases
left exposed online.
Tomi Engdahl says:
This is how EKANS ransomware is targeting industrial control systems
https://www.zdnet.com/article/this-is-how-ekans-ransomware-is-targeting-industrial-control-systems/
New samples of the ransomware reveal the techniques used to attack
critical ICS systems. report:
https://www.fortinet.com/blog/threat-research/ekans-ransomware-targeting-ot-ics-systems
Tomi Engdahl says:
Apache Guacamole Opens Door for Total Control of Remote Footprint
https://threatpost.com/apache-guacamole-control-remote-footprint/157124/
Several vulnerabilities can be chained together for a full exploit.
Apache Guacamole, a popular infrastructure for enabling remote
working, is vulnerable to a slew of security bugs related to the
Remote Desktop Protocol (RDP), researchers have warned. Admins should
update their systems to avoid attacks bent on stealing information or
remote code-execution. report:
https://research.checkpoint.com/2020/apache-guacamole-rce/
Tomi Engdahl says:
Windows 10 background image tool can be abused to download malware
https://www.bleepingcomputer.com/news/security/windows-10-background-image-tool-can-be-abused-to-download-malware/
A binary in Windows 10 responsible for setting an image for the
desktop and lock screen can help attackers download malware on a
compromised system without raising the alarm. Researchers from
SentinelOne discovered that “desktopimgdownldr.exe, ” located in
Windows 10′s system32 folder, can also serve as a LoLBin.
Tomi Engdahl says:
… French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users’ communications for months. Investigators then shared those messages with agencies around Europe.
Only now is the astonishing scale of the operation coming into focus: It represents one of the largest law enforcement infiltrations of a communications network predominantly used by criminals ever, with Encrochat users spreading beyond Europe to the Middle East and elsewhere. French, Dutch, and other European agencies monitored and investigated “more than a hundred million encrypted messages” sent between Encrochat users in real time, leading to arrests in the UK, Norway, Sweden, France, and the Netherlands, a team of international law enforcement agencies announced Thursday.
As dealers planned trades, money launderers washed their proceeds, and even criminals discussed their next murder, officers read their messages and started taking suspects off the street.
https://www.vice.com/en_us/article/3aza95/how-police-took-over-encrochat-hacked
Tomi Engdahl says:
ALL YOUR ENCRYPTION KEYS ARE BELONG TO US…
U.S. Senators Introduce Ultimate Backdoor Bill Banning the Use of Strong Consumer-Grade Encryption
https://forklog.media/u-s-senators-introduce-ultimate-backdoor-bill-banning-the-use-of-strong-consumer-grade-encryption/
Last week, Republican U.S. Senators introduced the Lawful Access to Encrypted Data Act “ending the use of ‘warrant-proof’ encrypted technology by terrorists and other bad actors to conceal illicit behavior.” Experts and privacy advocates think it can effectively outlaw strong encryption.
As the name may suggest, the Lawful Access to Encrypted Data Act (LAED Act, also referred to as LAEDA) is about requiring device manufacturers and service providers to allow law enforcement to access encrypted data, whether it is stored on a device or transmitted through the internet.
“The bill would require service providers and device manufacturers to provide assistance to law enforcement when access to encrypted devices or data is necessary,” the official announcement reads, “but only after a court issues a warrant, based on probable cause that a crime has occurred, authorizing law enforcement to search and seize the data.”
The Senators behind the proposal argued that terrorists, drug traffickers, and other unsavory individuals exploit consumer-level encrypted communications to run their operations, while law enforcement officials can’t access information potentially important to the investigation.
The bill would require companies like Apple and Facebook to “assist law enforcement with accessing encrypted data if assistance would aid in the execution of the warrant.” If a company is unable to comply, it will have to implement the required capabilities or appeal in federal court. The U.S. government will compensate the affected companies “for reasonable costs incurred in complying with the directive.”
This basically means that U.S. companies will have to have an encryption backdoor available for all data stored or transmitted. Those who don’t have one will have to redesign their systems so there is a backdoor. Experts perceive the bill as an outright ban on end-to-end encryption in the U.S.
“The bill is an actual, overt, make-no-mistake, crystal-clear ban on providers from offering end-to-end encryption in online services, from offering encrypted devices that cannot be unlocked for law enforcement, and indeed from offering any encryption that does not build in a means of decrypting data for law enforcement,” she wrote, “This bill is the encryption backdoor mandate we’ve been dreading was coming, but that nobody, during the past six years of the renewed Crypto Wars, had previously dared to introduce.”
Tomi Engdahl says:
https://www.hackread.com/duckduckgo-collects-user-without-browsing-data/
Jonas Developer says:
The main problem for cybersecurity departments in most companies remains the lack of the necessary level of automation and visual control over the cyber environment. More about Intelligent Automation is written here https://innovecs.com/blog/intelligent-automation/
Tomi Engdahl says:
Iran has suffered a half-dozen incidents that have severely damaged or destroyed various parts of its infrastructure in recent weeks. Some of these incidents are believed to be the result of cyberattacks.
[https://www.ibtimes.sg/what-kinetic-cyber-attack-experts-claim-digital-strike-by-foreign-force-caused-iran-explosion-47957](https://www.ibtimes.sg/what-kinetic-cyber-attack-experts-claim-digital-strike-by-foreign-force-caused-iran-explosion-47957)
Tomi Engdahl says:
Windows 10: Microsoft Defender ATP now rates your security
configurations
https://www.zdnet.com/article/windows-10-microsoft-defender-atp-now-rates-your-security-configurations/#ftag=RSSbaffb68
New Microsoft Defender ATP service will help weed out unneeded
administrator accounts before attackers find them.. Microsoft Defender
Advanced Threat Protection (ATP) now gives your devices and network a
security score that tells admins the health of their environment based
on how it’s configured.
Tomi Engdahl says:
New Behave! extension warns of website port scans, local attacks
https://www.bleepingcomputer.com/news/security/new-behave-extension-warns-of-website-port-scans-local-attacks/
A new browser extension called Behave! will warn you if a web site is
using scripts to perform scans or attacks on local and private IP
addresses on your network.. In May, it was discovered that well-known
sites such as eBay, Citibank, TD Bank, and more would port scan a
visitor’s computer to identify Windows remote access programs running
on it.
Tomi Engdahl says:
Ransomware Operators Demand $14 Million From Power Company
https://www.securityweek.com/ransomware-operators-demand-14-million-power-company
The threat actor behind the Sodinokibi (REvil) ransomware is demanding
a $14 million ransom from Brazilian-based electrical energy company
Light S.A.. The company has confirmed that it was hit with a
cyberattack without providing specific information on the type of
compromise, but AppGates security researchers, who have obtained a
sample of the malware believed to have been used in the attack, are
confident that the incident involves the Sodinokibi ransomware.
Tomi Engdahl says:
One out of every 142 passwords is ’123456′
https://www.zdnet.com/article/one-out-of-every-142-passwords-is-123456/
The study, carried out last month by computer engineering student Ata
Hakçl, analyzed username and password combinations that leaked online
after data breaches at various companies.. Data at
https://github.com/FlameOfIgnis/Pwdb-Public
Tomi Engdahl says:
Thieves use lockdown as cover for EU Parliament burglaries
https://www.politico.eu/article/robberies-european-parliament-lockdown-coronavirus/
At least 50 MEPs have had computers, tablets and other items stolen
from their European Parliament offices while they were away from
Brussels during the coronavirus lockdown.
Tomi Engdahl says:
Apache Guacamole Vulnerabilities Facilitate Attacks on Enterprises
https://www.securityweek.com/apache-guacamole-vulnerabilities-facilitate-attacks-enterprises
An open-source remote desktop gateway, Apache Guacamole is an HTML5 web application that can be used on a broad range of devices, straight from the web browser. One of the most prominent remote access tools on the market, it is also embedded in various network accessibility and security solutions.
Guacamole includes support for protocols such as VNC, RDP, and SSH, and allows employees to access corporate computers from remote locations using only the browser. The connection, however, goes through the guacamole-server, which handles communications between the user and the target computer.
Tomi Engdahl says:
CVE-2020-5902 F5 BIG-IP Exploitation Attempt
https://isc.sans.edu/diary/CVE-2020-5902+F5+BIG-IP+Exploitation+Attempt/26310
A quick heads-up: we are seeing scans for F5 BIG-IP’s vulnerability
CVE-2020-5902.
Tomi Engdahl says:
Hackers are trying to steal admin passwords from F5 BIG-IP devices
Threat actors have already started exploiting the F5 BIG-IP mega-bug, three days after it was disclosed.
https://www.zdnet.com/article/hackers-are-trying-to-steal-admin-passwords-from-f5-big-ip-devices/
Tomi Engdahl says:
Iran threatens retaliation after what it calls possible cyber attack
on nuclear site
https://www.reuters.com/article/us-iran-nuclear-natanz-idUSKBN2441VY
Iran will retaliate against any country that carries out cyber attacks
on its nuclear sites, the head of civilian defence said, after a fire
at its Natanz plant which some Iranian officials said may have been
caused by cyber sabotage. . Also
https://www.forbes.com/sites/kateoflahertyuk/2020/07/03/iran-nuclear-facility-explosion-accident-sabotage-or-cyber-attack/
https://www.forbes.com/sites/kateoflahertyuk/2020/07/04/stuxnet-2-iran-hints-nuclear-site-explosion-could-be-a-cyberattack/
Tomi Engdahl says:
CISA Warns Enterprises of Risks Associated With Tor
https://www.securityweek.com/cisa-warns-enterprises-risks-associated-tor
In an alert this week, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned enterprises about the use of Tor in cyberattacks.
Maintained by non-profit organization Tor Project, the Tor software and the underlying infrastructure are meant to provide users with anonymity and the means to bypass censorship by encrypting requests and routing them via multiple nodes.
However, cybercriminals and other threat actors abuse Tor for anonymity and obfuscation, to conceal their identity when conducting cyber-operations. With Tor, the online activity of a user appears to originate from the IP address of a Tor exit node instead of their own IP address.
Tomi Engdahl says:
Cisco Discloses Details of Chrome, Firefox Vulnerabilities
https://www.securityweek.com/cisco-discloses-details-chrome-firefox-vulnerabilities
Tomi Engdahl says:
US Senate Panel OKs Online Child Protection Bill Amid Privacy Fears
https://www.securityweek.com/us-senate-panel-oks-online-child-protection-bill-amid-privacy-fears
A US Senate panel Thursday approved legislation aimed at combatting online child exploitation as civil liberties activists warned the measure could lead to an array of constitutional and privacy problems.
The Judiciary Committee voted to approve a revised version of the Earn It Act which would eliminate “blanket liability protection” for online platforms which fail to protect against child sexual abuse material.
The bill, which needs approval by the full Senate and House of Representatives, is among the first to chip away at the liability shield for internet services — under a law known as Section 230 — which has come under renewed scrutiny in recent months.
Tomi Engdahl says:
Cyberattacks Possibly Involved in Explosions at Iranian Nuclear, Military Facilities
https://www.securityweek.com/cyberattacks-possibly-involved-explosions-iranian-nuclear-military-facilities
Recent fires and explosions at important Iranian facilities may have been caused deliberately as part of an operation that involved cyberattacks, according to reports.
There have been several incidents at major Iranian industrial facilities in recent weeks, including a fire at the Natanz nuclear enrichment site and an explosion at the Parchin military complex near Tehran, which is believed to be involved in the production of missiles.
Tomi Engdahl says:
ICS-Targeting Snake Ransomware Isolates Infected Systems Before Encryption
https://www.securityweek.com/ics-targeting-snake-ransomware-isolates-infected-systems-encryption
Recent samples of the Snake ransomware were observed isolating the infected systems to ensure that nothing interferes with the file encryption process, security researchers warn.
Initially detailed in January this year, Snake (also known as EKANS) has emerged as a prevalent threat to industrial control systems (ICS), due to the targeting of processes specific to these environments. The ransomware is believed to be responsible for the Honda cyber-incident last month.
One of the main characteristics of Snake is the killing of processes from a predefined list, including ICS-related processes, to encrypt resources associated with them in an effort to further entice victims into paying the ransom to restore affected systems.
“Before initiating the encryption, Snake will utilize the Windows firewall in order to block any incoming and outgoing network connections on the victim’s machine that aren’t configured in the firewall. Windows built-in netsh tool will be used for this purpose,” cybersecurity firm Deep Instinct explains.
The Snake Attacks Holding the Industrial Sector Ransom
https://www.deepinstinct.com/2020/06/29/the-snake-attacks-holding-the-industrial-sector-ransom/
Snake (aka Ekans). It became well known in January after its first sample was uploaded to VirusTotal. The initial sample, found by the MalwareHunterTeam crew, raised a lot of concern as the malware was designed to kill computer processes related to Industrial Control Systems, implying that it was built with victims from the industrial sector in mind. Unfortunately, this concern was justified as after a few months of relative silence, Snake operators deployed the ransomware in a series of targeted and devastating attacks. The crescendo was an attack on the Japanese car manufacturer Honda on June 8th, an attack that made Honda’s operations in Japan and Europe grind to a halt.
Tomi Engdahl says:
F5 emits fixes for critical flaws in BIG-IP gear: Hopefully yours aren’t internet-facing while you ready a patch
Not to worry, there are only *searches* several thousand devices apparently exposed online
https://www.theregister.com/2020/07/03/f5_critical_flaws_big_ip/
Network administrators are urged to patch their F5 BIG-IP application delivery controllers following the disclosure of a pair of critical remote takeover bugs.
The flaws in question, CVE-2020-5902 and CVE-2020-5903, lie within in a configuration tool known as the Traffic Management User Interface. Successful exploitation results in full admin control over the device.
In the case of CVE-2020-5902, the hole puts the equipment at risk of arbitrary code execution, while CVE-2020-5903 is a JavaScript-based cross-site-scripting vulnerability. CVE-2020-5902 has a CVSS score of 10 out of 10, which is not good, while CVE-2020-5903 has a lower, but still serious, score of 7.5.
“The attacker can create or delete files, disable services, intercept information, run arbitrary system commands and Java code, completely compromise the system, and pursue further targets, such as the internal network,” said Mikhail Klyuchnikov of Positive Technologies who discovered and reported the vulnerabilities to F5.
Admins are advised to update their firmware as soon as possible.
F5 fixes critical vulnerability discovered by Positive Technologies in BIG-IP application delivery controller
https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/
Tomi Engdahl says:
The follow to the FOSTA-SESTA act to undermine online privacy & encryption.
Online privacy experts sound alarm as US Senate bill sparks surveillance fears
hpttps://www.theguardian.com/technology/2020/jul/02/earn-it-act-online-privacy-surveillance
The Earn It Act, described as an effort to address sexual exploitation, could threaten encryption practices, opponents say
A US Senate bill that critics say would enable widespread censorship and surveillance has taken a significant step towards becoming law, raising alarm among internet freedom advocates.
The Senate judiciary committee voted on Thursday to advance the Earn It Act
The “Eliminating Abuse and Rampant Neglect of Interactive Technology” (Earn It) Act was introduced in March by the South Carolina Republican Lindsey Graham, Democrat Richard Blumenthal of Connecticut, Republican Josh Hawley of Missouri, and Democrat Dianne Feinstein of California to address what lawmakers characterized as “the rapid increase of child sexual abuse material on prominent online platforms”.
The bill would weaken protections under Section 230, a measure that has historically shielded internet publishers from legal responsibility for the content shared on their sites. It would also allow individuals to sue tech companies that don’t take “proper steps” to prevent online child exploitation. Those steps would be determined by a 19-member panel of unelected officials, mostly law enforcement, who would impose a set of “best practices” that websites and online forums would have to follow, or risk getting shut down.
Tomi Engdahl says:
Brave Browser leaves behind history even after clearing it
https://www.techworm.net/2020/07/brave-browser-history-clearing.html
The Chromium-based web Brave Browser is not your safest bet for a quick browsing session following by hitting the cleaning button to clear out the history.
Brave browser has been caught by a user leaving traces of history, as reported by a user on Github, and later someone posted it on Reddit.
Tomi Engdahl says:
Paul Mozur / New York Times:
Facebook, Telegram, Google, and Twitter say they have suspended requests for user data from Hong Kong police, following a new national security law by China — The social network said it would review the city’s punitive new national security law, a rare public questioning of Chinese policy by a large American tech company.
TikTok to Withdraw From Hong Kong as Tech Giants Halt Data Requests
https://www.nytimes.com/2020/07/06/technology/tiktok-google-facebook-twitter-hong-kong.html
Google, Facebook and Twitter said they were reviewing China’s punitive new national security law for the city, a rare public questioning of Chinese policy by major American tech companies.
Tomi Engdahl says:
Google removed these apps from the Play Store, now you should delete them from your phone
https://www.phonearena.com/news/dangerous-android-apps-removed-delete-from-your-smartphone_id125740
Tomi Engdahl says:
F5 Networks Vulnerability Comes Under Active Exploit Right After Disclosure
Attribution link: https://latesthackingnews.com/2020/07/07/f5-networks-vulnerability-comes-under-active-exploit-right-after-disclosure/
Tomi Engdahl says:
Catalin Cimpanu / ZDNet:
US Secret Service warns it has seen an increase in hackers targeting managed service providers, which provide remote management software for companies
US Secret Service reports an increase in hacked managed service providers (MSPs)
https://www.zdnet.com/article/us-secret-service-reports-an-increase-in-hacked-managed-service-providers-msps/
US Secret Service says hackers are breaching MSPs to orchestrate ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams.
Tomi Engdahl says:
Should Ex-CIA Spies Be Hacking for Enemy States? | Opinion
https://www.google.com/amp/s/www.newsweek.com/should-ex-cia-spies-hacking-enemy-states-opinion-1515361%3famp=1
America’s cyber-warfare capabilities are second to none. Since 9/11, we have spent lavishly on the intelligence infrastructure that enables us to intrude into nearly anyone’s electronic communications, all over the world. While civil libertarians have long warned, correctly, against government surveillance abuses, the military and intelligence communities have nevertheless trained and cultivated thousands of very capable hackers.
But what happens when these hackers leave government service and wage cyber-war in the private sector, on behalf of well-heeled clients? What happens when these frightening powers are put in the service of enemy states that are sponsors of terrorism and extremism—and then target American citizens?
Americans may soon find out.
A shadowy firm comprised of former U.S. intelligence and cyber-warfare experts was paid at least $100 million to conduct elaborate, years-long campaigns of hacking, surveillance and defamation against American opponents of Qatar and the Muslim Brotherhood, according to new legal documents filed last week in a New York court.
Tomi Engdahl says:
Wikileaks-Style DDoSecrets’ Primary Download Server Seized By German Authorities
https://www.techworm.net/2020/07/ddosecrets-server-seized-german-authorities.html