Cyber security news September 2020

This posting is here to collect cyber security news September 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

cybergedeon_flame_color

251 Comments

  1. Tomi Engdahl says:

    Iranian hackers are selling access to compromised companies on an underground forum
    https://www.zdnet.com/article/iranian-hackers-are-selling-access-to-compromised-companies-on-an-underground-forum/#ftag=RSSbaffb68

    The Iranian hacker group who’s been attacking corporate VPNs for months is now trying to monetize some of the hacked systems by selling access to some networks to other hackers.

    Reply
  2. Tomi Engdahl says:

    FBI warned of how Ring doorbell surveillance can be used against police officers
    https://www.zdnet.com/article/fbi-warned-of-how-ring-doorbell-surveillance-can-be-used-against-police-officers/

    Smart doorbells can provide the police with valuable intelligence — but the network can also be turned against them.

    Leaked documents have revealed the concerns of law enforcement in how Internet of Things (IoT) technology can pose a risk to the safety of police officers.

    For homeowners, an IoT doorbell can provide an additional layer of security at points of entry. For law enforcement, their rapid adoption provides a new stream of intelligence for criminal investigations.

    The Neighborhoods initiative brings Ring doorbells together as part of a wider network that displays installations on a map — highlighting where law enforcement could request footage from residents rather than obtain warrants.

    However, nodes in this network may also be used to push back against the police, according to leaked documents.

    As reported by The Intercept, a 2019 analysis bulletin highlights how IoT footage can be used to corroborate witness statements or alibis, but in turn, smart surveillance technology can also “pose security challenges” for law enforcement.

    Namely, when police officers are considered unwanted visitors.

    “Most IoT devices contain sensors and cameras, which generate an alert or can be remotely accessed by the owner to identify activity in and around an owner’s property,” the bulletin reads. “If used during the execution of a search, potential subjects could learn of LE’s [law enforcement] presence nearby, and LE personnel could have their images captured, thereby presenting risk to their present and future safety.”

    Doorbell Cameras Like Ring Give Early Warning of Police Searches, FBI Warned
    Two leaked documents show how a monitoring tool used by police has been turned against them.
    https://theintercept.com/2020/08/31/blueleaks-amazon-ring-doorbell-cameras-police/

    Reply
  3. Tomi Engdahl says:

    Credit card data smuggled via private Telegram channel
    https://www.bleepingcomputer.com/news/security/credit-card-data-smuggled-via-private-telegram-channel/

    Security researchers noticed that some cybercriminals attacking online stores are using private Telegram channels to steal credit card information from customers making a purchase on victim sites.

    All the information is encrypted using a public key. A Telegram bot then posts the stolen data in a chat as a message.

    Reply
  4. Tomi Engdahl says:

    Norwegian Parliament discloses cyber-attack on internal email system
    https://www.zdnet.com/article/norwegian-parliament-discloses-cyber-attack-on-internal-email-system/

    Norway’s Parliament, Stortinget, says hackers gained access and downloaded content for “a small number of parliamentary representatives and employees.”

    The Norwegian Parliament (Stortinget) said on Tuesday that it fell victim to a cyber-attack that targeted its internal email system.

    In a press release today, Stortinget director Marianne Andreassen said that hackers breached email accounts for elected representatives and employees alike, from where they stole various amounts of information.

    Norway’s intelligence agency is currently investigating the incident

    Local press, who first broke the story about the attacks, also reported that the parliament’s IT staff has shut down its email service to prevent the hackers from siphoning more data.

    IT-angrep mot Stortinget
    https://stortinget.no/no/Hva-skjer-pa-Stortinget/Nyhetsarkiv/Pressemeldingsarkiv/2019-2020/it-angrep-mot-stortinget/

    Reply
  5. Tomi Engdahl says:

    Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks
    https://isc.sans.edu/forums/diary/Exposed+Windows+Domain+Controllers+Used+in+CLDAP+DDoS+Attacks/26526/
    LDAP, like many UDP based protocols, has the ability to send responses
    that are larger than the request. With UDP not requiring any handshake
    before data is sent, these protocols make ideal amplifiers for
    reflective distributed denial of service attacks. Most commonly, these
    attacks abuse DNS and we have talked about this in the past. But LDAP
    is another protocol that is often abused. Some of our honeypots have
    been seeing a small number of the reflected packets from these
    attacks. In investigating them, we noticed that many of them appear to
    come from exposed windows domain controllers. Windows domain
    controllers do use LDAP for active directory and support
    connectionless LDAP (CLDAP) out of the box. CLDAP is part of the issue
    here as it supports UDP. So what should you do? I do not know of a
    good reason to allow clear text LDAP (Port 389, not LDAP over TLS)
    across your perimeter. Close that port!

    Reply
  6. Tomi Engdahl says:

    DLL Fixer leads to Cyrat Ransomware
    https://www.gdatasoftware.com/blog/cyrat-ransomware
    A new ransomware uses an unusual symmetric encryption method named
    “Fernet”. It is Python based and appends.CYRAT to encrypted files. As
    it is often the case with brand new malware discoveries, this sample
    is buggy and not yet ready to infect any system because it crashes in
    it’s current state. However, the threat actor’s reply shows they are
    active and might have already published versions that work.

    Reply
  7. Tomi Engdahl says:

    Facebook and Google drop plans for underwater cable to Hong Kong after
    security warnings
    https://www.zdnet.com/article/facebook-and-google-drop-plans-for-underwater-cable-to-hong-kong-after-security-warnings/
    The Pacific Light Cable Network (PLCN), an ambitious underwater data
    cable project partly owned by Facebook and Google, won’t be connecting
    Los Angeles to Hong Kong after all. The FCC warned that linking Los
    Angeles to Hong Kong could harm national security.

    Reply
  8. Tomi Engdahl says:

    Facebook Nabs Russia-Linked Campaign to Fuel US Chaos
    https://www.securityweek.com/facebook-nabs-russia-linked-campaign-fuel-us-chaos

    Facebook on Tuesday said that it caught a budding Russia-linked campaign to fuel political chaos in the US, working off a tip from the FBI in its latest take-down of coordinated inauthentic behavior at the leading social network.

    The network of 13 Facebook accounts and two pages posing as journalists and targeting left-wing progressives was removed for violating a policy against “foreign interference” at the platform.

    The investigation that uncovered the covert operation, which was linked to the Internet Research Agency in Russia (IRA), started with a tip from the Federal Bureau of Investigation, according to Facebook head of security policy Nathaniel Gleicher.

    The network was in the early stages of building an audience, with little engagement from users, Facebook said.

    “They put substantial effort into creating elaborate fictitious personas, trying to make fake accounts look as real as possible,” Gleicher said while briefing reporters.

    Reply
  9. Tomi Engdahl says:

    Cisco Says Hackers Targeting Zero-Days in Carrier-Grade Routers
    https://www.securityweek.com/cisco-says-hackers-targeting-zero-days-carrier-grade-routers

    Cisco has warned that hackers are targeting not one, but two unpatched vulnerabilities in the DVMRP feature of IOS XR software that runs on many carrier-grade routers.

    Over the weekend, the company published an advisory to warn of active attacks targeting a security flaw (CVE-2020-3566) in the Distance Vector Multicast Routing Protocol (DVMRP) feature of IOS XR to cause memory exhaustion denial of service (DoS).

    On Monday, the tech giant has updated the advisory to add another CVE to it, namely CVE-2020-3569, which impacts the very same feature and has similar consequences.

    Reply
  10. Tomi Engdahl says:

    American Payroll Association User Data Stolen in Skimmer Attack
    https://www.securityweek.com/american-payroll-association-user-data-stolen-skimmer-attack

    The American Payroll Association (APA) says user information was stolen after attackers managed to inject a skimmer on its website.

    A payroll education, publications, and training provider, APA helps professionals increase their skill, offering payroll conferences and seminars, resources, and certification. APA has over 20,000 members.

    Reply
  11. Tomi Engdahl says:

    Aamir Siddiqui / XDA Developers:
    ZTE announces 6.92″ Axon 20 5G, with a camera under the display and Snapdragon 765G and 4,220 mAh battery, starting at ~$322 only in China

    ZTE announces the first smartphone with a camera under the display: the Axon 20 5G
    https://www.xda-developers.com/zte-axon-20-5g-china-launch-first-smartphone-under-display-camera/

    Reply
  12. Tomi Engdahl says:

    Donie O’Sullivan / CNN:
    Facebook says, after an FBI tip, it took down several Pages and accounts pushing a fake left-wing news outlet made by people linked to Russian troll group IRA — New York (CNN Business)People associated with the infamous St. Petersburg troll group that was part of Russia’s attempt to interfere

    After FBI tip, Facebook says it uncovered Russian meddling
    https://edition.cnn.com/2020/09/01/tech/russian-troll-group-facebook-campaign/

    Reply
  13. Tomi Engdahl says:

    Virtual Black Hat 2020 – The Latest in Security, From the Comfort of Your Armchair
    https://www.securityweek.com/virtual-black-hat-2020-latest-security-comfort-your-armchair

    Reply
  14. Varun Sharma says:

    The article is very nice. Keep going.

    Reply
  15. Tomi Engdahl says:

    Hackers are exploiting a critical flaw affecting >350,000 WordPress sites
    Flaw is in File Manager, a plugin with more than 700,000 users; 52% are affected.
    https://arstechnica.com/information-technology/2020/09/hackers-are-exploiting-a-critical-flaw-affecting-350000-wordpress-sites/

    Hackers are actively exploiting a vulnerability that allows them to execute commands and malicious scripts on Websites running File Manager, a WordPress plugin with more than 700,000 active installations, researchers said on Tuesday. Word of the attacks came a few hours after the security flaw was patched.

    Attackers are using the exploit to upload files that contain webshells that are hidden in an image. From there, they have a convenient interface that allows them to run commands in plugins/wp-file-manager/lib/files/, the directory where the File Manager plugin resides. While that restriction prevents hackers from executing commands on files outside of the directory, hackers may be able to exact more damage by uploading scripts that can carry out actions on other parts of a vulnerable site.

    Reply
  16. Tomi Engdahl says:

    Companies continue to expose unsafe network services to the internet
    https://www.helpnetsecurity.com/2020/09/02/companies-continue-to-expose-unsafe-network-services-to-the-internet/
    33% of companies within the digital supply chain expose common network
    services such as data storage, remote access and network
    administration to the internet, according to RiskRecon. In addition,
    organizations that expose unsafe services to the internet also exhibit
    more critical security findings. The research is based on an
    assessment of millions of internet-facing systems across approximately
    40, 000 commercial and public institutions. The data was analyzed in
    two strategic ways: the direct proportion of internet-facing hosts
    running unsafe services, as well as the percentage of companies that
    expose unsafe services somewhere across their infrastructure.

    Reply
  17. Tomi Engdahl says:

    Operation PowerFall: CVE-2020-0986 and variants
    https://securelist.com/operation-powerfall-cve-2020-0986-and-variants/98329/
    In August 2020, we published a blog post about Operation PowerFall.
    This targeted attack consisted of two zero-day exploits: a remote code
    execution exploit for Internet Explorer 11 and an elevation of
    privilege exploit targeting the latest builds of Windows 10. While we
    already described the exploit for Internet Explorer in the original
    blog post, we also promised to share more details about the elevation
    of privilege exploit in a follow-up post. Let’s take a look at
    vulnerability CVE-2020-0986, how it was exploited by attackers, how it
    was fixed and what additional mitigations were implemented to
    complicate exploitation of many other similar vulnerabilities.

    Reply
  18. Tomi Engdahl says:

    KryptoCibule: The multitasking multicurrency cryptostealer
    https://www.welivesecurity.com/2020/09/02/kryptocibule-multitasking-multicurrency-cryptostealer/
    ESET researchers have uncovered a hitherto undocumented malware family
    that we named KryptoCibule. This malware is a triple threat in regard
    to cryptocurrencies. It uses the victim’s resources to mine coins,
    tries to hijack transactions by replacing wallet addresses in the
    clipboard, and exfiltrates cryptocurrency-related files, all while
    deploying multiple techniques to avoid detection. KryptoCibule makes
    extensive use of the Tor network and the BitTorrent protocol in its
    communication infrastructure.

    Reply
  19. Tomi Engdahl says:

    Cloud firewall management API SNAFU put 500k SonicWall customers at
    risk
    https://www.pentestpartners.com/security-blog/cloud-firewall-management-api-snafu-put-500k-sonicwall-customers-at-risk/
    I found a security issue so serious that we then spent £££ on our own
    SonicWall products in order to independently validate the issue, to be
    certain it wasn’t just our client that was affected. What I discovered
    was a trivial method to compromise every single cloud managed device
    attached to mysonicwall.com, affecting around 1.9 million user groups
    across hundreds of thousands of organisations. At least 10 million
    individual devices were affected. Disclosure was initially very
    positive, then went rapidly downhill as SonicWall procrastinated with
    a fix and refused to take down the vulnerable functionality in the
    meantime, knowingly leaving their customers exposed for a full 17
    days.

    Reply
  20. Tomi Engdahl says:

    AlphaBay Market: Dark Web Moderator Receives 11 Years Imprisonment
    https://darkweblink.com/alphabay-moderator-sentenced/
    An Alphabay moderator who was held responsible for moderating the
    content on the now-defunct darknet market, AlphaBay has been sentenced
    imprisonment until 2031.

    Reply
  21. Tomi Engdahl says:

    Inter: The Magecart Skimming Tool Now on More than 1, 500 Sites
    https://www.riskiq.com/blog/external-threat-management/inter-skimmer/
    Digital web skimming attacks continue to increase. By now, anyone
    running an e-commerce shop is aware of the dangers of groups like
    Magecart, which infect a website every 16 minutes. However, to truly
    understand these skimmer groups, you have to understand the tools of
    the trade. The Inter Skimmer kit is one of today’s most common and
    widely used digital skimming solutions globally. It has been involved
    in some of the most high-profile magecart attacks to date, most
    notably Group 7′s breach of the Nutribullet website. RiskIQ has
    identified more than 1, 500 sites compromised by the Inter skimmer,
    but the data theft tool is still misunderstood by those tasked with
    defending their organization against it. To demystify Inter, RiskIQ
    tapped our unmatched body of research into Magecart and its dozens of
    groups, open-source intelligence (OSINT), and our global internet
    telemetry.

    Reply
  22. Tomi Engdahl says:

    Using assert() to Execute Malware in PHP 7 Environments
    https://blog.sucuri.net/2020/09/using-assert-to-execute-malware-php-7.html
    During a recent investigation, our team stumbled across some malicious
    code which is used to inject a.user.ini file into a PHP 7 environment
    and add zend.assertions = 1. Once this injection is accomplished, bad
    actors can leverage PHP’s assert() function to execute any malicious
    code they like.

    Reply
  23. Tomi Engdahl says:

    Android security: Six more apps containing Joker malware removed from
    the Google Play Store
    https://www.zdnet.com/article/android-security-six-more-apps-containing-joker-malware-removed-from-the-google-play-store/
    Cybersecurity researchers have unmasked six applications on the Google
    Play store with a combined total of over 200, 000 downloads in yet
    another example of the highly persistent malware that has been
    plaguing Android users for the past three years.

    Reply
  24. Tomi Engdahl says:

    Homeland Security demands a 911 for reporting security holes in federal networks: ‘Vulns in internet systems cause real-world impacts’
    Great – and who will be the first responders?
    https://www.theregister.com/2020/09/03/us_bug_bounty/

    The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday ordered US federal agencies outside the defense and intelligence communities to develop a working vulnerability disclosure policy.

    In an online memo, Bryan Ware, Assistant Director for Cybersecurity at CISA, described a scenario of walking in one’s neighborhood and calling emergency services upon seeing a house engulfed in flames.

    The government, he suggested, would benefit if people could take similar action upon finding a security flaw in a federal website. But many government websites don’t advertise how to raise the alarm or offer any assurance that vulnerability reports are welcome.

    “An open redirect – which can be used to give off-site malicious content the appearance of legitimacy – may not be on par with a fire, yet serious vulnerabilities in internet systems cause real-world, negative impacts every day,” he said.

    Reply
  25. Tomi Engdahl says:

    Sean Lyngaas / CyberScoop:
    DHS mandates US agencies have vulnerability disclosure programs within six months that will expand to cover all internet-accessible systems within two years — Out of scores of federal civilian agencies, only a handful of them have official programs to work with outside security researchers …

    CISA orders agencies to set up vulnerability disclosure programs
    https://www.cyberscoop.com/cisa-vulnerability-disclosure-directive-omb/

    Out of scores of federal civilian agencies, only a handful of them have official programs to work with outside security researchers to find and fix software bugs — a process that is commonplace in the private sector.

    Now, to put an end to the feet-dragging, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is giving agencies six months to set up the programs, known as vulnerability disclosure policies (VDPs).

    CISA on Wednesday issued a directive requiring agencies to establish VDPs that foreswear legal action against researchers who act in good faith, allow participants to submit vulnerability reports anonymously and cover at least one internet-accessible system or service. It’s the latest sign that federal officials are warming to white-hat hackers from various walks of life.

    “We believe that better security of government computer systems can only be realized when the people are given the opportunity to help,” CISA Assistant Director Bryan S. Ware said in announcing the directive.

    Binding Operational Directive 20-01
    September 2, 2020
    Develop and Publish a Vulnerability Disclosure Policy
    https://cyber.dhs.gov/bod/20-01/

    Reply
  26. Tomi Engdahl says:

    COVID-tracing Framework Privacy Busted By Bluetooth
    https://hackaday.com/2020/09/03/covid-tracing-framework-privacy-busted-by-bluetooth/

    [Serge Vaudenay] and [Martin Vuagnoux] released a video yesterday documenting a privacy-breaking flaw in the Apple/Google COVID-tracing framework, and they’re calling the attack “Little Thumb” after a French children’s story in which a child drops pebbles to be able to retrace his steps. But unlike Hänsel and Gretl with the breadcrumbs, the goal of a privacy preserving framework is to prevent periodic waypoints from allowing you to follow anyone’s phone around. (Video embedded below.)

    The Apple/Google framework is, in theory, quite sound. For instance, the system broadcasts hashed, rolling IDs that prevent tracing an individual phone for more than fifteen minutes. And since Bluetooth LE has a unique numeric address for each phone, like a MAC address in other networks, they even thought of changing the Bluetooth address in lock-step to foil would-be trackers. And there’s no difference between theory and practice, in theory.

    In practice, [Serge] and [Martin] found that a slight difference in timing between changing the Bluetooth BD_ADDR and changing the COVID-tracing framework’s rolling proximity IDs can create what they are calling “pebbles”: an overlap where the rolling ID has updated but the Bluetooth ID hasn’t yet

    https://vimeo.com/453948863

    Reply
  27. Tomi Engdahl says:

    European ISPs report mysterious wave of DDoS attacks
    https://www.zdnet.com/article/european-isps-report-mysterious-wave-of-ddos-attacks/
    Over the past week, multiple ISPs in Belgium, France, and the
    Netherlands reported DDoS attacks that targeted their DNS
    infrastructure. The list of ISPs that suffered attacks over the past
    week includes Belgium’s EDP, France’s Bouygues Télécom, FDN, K-net,
    SFR, and the Netherlands’ Caiway, Delta, FreedomNet, Online.nl,
    Signet, and Tweak.nl. “Multiple attacks were aimed towards routers and
    DNS infrastructure of Benelux based ISPs, ” a spokesperson said. “Most
    of [the attacks] were DNS amplification and LDAP-type of attacks.”.
    “Some of the attacks took longer than 4 hours and hit close to
    300Gbit/s in volume, ” NBIB said.

    Reply
  28. Tomi Engdahl says:

    NO REST FOR THE WICKED: EVILNUM UNLEASHES PYVIL RAT
    https://www.cybereason.com/blog/no-rest-for-the-wicked-evilnum-unleashes-pyvil-rat
    The group’s operations appear to be highly targeted, as opposed to a
    widespread phishing operation, with a focus on the FinTech market by
    way of abusing the Know Your Customer regulations (KYC), documents
    with information provided by clients when business is undertaken.
    Since its first discovery, the group’s mainly targeted different
    companies across the UK and EU.

    Reply
  29. Tomi Engdahl says:

    COVID-tracing Framework Privacy Busted By Bluetooth
    https://hackaday.com/2020/09/03/covid-tracing-framework-privacy-busted-by-bluetooth/

    [Serge Vaudenay] and [Martin Vuagnoux] released a video yesterday documenting a privacy-breaking flaw in the Apple/Google COVID-tracing framework, and they’re calling the attack “Little Thumb” after a French children’s story in which a child drops pebbles to be able to retrace his steps. But unlike Hänsel and Gretl with the breadcrumbs, the goal of a privacy preserving framework is to prevent periodic waypoints from allowing you to follow anyone’s phone around. (Video embedded below.)

    The Apple/Google framework is, in theory, quite sound. For instance, the system broadcasts hashed, rolling IDs that prevent tracing an individual phone for more than fifteen minutes. And since Bluetooth LE has a unique numeric address for each phone, like a MAC address in other networks, they even thought of changing the Bluetooth address in lock-step to foil would-be trackers. And there’s no difference between theory and practice, in theory.

    In practice, [Serge] and [Martin] found that a slight difference in timing between changing the Bluetooth BD_ADDR and changing the COVID-tracing framework’s rolling proximity IDs can create what they are calling “pebbles”: an overlap where the rolling ID has updated but the Bluetooth ID hasn’t yet.

    https://vimeo.com/453948863

    Reply
  30. Tomi Engdahl says:

    Authorities have arrested a 16-year-old they say launched a rudimentary distributed denial-of-service attack against Miami-Dade County schools. Despite using Low Orbit Ion Cannon, a dated DDoS tool that most systems should have little trouble handling, the Florida teen was able to disrupt remote learning in the district for several days.

    Security News This Week: A Florida Teen Allegedly Shut Down Remote School With a DDoS Attack
    https://www.wired.com/story/florida-teen-ddos-school-amazon-labor-surveillance-security-news/

    Plus: Predictive policing taken even farther, Amazon surveillance of private Facebook groups, and more of the week’s top security news.

    Reply
  31. Tomi Engdahl says:

    Researchers find a way to spot security fixes from Linux kernel with
    data mining
    https://www.theregister.com/2020/09/04/linux_kernel_flaws/
    Researchers affiliated with BMW, Siemens, and two German universities
    have found that they can detect Linux kernel security fixes before
    they get released, insight that could allow miscreants to develop and
    deploy exploit code for which there’s no defense. In an
    ArXiv-distributed paper titled, “The Sound of Silence: Mining Security
    Vulnerabilities from Secret Integration Channels in Open-Source
    Projects, ” researchers outline a data mining scheme that amounts to a
    side channel attack on the open source vulnerability disclosure
    process. PDF: https://arxiv.org/pdf/2009.01694.pdf

    Reply
  32. Tomi Engdahl says:

    Cybersecurity – the new dimension of automotive quality
    https://www.kaspersky.com/blog/cybersecurity-automotive/36924/
    Modern computerized car require a secure-by-design platform. And
    that’s just what we’ve come up with. A car today is basically a
    specialized computer – a ‘cyber-brain’, controlling the
    mechanics-and-electrics we traditionally associate with the word ‘car’
    - – the engine, the brakes, the turn indicators, the windscreen wipers,
    the air conditioner, and in fact everything else.

    Reply
  33. Tomi Engdahl says:

    Ransomware attack halts Argentinian border crossing for four hours
    https://www.bleepingcomputer.com/news/security/ransomware-attack-halts-argentinian-border-crossing-for-four-hours/
    Argentina’s official immigration agency, Dirección Nacional de
    Migraciones, suffered a Netwalker ransomware attack that temporarily
    halted border crossing into and out of the country. The ransomware
    demanded $4 million and leaked data from the breach online.

    Reply
  34. Tomi Engdahl says:

    Visa warns of new Baka credit card JavaScript skimmer
    https://www.bleepingcomputer.com/news/security/visa-warns-of-new-baka-credit-card-javascript-skimmer/
    Visa issued a warning regarding a new JavaScript e-commerce skimmer
    known as Baka that will remove itself from memory after exfiltrating
    stolen data. The credit card stealing script was discovered by
    researchers with Visa’s Payment Fraud Disruption (PFD) initiative in
    February 2020 while examining a command and control (C2) server that
    previously hosted an ImageID web skimming kit.

    Reply
  35. Tomi Engdahl says:

    Threema E2EE chat app to go ‘fully open source’ within months
    https://www.zdnet.com/article/threema-e2ee-chat-app-to-go-fully-open-source-within-months/
    Threema, which is one of a handful of instant messaging services that
    support end-to-end encryption (E2EE) between users, is the third
    service to go open source, after Signal and Wickr.

    Reply
  36. Tomi Engdahl says:

    An easy-to-exploit vulnerability in a popular WordPress plugin has triggered an internet-wide hacking spree.

    Millions of WordPress sites are being probed & attacked with recent plugin bug
    https://www.zdnet.com/article/millions-of-wordpress-sites-are-being-probed-attacked-with-recent-plugin-bug/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook

    An easy-to-exploit vulnerability in a popular WordPress plugin has triggered an internet-wide hacking spree.

    Reply
  37. Tomi Engdahl says:

    Security News This Week: A Florida Teen Allegedly Shut Down Remote School With a DDoS Attack
    https://www.wired.com/story/florida-teen-ddos-school-amazon-labor-surveillance-security-news/

    Reply
  38. Tomi Engdahl says:

    Windows 10 low-effort zero-day in Hyper-V / Windows Sandbox enabled
    computers
    https://www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/
    A reverse engineer discovered a new zero-day vulnerability in most
    Windows 10 editions, which allows creating files in restricted areas
    of the operating system – e.g. under system32. The researcher told
    BleepingComputer that the vulnerable component is ‘storvsp.sys’
    (Storage VSP – Virtualization Service Provider), a server-side Hyper-V
    component.

    Reply
  39. Tomi Engdahl says:

    Chilean bank shuts down all branches following ransomware attack
    https://www.zdnet.com/article/chilean-bank-shuts-down-all-branches-following-ransomware-attack/
    All BancoEstado branches will remain closed on Monday, September 7,
    and possibly more days. Details about the attack have not been made
    public, but a source close to the investigation told ZDNet that the
    bank’s internal network was infected with the REvil (Sodinokibi)
    ransomware.

    Reply
  40. Tomi Engdahl says:

    Money from bank hacks rarely gets laundered through cryptocurrencies
    https://www.zdnet.com/article/money-from-bank-hacks-rarely-gets-laundered-through-cryptocurrencies/
    Despite being considered a cybercrime haven, cryptocurrencies play a
    very small role in laundering funds obtained from bank hacks; the
    SWIFT financial organization said in a report last week. These funds
    are usually laundered using an assortment of techniques, such as money
    mules, front companies, cash businesses, cryptocurrencies, and
    investments back into other forms of crime. Some groups might rely on
    one technique, while others may combine multiple.

    Reply
  41. Tomi Engdahl says:

    New PIN Verification Bypass Flaw Affects Visa Contactless Payments
    https://thehackernews.com/2020/09/emv-payment-card-pin-hacking.html
    The research, published by a group of academics from the ETH Zurich,
    is a PIN bypass attack that allows the adversaries to leverage a
    victim’s stolen or lost credit card for making high-value purchases
    without knowledge of the card’s PIN, and even trick a point of sale
    (PoS) terminal into accepting an unauthentic offline card transaction.
    This, however, doesn’t impact Mastercard, American Express, and JCB.
    Research: https://emvrace.github.io/

    Reply
  42. Tomi Engdahl says:

    FCC estimates it’ll cost $1.8B to remove Huawei, ZTE equipment from US
    networks
    https://www.cnet.com/news/fcc-estimates-itll-cost-1-8b-to-remove-huawei-zte-equipment-from-us-networks/
    The two Chinese tech giants have been designated national security
    threats.

    Reply
  43. Tomi Engdahl says:

    China proposes ‘Global Initiative on Data Security’ forbidding stuff it and Huawei are accused of doing already
    State-sponsored infrastructure hacking, backdoors-by-fiat and even lock-in all out of bounds in draft code
    https://www.theregister.com/2020/09/08/china_global_initiative_on_data_security/

    Reply
  44. Tomi Engdahl says:

    Chun Han Wong / Wall Street Journal:
    China launches global data security initiative to to counter US’ “Clean Network” program, urges countries to oppose “mass surveillance against other states”

    China Launches Initiative to Set Global Data-Security Rules
    Move, unveiled Tuesday is meant to counter U.S. Clean Network effort
    https://www.wsj.com/articles/china-to-launch-initiative-to-set-global-data-security-rules-11599502974?mod=djemalertNEWS

    HONG KONG—China is launching its own initiative to set global standards on data security, countering U.S. efforts to persuade like-minded countries to ringfence their networks from Chinese technology.

    Announcing the initiative on Tuesday at a Beijing seminar on global digital governance, Chinese Foreign Minister Wang Yi cited growing risks to data security and what he characterized as efforts to politicize security issues and smear rival countries on technology matters—in an apparent swipe at Washington.

    To counter such challenges, “it is important to develop a set of international rules on data security that reflect the will and respect the interests of all countries,” Mr. Wang said, according to a transcript of his speech published by China’s Foreign Ministry. The Wall Street Journal reported on Monday that Beijing planned to unveil the initiative.

    Beijing’s initiative comes amid heightened tensions with Washington over issues including trade and technological competition, which has raised the specter of an increasingly bifurcated internet.

    Under its new “Global Initiative on Data Security,” China would call on all countries to handle data security in a “comprehensive, objective and evidence-based manner” and maintain an open, secure and stable supply chain for information and communications technology and services, according to a text released by the Chinese Foreign Ministry.

    It also would urge governments to respect other countries’ sovereignty in how they handle data—in line with Beijing’s vision of “cyber sovereignty,” whereby countries exercise full control over their own corners of the internet.

    The initiative doesn’t mention the U.S. or its Clean Network program. Mr. Wang nonetheless made it clear in his announcement that the move comes in response to the White House effort.

    “Bent on unilateral acts, a certain country keeps making groundless accusations against others in the name of ‘clean’ network and used security as a pretext to prey on enterprises of other countries who have a competitive edge,” Mr. Wang said, according to the transcript. “Such blatant acts of bullying must be opposed and rejected.”

    Reply
  45. Tomi Engdahl says:

    Hidden Linux kernel security fixes spotted before release – by using developer chatter as a side channel
    Data mining of code commits and chat gives hackers a cunning edge
    https://www.theregister.com/2020/09/04/linux_kernel_flaw_detection/

    Boffins affiliated with BMW, Siemens, and two German universities say they can pinpoint obfuscated Linux kernel security fixes, developed in secret, before they are officially released. This is insight miscreants could use to develop and deploy exploit code before patches are widely available.

    What’s more, the team found that Linux kernel patches are regularly introduced in a way that bypasses public review and discussion, a practice that opens at least a theoretical risk of backdoored code.

    Reply

Leave a Reply to Varun Sharma Cancel reply

Your email address will not be published. Required fields are marked *

*

*