This posting is here to collect cyber security news September 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
251 Comments
Tomi Engdahl says:
Don’t pay the ransom, mate. Don’t even fix a price, say Australia’s cyber security bods
Better yet – do the basics and your systems won’t get encrypted in the first place
https://www.theregister.com/2020/09/12/follow_security_basics_and_you/
Tomi Engdahl says:
Magecart Attack Impacts More Than 10K Online Shoppers
https://threatpost.com/magecart-campaign-10k-online-shoppers/159216/
Close to 2,000 e-commerce sites were infected over the weekend with a
payment-card skimmer, maybe the result of a zero-day exploit.
Tomi Engdahl says:
Alert (AA20-258A) – Chinese Ministry of State Security-Affiliated
Cyber Threat Actor Activity
https://us-cert.cisa.gov/ncas/alerts/aa20-258a
The Cybersecurity and Infrastructure Security Agency (CISA) has
consistently observed Chinese Ministry of State Security
(MSS)-affiliated cyber threat actors using publicly available
information sources and common, well-known tactics, techniques, and
procedures (TTPs) to target U.S. Government agencies.. see also
https://www.zdnet.com/article/cisa-chinese-state-hackers-are-exploiting-f5-citrix-pulse-secure-and-exchange-bugs/
Tomi Engdahl says:
New BlindSide attack uses speculative execution to bypass ASLR
https://www.zdnet.com/article/new-blindside-attack-uses-speculative-execution-to-bypass-aslr/
New BlindSide technique abuses the CPU’s internal performance-boosting
feature to bypass OS security protection.
Tomi Engdahl says:
Hundreds of Magento Stores Hacked Daily in Major Skimming Campaign
https://www.securityweek.com/hundreds-magento-stores-hacked-daily-major-skimming-campaign
Thousands of Magento-powered online stores have been hacked over the past few days as part of a skimming campaign that has been described as the “largest ever.”
The attack is being monitored by Sansec, a Netherlands-based cybersecurity company that specializes in solutions designed to counter digital skimming. Sansec on Monday reported seeing nearly 2,000 Magento stores that have been compromised as part of this campaign since Friday — over 1,000 stores were hacked on Saturday, more than 600 on Sunday, and over 200 so far on Monday.
A majority of the impacted sites were powered by Magento 1, but some were running Magento 2.
Sansec says this is the largest automated campaign it has seen to date since 2015, when it started monitoring the threat landscape.
“The previous record was 962 hacked stores in a single day in July last year,” the company explained in a blog post. “The massive scope of this weekend’s incident illustrates increased sophistication and profitability of web skimming. Criminals have been increasingly automating their hacking operations to run web skimming schemes on as many stores as possible.”
Tomi Engdahl says:
Northern Virginia School System Hacked, Data Held for Ransom
https://www.securityweek.com/northern-virginia-school-system-hacked-data-held-ransom
Tomi Engdahl says:
Vulnerabilities Expose Thousands of MobileIron Servers to Remote Attacks
https://www.securityweek.com/vulnerabilities-expose-thousands-mobileiron-servers-remote-attacks
Researchers have disclosed the details of several potentially serious vulnerabilities affecting MobileIron’s mobile device management (MDM) solutions, including a flaw that can be exploited by an unauthenticated attacker for remote code execution on affected servers.
The vulnerabilities were identified by researchers at security consulting firm DEVCORE and they were reported to MobileIron in early April. Patches were released on June 15 and the vendor released an advisory on July 1.
The security holes can be exploited for remote code execution (CVE-2020-15505), to read arbitrary files from a targeted system (CVE-2020-15507), and bypass authentication mechanisms remotely (CVE-2020-15506). Affected products include MobileIron Core (version 10.6 and earlier), MobileIron Sentry, MobileIron Cloud, Enterprise Connector, and Reporting Database.
Tomi Engdahl says:
David Gilbert / VICE:
Activists say ethnic violence in Ethiopia in recent months has been supercharged by hate speech on Facebook; company says it has increased monitoring of content — Want the best of VICE News straight to your inbox? Sign up here. — Throughout his life, Ethiopian singer Hachalu Hundessa sang about love …
Hate Speech on Facebook Is Pushing Ethiopia Dangerously Close to a Genocide
https://www.vice.com/en_us/article/xg897a/hate-speech-on-facebook-is-pushing-ethiopia-dangerously-close-to-a-genocide
Ethnic violence set off by the assassination of a popular singer has been supercharged by hate speech and incitements shared widely on the platform.
Tomi Engdahl says:
Here Are Detailed Photos of iPhone Unlocking Tech GrayKey
New pictures of the outside—and inside—of the GrayKey iPhone unlocking device have been published by the FCC.
https://www.vice.com/en_us/article/v7gkpx/graykey-grayshift-photos-iphone-unlocking-tech
Tomi Engdahl says:
Windows Exploit Released For Microsoft Zerologon Flaw
https://threatpost.com/windows-exploit-microsoft-zerologon-flaw/159254/
Security researchers and U.S. government authorities alike are urging
admins to address Microsofts critical privilege escalation flaw..
Proof-of-concept (PoC) exploit code has been released for a Windows
flaw, which could allow attackers to infiltrate enterprises by gaining
administrative privileges, giving them access to companies Active
Directory domain controllers (DCs).. The vulnerability, dubbed
Zerologon, is a privilege-escalation glitch (CVE-2020-1472) with a
CVSS score of 10 out of 10, making it critical in severity. The flaw
was addressed in Microsofts August 2020 security updates.
Tomi Engdahl says:
Iran-Based Threat Actor Exploits VPN Vulnerabilities
https://us-cert.cisa.gov/ncas/alerts/aa20-259a
CISA and FBI are aware of a widespread campaign from an Iran-based
malicious cyber actor targeting several industries mainly associated
with information technology, government, healthcare, financial,
insurance, and media sectors across the United States. . see also
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-259a
Tomi Engdahl says:
How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM
https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
This new post is about my research this March, which talks about how I
found vulnerabilities on a leading Mobile Device Management product
and bypassed several limitations to achieve unauthenticated RCE. All
the vulnerabilities have been reported to the vendor and got fixed in
June.
Tomi Engdahl says:
Not for higher education: cybercriminals target academic & research
institutions across the world
https://blog.checkpoint.com/2020/09/15/not-for-higher-education-cybercriminals-target-academic-research-institutions-across-the-world/
Across the USA, Europe and Asia, there was an increase in the number
of attacks targeting the education and research sector in recent
months.
Tomi Engdahl says:
U.S. Charges Hackers for Defacing Sites in Response to Killing of Qasem Soleimani
https://www.securityweek.com/us-charges-hackers-defacing-sites-response-killing-qasem-soleimani
The United States on Tuesday announced charges against two men from Iran and Palestine accused of defacing websites in response to the killing of Qasem Soleimani.
Qassem Soleimani, a top Iranian military commander, was killed in early January 2020 as part of a drone strike launched by the United States. Many expected Iran to retaliate in cyberspace, but a majority of the attacks that were made public were website defacements, which are considered less sophisticated attacks.
Nevertheless, U.S. authorities have not ignored these cyberattacks and they say some of them were launched by Behzad Mohammadzadeh, aka Mrb3hz4d, who is believed to be a 19-year-old Iranian, and Marwan Abusrour, aka Mrwn007, believed to be a 25-year-old Palestinian.
Tomi Engdahl says:
Chinese Hackers Using Publicly Available Resources in Attacks on U.S. Government
https://www.securityweek.com/chinese-hackers-using-publicly-available-resources-attacks-us-government
Threat actors affiliated with the Chinese Ministry of State Security (MSS) continue to target U.S. government agencies, the Cybersecurity and Infrastructure Security Agency (CISA) says in a new alert.
Published with contribution from the FBI, the alert presents some of the tactics, techniques, and procedures (TTPs) that the Chinese state-sponsored hackers are employing in attacks on the U.S., such as the heavy use of publicly available tools to hinder attribution.
CISA’s alert arrives a couple of months after the U.S. indicted two Chinese hackers for the targeting of organizations in the defense, high-tech manufacturing, engineering, software (business, educational, and gaming), solar energy, and pharmaceuticals sectors for more than ten years.
According to CISA, threat actors affiliated with the Chinese MSS use open-source information in the planning stage of their operations, and engage target networks leveraging readily available exploits and toolkits.
Tomi Engdahl says:
When you browse Instagram and find former Australian Prime Minister Tony Abbott’s passport number
Do not get arrested challenge 2020
https://mango.pdf.zone/finding-former-australian-prime-minister-tony-abbotts-passport-number-on-instagram?fbclid=IwAR3H15iTqQPZ9ZA5VjpJqgmk37O20bExWvAZKx-pfGVXt8_XnroDDt_e37Y
The boarding pass photo
This particular former PM had just posted a picture of his boarding pass on Instagram
“For security reasons, we try to change our Prime Minister every six months, and to never use the same Prime Minister on multiple websites.”
I’d said that people post pictures of their boarding passes all the time, not knowing that it can sometimes be used to get their passport number and stuff.
Meanwhile, some hacker is rubbing their hands together, being all “yumyum identity fraud” in their dark web Discord, because this happens a lot.
The former Prime Minister had just posted his boarding pass. Was that bad? Was someone in danger? I didn’t know.
What I did know was: the least I could do for my country would be to have a casual browse
Oh yes
It’s just there.
At this point I was fairly sure I was looking at the extremely secret government-issued ID of the 28th Prime Minister of the Commonwealth of Australia, servant to her Majesty Queen Elizabeth II and I was kinda worried that I was somehow doing something wrong, but like, not enough to stop.
….anything else in this page?
Well damn, if Tony Abbott’s passport number is in this treasure trove of computer spaghetti, maybe there’s wayyyyy more.
So, there’s a lot going on here. There is indeed a phone number in here. But what the heck is all this other stuff?
I realised this was like… Qantas staff talking to eachother about Tony Abbott, but not to him?
This is messed up for many reasons
What is even going on here? Why do Qantas flight staff talk to eachother via this passenger information field? Why do they send these messages, and your passport number to you when you log in to their website? I’ll never know because I suddenly got distracted with
Tomi Engdahl says:
https://mango.pdf.zone/finding-former-australian-prime-minister-tony-abbotts-passport-number-on-instagram?fbclid=IwAR3H15iTqQPZ9ZA5VjpJqgmk37O20bExWvAZKx-pfGVXt8_XnroDDt_e37Y
Act 2: Do not get arrested challenge 2020
In this act, I, your well-meaning but ultimately incompetent protagonist, attempt to do the following things:
⬜ figure out whether i have done a crime
⬜ notify someone (tony abbott?) that this happened
⬜ get permission to publish this here blog post
⬜ tell qantas about the security issue so they can fix it
Spoilers: This takes almost six months.
Part 1: is it possible that i’ve done a crime
I didn’t think anything I did sounded like a crime, but I knew that sometimes when the other person is rich or famous, things can suddenly become crimes.
My usual defence against being arrested for hacking is making sure the person being hacked is okay with it.
So I was wondering like… was logging in with someone else’s booking reference a crime? Was having someone else’s passport number a crime? What if they were, say, the former Prime Minister? Would I get in trouble for publishing a blog post about it? I mean you’re reading the blog post right now so obviousl
Update: I have been arrested.
Eventually, I was able to divine the following wisdoms from the Times New Roman tea leaves:
Defamation is where you get in trouble for publishing something that makes someone look bad.
But, it’s fine for me to blog about it, since it’s not defamation if you can prove it’s true
Having Tony Abbott’s passport number isn’t a crime
But using it to commit identity fraud would be
There are laws about what it’s okay to do on a computer
The things it’s okay to do are: If u EVER even LOOK at a computer the wrong way, the FBI will instantly slam dunk you in a legal fashion dependent on the legislation in your area
Before I went and told everyone about my HTML frolicking, I spent a week calling legal aid numbers, lawyers, and otherwise trying to figure out if I’d done a crime
During this time, I didn’t tell anyone what I’d done. I asked if any laws would be broken if “someone” had “logged into a website with someone’s publicly-posted password and found the personal information of a former politician”. Do you see how that’s not even a lie? I’m starting to see how lawyers do it.
Based on advice I got from two independent lawyers that was definitely not legal advice: I haven’t done a crime.
Part 2: trying to report the problem to someone, anyone, please
I had Tony Abbott’s passport number, phone number, and weird Qantas messages about him. I was the only one who knew I had these.
Anyone who saw that Instagram post could also have them. I felt like I had to like, tell someone about this. Someone with like, responsibilities. Someone with an email signature.
Surely you just contact Tony Abbott officially
I googled “tony abbott contact”, but there’s only his official website. There’s no phone number on it, only a “contact me” form.
Maybe I knew someone who knew someone
That’s right, the true government channels were the friends we made along the way.
ASD (the Australian flavour of America’s NSA)
emailed ASD, asking for them to call me if they were the right place to tell about this
I also asked whether they could give me permission to publish this blog post, and they were all like “Seen 2:35pm”. Eventually, after another big day of getting left on read by the government, they replied, being all like “thanks kiddO, we’re doing like, an investigation and stuff, so we’ll take it from here”.
Can I write about this?
I asked them if they could give me permission to write this blog post, or who to ask, and they were like “uhhhhhhhhhhh” and gave me two government media email addresses to try. Listen I don’t wanna be an “ummm they didn’t reply to my emAiLs” kinda person buT they simply left me no choice.
Part 3: Telling Qantas the bad news
The security issue
I’m guessing Qantas didn’t want to send the customer their passport number, phone number, and staff comments about them, so I wanted to let them know their website was doing that.
Smoothie evangelism
I wanted to tell them the smoothie thing, but how do I contact them?
Struggles
After filling up my “get left on read” combo meter, I desperately resorted to calling Qantas’ secret media hotline number.
They said the issue was being fixed by Amadeus, the company who makes their booking software, rather than with Qantas itself. I’m not sure if that means other Amadeus customers were also affected, or if it was just the way Qantas was using their software, or what.
It’s common to give companies 90 days to fix the bug, before you publicly disclose it.
Five months later
The world is a completely different place, and Qantas replies to me, saying they fixed the bug. It did take five months, which is why it took so long for you and I to be having this weird textual interaction right now
Tomi Engdahl says:
Billions of devices vulnerable to new ‘BLESA’ Bluetooth security flaw
https://www.zdnet.com/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw/
New BLESA attack goes after the often ignored Bluetooth reconnection
process, unlike previous vulnerabilities, most found in the pairing
operation.
Tomi Engdahl says:
FBI adds 5 Chinese APT41 hackers to its Cyber’s Most Wanted List
https://thehackernews.com/2020/09/apt41-hackers-wanted-by-fbi.html
The United States government today announced charges against 5 alleged
members of a Chinese state-sponsored hacking group and 2 Malaysian
hackers that are responsible for hacking than 100 companies throughout
the world.
Tomi Engdahl says:
LockBit ransomware launches data leak site to double-extort victims
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-launches-data-leak-site-to-double-extort-victims/
The LockBit ransomware gang has launched a new data leak site to be
used as part of their double extortion strategy to scare victims into
paying a ransom.
Tomi Engdahl says:
Cerberus banking Trojan source code released for free to
cyberattackers
https://www.zdnet.com/article/cerberus-banking-trojan-source-code-released-for-free-to-cyberattackers/
An auction designed to net the developer of the Android malware
$100,000 failed.
Tomi Engdahl says:
Worried about bootkits, rootkits, UEFI nasties? Have you tried turning
on Secure Boot, asks the No Sh*! Agency
https://www.theregister.com/2020/09/16/nsa_secureboot_guide/
The NSA has published online a guide for IT admins to keep systems
free of bootkits and rootkits.. see also
https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF
Tomi Engdahl says:
Computer Attack Disables California School District’s System
https://www.securityweek.com/computer-attack-disables-california-school-districts-system
Tomi Engdahl says:
U.S. House Passes IoT Cybersecurity Bill
https://www.securityweek.com/us-house-passes-iot-cybersecurity-bill
The U.S. House of Representatives this week passed the IoT Cybersecurity Improvement Act, a bill whose goal is to improve the security of IoT devices.
First introduced in 2017 and reintroduced in 2019, the IoT Cybersecurity Improvement Act will now have to pass the Senate before it can be signed into law by the president.
The bipartisan legislation is backed by Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.), and Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo). There are also several major cybersecurity and tech companies that support the bill, including BSA, Mozilla, Rapid7, Cloudflare, CTIA and Tenable.
Tomi Engdahl says:
Piratebay.Org Sold For $50,000 At Auction, ThePiratebay.com Up Next
https://yro.slashdot.org/story/20/09/16/2214209/piratebayorg-sold-for-50000-at-auction-thepiratebaycom-up-next?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
Several Pirate Bay-related domains become available again this month after their owner failed to renew the registration. Yesterday, Piratebay.org was sold in a Dropcatch auction for $50,000 and ThePiratebay.com will follow soon. Both domains were previously registered to the official Pirate Bay site.
https://torrentfreak.com/piratebay-org-sold-for-50000-at-auction-thepiratebay-com-up-next-200916/
Tomi Engdahl says:
Ransomwaring hospitals has finally killed someone
German Hospital Hacked, Patient Taken to Another City Dies
https://www.securityweek.com/german-hospital-hacked-patient-taken-another-city-dies
German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.
The Duesseldorf University Clinic’s systems have been disrupted since last Thursday. The hospital said investigators have found that the source of the problem was a hacker attack on a weak spot in “widely used commercial add-on software,” which it didn’t identify.
The hospital said that that “there was no concrete ransom demand.” It added that there are no indications that data is irretrievably lost and that its IT systems are being gradually restarted.
Prosecutors launched an investigation against the unknown perpetrators on suspicion of negligent manslaughter because a patient in a life-threatening condition who was supposed to be taken to the hospital last Friday night was sent instead to a hospital in Wuppertal, a roughly 32-kilometer (20-mile) drive. Doctors weren’t able to start treating her for an hour and she died.
Tomi Engdahl says:
The CEO of a startup that sold fraud prevention software is facing fraud charges after he was arrested Thursday by the FBI in Las Vegas.
CEO Of Cyber Fraud Startup NS8 Arrested By FBI, Facing Fraud Charges
https://www.forbes.com/sites/davidjeans/2020/09/17/ceo-of-cyber-fraud-startup-ns8-arrested-by-fbi-facing-fraud-charges/?utm_source=FBPAGE&utm_medium=social&utm_content=3705590173&utm_campaign=sprinklrForbesMainFB#1edca52f62ed
The CEO of a startup that sold fraud prevention software is facing fraud charges after he was arrested Thursday by the FBI in Las Vegas.
Adam Rogas, who abruptly resigned from NS8 earlier this month, is accused of misleading investors who poured in $123 million to his company earlier this year, a deal in which he allegedly pocketed more than $17 million.
Tomi Engdahl says:
Ransomware attack at German hospital leads to death of patient
https://www.bleepingcomputer.com/news/security/ransomware-attack-at-german-hospital-leads-to-death-of-patient/
A person in a life-threatening condition passed away after being
forced to go to a more distant hospital due to a ransomware attack.
Tomi Engdahl says:
Zerologon hacking Windows servers with a bunch of zeros
https://nakedsecurity.sophos.com/2020/09/17/zerologon-hacking-windows-servers-with-a-bunch-of-zeros/
The big, bad bug of the week is called Zerologon.. As you can probably
tell from the name, it involves Windows everyone else talks about
logging in, but on Windows youve always very definitely logged on and
it is an authentication bypass, because it lets you get away with
using a zero-length password.
Tomi Engdahl says:
Emotet strikes Quebecs Department of Justice: An ESET Analysis
https://www.welivesecurity.com/2020/09/16/emotet-quebec-department-justice-eset/
The cyber attack affects 14 inboxes belonging to the Department of
Justice was confirmed by ESET researchers.
Tomi Engdahl says:
Ransomware warning: Hackers are launching fresh attacks against
universities
https://www.zdnet.com/article/ransomware-warning-hackers-are-launching-fresh-attacks-against-universities/
Cybersecurity agency warns about a spike in ransomware attacks
targeting universities and colleges.
Tomi Engdahl says:
Maze ransomware now encrypts via virtual machines to evade detection
https://www.bleepingcomputer.com/news/security/maze-ransomware-now-encrypts-via-virtual-machines-to-evade-detection/
The Maze ransomware operators have adopted a tactic previously used by
the Ragnar Locker gang; to encrypt a computer from within a virtual
machine.
Tomi Engdahl says:
A New Botnet Attack Just Mozied Into Town
https://securityintelligence.com/posts/botnet-attack-mozi-mozied-into-town/
A relatively new player in the threat arena, the Mozi botnet, has
spiked among Internet of things (IoT) devices, IBM X-Force has
discovered.
Tomi Engdahl says:
U.S. Charges Alleged Hackers of Chinese APT41 Group for Attacks on 100 Firms
https://www.securityweek.com/us-charges-three-iranian-hackers-attacks-satellite-companies
Tomi Engdahl says:
Google Ups Malware Protection for ‘Advanced Protection’ Users
https://www.securityweek.com/google-ups-malware-protection-advanced-protection-users
Google this week announced improved malware protection capabilities for all users who are enrolled in its Advanced Protection Program.
Aimed at providing high-risk users such as politicians and their staff, business executives, journalists, and activists with an additional layer of protection for their accounts, the Advanced Protection Program was launched in October 2017. Any user can enroll to take advantage of the improved security options.
Tomi Engdahl says:
German Hospital Hacked, Patient Taken to Another City Dies
https://www.securityweek.com/german-hospital-hacked-patient-taken-another-city-dies
German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.
Tomi Engdahl says:
Information Disclosure, XSS Vulnerabilities Patched in Drupal
https://www.securityweek.com/information-disclosure-xss-vulnerabilities-patched-drupal
Tomi Engdahl says:
Two Russians Charged Over $17M Cryptocurrency Fraud Scheme
https://www.securityweek.com/two-russians-charged-over-17m-cryptocurrency-fraud-scheme
Tomi Engdahl says:
U.S. Charges Two State-Sponsored Iranian Hackers
https://www.securityweek.com/us-charges-two-state-sponsored-iranian-hackers
Tomi Engdahl says:
CISA Named Top-Level Root CVE Numbering Authority
https://www.securityweek.com/cisa-named-top-level-root-cve-numbering-authority
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been named a Top-Level Root CVE Numbering Authority (CNA) and it will be overseeing CNAs that assign CVE identifiers for vulnerabilities in industrial control systems (ICS) and medical devices.
CNAs are responsible for issuing CVE identifiers for vulnerabilities found in their own or third-party products. A Top-Level Root CNA can not only assign CVEs, but it’s also tasked with managing CNAs in a specific domain or community.
In CISA’s case, it will be in charge of ICS and medical device vendors that are CNAs. Specifically, CISA will ensure that CVE identifiers are assigned properly, it will implement rules and guidelines of the CVE Program, it will resolve disputes, and it will recruit new CNAs.
Initially, CISA will oversee seven CNAs, including Alias Robotics, ABB, [email protected], Johnson Controls, Bosch, Siemens and Gallagher Group.
“Establishing CISA as a Top-Level Root consolidates the vast expertise required to effectively assign CVE IDs to ICS and medical device vulnerabilities and enables the rapid identification and resolution of issues specific to those environments,” said CISA and MITRE.
Tomi Engdahl says:
iOS 14 and iPadOS 14 Patch Vulnerabilities, Introduce New Privacy Features
https://www.securityweek.com/ios-14-and-ipados-14-patch-vulnerabilities-introduce-new-privacy-features
Tomi Engdahl says:
Encrochat Investigation Finds Corrupt Cops Leaking Information To Criminals
https://yro.slashdot.org/story/20/09/17/2132256/encrochat-investigation-finds-corrupt-cops-leaking-information-to-criminals?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29
After searching through some of the tens of millions of encrypted messages pulled from Encrochat devices, Dutch police have launched a new investigation team that will look specifically into corruption, the police force announced on Wednesday. In some cases authorities are looking to identify police who leaked information to organized criminals. The news broadens the scope of the Encrochat investigations, which have focused heavily on drug trafficking and organized crime more generally. Earlier this year, French authorities hacked into Encrochat phones en masse to retrieve message content, and then shared those communications with various other law enforcement agencies.
Encrochat Investigation Finds Corrupt Cops Leaking Information to Criminals
https://www.vice.com/en_us/article/m7jyvx/encrochat-corruption-police
Beyond drug trafficking, the continuing investigations into users of the encrypted phone network Encrochat is increasing to corrupt officials.
Tomi Engdahl says:
Thunderbird implements PGP crypto feature first requested 21 years ago
As Mozilla kills off secure file transfer tool because – shock! – it was being abused
https://www.theregister.com/2020/09/18/mozilla_kills_send_thunderbird_pgp/
Tomi Engdahl says:
Internet Archive’s way cool Wayback Machine gets way more websites in Cloudflare fail-over pact
And Cloudflare customers get way better availability
https://www.theregister.com/2020/09/17/internet_archive_wayback_machine_cloudflare/
Tomi Engdahl says:
Video encoders using Huawei chips have backdoors and bad bugs – and Chinese giant says it’s not to blame
Telecom kit maker points finger in the general direction of Middle Kingdom’s complicated supply chain
https://www.theregister.com/2020/09/17/huawei_iptv_video_encoder_security/
Hardware video encoders from multiple suppliers contain several critical security bugs that allow a remote unauthenticated miscreant to run arbitrary code on the equipment.
In a disclosure published this week, Alexei Kojenov, lead product security engineer at Salesforce, outlined a series of flaws affecting IPTV/H.264/H.265 video encoders powered by the hi3520d chipset from Huawei’s HiSilicon subsidiary. The security holes are present in software, whose developer is unknown, that runs on top of a Linux stack provided by HiSilicon for products using its system-on-chips.
Backdoors and other vulnerabilities in HiSilicon based hardware video encoders
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
Tomi Engdahl says:
Feeling bad about your last security audit? Check out what just happened to the US Department of Interior
It starts with a backpack of $200 of electronics and poor Wi-Fi security
https://www.theregister.com/2020/09/17/dot_pentesers_expose_wifi/
Tomi Engdahl says:
US Department of Inferior security?
“These attacks — which went undetected by security guards and IT security staff as we explored department facilities — were highly successful,”
“Even worse, with regard to two bureaus, our penetration test went far beyond the wireless network at issue and gained access to their internal networks. In addition, we successfully obtained the credentials of a bureau IT employee and were able to use that person’s credentials to log into the bureau’s help desk ticketing system and view the list of tickets assigned to the employee.”
https://www.theregister.com/2020/09/17/dot_pentesers_expose_wifi/
Tomi Engdahl says:
WeChat, TikTok ordered to shut down, TikTok gets Nov 12 stay of execution to leave door open for Oracle deal
https://techcrunch.com/2020/09/18/tiktok-and-wechat-will-be-banned-in-the-u-s-from-sunday/?tpcc=ECFB2020&fbclid=IwAR1TPJpmZhrFBl6Yjim0cVcsJoXzMRo2DtuNExWN6_rI6r7Rvzx-7vRgm0Y&fbclid=IwAR1qsY8G3kSllg4x3kGW_2fXbjAz_toroAUZJMYG3cEbDQFOVv9FdkXbMN0
The Commerce Department has now announced the details of how it will enforce the shutdown of TikTok and WeChat, after announcing in August plans to do so by September 20 over national security concerns. The news is structured along two dates, September 20 and November 12, with TikTok specifically getting an extension that not only keeps its up until after the November 2 U.S. election, but leaves the door open for it to complete a complicated deal with Oracle and partners take control of its U.S. operations without an interruption in service.
https://www.commerce.gov/news/press-releases/2020/09/commerce-department-prohibits-wechat-and-tiktok-transactions-protect
Tomi Engdahl says:
Play stupid games…..win stupid prizes
BBC News – Tony Abbott hacked after posting boarding pass on Instagram
Tony Abbott hacked after posting boarding pass on Instagram
https://www.bbc.com/news/world-australia-54193764
Former Australian Prime Minister Tony Abbott had his phone number and passport details obtained by a hacker after posting a picture of his boarding pass on Instagram.
Hacker Alex Hope said he uncovered Mr Abbott’s details from his Qantas boarding pass in just 45 minutes.
He then spent months attempting to contact Mr Abbott to alert him of the security breach.
Qantas said it had now updated its cyber security protocols.
Mr Abbott posted an image of a boarding pass for his flight from Sydney to Tokyo on 21 March on his Instagram account, thanking the crew.
Mr Hope said he received a message from a friend daring him to hack the former prime minister as they had recently been discussing the dangers of posting your boarding pass online.
Tomi Engdahl says:
This article discloses critical vulnerabilities in IPTV/H.264/H.265 video encoders based on HiSilicon hi3520d hardware. The vulnerabilities exist in the application software running on these devices. All vulnerabilities are exploitable remotely and can lead to sensitive information exposure, denial of service, and remote code execution resulting in full takeover of the device. With multiple vendors affected, and no complete fixes at the time of the publication, these encoders should only be used on fully trusted networks behind firewalls.
Huawei [issued a statement](https://www.huawei.com/en/psirt/security-notices/2020/huawei-sn-20200917-01-hisilicon-en).