Cyber security news July 2022

This posting is here to collect cyber security news in July 2022.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

260 Comments

  1. Tomi Engdahl says:

    British intelligence recycles old argument for thwarting strong encryption: Think of the children!
    Levy and Robinson are at it again
    https://www.theregister.com/2022/07/22/british_encryption_scanning/

    Reply
  2. Tomi Engdahl says:

    New Linux Malware Framework Lets Attackers Install Rootkit on Targeted Systems
    https://thehackernews.com/2022/07/new-linux-malware-framework-let.html

    Reply
  3. Tomi Engdahl says:

    Browser Exploitation: Firefox Integer Overflow – CVE-2011-2371
    https://voidsec.com/browser-exploitation-firefox-cve-2011-2371/

    Reply
  4. Tomi Engdahl says:

    Chromebooks could be banned in schools in entire country due to data policies
    Google will need to make some significant changes if it wants to continue to own the education market with Chromebooks.
    https://www.androidauthority.com/chromebooks-banned-denmark-3187632/

    Reply
  5. Tomi Engdahl says:

    Hackers Distributing Password Cracking Tool for PLCs and HMIs to Target Industrial Systems
    https://thehackernews.com/2022/07/hackers-distributing-password-cracking.html

    The industrial cybersecurity firm said the password retrieval exploit embedded in the malware dropper is designed to recover the credential associated with Automation Direct DirectLOGIC 06 PLC.

    Reply
  6. Tomi Engdahl says:

    Report: Charging Vape Through USB Port Makes Your Computer High
    https://hard-drive.net/report-charging-vape-through-usb-port-makes-your-computer-high/

    “Sure, you can charge these devices via any USB port, but you should know that if you use your computer’s, it gets the thing pretty blitzed,” said lead researcher Chloe Moses. “You might not realize, but if your computer is ever being weird and you don’t understand why, you might have got it high by mistake. If you find your searches on YouTube being incorrectly steered towards ‘Cheech & Chong,’ that’s what’s going on.”

    Users have long wondered if their computers get high when they charge their vape pens through the USB port.

    Reply
  7. Tomi Engdahl says:

    Lada Connect -etäohjausjärjestelmä on kaatunut Venäjällä – syynä vakava määrittelemätön vika https://www.is.fi/autot/art-2000008965340.html

    Reply
  8. Tomi Engdahl says:

    Russian hackers behind SolarWinds breach continue to scour US and European organizations for intel, researchers say
    https://www.cnn.com/2022/07/19/politics/russia-solarwinds-hackers/index.html

    Reply
  9. Tomi Engdahl says:

    Why are McDonald’s Self Service Kiosks so hackable?
    https://ghuntley.com/mcdonalds/

    Reply
  10. Tomi Engdahl says:

    Linux x86 32-bit Is Vulnerable To Retbleed But Don’t Expect It To Get Fixed
    https://www.phoronix.com/news/Linux-x86-Retbleed

    Reply
  11. Tomi Engdahl says:

    Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers
    https://thehackernews.com/2022/07/critical-filewave-mdm-flaws-open.html

    Reply
  12. Tomi Engdahl says:

    Default configuration should be more secure, but less. There are so many exposed open source automaion CI&CD server like jenkins without any authentication process. It’s serious security problem that could access just by open source threat intel
    https://blog.criminalip.io/2022/07/12/open-source-server/

    Reply
  13. Tomi Engdahl says:

    JusTalk’s database had so many messages in it that it was possible to follow users’ entire conversations, including from children who were using the JusTalk Kids app to chat with their parents. https://tcrn.ch/3S1jnrH

    JusTalk spilled millions of user messages and locations for months
    Millions of conversations and call logs were stored in plaintext
    https://techcrunch.com/2022/07/26/justalk-spilled-millions-of-user-messages-and-locations-for-months/

    Popular messaging app JusTalk left a huge database of unencrypted private messages publicly exposed to the internet without a password for months.

    The messaging app has around 20 million international users, while Google Play lists JusTalk Kids, billed as a child-friendly version of its messaging app, has racked up over 1 million Android downloads.

    JusTalk says both its messaging apps are end-to-end encrypted and boasts on its website that “only you and the person you communicate with can see, read or listen to them: Even the JusTalk team won’t access your data!”

    But that isn’t true. A logging database used by the company for keeping track of bugs and errors with the apps was left on the internet without a password, according to security researcher Anurag Sen, who found the exposed database and asked TechCrunch for help in reporting the lapse to the company.

    The database and the hundreds of gigabytes of data inside — hosted on a Huawei-hosted cloud server in China — could be accessed from the web browser just by knowing its IP address. Shodan, a search engine for exposed devices and databases, shows the server was continually storing the most recent month’s worth of logs since at least early January when the database was first exposed.

    A short time after we reported that the app was not end-to-end encrypted as the company claims, the database was shut down.

    Reply
  14. Tomi Engdahl says:

    A database containing data of 5.4 million #Twitter accounts available for sale
    https://securityaffairs.co/wordpress/133593/data-breach/twitter-leaked-data.html
    #securityaffairs #hacking

    Reply
  15. Tomi Engdahl says:

    Discord, Telegram Services Hijacked to Launch Array of Cyberattacks
    Attackers are easily turning popular messaging apps and their associated services — like bots, cloud infrastructure, and CDNs — against users, researchers warn.
    https://www.darkreading.com/application-security/discord-telegram-hijacked-cyberattacks

    Reply
  16. Tomi Engdahl says:

    T-Mobile to pay $500M for one of the largest data breaches in US history [Updated]
    $350 million will go to customers and lawyers.
    https://arstechnica.com/tech-policy/2022/07/t-mobile-to-pay-500m-for-one-of-the-largest-data-breaches-in-us-history/

    When T-Mobile compromised the sensitive personal information of more than 76 million current, former, and prospective customers in 2021, plaintiffs involved in a class action lawsuit complained that the company continued profiting off their data while attempting to cover up “one of the largest and most consequential data breaches in US history.”

    Now, T-Mobile has admitted no guilt but has agreed to pay a $500 million settlement (pending a judge’s approval), out of which $350 million will go to the settlement fund and “at least $150 million” will go toward enhancing its data security measures through 2023.

    Reply
  17. Tomi Engdahl says:

    CNN Exclusive: FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications
    https://edition.cnn.com/2022/07/23/politics/fbi-investigation-huawei-china-defense-department-communications-nuclear/index.html

    Washington (CNN)On paper, it looked like a fantastic deal. In 2017, the Chinese government was offering to spend $100 million to build an ornate Chinese garden at the National Arboretum in Washington DC. Complete with temples, pavilions and a 70-foot white pagoda, the project thrilled local officials, who hoped it would attract thousands of tourists every year.      

    But when US counterintelligence officials began digging into the details, they found numerous red flags. The pagoda, they noted, would have been strategically placed on one of the highest points in Washington DC, just two miles from the US Capitol, a perfect spot for signals intelligence collection, multiple sources familiar with the episode told CNN.  

    Also alarming was that Chinese officials wanted to build the pagoda with materials shipped to the US in diplomatic pouches, which US Customs officials are barred from examining, the sources said.    
    Federal officials quietly killed the project before construction was underway.

    The canceled garden is part of a frenzy of counterintelligence activity by the FBI and other federal agencies focused on what career US security officials say has been a dramatic escalation of Chinese espionage on US soil over the past decade.        
    Since at least 2017, federal officials have investigated Chinese land purchases near critical infrastructure, shut down a high-profile regional consulate believed by the US government to be a hotbed of Chinese spies and stonewalled what they saw as clear efforts to plant listening devices near sensitive military and government facilities.

    Among the most alarming things the FBI uncovered pertains to Chinese-made Huawei equipment atop cell towers near US military bases in the rural Midwest. According to multiple sources familiar with the matter, the FBI determined the equipment was capable of capturing and disrupting highly restricted Defense Department communications, including those used by US Strategic Command, which oversees the country’s nuclear weapons.

    While broad concerns about Huawei equipment near US military installations have been well known, the existence of this investigation and its findings have never been reported.

    It’s unclear if the intelligence community determined whether any data was actually intercepted and sent back to Beijing from these towers. Sources familiar with the issue say that from a technical standpoint, it’s incredibly difficult to prove a given package of data was stolen and sent overseas.   

    But multiple sources familiar with the investigation tell CNN that there’s no question the Huawei equipment has the ability to intercept not only commercial cell traffic but also the highly restricted airwaves used by the military and disrupt critical US Strategic Command communications, giving the Chinese government a potential window into America’s nuclear arsenal.  

    “If it is possible for that to be disrupted, then that is a very bad day,”

    That fall, the Federal Communications Commission initiated a rule that effectively banned small telecoms from using Huawei and a few other brands of Chinese made-equipment. ”The existence of the investigation at the highest levels turned some doves into hawks,” said one former US official.     

    Depending on what the Commerce Department finds, US telecom carriers could be forced to quickly remove Huawei equipment or face fines or other penalties.
    Reuters first reported the existence of the Commerce Department probe.

    US counterintelligence officials have recently made a priority of publicizing threats from China. This month, the US National Counterintelligence and Security Center issued a warning to American businesses and local and state governments about what it says are disguised efforts by China to manipulate them to influence US policy.

    As Huawei equipment began to proliferate near US military bases, federal investigators started taking notice, sources familiar with the matter told CNN. Of particular concern was that Huawei was routinely selling cheap equipment to rural providers in cases that appeared to be unprofitable for Huawei — but which placed its equipment near military assets.      

    Federal investigators initially began “examining [Huawei] less from a technical lens and more from a business/financial view,”

    Officials studied where Huawei sales efforts were most concentrated and looked for deals that “made no sense from a return-on-investment perspective,” Lenkart said.    
    “A lot of [counterintelligence] concerns were uncovered based on” those searches, Lenkart said.   
    By examining the Huawei equipment themselves, FBI investigators determined it could recognize and disrupt DOD-spectrum communications — even though it had been certified by the FCC, according to a source familiar with the investigation.  

    “It’s not technically hard to make a device that complies with the FCC that listens to nonpublic bands but then is quietly waiting for some activation trigger to listen to other bands,” said Eduardo Rojas, who leads the radio spectrum lab at Embry-Riddle Aeronautical University in Florida. “Technically, it’s feasible.” 
    To prove a device had clandestine capabilities, Rojas said, would require technical experts to strip down a device “to the semi-conductor level” and “reverse engineer the design.” But, he said, it can be done.   

    The intelligence community determined the publicly posted live-streams were being viewed and likely captured from China, according to three sources familiar with the matter.

    Reply
  18. Tomi Engdahl says:

    Apple network traffic takes mysterious detour through Russia
    Land of Putin capable of attacking routes in cyberspace as well as real world
    https://www.theregister.com/2022/07/27/apple_networking_traffic_russia_bgp/

    Apple’s internet traffic took an unwelcome detour through Russian networking equipment for about twelve hours between July 26 and July 27.

    In a write-up for MANRS (Mutually Agreed Norms for Routing Security), a public interest group that looks after internet routing, Internet Society senior internet technology manager Aftab Siddiqui said that Russia’s Rostelecom started announcing routes for part of Apple’s network on Tuesday, a practice referred to as BGP (Border Gateway Protocol) hijacking.

    Reply
  19. Tomi Engdahl says:

    Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us
    Turns out they’re not all that rare. We just don’t know how to find them.
    https://arstechnica.com/information-technology/2022/07/researchers-unpack-unkillable-uefi-rootkit-that-survives-os-reinstalls/

    Reply
  20. Tomi Engdahl says:

    Hackers can see what you’re doing in VR via Big Brother malware
    https://venturebeat.com/2022/07/25/hackers-can-see-what-you-are-doing-in-vr-via-big-brother-malware/

    Hackers can see what you’re doing in VR through a piece of malware called Big Brother. Well, sort of. There’s 171 million people worldwide using some sort of VR setup. Some of them are using Android-based systems, like Meta’s Oculus or the HTC Vive.

    Those users are the ones at risk. ReasonLabs identified a new attack vector which can connect remotely to Android-based VR devices and record the headset screen. Once the malware gets into a user’s computer, it lies in wait until the user starts using a device with Developer Mode enabled.

    Reply
  21. Tomi Engdahl says:

    EXCLUSIVE: Anti-vax dating site that let people advertise ‘mRNA FREE’ semen left all its user data exposed
    Some issues have since been fixed after a security researcher discovered numerous vulnerabilities.
    https://www.dailydot.com/debug/anti-vax-dating-site-unjected-data-leak/

    Reply
  22. Tomi Engdahl says:

    Microsoft investigates ongoing Exchange Online, Outlook outage https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-ongoing-exchange-online-outlook-outage/
    Microsoft is investigating an ongoing outage impacting Microsoft 365 services after customers have reported experiencing issues while trying to sign into, access, and receive emails on the outlook.com portal and via Exchange Online.

    Reply
  23. Tomi Engdahl says:

    Pegasus Spyware UsThai activists involved in the country’s pro-democracy protests have had their smartphones infected with the infamous Pegasus government-sponsored spyware https://thehackernews.com/2022/07/pegasus-spyware-used-to-hack-devices-of.html
    At least 30 individuals, spanning activists, academics, lawyers, and NGO workers, are believed to have been infected between October 2020 and November 2021, many of whom have been previously detained, arrested and imprisoned for their political activities or criticism of the government. ed to Hack Devices of Pro-Democracy Activists in Thailand

    Reply
  24. Tomi Engdahl says:

    Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability https://thehackernews.com/2022/07/experts-notice-sudden-surge-in.html
    Researchers from Wordfence have sounded the alarm about a “sudden”
    spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons.
    Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system and relates to an unauthenticated arbitrary file upload that could be abused to gain code execution, permitting attackers to seize control of affected WordPress sites.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*