Cyber Security November 2018

This posting is here to collect security alert news in September 2018.

I post links to security vulnerability news to comments of this article.

You are also free to post related links.


  1. Tomi Engdahl says:

    This is PARODY:

    China Unable To Recruit Hackers Fast Enough To Keep Up With Vulnerabilities In U.S. Security Systems

  2. Tomi Engdahl says:

    Urban Massage exposed a huge customer database, including sensitive comments on its creepy clients

    The London, U.K.-based startup — now known as just Urban — left its Google-hosted ElasticSearch database online without a password, allowing anyone to read hundreds of thousands of customer and staff records. Anyone who knew where to look could access, edit or delete the database.

  3. Tomi Engdahl says:

    Dunkin’ Donuts accounts may have been hacked in credential stuffing attack

    Hackers were after user accounts in the company’s rewards points program.

  4. Tomi Engdahl says:

    Hackers can exploit this bug in surveillance cameras to tamper with footage

    Researchers have uncovered a vulnerability which can be used to completely compromise surveillance cameras and feeds.

  5. Tomi Engdahl says:

    GCHQ: We don’t tell tech companies about every software flaw

    UK intelligence service details when it won’t tell vendors that their software is vulnerable to attack and why that is.

  6. Tomi Engdahl says:

    Dell announces security breach

    Company says it detected an intrusion at the start of the month, but financial data was not exposed.

  7. Tomi Engdahl says:

    Sennheiser discloses monumental blunder that cripples HTTPS on PCs and Macs

    Poorly secured certificate lets hackers impersonate any website on the Internet.

  8. Tomi Engdahl says:

    Lenovo to pay $7.3m for installing adware in 750,000 laptops

    In 2015, Beijing based laptop manufacturer and seemingly reliable technology company Lenovo made headlines that its 750,000 laptops had pre-installed adware called VisualDiscovery developed by Superfish.

  9. Tomi Engdahl says:

    Russian Hackers Haven’t Stopped Probing the US Power Grid | WIRED

  10. Tomi Engdahl says:

    People Who Buy Smart Speakers Have Given Up on Privacy, Researchers Find

    Smart speakers raise a number of privacy questions, which owners are choosing to just shrug off.

    Many devices have a mute button that allows the user to turn off the microphone, for example, but the researchers found most users had never used it.

    It was also rare for users to go through their activity logs, where they can review and delete recordings. Instead of using this feature to protect personal privacy, the researchers found users were actually using it to spy on housesitters and babysitters.

  11. Tomi Engdahl says:

    Distributing Malware By Becoming an Admin on an Open-Source Project

    The module “event-stream” was infected with malware by an anonymous someone who became an admin on the project.

    Cory Doctorow points out that this is a clever new attack vector:

    Many open source projects attain a level of “maturity” where no one really needs any new features and there aren’t a lot of new bugs being found, and the contributors to these projects dwindle, often to a single maintainer who is generally grateful for developers who take an interest in these older projects and offer to share the choresome, intermittent work of keeping the projects alive.

    Malware vector: become an admin on dormant, widely-used open source projects

  12. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    Dell says it detected hackers “attempting to extract customer information”, such as customer names, email addresses, and hashed passwords, on Nov. 9

    Dell announces security breach

    Company says it detected an intrusion at the start of the month, but financial data was not exposed.

  13. Tomi Engdahl says:

    US Senate computers will use disk encryption

    New security measure is meant to protect sensitive Senate data on stolen Senate laptops and computers.

  14. Tomi Engdahl says:

    After Microsoft complaints, Indian police arrest tech support scammers at 26 call centers

    Indian police raid 26 call centers, make 63 arrests.

  15. Tomi Engdahl says:

    Google Makes Secure LDAP Generally Available

    Google this week announced the general availability of secure LDAP, after introducing the capability in October at Next ’18 London.

    Allowing customers to manage access to traditional LDAP-based apps and IT infrastructure, it can be used with either G Suite or Cloud Identity, Google’s managed identity and access management (IAM) platform.

    Secure LDAP, the Internet search giant explains, supports management of access to both software-as-a-service (SaaS) apps and traditional LDAP-based apps/infrastructure, regardless of whether on-premises or in the cloud, via a single IAM platform.

    Secure LDAP enables authentication, authorization, and user/group lookups and, because the same user directory is used for both SaaS and LDAP apps, logging into services like G Suite and other SaaS apps is similar to that for traditional applications.

  16. Tomi Engdahl says:

    Zoom Conferencing App Exposes Enterprises to Attacks

    A potentially serious vulnerability discovered by researchers in the Zoom video conferencing application can allow external attackers or malicious insiders to hijack screen controls, spoof chat messages, and remove attendees from a session.

  17. Tomi Engdahl says:

    Brazilian Financial Malware Spreads Beyond National Boundaries

    Brazilian Actors Expand Financial Malware Campaigns to Attack Spanish-Speaking Countries

  18. Tomi Engdahl says:

    Colorado Agency Targeted in Nationwide Ransomware Scheme

    No money was paid and no information was lost during a ransomware cyberattack that exploited a cloud-based vulnerability in the Colorado Department of Transportation’s computer network last spring, officials said Wednesday.

    CDOT was one of several government agencies across the country targeted by two Iranian computer hackers in the sweeping extortion scheme, according to a grand jury indictment filed in New Jersey federal court on Wednesday.

  19. Tomi Engdahl says:

    Indian Police Break Up International Computer Virus Scam

    Indian police said Thursday they have arrested nearly two dozen people on suspicion of defrauding people around the world by sending fake pop-up messages warning them that their computers were infected with a virus and offering to fix the problem at a price.

  20. Tomi Engdahl says:

    AWS Security Hub Aggregates Alerts From Third-Party Tools

    Amazon Web Services on Wednesday announced the launch of AWS Security Hub, a service designed to aggregate and prioritize alerts from AWS and third-party security tools.

    Unveiled at the AWS re:Invent 2018 conference, AWS Security Hub provides organizations a comprehensive view of their security status by consuming, aggregating, organizing and prioritizing data from Amazon GuardDuty, Amazon Inspector, Amazon Macie, and tools from AWS partners.

  21. Tomi Engdahl says:

    Healthcare billing biz AccuDoc ‘fesses up to breach that blabbed 2.65m people’s data

    Names, addresses, social security numbers exposed

  22. Tomi Engdahl says:

    ‘Big picture’ platforms boost fight against online terror activity

    The fight against terrorism-related content and illegal financing online is speeding up thanks to new platforms that join up different internet-scouring technologies to create a comprehensive picture of terrorist activity.

  23. Tomi Engdahl says:

    Middle East, North Africa Cybercrime Ups Its Game—threats/middle-east-north-africa-cybercrime-ups-its-game/d/d-id/1333354

    Ransomware, DDoS extortion, and encrypted communications abound as cybercriminals in the region refine their tradecraft.

    Ransomware infections increased by 233% this past year in the Middle East and North Africa as part of a shift toward more savvy and aggressive cybercrime operations in a region where criminals just last year mostly were sharing malware tools, phony documents, and services for free or on the cheap.

  24. Tomi Engdahl says:

    Symantec comes out in swinging in bitter legal battle over security bug audit conspiracy claims
    Profit driving NSS claims of industry boycott, antivirus makers swear

    Symantec says the biz that accused it of conspiring with others to avoid independent security audits is “less than honest” and driven by a “thirst for profits.”

  25. Tomi Engdahl says:

    GCHQ opens kimono for infosec world to ogle its vuln disclosure process
    Plus: State-backed hacks now need permission from a judge

    On the same day that certain types of British state-backed hacking now need a judge-issued warrant to carry out, GCHQ has lifted the veil and given the infosec world a glimpse inside its vuln-hoarding policies.

    The spying agency’s internal Equities Process is the way by which it decides whether or not to tell tech vendors that its snoopers have discovered a hardware or software vulnerability.

  26. Tomi Engdahl says:

    OneDrive is broken: Microsoft’s cloudy storage drops from the sky for EU users
    Wonderful, wonderful

    It is OneDrive’s turn to get a beating with the stick of fail as the service took a tumble this morning.

  27. Tomi Engdahl says:

    Marriott says 500 million Starwood guest records stolen in massive data breach

    Starwood Hotels has confirmed its hotel guest database of about 500 million customers has been stolen in a data breach.

    The hotel and resorts giant said in a statement filed with U.S. regulators that the “unauthorized access” to its guest database was detected on or before September 10 — but may have dated back as far as 2014.

    “Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014,”

  28. Tomi Engdahl says:

    UPnProxy: EternalSilence

    UPnProxy is alive and well. There are 277,000 devices, out of a pool of 3.5 million, running vulnerable implementations of UPnP. Of those, Akamai can confirm that more than 45,000 have been compromised in a widely distributed UPnP NAT injection campaign. These injections expose machines living behind the router to the Internet and appear to target the service ports used by SMB.

  29. Tomi Engdahl says:

    Dell discloses attempted data breach
    We don’t know if it was successful or not.

  30. Tomi Engdahl says:

    Water and Energy Sectors Through the Lens of the Cybercriminal Underground

    In our research Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries, we not only found exposed industrial control system (ICS) human machine interfaces (HMIs) but also pointed out how these systems were at risk. This risk is corroborated by the active interest in water and energy ICSs shown by different kinds of cybercriminal groups.

    Critical Infrastructures Exposed and at Risk: Energy and Water Industries

    Securing energy and water should remain top priority in the continuing integration of the industrial internet of things in these critical sectors.

  31. Tomi Engdahl says:

    AutoIt-Compiled Worm Spreads Backdoor via Removable Drives

    Trend Micro security researchers have discovered an AutoIt-compiled worm that infects removable drives to spread the njRAT backdoor to other machines.

    Also known as Bladabindi, the njRAT remote access Trojan has been around since at least 2013 and is considered one of the most prevalent malware families out there. The threat provides attackers with remote access to the infected machines, can steal passwords and virtual coins, log keystrokes, launch distributed denial of service (DDoS) attacks, and lock the screen.

  32. Tomi Engdahl says:

    Industry Reactions to USPS Exposing User Data

    Security blogger Brian Krebs revealed recently that an API used by the United States Postal Service (USPS) had a vulnerability that potentially exposed the data of 60 million customers.

  33. Tomi Engdahl says:

    Data Breach Hits 2.6 Million Atrium Health Patients

    Hospital network Atrium Health informed patients on Tuesday that their personal information was compromised following a breach at technology solutions provider AccuDoc.

  34. Tomi Engdahl says:

    Cryptocurrency-Stealing Code Distributed via Popular Library

    The popular EventStream Node.js library was recently modified to fetch malicious code designed to steal crypto-currencies.

    Designed as a toolkit to make creating and working with streams easy, the JavaScript package has around two million downloads a week, which makes it a valuable resource to application developers and malicious actors alike.

  35. Tomi Engdahl says:

    Worried About Facebook Tracking Your Data? A Fake Account Might Help.

    When it comes to your personal information online, there’s no such thing as “delete.”

  36. Tomi Engdahl says:

    This Linux virus is a total jerk, even by malware standards
    No Linux given

    Comprised of over 1,000 lines of code, Linux.BtcMine.174 (the company is better at identifying malware than giving it a headline-friendly name), is particularly malicious thanks to the number of ways it attacks its host computer.

  37. Tomi Engdahl says:

    Mozilla Testing DNS-over-HTTPS in Firefox

    Mozilla is moving forward with yet another project designed to provide users with increased security: it is now testing DNS-over-HTTPS (DoH) in Firefox stable.

    Only a small group of users will enjoy the feature for now, as it is still in the testing phase, but Mozilla is determined to work with industry players for a larger rollout. When that will happen, however, remains to be seen.

    Mozilla has been already testing DoH in its browser, looking into the time it takes to get a response from Cloudflare’s DoH resolver. With the test results positive, revealing great performance improvements even for the slowest users, the Internet organization has decided to move forward with its plans.

    “A recent test in our Beta channel confirmed that DoH is fast and isn’t causing problems for our users. However, those tests only measure the DNS operation itself, which isn’t the whole story,” Mozilla’s Selena Deckelmann explains.

  38. Tomi Engdahl says:

    MITRE Uses ATT&CK Framework to Evaluate Enterprise Security Products

    MITRE Corporation’s ATT&CK framework has been used to evaluate enterprise security products from several vendors to determine how efficient they are in detecting and responding to attacks launched by sophisticated threat groups.

    MITRE is a not-for-profit company involved in federally funded research and development projects in various areas, including cybersecurity. Its Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Matrix is a framework that describes the techniques used by adversaries, including related to persistence, privilege escalation, defense evasion, credential access, discovery, data collection, lateral movement, command and control, and execution.

    In the first round of evaluations performed by Mitre, the threat actor’s tactics and techniques were tested against products from Carbon Black, CrowdStrike, CounterTack, Endgame, Microsoft, RSA and SentinelOne.

  39. Tomi Engdahl says:

    New PowerShell Backdoor Resembles “MuddyWater” Malware

    A recently discovered PowerShell-based backdoor is strikingly similar to malware employed by the MuddyWater threat actor, Trend Micro reports.

    New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools

  40. Tomi Engdahl says:

    Facebook Mulled Charging for Access to User Data

    Facebook on Wednesday said it considered charging application makers to access data at the social network.

    Such a move would have been a major shift away from the policy of not selling Facebook members’ information, which the social network has stressed in the face of criticism alleging it is more interested in making money than protecting privacy.

    “To be clear, Facebook has never sold anyone’s data,” director of developer platforms and programs Konstantinos Papamiltiadis said in response to an AFP inquiry.


Leave a Comment

Your email address will not be published. Required fields are marked *