Cyber Security December 2018

This posting is here to collect security alert news in September 2018.

I post links to security vulnerability news to comments of this article.

You are also free to post related links.

274 Comments

  1. Tomi Engdahl says:

    https://www.tivi.fi/Kaikki_uutiset/suomalainen-ydinlaitos-kohteena-arvostettu-tietoturvafirma-raportoi-salaperaisesta-hyokkayskampanjasta-6752577

    “Suomalainen ydinlaitos kohteena” – arvostettu tietoturvafirma raportoi salaperäisestä hyökkäyskampanjasta

    ‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure
    https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/

    The McAfee Advanced Threat Research team and McAfee Labs Malware Operations Group have discovered a new global campaign targeting nuclear, defense, energy, and financial companies, based on McAfee® Global Threat Intelligence. This campaign, Operation Sharpshooter, leverages an in-memory implant to download and retrieve a second-stage implant—which we call Rising Sun—for further exploitation. According to our analysis, the Rising Sun implant uses source code from the Lazarus Group’s 2015 backdoor Trojan Duuzer in a new framework to infiltrate these key industries.

    In October and November 2018, the Rising Sun implant has appeared in 87 organizations across the globe, predominantly in the United States, based on McAfee telemetry and our analysis.

    Reply
  2. Tomi Engdahl says:

    Parody or not?

    Honest Government Ad | Anti Encryption Law
    https://m.youtube.com/watch?v=eW-OMR-iWOE&feature=youtu.be

    The Australien Government has made an ad about its proposed anti encryption law and it’s surprisingly honest and informative.

    Reply
  3. Tomi Engdahl says:

    Mass email hoax causes closures across the US and Canada
    Emails threaten explosions unless people pay $20,000 in Bitcoin.
    https://arstechnica.com/information-technology/2018/12/a-tsunami-of-emailed-bomb-hoaxes-prompts-evacuations-across-the-us-and-canada/

    Reply
  4. Tomi Engdahl says:

    The top 25 worst passwords of 2018 based on 5 million leaked passwords on the internet
    https://nordic.businessinsider.com/worst-passwords-of-2018-2018-12

    Reply
  5. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    Tencent’s Blade security team finds SQLite vulnerability that affects thousands of apps, including Google Home and Chromium open-source browser engine

    SQLite bug impacts thousands of apps, including all Chromium-based browsers
    https://www.zdnet.com/article/sqlite-bug-impacts-thousands-of-apps-including-all-chromium-based-browsers/

    New ‘Magellan’ vulnerability will haunt the app ecosystem for years to come.

    A security vulnerability in the massively popular SQLite database engine puts thousands of desktop and mobile applications at risk.

    Discovered by Tencent’s Blade security team, the vulnerability allows an attacker to run malicious code on the victim’s computer, and in less dangerous situations, leak program memory or cause program crashes.

    Because SQLite is embedded in thousands of apps, the vulnerability impacts a wide range of software, from IoT devices to desktop software, and from web browsers to Android and iOS apps.

    The bad news, according to Tencent Blade researchers, is that this vulnerability can also be exploited remotely by accessing something as simple as a web page, if the underlying browser support SQLite and the Web SQL API that translates the exploit code into regular SQL syntax.

    Firefox and Edge don’t support this API, but the Chromium open-source browser engine does. This means that Chromium-based browsers like Google Chrome, Vivaldi, Opera, and Brave, are all affected. A demo that crashes a Chrome tab is available here.

    https://worthdoingbadly.com/sqlitebug/

    Reply
  6. Tomi Engdahl says:

    Photos of 6.8 Million Facebook Users Exposed by API Bug
    https://www.securityweek.com/photos-68-million-facebook-users-exposed-api-bug

    Facebook revealed on Friday that a bug related to its Photo API could have allowed third-party apps to access users’ photos, even ones that were supposed to be private.

    According to the social media giant, its internal team discovered a bug in the Photo API that impacted users who had utilized Facebook Login and allowed third-party apps to access their photos.

    Irish Data Authority Probes Facebook Photo Breach
    https://www.securityweek.com/irish-data-authority-probes-facebook-photo-breach

    The Irish data watchdog on Friday launched an investigation into Facebook, after the social media titan admitted a “bug” may have exposed unposted photos from up to 6.8 million users.

    The Irish Data Protection Commission (DPC) probe will take place under strict new European privacy laws outlined in the General Data Protection Regulation (GDPR).

    Reply
  7. Tomi Engdahl says:

    ‘No Evidence’ of Huawei Spying, Says German IT Watchdog
    https://www.securityweek.com/no-evidence-huawei-spying-says-german-it-watchdog

    Germany’s IT watchdog has expressed scepticism about calls for a boycott of Chinese telecoms giant Huawei, saying it has seen no evidence the firm could use its equipment to spy for Beijing, news weekly Spiegel reported Friday.

    “For such serious decisions like a ban, you need proof,” the head of Germany’s Federal Office for Information Security (BSI), Arne Schoenbohm, told Spiegel, adding that his agency had no such evidence.

    Reply
  8. Tomi Engdahl says:

    Code Execution Flaw in SQLite Affects Chrome, Other Software
    https://www.securityweek.com/code-execution-flaw-sqlite-affects-chrome-other-software

    Many applications using the popular SQLite database management system could be exposed to attacks due to a potentially serious vulnerability that can lead to remote code execution, information disclosure, and denial-of-service (DoS) attacks.

    Reply
  9. Tomi Engdahl says:

    3D-printed heads let hackers – and cops – unlock your phone
    https://techcrunch.com/2018/12/16/3d-printed-heads-unlock-cops-hackers/?sr_share=facebook&utm_source=tcfbpage

    You can even 3D print a life-size replica of a human head — and not just for Hollywood. Forbes reporter Thomas Brewster commissioned a 3D printed model of his own head to test the face unlocking systems on a range of phones — four Android models and an iPhone X.

    Bad news if you’re an Android user: only the iPhone X defended against the attack.

    Reply
  10. Tomi Engdahl says:

    If Your Password’s On This List Then You Should Change It Right Now
    https://www.iflscience.com/technology/if-your-passwords-on-this-list-then-you-should-change-it-right-now/

    Back in October 2018, the world stared dumbfounded (for a few reasons) as we saw Kanye West in the Oval Office alongside President Trump and typed in his phone password – “000000” – in full view of the world’s media.

    However, judging by the state of this list, many of us have no reason to mock Mr Kanye’s incredibly hackable passwords.

    Reply
  11. Tomi Engdahl says:

    Hackers are our society’s immune system – Keren Elazari on the future of Cybersecurity
    https://securityboulevard.com/2018/12/hackers-are-our-societys-immune-system-keren-elazari-on-the-future-of-cybersecurity/

    “What if I told you that in 10 seconds I could take over your computer, generate thousands of dollars worth of cryptocurrencies all while you are drinking your morning coffee? You might think it’s impossible, by this is exactly what happened in Argentina earlier this year.” – Keren Elazari

    Reply
  12. Tomi Engdahl says:

    Firewalld: The Future is nftables
    https://developers.redhat.com/blog/2018/08/10/firewalld-the-future-is-nftables/?sc_cid=7016000000127ECAAY

    August 10, 2018
    Firewalld: The Future is nftables
    Firewalld, the default firewall management tool in Red Hat Enterprise Linux and Fedora, has gained long sought support for nftables. This was announced in detail on firewalld’s project blog. The feature landed in the firewalld 0.6.0 release as the new default firewall backend.

    Reply
  13. Tomi Engdahl says:

    Central London in facial recognition trial
    https://www.bbc.com/news/uk-england-london-46584184?ns_campaign=bbc_london&ns_linkname=english_regions&ns_mchannel=social&ns_source=facebook

    The Metropolitan Police Service is testing the technology around Soho on Monday and Tuesday

    Reply
  14. Tomi Engdahl says:

    Josh Constine / TechCrunch:
    Twitter fixes flaw in support form that leaked users’ phone number country codes and other account info, after noticing tons of queries from Chinese, Saudi IPs — Twitter accidentally exposed the ability to pull an account’s phone number country code and whether the account had been locked by Twitter.

    Twitter bug leaks phone number country codes
    https://techcrunch.com/2018/12/17/twitter-country-code-leak/

    Twitter accidentally exposed the ability to pull an account’s phone number country code and whether the account had been locked by Twitter. The concern here is that malicious actors could have used the security flaw to figure out in which countries accounts were based, which could have ramifications for whistleblowers or political dissidents.

    Reply
  15. Tomi Engdahl says:

    Kelly Weill / The Daily Beast:
    Former far right extremists recall how they were radicalised by YouTube as teenagers, thanks to its algorithm which keeps surfacing extremist content

    How YouTube Built a Radicalization Machine for the Far-Right
    https://www.thedailybeast.com/how-youtube-pulled-these-men-down-a-vortex-of-far-right-hate

    Former extremists say they were sucked in by propaganda as teenagers, thanks to an algorithm’s dark side.

    For David Sherratt, like so many teenagers, far-right radicalization began with video game tutorials on YouTube. He was 15 years old and loosely liberal, mostly interested in “Call of Duty” clips. Then YouTube’s recommendations led him elsewhere.

    “As I kept watching, I started seeing things like the online atheist community,” Sherratt said, “which then became a gateway to the atheism community’s civil war over feminism.” Due to a large subculture of YouTube atheists who opposed feminism, “I think I fell down that rabbit hole a lot quicker,” he said.

    Reply
  16. Tomi Engdahl says:

    Dan Goodin / Ars Technica:
    Researchers detail a phishing campaign by Iran-linked hackers targeting US government officials that bypassed SMS-based 2FA protections in Gmail and Yahoo Mail

    Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail
    Group breaches SMS-protected accounts. It’s still testing attacks against 2fa apps.
    https://arstechnica.com/information-technology/2018/12/iranian-phishers-bypass-2fa-protections-offered-by-yahoo-mail-and-gmail/

    Reply
  17. Tomi Engdahl says:

    Cho Mu-Hyun / ZDNet:
    S. Korea’s finance watchdog FSS: damages from voice phishing grew ~73% YoY to $159M, and it will partner with SK Telecom to develop AI to prevent such attacks

    South Korea to develop AI to prevent voice phishing
    https://www.zdnet.com/article/south-korea-to-develop-ai-to-prevent-voice-phishing/

    With voice phishing attacks increasing by 74 percent, South Korea’s Financial Supervisory Service and SK Telecom will develop AI to prevent such attacks.

    Reply
  18. Tomi Engdahl says:

    Thomas Brewster / Forbes:
    Test shows that Android phones like LG G7 ThinQ, OnePlus 6, and Samsung Galaxy S9 and Note 8 can be unlocked via facial recognition using 3D-printed head models

    We Broke Into A Bunch Of Android Phones With A 3D-Printed Head
    https://www.forbes.com/sites/thomasbrewster/2018/12/13/we-broke-into-a-bunch-of-android-phones-with-a-3d-printed-head/#490b71af1330

    Reply
  19. Tomi Engdahl says:

    New malware pulls its instructions from code hidden in memes posted to Twitter
    https://techcrunch.com/2018/12/17/malware-commands-code-twitter-hidden-memes/?utm_source=tcfbpage&sr_share=facebook

    Security researchers said they’ve found a new kind of malware that takes its instructions from code hidden in memes posted to Twitter.

    What’s interesting is how the malware uses Twitter as an unwilling conduit in communicating with its malicious mothership.

    Trend Micro said in a blog post that the malware listens for commands from a Twitter account run by the malware operator.

    https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*