Cyber Security December 2018

This posting is here to collect security alert news in September 2018.

I post links to security vulnerability news to comments of this article.

You are also free to post related links.

253 Comments

  1. Tomi Engdahl says:

    Adam D’Angelo / The Quora Blog:
    Quora says it discovered a data breach on Nov. 30 affecting about 100M users, exposing names, email addresses, hashed passwords, and other non-public content — We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party.
    https://blog.quora.com/Quora-Security-Update

    Reply
  2. Tomi Engdahl says:

    Facebook employees are calling former colleagues to look for jobs outside the company and asking about the best way to leave
    https://www.cnbc.com/2018/12/02/facebook-employees-calling-former-colleagues-to-look-for-jobs-outside.html

    Six former Facebook employees who left the company within the last two years told CNBC they’ve experienced a rise in contact from current company employees to inquire about opportunities or ask for job references.
    The shift in behavior comes as Facebook deals with scandal after scandal while seeing a nearly 40 percent drop in its stock price from a peak in July.

    Reply
  3. Tomi Engdahl says:

    Schumer Says Marriott Should Pay to Replace Hacked Passports
    https://www.securityweek.com/schumer-says-marriott-should-pay-replace-hacked-passports

    Sen. Charles Schumer says Marriott hotel officials should pay for new passports for customers whose passport numbers were hacked as part of a massive data breach.

    The New York Democrat said Sunday that Marriott should immediately notify customers who are at greatest risk of identity theft and pay the $110 cost of a new U.S. passport if the customers request it.

    Marriott disclosed Friday that hackers had stolen data on as many as 500 million guests of former Starwood chain properties, including credit card and passport numbers.

    Reply
  4. Tomi Engdahl says:

    ​Kubernetes’ first major security hole discovered
    https://www.zdnet.com/article/kubernetes-first-major-security-hole-discovered/

    There’s now an invisible way to hack into the popular cloud container orchestration system Kubernetes

    Reply
  5. Tomi Engdahl says:

    Cybersecurity Storms: Visibility is Key to Cyber Protections
    https://www.securityweek.com/cybersecurity-storms-visibility-key-cyber-protections

    Security Teams Need to Maintain Packet-level Visibility Into All Traffic Flowing Across Their Networks

    The most destructive disaster is the one you do not see coming. Before modern meteorology, settlers along the Atlantic coast had no warning when a hurricane was upon them. There was no way to escape from the titanic forces of wind and rain. Now, scientific instruments such as radar, barometers and satellites can see trouble brewing halfway across the ocean, giving residents time to evacuate and save lives.

    While there is no evacuating cyberspace to avoid a storm of hackers, prior warning gives security teams a chance to stop cybercriminals before they can wreak havoc and make off with sensitive customer data or company secrets. There is an all too common adage that it is not a question of if a company will be hacked, but when they will find the hack. The realities of the cyberspace make it too difficult to reliably keep hackers out of corporate networks. That is not to say security teams should give up, but rather that they need to shift their goals.

    Reply
  6. Tomi Engdahl says:

    Australia Set to Pass Sweeping Cyber Laws Despite Tech Giant Fears
    https://www.securityweek.com/australia-set-pass-sweeping-cyber-laws-despite-tech-giant-fears

    Australia’s two main parties struck a deal Tuesday to pass sweeping cyber laws requiring tech giants to help government agencies get around encrypted communications used by suspected criminals and terrorists.

    The laws are urgently needed to investigate serious crimes like terrorism and child sex offences, the conservative government said, citing a recent case involving three men accused of plotting attacks who used encrypted messaging applications.

    But critics including Google and Facebook as well as privacy advocates warn the laws would weaken cybersecurity and be among the most far-reaching in a Western democracy.

    The bill is expected to pass parliament by Thursday, which is the end of the sitting week

    Reply
  7. Tomi Engdahl says:

    Critical Privilege Escalation Flaw Patched in Kubernetes
    https://www.securityweek.com/critical-privilege-escalation-flaw-patched-kubernetes

    The vulnerability, discovered by Rancher Labs Co-founder and Chief Architect Darren Shepherd, is tracked as CVE-2018-1002105 and it has been assigned a CVSS score of 9.8. It can allow an attacker to escalate privileges by sending specially crafted requests to the targeted server.

    Reply
  8. Tomi Engdahl says:

    House GOP Campaign Arm Targeted by ‘Unknown Entity’ in 2018
    https://www.securityweek.com/house-gop-campaign-arm-targeted-unknown-entity-2018

    Thousands of emails were stolen from aides to the National Republican Congressional Committee during the 2018 midterm campaign, a major breach exposing vulnerabilities that have kept cybersecurity experts on edge since the 2016 presidential race.

    The email accounts were compromised during a series of intrusions that had been spread over several months and discovered in April, a person familiar with the matter told The Associated Press.

    Reply
  9. Tomi Engdahl says:

    No Smoking Gun Tying Russia to Spear-Phishing Attack, Microsoft Says
    https://www.securityweek.com/no-smoking-gun-tying-russia-spear-phishing-attack-microsoft-says

    Not Enough Evidence That Russians Are Behind Recent Spear-Phishing Attack, Microsoft Says

    There is not enough evidence to attribute a recent wave of spear-phishing emails impersonating personnel at the United States Department of State to Russian hackers, Microsoft says.

    The attack, which started on November 14, was previously said to have been the work of Cozy Bear, a Russian threat actor involved in hacking incidents during the 2016 U.S. presidential election. Microsoft, which tracks the adversary as YTTRIUM, begs to differ.

    Reply
  10. Tomi Engdahl says:

    M2M Protocols Expose Industrial Systems to Attacks
    https://www.securityweek.com/m2m-protocols-expose-industrial-systems-attacks

    Some machine-to-machine (M2M) protocols can be abused by malicious actors in attacks aimed at Internet of Things (IoT) and industrial Internet of Things (IIoT) systems, according to research conducted by Trend Micro and the Polytechnic University of Milan.

    The security firm has analyzed two popular M2M protocols: Message Queuing Telemetry Transport (MQTT), which facilitates communications between a broker and multiple clients, and the Constrained Application Protocol (CoAP), a UDP-based server-client protocol that allows HTTP-like communications between nodes.

    In the case of MQTT, Trend Micro researchers discovered vulnerabilities in both the protocol itself and its implementations. The flaws can allow malicious actors to execute arbitrary code or cause a denial-of-service (DoS) condition, which, as experts have often warned, can pose a serious risk to industrial systems. The flaws have been reported to the developers of the affected software and patches have been released.

    Reply
  11. Tomi Engdahl says:

    financial
    ‘London Blue’ cybercriminals turn to large-scale email scam
    https://www.cyberscoop.com/london-blue-business-email-compromise-agari/

    A prime example is London Blue, a network of cybercriminals exposed by new research from email-security firm Agari. The group has laid the groundwork for large-scale business email compromise (BEC) attacks by compiling a list of more than 50,000 corporate officials, including dozens of executives from the world’s biggest banks, according to Agari. Over half of the 50,000 targets were in in the United States.

    “The pure scale of the group’s target repository is evidence that BEC attacks are a threat to all businesses, regardless of size or location,” Agari researchers wrote.

    Reply
  12. Tomi Engdahl says:

    Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability
    https://blog.talosintelligence.com/2018/12/Netgate-pfsense-command-injection-vulns.html

    Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.

    Reply
  13. Tomi Engdahl says:

    An introduction to offensive capabilities of Active Directory on UNIX
    https://blog.talosintelligence.com/2018/12/PortcullisActiveDirectory.html

    Having seen an uptick in unique UNIX infrastructures that are integrated into customers’ existing Active Directory forests, the question becomes, “Does this present any concerns that may not be well understood?” This quickly became “What if an adversary could get into a UNIX box and then breach your domain?”

    Realistically, the threat models associated with each part of the implementation should be quite familiar to anyone securing a heterogeneous Windows network. Having worked with a variety of customers, it becomes apparent that the typical UNIX administrator who does not have a strong background in Windows and Active Directory will be ill-equipped to handle this threat.

    Reply
  14. Tomi Engdahl says:

    Google Patches 11 Critical RCE Android Vulnerabilities
    https://threatpost.com/google-patches-11-critical-rce-android-vulnerabilities/139612/

    Google’s December Android Security Bulletin tackles 53 unique flaws.

    Remote code-execution (RCE) vulnerabilities dominated Google’s December Android Security Bulletin.

    Reply
  15. Tomi Engdahl says:

    New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs
    https://thehackernews.com/2018/12/china-ransomware-wechat.html

    A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack… and the number of infected users is continuously increasing every hour.

    What’s Interesting? Unlike almost every ransomware malware, the new virus doesn’t demand ransom payments in Bitcoin.

    Instead, the attackers are asking victims to pay 110 yuan (nearly USD 16) in ransom through WeChat Pay—the payment feature offered by China’s most popular messaging app.

    Reply
  16. Tomi Engdahl says:

    Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
    https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/

    Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign.

    Our sensors revealed that the campaign primarily targeted public sector institutions and non-governmental organizations like think tanks and research centers, but also included educational institutions and private-sector corporations in the oil and gas, chemical, and hospitality industries.

    Reply
  17. Tomi Engdahl says:

    MI6 head warns on Huawei UK 5G
    https://www.itproportal.com/news/mi6-head-warns-on-huawei-uk-5g/

    Britain should think long and hard if it’s comfortable with the Chinese building its 5G network.

    The head of MI6 has warned the UK over the role of Chinese firms in building the country’s 5G infrastructure.

    In a rare speech, the UK Secret Intelligence Service boss said the UK should think long and hard before working with Huawei, or any other Chinese company, following past concerns.

    Alex Younger said Britain needs to think if it’s comfortable “with Chinese ownership of these technologies”.

    Reply
  18. Tomi Engdahl says:

    Pay-Per-Install Company Deceptively Floods Market with Unwanted Programs
    https://securingtomorrow.mcafee.com/mcafee-labs/pay-per-install-company-deceptively-floods-market-with-unwanted-programs/

    For the past 18 months, McAfee Labs has been investigating a pay-per-install developer, WakeNet AB, responsible for spreading prevalent adware such as Adware-Wajam and Linkury. This developer has been active for almost 20 years and recently has used increasingly deceptive techniques to convince users to execute its installers

    Reply
  19. Tomi Engdahl says:

    Word maldoc: yet another place to hide a command
    https://isc.sans.edu/diary/rss/24370

    Reader Mike submitted a malicious Word document. The document (MD5 6c975352821d2532d8387f19457b584e) contains obfuscated VBA code that launches a shell command. That shell command is hidden somewhere in the document (not in the VBA code).

    Reply
  20. Tomi Engdahl says:

    Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit
    No reason to panic, apparently: Redoing login details to become a regular thing
    https://www.theregister.co.uk/2018/12/04/password_change_for_sharefile/

    Reply
  21. Tomi Engdahl says:

    Container code cluster-fact: There’s a hole in Kubernetes that lets miscreants cause havoc
    Critical bug brings bevy of patches
    https://www.theregister.co.uk/2018/12/03/kubernetes_flaw_cve_2018_1002105/

    Reply
  22. Tomi Engdahl says:

    He’s not cracked RSA-1024 encryption, he’s a very naughty Belarusian ransomware middleman
    Dr Shifro pays ransom, gets discount and adds its own margin, says Check Point
    https://www.theregister.co.uk/2018/12/04/ransomware_helper_was_middleman_dr_shifro/

    A ransomware decryption service has turned out to be – quelle surprise – a Belarusian middleman who simply pays the ransom and adds his own profit margin to the hapless victim’s bill.

    Dr Shifro, a Russian-language organisation presenting itself online as a ransomware decryption agency, claims that it’s “the only company that specializes in decrypting files”, urging users: “Call – we will help!”

    Reply
  23. Tomi Engdahl says:

    Magecart Group Ups Ante: Now Goes After Admin Credentials
    https://threatpost.com/magecart-group-ups-ante-now-goes-after-admin-credentials/139580/

    The group’s skimmer has added some capabilities that steals credentials from admins.

    A growing threat group within the Magecart family of criminals has evolved to skim data not only from website visitors – but also from site administrators as well. This new capability could allow Magecart bad actors to escalate attacks and infiltrate organizations, researchers said.

    Reply
  24. Tomi Engdahl says:

    NATO Exercises Cyber Defences as Threat Grows
    https://www.securityweek.com/nato-exercises-cyber-defences-threat-grows

    In a nondescript brick building on the snowy edge of Estonia’s second city Tartu, soldiers in camouflage tap silently at computers. They are troops manning the 21st century’s front line.

    Reply
  25. Tomi Engdahl says:

    Faster fuzzing ferrets out 42 fresh zero-day flaws
    https://nakedsecurity.sophos.com/2018/12/03/faster-fuzzing-ferrets-out-42-fresh-zero-day-flaws/

    A group of researchers has found 42 zero-day flaws in a range of software tools using a new take on an old concept. The team, from Singapore, Australia and Romania, worked out a better approach to a decades-old testing technique called fuzzing.

    Reply
  26. Tomi Engdahl says:

    Czech yourself, Russia! Prague says its foreign ministry was hacked for more than a year
    Report claims that from 2016-2017 the FSB was reading agency’s emails
    https://www.theregister.co.uk/2018/12/03/czech_russia_hacking/

    The Czech Republic says that Russian government hackers were intercepting and snooping on communications for one of its agencies for more than a year.

    An annual report from the Czech Security Information Service (BIS) covering the 2017 calendar year disclosed how, in the early months of the year, it uncovered a massive network breach at the office of the Ministry of Foreign Affairs (MFA).

    Reply
  27. Tomi Engdahl says:

    Cyber security: Hackers step out of the shadows with bigger, bolder attacks
    https://www.zdnet.com/article/cyber-security-hackers-step-out-of-the-shadows-with-bigger-bolder-attacks/#ftag=RSSbaffb68

    Successful hacking campaigns used to be all about keeping under the radar. But, for some, making a big splash is now now more important than lurking in the shadows.

    Reply
  28. Tomi Engdahl says:

    Someone Is Claiming to Sell a Mass Printer Hijacking Service
    https://motherboard.vice.com/en_us/article/zmdy7y/someone-is-selling-mass-print-hijacking-hacking-service

    After one hacker bombarded printers with a message urging people to subscribe to PewDiePie, someone is now claiming to offer a mass-printing service across the internet.

    Reply
  29. Tomi Engdahl says:

    Buckle Up: A Closer Look at Airline Security Breaches
    Cyberattacks on airports and airlines are often unrelated to passenger safety – but that’s no reason to dismiss them, experts say
    https://www.darkreading.com/threat-intelligence/buckle-up-a-closer-look-at-airline-security-breaches/d/d-id/1333336

    Reply
  30. Tomi Engdahl says:

    ElasticSearch server exposed the personal data of over 57 million US citizens
    https://www.zdnet.com/article/elasticsearch-server-exposed-the-personal-data-of-over-57-million-us-citizens/

    Leaky database taken offline, but not after leaking user details for nearly two weeks.

    Reply
  31. Tomi Engdahl says:

    Industry collaboration leads to takedown of the “3ve” ad fraud operation
    https://security.googleblog.com/2018/11/industry-collaboration-leads-to.html

    Reply
  32. Tomi Engdahl says:

    ​This phishing scam group built a list of 50,000 execs to target
    https://www.zdnet.com/article/this-phishing-scam-group-built-a-list-of-50000-execs-to-target/

    CEO fraud group has a big list of potential victims; just hope you aren’t on it.

    Reply
  33. Tomi Engdahl says:

    Hackers can exploit this bug in surveillance cameras to tamper with footage
    https://www.zdnet.com/article/hackers-can-exploit-these-bugs-in-surveillance-cameras-to-tamper-with-footage/

    Researchers have uncovered a vulnerability which can be used to completely compromise surveillance cameras and feeds.

    Reply
  34. Tomi Engdahl says:

    These Satellites Will Hunt Pirates, and Maybe Terrorists
    https://www.bloomberg.com/news/articles/2018-11-30/spacex-to-loft-satellites-to-hunt-pirates-and-maybe-terrorists

    SpaceX is set to launch three toaster oven-size vehicles this weekend that will scan the globe for telltale radio signals of dark ships.

    Reply
  35. Tomi Engdahl says:

    A cyber-skills shortage means students are being recruited to fight off hackers
    https://www.technologyreview.com/s/612309/a-cyber-skills-shortage-means-students-are-being-recruited-to-fight-off-hackers/?utm_campaign=owned_social&utm_source=facebook.com&utm_medium=social&fbclid=IwAR1HiV5lQ674MoMBtD8UdGEwwa2zxKkL20NOvtFgV7863eJx8v7NKftvHcQ

    Students with little or no cybersecurity knowledge are being paired with easy-to-use AI software that lets them protect their campus from attack.

    Reply
  36. Tomi Engdahl says:

    Head of Russian spy agency accused of U.S. election hack, U.K. spy poisoning dies
    https://www.nbcnews.com/news/world/head-russian-spy-agency-accused-u-s-election-hack-u-n939261

    Igor Korobov, 62, who ran the spy agency since 2016, died on Wednesday after “a serious and long illness,” the Russian defense ministry said.

    Reply
  37. Tomi Engdahl says:

    Reality Winner, Former N.S.A. Translator, Gets More Than 5 Years in Leak of Russian Hacking Report
    https://www.nytimes.com/2018/08/23/us/reality-winner-nsa-sentence.html

    Reality Winner received the longest sentence ever imposed in federal court for an unauthorized release of government information to the media, prosecutors said.

    She pleaded guilty in June 2018 to one felony count of unauthorized transmission of national defense information, for giving a classified report about Russian interference in the 2016 election to a news outlet.

    Reply
  38. Tomi Engdahl says:

    Security
    Adobe Flash zero-day exploit… leveraging ActiveX… embedded in Office Doc… BINGO!
    https://www.theregister.co.uk/2018/12/05/flash_zeroday_adobe/

    It’s like a greatest hits album of terrible security policies

    In its current form, the attack bundles exploit code for the Flash zero-day (a use-after-free() bug) with an ActiveX call that is embedded within an Office document. The attacker delivers the document via a spear-phishing email.

    Reply
  39. Tomi Engdahl says:

    France is bidding adieu to Google in favor of a more private search engine
    https://www.expressvpn.com/blog/google-france-qwant-privacy/

    While the U.S. government is working to tighten its grip over citizens’ personal privacy, Europe’s new policy regulations are hoping to do the opposite.

    Last month, the French National Assembly announced that they would no longer use Google. Instead, all French government devices will soon adopt the privacy-focused Qwant as their default search engine.

    Reply
  40. Tomi Engdahl says:

    A botnet of over 20,000 WordPress sites is attacking other WordPress sites
    https://www.zdnet.com/article/a-botnet-of-over-20000-wordpress-sites-is-attacking-other-wordpress-sites/

    Botnet is still up and running but law enforcement has been notified.

    Crooks controlling a network of over 20,000 already-infected WordPress installations are using these sites to launch attacks on other WordPress sites, ZDNet has learned from WordPress security firm Defiant.

    The company, which manages and publishes the Wordfence plugin, a firewall system for WordPress sites, says it detected over five million login attempts in the last month from already-infected sites against other, clean WordPress portals.

    The attacks are what security experts call “dictionary attacks.”

    Defiant says that the people behind this botnet made “some mistakes in their implementation of the brute force scripts” that allowed researchers to expose the botnet’s entire backend infrastructure.

    Defiant researchers say they were able to bypass the botnet control panel login system and take a peek inside the crooks’ operation.

    Reply
  41. Tomi Engdahl says:

    Exclusive: Clues in Marriott hack implicate China – sources
    https://www.reuters.com/article/us-marriott-intnl-cyber-china-exclusive/exclusive-clues-in-marriott-hack-implicate-china-sources-idUSKBN1O504D

    (Reuters) – Hackers behind a massive breach at hotel group Marriott International Inc (MAR.O) left clues suggesting they were working for a Chinese government intelligence gathering operation

    Reply
  42. Tomi Engdahl says:

    Microsoft calls on companies to adopt a facial recognition code of conduct
    https://techcrunch.com/2018/12/06/microsoft-calls-on-companies-to-adopt-a-facial-recognition-code-of-conduct/?utm_source=tcfbpage&sr_share=facebook

    Over the summer, Microsoft President Brad Smith called for governments to take a closer look at how facial detection technology is being implemented across the globe. This week, he returned with a similar message — only this time the executive is calling out fellow technology purveyors to help address myriad issues around the technology before it becomes too pervasive.

    https://blogs.microsoft.com/on-the-issues/2018/12/06/facial-recognition-its-time-for-action/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*