Cyber Security December 2018

This posting is here to collect security alert news in September 2018.

I post links to security vulnerability news to comments of this article.

You are also free to post related links.


  1. Tomi Engdahl says:

    Adam D’Angelo / The Quora Blog:
    Quora says it discovered a data breach on Nov. 30 affecting about 100M users, exposing names, email addresses, hashed passwords, and other non-public content — We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party.

  2. Tomi Engdahl says:

    Facebook employees are calling former colleagues to look for jobs outside the company and asking about the best way to leave

    Six former Facebook employees who left the company within the last two years told CNBC they’ve experienced a rise in contact from current company employees to inquire about opportunities or ask for job references.
    The shift in behavior comes as Facebook deals with scandal after scandal while seeing a nearly 40 percent drop in its stock price from a peak in July.

  3. Tomi Engdahl says:

    Schumer Says Marriott Should Pay to Replace Hacked Passports

    Sen. Charles Schumer says Marriott hotel officials should pay for new passports for customers whose passport numbers were hacked as part of a massive data breach.

    The New York Democrat said Sunday that Marriott should immediately notify customers who are at greatest risk of identity theft and pay the $110 cost of a new U.S. passport if the customers request it.

    Marriott disclosed Friday that hackers had stolen data on as many as 500 million guests of former Starwood chain properties, including credit card and passport numbers.

  4. Tomi Engdahl says:

    ​Kubernetes’ first major security hole discovered

    There’s now an invisible way to hack into the popular cloud container orchestration system Kubernetes

  5. Tomi Engdahl says:

    Cybersecurity Storms: Visibility is Key to Cyber Protections

    Security Teams Need to Maintain Packet-level Visibility Into All Traffic Flowing Across Their Networks

    The most destructive disaster is the one you do not see coming. Before modern meteorology, settlers along the Atlantic coast had no warning when a hurricane was upon them. There was no way to escape from the titanic forces of wind and rain. Now, scientific instruments such as radar, barometers and satellites can see trouble brewing halfway across the ocean, giving residents time to evacuate and save lives.

    While there is no evacuating cyberspace to avoid a storm of hackers, prior warning gives security teams a chance to stop cybercriminals before they can wreak havoc and make off with sensitive customer data or company secrets. There is an all too common adage that it is not a question of if a company will be hacked, but when they will find the hack. The realities of the cyberspace make it too difficult to reliably keep hackers out of corporate networks. That is not to say security teams should give up, but rather that they need to shift their goals.

  6. Tomi Engdahl says:

    Australia Set to Pass Sweeping Cyber Laws Despite Tech Giant Fears

    Australia’s two main parties struck a deal Tuesday to pass sweeping cyber laws requiring tech giants to help government agencies get around encrypted communications used by suspected criminals and terrorists.

    The laws are urgently needed to investigate serious crimes like terrorism and child sex offences, the conservative government said, citing a recent case involving three men accused of plotting attacks who used encrypted messaging applications.

    But critics including Google and Facebook as well as privacy advocates warn the laws would weaken cybersecurity and be among the most far-reaching in a Western democracy.

    The bill is expected to pass parliament by Thursday, which is the end of the sitting week

  7. Tomi Engdahl says:

    Critical Privilege Escalation Flaw Patched in Kubernetes

    The vulnerability, discovered by Rancher Labs Co-founder and Chief Architect Darren Shepherd, is tracked as CVE-2018-1002105 and it has been assigned a CVSS score of 9.8. It can allow an attacker to escalate privileges by sending specially crafted requests to the targeted server.

  8. Tomi Engdahl says:

    House GOP Campaign Arm Targeted by ‘Unknown Entity’ in 2018

    Thousands of emails were stolen from aides to the National Republican Congressional Committee during the 2018 midterm campaign, a major breach exposing vulnerabilities that have kept cybersecurity experts on edge since the 2016 presidential race.

    The email accounts were compromised during a series of intrusions that had been spread over several months and discovered in April, a person familiar with the matter told The Associated Press.

  9. Tomi Engdahl says:

    No Smoking Gun Tying Russia to Spear-Phishing Attack, Microsoft Says

    Not Enough Evidence That Russians Are Behind Recent Spear-Phishing Attack, Microsoft Says

    There is not enough evidence to attribute a recent wave of spear-phishing emails impersonating personnel at the United States Department of State to Russian hackers, Microsoft says.

    The attack, which started on November 14, was previously said to have been the work of Cozy Bear, a Russian threat actor involved in hacking incidents during the 2016 U.S. presidential election. Microsoft, which tracks the adversary as YTTRIUM, begs to differ.

  10. Tomi Engdahl says:

    M2M Protocols Expose Industrial Systems to Attacks

    Some machine-to-machine (M2M) protocols can be abused by malicious actors in attacks aimed at Internet of Things (IoT) and industrial Internet of Things (IIoT) systems, according to research conducted by Trend Micro and the Polytechnic University of Milan.

    The security firm has analyzed two popular M2M protocols: Message Queuing Telemetry Transport (MQTT), which facilitates communications between a broker and multiple clients, and the Constrained Application Protocol (CoAP), a UDP-based server-client protocol that allows HTTP-like communications between nodes.

    In the case of MQTT, Trend Micro researchers discovered vulnerabilities in both the protocol itself and its implementations. The flaws can allow malicious actors to execute arbitrary code or cause a denial-of-service (DoS) condition, which, as experts have often warned, can pose a serious risk to industrial systems. The flaws have been reported to the developers of the affected software and patches have been released.

  11. Tomi Engdahl says:

    ‘London Blue’ cybercriminals turn to large-scale email scam

    A prime example is London Blue, a network of cybercriminals exposed by new research from email-security firm Agari. The group has laid the groundwork for large-scale business email compromise (BEC) attacks by compiling a list of more than 50,000 corporate officials, including dozens of executives from the world’s biggest banks, according to Agari. Over half of the 50,000 targets were in in the United States.

    “The pure scale of the group’s target repository is evidence that BEC attacks are a threat to all businesses, regardless of size or location,” Agari researchers wrote.

  12. Tomi Engdahl says:

    Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability

    Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.

  13. Tomi Engdahl says:

    An introduction to offensive capabilities of Active Directory on UNIX

    Having seen an uptick in unique UNIX infrastructures that are integrated into customers’ existing Active Directory forests, the question becomes, “Does this present any concerns that may not be well understood?” This quickly became “What if an adversary could get into a UNIX box and then breach your domain?”

    Realistically, the threat models associated with each part of the implementation should be quite familiar to anyone securing a heterogeneous Windows network. Having worked with a variety of customers, it becomes apparent that the typical UNIX administrator who does not have a strong background in Windows and Active Directory will be ill-equipped to handle this threat.

  14. Tomi Engdahl says:

    Google Patches 11 Critical RCE Android Vulnerabilities

    Google’s December Android Security Bulletin tackles 53 unique flaws.

    Remote code-execution (RCE) vulnerabilities dominated Google’s December Android Security Bulletin.

  15. Tomi Engdahl says:

    New Ransomware Spreading Rapidly in China Infected Over 100,000 PCs

    A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack… and the number of infected users is continuously increasing every hour.

    What’s Interesting? Unlike almost every ransomware malware, the new virus doesn’t demand ransom payments in Bitcoin.

    Instead, the attackers are asking victims to pay 110 yuan (nearly USD 16) in ransom through WeChat Pay—the payment feature offered by China’s most popular messaging app.

  16. Tomi Engdahl says:

    Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers

    Reuters recently reported a hacking campaign focused on a wide range of targets across the globe. In the days leading to the Reuters publication, Microsoft researchers were closely tracking the same campaign.

    Our sensors revealed that the campaign primarily targeted public sector institutions and non-governmental organizations like think tanks and research centers, but also included educational institutions and private-sector corporations in the oil and gas, chemical, and hospitality industries.

  17. Tomi Engdahl says:

    MI6 head warns on Huawei UK 5G

    Britain should think long and hard if it’s comfortable with the Chinese building its 5G network.

    The head of MI6 has warned the UK over the role of Chinese firms in building the country’s 5G infrastructure.

    In a rare speech, the UK Secret Intelligence Service boss said the UK should think long and hard before working with Huawei, or any other Chinese company, following past concerns.

    Alex Younger said Britain needs to think if it’s comfortable “with Chinese ownership of these technologies”.

  18. Tomi Engdahl says:

    Pay-Per-Install Company Deceptively Floods Market with Unwanted Programs

    For the past 18 months, McAfee Labs has been investigating a pay-per-install developer, WakeNet AB, responsible for spreading prevalent adware such as Adware-Wajam and Linkury. This developer has been active for almost 20 years and recently has used increasingly deceptive techniques to convince users to execute its installers

  19. Tomi Engdahl says:

    Word maldoc: yet another place to hide a command

    Reader Mike submitted a malicious Word document. The document (MD5 6c975352821d2532d8387f19457b584e) contains obfuscated VBA code that launches a shell command. That shell command is hidden somewhere in the document (not in the VBA code).

  20. Tomi Engdahl says:

    Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit
    No reason to panic, apparently: Redoing login details to become a regular thing

  21. Tomi Engdahl says:

    Container code cluster-fact: There’s a hole in Kubernetes that lets miscreants cause havoc
    Critical bug brings bevy of patches

  22. Tomi Engdahl says:

    He’s not cracked RSA-1024 encryption, he’s a very naughty Belarusian ransomware middleman
    Dr Shifro pays ransom, gets discount and adds its own margin, says Check Point

    A ransomware decryption service has turned out to be – quelle surprise – a Belarusian middleman who simply pays the ransom and adds his own profit margin to the hapless victim’s bill.

    Dr Shifro, a Russian-language organisation presenting itself online as a ransomware decryption agency, claims that it’s “the only company that specializes in decrypting files”, urging users: “Call – we will help!”

  23. Tomi Engdahl says:

    Magecart Group Ups Ante: Now Goes After Admin Credentials

    The group’s skimmer has added some capabilities that steals credentials from admins.

    A growing threat group within the Magecart family of criminals has evolved to skim data not only from website visitors – but also from site administrators as well. This new capability could allow Magecart bad actors to escalate attacks and infiltrate organizations, researchers said.

  24. Tomi Engdahl says:

    NATO Exercises Cyber Defences as Threat Grows

    In a nondescript brick building on the snowy edge of Estonia’s second city Tartu, soldiers in camouflage tap silently at computers. They are troops manning the 21st century’s front line.

  25. Tomi Engdahl says:

    Faster fuzzing ferrets out 42 fresh zero-day flaws

    A group of researchers has found 42 zero-day flaws in a range of software tools using a new take on an old concept. The team, from Singapore, Australia and Romania, worked out a better approach to a decades-old testing technique called fuzzing.

  26. Tomi Engdahl says:

    Czech yourself, Russia! Prague says its foreign ministry was hacked for more than a year
    Report claims that from 2016-2017 the FSB was reading agency’s emails

    The Czech Republic says that Russian government hackers were intercepting and snooping on communications for one of its agencies for more than a year.

    An annual report from the Czech Security Information Service (BIS) covering the 2017 calendar year disclosed how, in the early months of the year, it uncovered a massive network breach at the office of the Ministry of Foreign Affairs (MFA).

  27. Tomi Engdahl says:

    Cyber security: Hackers step out of the shadows with bigger, bolder attacks

    Successful hacking campaigns used to be all about keeping under the radar. But, for some, making a big splash is now now more important than lurking in the shadows.

  28. Tomi Engdahl says:

    Someone Is Claiming to Sell a Mass Printer Hijacking Service

    After one hacker bombarded printers with a message urging people to subscribe to PewDiePie, someone is now claiming to offer a mass-printing service across the internet.

  29. Tomi Engdahl says:

    Buckle Up: A Closer Look at Airline Security Breaches
    Cyberattacks on airports and airlines are often unrelated to passenger safety – but that’s no reason to dismiss them, experts say

  30. Tomi Engdahl says:

    ElasticSearch server exposed the personal data of over 57 million US citizens

    Leaky database taken offline, but not after leaking user details for nearly two weeks.

  31. Tomi Engdahl says:

    Industry collaboration leads to takedown of the “3ve” ad fraud operation

  32. Tomi Engdahl says:

    ​This phishing scam group built a list of 50,000 execs to target

    CEO fraud group has a big list of potential victims; just hope you aren’t on it.

  33. Tomi Engdahl says:

    Hackers can exploit this bug in surveillance cameras to tamper with footage

    Researchers have uncovered a vulnerability which can be used to completely compromise surveillance cameras and feeds.

  34. Tomi Engdahl says:

    These Satellites Will Hunt Pirates, and Maybe Terrorists

    SpaceX is set to launch three toaster oven-size vehicles this weekend that will scan the globe for telltale radio signals of dark ships.

  35. Tomi Engdahl says:

    A cyber-skills shortage means students are being recruited to fight off hackers

    Students with little or no cybersecurity knowledge are being paired with easy-to-use AI software that lets them protect their campus from attack.

  36. Tomi Engdahl says:

    Head of Russian spy agency accused of U.S. election hack, U.K. spy poisoning dies

    Igor Korobov, 62, who ran the spy agency since 2016, died on Wednesday after “a serious and long illness,” the Russian defense ministry said.

  37. Tomi Engdahl says:

    Reality Winner, Former N.S.A. Translator, Gets More Than 5 Years in Leak of Russian Hacking Report

    Reality Winner received the longest sentence ever imposed in federal court for an unauthorized release of government information to the media, prosecutors said.

    She pleaded guilty in June 2018 to one felony count of unauthorized transmission of national defense information, for giving a classified report about Russian interference in the 2016 election to a news outlet.

  38. Tomi Engdahl says:

    Adobe Flash zero-day exploit… leveraging ActiveX… embedded in Office Doc… BINGO!

    It’s like a greatest hits album of terrible security policies

    In its current form, the attack bundles exploit code for the Flash zero-day (a use-after-free() bug) with an ActiveX call that is embedded within an Office document. The attacker delivers the document via a spear-phishing email.

  39. Tomi Engdahl says:

    France is bidding adieu to Google in favor of a more private search engine

    While the U.S. government is working to tighten its grip over citizens’ personal privacy, Europe’s new policy regulations are hoping to do the opposite.

    Last month, the French National Assembly announced that they would no longer use Google. Instead, all French government devices will soon adopt the privacy-focused Qwant as their default search engine.

  40. Tomi Engdahl says:

    A botnet of over 20,000 WordPress sites is attacking other WordPress sites

    Botnet is still up and running but law enforcement has been notified.

    Crooks controlling a network of over 20,000 already-infected WordPress installations are using these sites to launch attacks on other WordPress sites, ZDNet has learned from WordPress security firm Defiant.

    The company, which manages and publishes the Wordfence plugin, a firewall system for WordPress sites, says it detected over five million login attempts in the last month from already-infected sites against other, clean WordPress portals.

    The attacks are what security experts call “dictionary attacks.”

    Defiant says that the people behind this botnet made “some mistakes in their implementation of the brute force scripts” that allowed researchers to expose the botnet’s entire backend infrastructure.

    Defiant researchers say they were able to bypass the botnet control panel login system and take a peek inside the crooks’ operation.

  41. Tomi Engdahl says:

    Exclusive: Clues in Marriott hack implicate China – sources

    (Reuters) – Hackers behind a massive breach at hotel group Marriott International Inc (MAR.O) left clues suggesting they were working for a Chinese government intelligence gathering operation

  42. Tomi Engdahl says:

    Microsoft calls on companies to adopt a facial recognition code of conduct

    Over the summer, Microsoft President Brad Smith called for governments to take a closer look at how facial detection technology is being implemented across the globe. This week, he returned with a similar message — only this time the executive is calling out fellow technology purveyors to help address myriad issues around the technology before it becomes too pervasive.


Leave a Comment

Your email address will not be published. Required fields are marked *