Cyber Security News January 2019

This posting is here to collect cyber security news in January 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.



  1. Tomi Engdahl says:

    Hackers Threaten to Dump Insurance Files Related to 9/11 Attacks

    The Dark Overlord appears to be trying to capitalize on conspiracy theories about the September 11 attacks.

    The news is the latest public extortion attempt from the group known as The Dark Overlord, which has previously targeted a production studio working for Netflix, as well as a host of medical centres and private businesses across the United States.

    In its announcement published on Pastebin

    A spokesperson for the Hiscox Group confirmed to Motherboard that the hackers had breached a law firm

  2. Tomi Engdahl says:

    Hackers are spreading Islamic State propaganda by hijacking dormant Twitter accounts

    Hackers are using a decade-old flaw to target and hijack dormant Twitter accounts to spread terrorist propaganda, TechCrunch has learned.

    Many of the affected Twitter accounts appeared to be hijacked in recent days or weeks — some longer

    The recent resurgence in hijacked accounts appears to be hackers exploiting Twitter’s legacy lack of email confirmation.

  3. Tomi Engdahl says:

    Popular Weather App Collects Too Much User Data, Security Experts Say
    China-based app asked for more data than the usual location request, including email addresses

    A popular weather app built by a Chinese tech conglomerate has been collecting an unusual amount of data from smartphones around the world and attempting to subscribe some users to paid services without permission, according to a London-based security firm’s research.

  4. Tomi Engdahl says:

    Chrome in Android Leaks Device Fingerprinting Info

    Attackers could craft a campaign that makes use of the device profile in order to exploit any vulnerabilities in a targeted fashion.

    Google has issued a partial fix for an Android issue dating back to 2015 – after originally rejecting the bug report on the grounds of the mobile OS “working as intended.”

    The issue – which still doesn’t have a CVE designation despite being partially addressed as a problem – has to do with how Android uses Google’s Chrome browser. Chrome is the default browser for Android devices, and it also enables the WebView and Custom Tabs APIs, which let applications render web content within the apps themselves without opening a separate browser window. According to Nightwatch Cybersecurity, Chrome and applications that use the associated APIs leak information about the hardware model, firmware version and security patch level of the device on which they are running.

  5. Tomi Engdahl says:

    Dark Overlord rings in New Year with threat to release 9/11-related docs pilfered from law firm

    Saying it was “welcoming 2019 with open arms and a big announcement,” the Dark Overlord hacker group Monday threatened via a Pastebin post to release files it said were nicked from a law firm – believed to have advised insurer Hiscox Syndicares Ltd. – that handled September 11-related cases.

  6. Tomi Engdahl says:

    Microsoft Adds New Microsoft 365 Security and Compliance Bundles

    Microsoft announced the addition of two new compliance and security offerings beginning February 1, 2019, as a response to the new requirements added by information protection regulations such as EU’s General Data Protection Regulation (GDPR) and today’s increasing cybersecurity attack threat.

    The new security and compliance packages are designed to provide business customers who aren’t ready for a Microsoft 365 E5 bundle to be able to get some of the benefits it comes with.

    the new Microsoft 365 Identity & Threat Protection package bundles together multiple advanced threat protection services, ranging from Microsoft Threat Protection (Windows Defender ATP, Azure Advanced Threat Protection (ATP), and Office 365 ATP incorporating Threat Intelligence), to Microsoft Cloud App Security and Azure Active Directory.

  7. Tomi Engdahl says:

    Cloud Hosting Provider Battling Christmas Eve Ransomware Attack

    Cloud hosting provider is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned. The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. newspapers over the weekend.

    San Juan Capistrano, Calif. based Data Resolution LLC serves some 30,000 businesses worldwide, offering software hosting, business continuity systems, cloud computing and data center services.

    The intrusion gave the attackers control of Data Resolution’s data center domain, briefly locking the company out of its own systems.

  8. Tomi Engdahl says:

    Vulnerability in Chrome for Android Patched Three Years After Disclosure

    A vulnerabilitiy recently patched by Google in Chrome for Android was an information disclosure bug that was originally reported in 2015, but not patched until the release of Chrome 70 in October 2018, security researchers say.

  9. Tomi Engdahl says:

    Security Concerns Prompt Closing of Dividend Applications

    Alaska revenue officials shut down online applications for annual oil wealth checks after personal information of other users popped up on applicants’ computer screens.

    The private information from other applicants included names, addresses and Social Security numbers.

  10. Tomi Engdahl says:

    Inside PolySwarm’s Decentralized Threat Intelligence Marketplace

    New Threat Detection Marketplace Connects AV Companies and Enterprises to Improve Protection Coverage Against New Threats

    Stable version 1.0 of PolySwarm has been reached, and will be announced within the next couple of weeks. It is a new approach to suspect file threat intelligence sharing, using collective wisdom (or swarm intelligence) and blockchain to pronounce and disseminate judgement on suspicious files. In some ways it is similar to VirusTotal, but with major differences: it adds the collective wisdom of independent malware analysts — and rewards them. It has been described as VirusTotal on steroids.

  11. Tomi Engdahl says:

    Automated System Bypasses Google reCAPTCHA Again

    The unCaptcha automated system can once again bypass Google’s reCAPTCHA challenges, despite major updates to the security service.

    The unCaptcha system was created in April 2017 to target Google’s reCAPTCHA and similar security systems that aim at protecting websites from spam and abuse, and was able to defeat those with high accuracy.

  12. Tomi Engdahl says:

    Abine Blur Password Manager exposed data of 2.4M users

    The password manager exposed the data due to a misconfigured S3 bucket.
    The Blur privacy and password management service developer Abine has issued a security notice this Monday stating that a file containing important customer data was accidentally exposed to the internet.

  13. Tomi Engdahl says:

    Hackers Say They Will Release Confidential 9/11 Documents If Blackmail Demands Are Not Met

    Hackers are threatening to dump a bunch of confidential documents relating to the 9/11 terror attacks if the companies involved do not pay out a hefty sum.

  14. Tomi Engdahl says:

    Dark Overlord hackers release alleged 9/11 lawsuit documents

    The group announced on Pastebin (content now removed) on New Year’s Eve that it had hacked a law firm that handled cases relating to the 11 September 2001 terrorist attacks.

    It threatened to publicly release what it claimed are gigabytes of confidential, litigation-related documents

    Come and get ’em, TDO said to terrorists and enemy states:

    If you’re a terrorist organisation such as ISIS/ISIL, Al-Qaeda, or a competing nation state of the USA such as China or Russia, you’re welcome to purchase our trove of documents.

    it had released a teaser’s worth of documents to verify its claims. It presented a tiered plan to “release each layer of damaging documents that are filled with new truths, never before seen.”

    As of yesterday afternoon, the group’s bitcoin wallet had received three payments.

    TDO published images from 16 documents that involve filings from “In re Terrorist Attacks on September 11, 2001”

    Whatever actually happened, and however TDO came upon its allegedly ill-gotten data, the hacking group claimed that some law firm paid a ransom and then went to the police…

    …but going to the police was not part of the deal, so TDO said it would release the information anyway, once its bitcoin wallet was full of cash.

  15. Tomi Engdahl says:

    Chromecast Hacker Calls it Quits After Hearing FBI Is Looking Into Him

    The hacker known as TheHackerGiraffe has been promoting PewDiePie’s YouTube channel through unwanted Internet-connected printer jobs and Chromecast hacks. In an audio Periscope recording, the hacker calls it quits after being told that the FBI may be building a case against him.

  16. Tomi Engdahl says:

    Irish Rail Operator Gets Ransom Note on Its Website

    The website of, the tram rail system operator in Dublin, Ireland, has been taken offline today after someone replaced its content with a ransom note demanding one bitcoin not to publish customer data.

    The tram operator did not offer any details about the incident

    Before the website was taken down, it showed a message from a perpetrator bothered by the operator’s lack of response to their messages informing of security problems.

  17. Tomi Engdahl says:

    Brexit freight ferry firm appears all geared up – to deliver pizzas

    Terms and conditions on Seaborne website seem to be intended for food company

    First, it emerged that the “startup” company hired to operate extra ferries as part of no-deal Brexit planning had no ships.

    it turned out that terms and conditions on its website appeared to be intended for a food delivery firm

  18. Tomi Engdahl says:

    German politicians’ personal data leaked online

    Huge cache of documents published daily in December but came to light only on Thursday

    Sensitive data belonging to hundreds of German politicians and celebrities has been leaked online via a Twitter account. The huge cache of documents includes personal phone numbers and addresses, internal party documents, credit card details and private chats.

    A government spokeswoman, Martina Fietz, said the leak affected politicians of all levels including the European parliament, German parliament and regional parliaments. “The German government is taking this incident very seriously,”

  19. Tomi Engdahl says:

    Windows into the White House? Situation Room photo stirs debate over Microsoft operating system

  20. Tomi Engdahl says:

    Hacker leaks data on Angela Merkel and hundreds of German lawmakers

    A hacker has targeted and released private data on German chancellor Angela Merkel and other senior German lawmakers and officials.

    The data was leaked from a Twitter account, since suspended

  21. Tomi Engdahl says:

    Marriott now says 5 million unencrypted passport numbers were stolen in Starwood hotel data breach

    Starwood’s data breach just got both better and worse at the same time.

    Marriott, which owns hotel chain giant Starwood, said it has revised the number of customers affected by its recently disclosed data breach from 500 million to “fewer than 383 million unique guests.” That doesn’t mean all those 383 million guests are affected

    The bad news is that the company confirmed that more than five million unencrypted passport numbers were stolen, on top of the more than 20 million encrypted passport numbers.

    8.6 million unique payment card numbers were taken, but only 354,000 cards were active and unexpired

    Marriott said in its Friday update that it has “completed the phase out” of Starwood’s reservation database and now runs guest bookings through its Marriott database, which was not affected by the breach.

  22. Tomi Engdahl says:

    Can’t unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass

    Neat trick for spying spouses, bad bosses, other miscreants with hands on your mobe. A fix is available

  23. Tomi Engdahl says:

    German politicians targeted in mass data attack

    Hundreds of German politicians, including Chancellor Angela Merkel, have had personal details stolen and published online.

    Contacts, private chats and financial details were put out on Twitter that belong to figures from every political party except the far-right AfD.

    Data from celebrities and journalists were also leaked.

  24. Tomi Engdahl says:

    New Apple voice phishing scam looks just like a real support call

    A new voice phishing scam is going after iPhone users in a clever new way: by making calls seem like they are coming directly from Apple Support.

  25. Tomi Engdahl says:

    Wall Street Journal:
    Marriott says a total of 383M records were stolen in its hack, less than the initial estimate of 500M, but 5M+ unencrypted passport numbers were accessed — Hotel chain says fewer total customers were affected than initially feared but analysts warn data could be intelligence trove

    Marriott Says Hackers Swiped Millions of Passport Numbers

    Hotel chain says fewer total customers were affected than initially feared but analysts warn data could be intelligence trove

  26. Tomi Engdahl says:

    Hackers dump private info of Angela Merkel and hundreds of other German politicians including email addresses, phone numbers, and personal chat transcripts — – Leak includes emails, chat transcripts, photos, phone numbers — Hack is ‘elaborate’ social-engineering attack, IT expert says

    Hackers Dump Data on Merkel, Politicians in Giant German Leak

  27. Tomi Engdahl says:

    PSA: File your US tax return before scammers steal your refund

    It’s tax season! You know what that means? It’s scamming season, too.

  28. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:NEW
    NSA to open source its GHIDRA reverse engineering tool that breaks down executable files into assembly code that can then be analyzed by humans — GHIDRA is written in Java and works on Windows, Mac, and Linux. — The US National Security Agency will release a free reverse engineering tool …

    NSA to release a free reverse engineering tool

    GHIDRA is written in Java and works on Windows, Mac, and Linux.

    The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco.

    The software’s name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans.

    GHIDRA is coded in Java, has a graphical user interface (GUI), and works on Windows, Mac, and Linux.

    GHIDRA can also analyze binaries for all major operating systems, such as Windows, Mac, Linux, Android, and iOS, and a modular architecture allows users to add packages in case they need extra features.

    Some people who know and used the tool and have shared opinions on social media, such as HackerNews, Reddit, and Twitter, have compared GHIDRA with IDA, a well-known reverse engineering tool -but also very expensive, with licenses priced in the range of thousands of dollars.

    Most users say that GHIDRA is slower and buggier than IDA, but by open-sourcing it, the NSA will benefit from free maintenance from the open source community, allowing GHIDRA to quickly catch up and maybe surpass IDA.

  29. Tomi Engdahl says:

    NSA Releasing the GHIDRA Reverse Engineering Tool at RSAConference

    At the RSAConference in March, a free reverse engineering framework called GHIDRA is being released that was developed by the U.S. National Security Agency.

  30. Tomi Engdahl says:

    Industry Reactions to Massive Data Leak in Germany

    German IT Security Agency Defends Response in Hacking Case

    Germany’s IT security agency on Saturday defended its response to the leaking of hundreds of politicians’ private information, after lawmakers accused it of failing to inform them quickly enough.

    Politicians from several parties questioned why the Federal Office for Information Security, or BSI, didn’t alert Parliament about the suspected hacking case when it first came to light in December.

  31. Tomi Engdahl says:

    US Gadget Love Forecast to Grow Despite Trust Issues

    The US tech industry is weathering a crisis of confidence over data protection and a difficult geopolitical situation, with record sales expected in 2019, organizers of the Consumer Electronics Show said Sunday.

    The Consumer Technology Association (CTA) predicted that US retail revenue in the sector would climb to a record high $398 billion this year.

    The forecast was unveiled ahead of the opening of the giant fair which from January 8-11 will showcase the newest tech in mobile computing, health, sports, automobiles, agriculture and more.

    “There are so many cool things happening in the consumer electronics industry right now,” said CTA vice president of market research Steve Koenig.

  32. Tomi Engdahl says:

    Hundreds of Thousands Download Spyware from Google Play

    Hundreds of thousands of users ended up with spyware on their devices after downloading seemingly legitimate applications from Google Play, Trend Micro security researchers have discovered.

    Detected as MobSTSPY, the malware, which can gather various information from the victims, isn’t new. For distribution, its operators chose to masquerade the threat as legitimate Android applications and submit them to Google Play.

  33. Tomi Engdahl says:

    The Latest Threats to ATM Security

    The past few years have seen criminals applying their creativity to stealing money from ATMs, with considerable success. Methods of attack have included:

    • Insert skimmers—physical devices placed in card slots to capture information from swiped cards.

    • Remote cyber attacks—taking control of ATM servers to dispense cash, using malware like ATMitch.

    • Direct malware attacks—using physical access to an ATM to deploy malware variants like Ploutus-D.

    2018 saw at least two new major threats to ATM security: a “jackpotting” attack that presents a unique challenge because of its speed, efficacy, and comparative lack of resources required from attackers; and “shimming”, a simple way to steal data from chip-enabled cards.

    What Should Businesses Do to Protect ATMs?

    The current state of ATM security is far from optimal, but the unique security challenges around ATMs make improvements difficult. That said, there are short- and long-term possibilities to make these types of attacks, and others, more difficult to pull off.

  34. Tomi Engdahl says:

    Serious DoS Flaw Impacts Several Yokogawa Products

    A serious denial-of-service (DoS) vulnerability impacts several industrial automation products from Japanese electrical engineering and software company Yokogawa Electric.

  35. Tomi Engdahl says:

    Ransomware Attack Against Hosting Provider Confirms MSPs Are Prime Targets, a cloud hosting provider headquartered in San Juan Capistrano, CA and with data centers in Los Angeles CA, Reston VA, London UK, Hamilton Bermuda, and Canada, was infected with ransomware on Christmas Eve, 2018. It appears that the firm declined to pay any ransom, and is reconstituting the files manually and from backups.

    According to these notices, the ransomware concerned is Ryuk; the same ransomware that disrupted the delivery of several major U.S. newspapers in the last weekend of 2018. However, this attribution comes from Data Resolution’s notice to customers: “Christmas Eve; Ryuk ransomware attach occurred — Point of Origin North Korea.”

  36. Tomi Engdahl says:

    Week in Review: IoT, Security, Auto

    The drone episode last month at Gatwick Airport in the United Kingdom forced the cancellation or diversion of more than 1,000 flights over three days. While local police arrested a couple suspected of being behind the drone flights, they were quickly exonerated and released. Questions remain on how airports should respond to such episodes, which are bound to happen again and more frequently.

    Newspaper printing plants in California and Florida saw production disrupted by cyberattacks late last year. The Los Angeles Times, one of the daily papers affected, said the attacks originated from outside the United States, without naming a specific point of origin.

    The Department of Homeland Security has warned managed services providers, managed security service providers and cloud services providers to be on the lookout for advanced persistent threats specifically targeting such companies.

    Will data breaches continue to occur during 2019? Most definitely, according to Robert Ackerman Jr., founder and a managing director of AllegisCyber and a founder of DataTribe. “Look for AI-driven chatbots to go rogue, a substantial increase in crimeware-as-a-service, acceleration of the weaponization of data, a resurgence in ransomware and a significant increase in nation-stage cyberattacks. Also on a growth track is so-called cryptojacking — a quiet, more insidious avenue of profit that relies on invasive methods of initial access and drive-by scripts on websites to steal resources from unsuspecting victims,” he writes in this analysis.

    The Federal Communications Commission and other regulators are investigating an Internet outage that disrupted 911 service across the U.S.

  37. Tomi Engdahl says:

    27% of Passwords From Town of Salem Breach Already Cracked

    Over the holiday, the popular browser-based game Town of Salem had a data breach that exposed the hashed passwords for approximately 7.6 million unique accounts. At the time of this writing, over 27% of the passwords have already been cracked.

    On December 28th 2018, leaked information lookup site DeHashed received an email that contained proof that a server for BlankMediaGames’ Town of Salem game was hacked and a copy of the game’s database.

  38. Tomi Engdahl says:

    Malicious .tar Attachments

    We were informed about a malicious email campaign that uses .iso and .tar attachments.

    We’ve covered .iso attachments before in diary entry “Malicious .iso Attachments”: the .iso contains a malicious executable and can be opened with vanilla Windows 8 and later.

    For .tar attachments, it’s a bit different. The .tar attachment also contains a malicious executable (tar is an Unix archive format), but it can not be opened with vanilla Windows. Archiving software like the popular WinZip has to be installed, for the user to be able to open the .tar attachment.

  39. Tomi Engdahl says:

    New Android Malware Combines Info-Stealing and Phishing Features

    Android malware that combines info/data-stealing and phishing capabilities lurked in Google Play using the guise of legitimate-looking apps; one of them was installed at least 100,000 times.

    Camouflaged as utility apps or games, Mobstspy infected devices primarily in India, although its distribution was worldwide, affecting users in 196 countries.

  40. Tomi Engdahl says:

    Germany hacked: Angela Merkel’s colleagues among mass data dump victims
    Politicians, journalists and other public figures targeted

  41. Tomi Engdahl says:

    Angela Merkel and hundreds of German politicians hacked

    German Chancellor Angela Merkel and other senior politicians were reportedly hit by a data hack, with some of their letters, contact details and party memos leaked on Twitter.

  42. Tomi Engdahl says:

    Patrick Donahue / Bloomberg:
    Report: German authorities seek help from NSA after finding that hackers had released private data linked to Chancellor Merkel and hundreds of other politicians

    Germany Reportedly Seeks U.S. Assistance After Hacking Breach

    German authorities sought help from the U.S. National Security Agency after discovering that hackers had released private data linked to Chancellor Angela Merkel and hundreds of other German politicians, Bild newspaper reported.

    Responding to the biggest data dump of its kind in the country, German investigators wanted the U.S. intelligence agency to lean on Twitter Inc. to shut down profiles with links to the data, Bild said, citing unidentified security officials. German authorities argued that U.S. citizens were among thousands of people exposed by the data dump.

  43. Tomi Engdahl says:

    Two Critical Flaws Patched in Adobe Acrobat, Reader

    Adobe’s first round of security updates for 2019 resolve two critical vulnerabilities in the company’s Acrobat and Reader products, but administrators should not be too concerned about the flaws being exploited in the wild any time soon.

  44. Tomi Engdahl says:

    Blur Exposes Information of 2.4 Million Users

    Roughly 2.4 million Blur users had their information exposed online as a result of a misconfigured AWS S3 bucket, the application’s developer, online privacy company Abine, revealed this week.

    Blur is a popular application that provides password management, masked email, and private browsing capabilities.


Leave a Comment

Your email address will not be published. Required fields are marked *