This posting is here to collect cyber security news in January 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
412 Comments
Tomi Engdahl says:
Website of Dublin Tram System Hacked
https://www.securityweek.com/website-dublin-tram-system-hacked
Tomi Engdahl says:
New Crypto-Mining Attacks Leverage NSA-Linked EternalBlue Exploit
https://www.securityweek.com/new-crypto-mining-attacks-leverage-nsa-linked-eternalblue-exploit
A new version of the NRSMiner is actively spreading in the southern region of Asia. The majority of detections (54%) have been found in Vietnam, followed by Iran (16%) and Malaysia (12%). The new version either updates existing NRSMiner infections, or spreads to new systems using the EternalBlue exploit.
Tomi Engdahl says:
MobSTSPY Info-Stealing Trojan Goes Global Via Google Play
https://threatpost.com/mobstspy-trojan-google-play/140534/
Tomi Engdahl says:
Dual Data Leaks of Blur, Town of Salem Impact Millions
https://threatpost.com/data-leaks-blur-town-of-salem/140529/
Password-manager Blur and role-playing game Town of Salem both disclosed data breaches this week that impacted a combined 10 million.
The new year has started off with the disclosure of two high-profile data breaches exposing the personal and password data of millions of people.
Popular role-playing game Town of Salem saw the email addresses and passwords of more than 7.6 million players hacked; while a separate database issue with password-manager Blur exposed personal data of approximately 2.4 million users.
Tomi Engdahl says:
Apple Phone Phishing Scams Getting Better
https://krebsonsecurity.com/2019/01/apple-phone-phishing-scams-getting-better/
Tomi Engdahl says:
Censoring China’s Internet, for Stability and Profit
https://www.nytimes.com/2019/01/02/business/china-internet-censor.html
Thousands of low-wage workers in “censorship factories” trawl the online world for forbidden content, where even a photo of an empty chair could cause big trouble.
Tomi Engdahl says:
Facebook Knows How to Track You Using the Dust on Your Camera Lens
https://gizmodo.com/facebook-knows-how-to-track-you-using-the-dust-on-your-1821030620
Facebook has long said that it doesn’t use location data to make friend suggestions, but that doesn’t mean it hasn’t thought about using it.
In 2014, Facebook filed a patent application for a technique that employs smartphone data to figure out if two people might know each other.
Facebook has told us many things it doesn’t do, to ease fears about Facebook’s ability to spy on its users: It doesn’t use proxies for location, such as wi-fi networks or IP addresses. It doesn’t use profile views or face recognition or who you text with on WhatsApp. Most of Facebook’s uncanny guesswork is the result of a healthy percentage of users simply handing over their address books.
But that doesn’t mean Facebook hasn’t thought about employing users’ metadata more strategically to make connections between them.
It might assume two people knew each other if the images they uploaded looked like they were titled in the same series of photos—IMG_4605739.jpg and IMG_4605742, for example—or if lens scratches or dust were detectable in the same spots on the photos, revealing the photos were taken by the same camera.
Tomi Engdahl says:
She will lock you out, livin’ la Vidar loca: Enterprising crims breed ransomware, file thief into hybrid nasty
https://www.theregister.co.uk/2019/01/07/vidar_infection/?utm_source=dlvr.it&utm_medium=facebook
She’ll make you live her crazy life, but she’ll take away your pain like a bullet to your wallet
A newly spotted piece of hybrid malware steals copies of victims’ files and then encrypts said data, demanding a ransom to unscramble it.
Tomi Engdahl says:
Managed Healthcare Provider Humana Discloses Data Breach
https://www.securityweek.com/managed-healthcare-provider-humana-discloses-data-breach
Healthcare management provider Humana recently revealed that hackers accessed information of individuals who had applied for a Humana health insurance policy via Bankers Life.
Tomi Engdahl says:
Latest Phishing Technique Uses Fake Fonts to Evade Detection
https://www.securityweek.com/latest-phishing-technique-uses-fake-fonts-evade-detection
This first-of-its kind phishing template uses fake web fonts to render well-crafted phishing pages and steal credentials. When rendered in a browser, the page uses stolen branding to impersonate the bank, which is typical to phishing pages.
Tomi Engdahl says:
Zerodium Offers $2 Million for iOS Hacks, $1 Million for Chat App Exploits
https://www.securityweek.com/zerodium-offers-2-million-ios-hacks-1-million-chat-app-exploits
Tomi Engdahl says:
Hackers Steal Customer Data From Manufacturing Company
https://www.securityweek.com/hackers-steal-customer-data-manufacturing-company
Hackers managed to compromise Titan Manufacturing and Distributing’s computer system and steal customer payment card data for nearly a year.
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/nebulan-varmuuskopioinnissa-haavoittuvuus-kayttaako-yrityksesi-naita-palveluja-6754314
Tomi Engdahl says:
New side-channel leak: Boffins bash operating system page caches until they spill secrets
Novel data-siphoning attack is hardware agnostic
https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/
Some of the computer security boffins who revealed last year’s data-leaking speculative-execution holes have identified yet another side-channel attack that can bypass security protections in modern systems.
Tomi Engdahl says:
https://keskustelu.suomi24.fi/t/14257002/panaman-jattitietovuoto-suomalaisten-nimet-julki
Tomi Engdahl says:
I Gave a Bounty Hunter $300. Then He Located Our Phone
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobile
T-Mobile, Sprint, and AT&T are selling access to their customers’ location data, and that data is ending up in the hands of bounty hunters and others not authorized to possess it, letting them track most phones in the country.
Tomi Engdahl says:
https://gitlab.com/edu4rdshl/blog/blob/master/why-telegram-is-insecure.md
Tomi Engdahl says:
First National ‘dealing with authorities’ after reported information leak
https://www.zdnet.com/article/first-national-dealing-with-authorities-after-reported-information-leak/
Cover letters and CVs of job applicants have allegedly appeared online.
Australian real estate network First National has reportedly had information it held on job applicants leaked online.
Llewellyn, however, believes a commercial off-the-shelf vendor is at fault.
Tomi Engdahl says:
Millions of Android users tricked into downloading 85 adware apps from Google Play
https://techcrunch.com/2019/01/08/millions-of-android-users-tricked-into-downloading-85-adware-apps-from-google-play/?utm_source=tcfbpage&sr_share=facebook
Tomi Engdahl says:
Hacker Uses Australian Early Warning Network to Send Spam Alerts
https://www.bleepingcomputer.com/news/security/hacker-uses-australian-early-warning-network-to-send-spam-alerts/
Over the weekend, a hacker gained unauthorized access to the Queensland EWN, or Early Warning Network, and used it to send a spam alert via SMS, landline, and email to the company’s subscribers.
EWN is a service offered by Australian company Aeeris that allows Australian councils, or local governments, to send emergency alerts regarding extreme weather, fires, evacuation information, or incident responses.
Tomi Engdahl says:
Hakkeri sai kovan näytön vallastaan Saksassa – puoluejohtaja jätti somen
https://www.hs.fi/ulkomaat/art-2000005958328.html
Hakkeri-isku vakavin seuraus on tällä hetkellä se, että Saksan vihreiden johtajan Robert Habeck päätti poistua somesta. Samalla hakkeri saa näytön siitä, että somevihalla ja kiusanteolla voi vaikuttaa politiikkaan.
Tomi Engdahl says:
20-vuotias mies on tunnustanut Saksan poliitikkojen hakkeroinnin – Epäilty otettiin kiinni sunnuntaina, mutta pääsi jo vapaaksi
https://yle.fi/uutiset/3-10586080
Epäilty on kertonut motiivikseen tietomurron kohteiden herättämän suuttumuksen.
Tomi Engdahl says:
Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever
https://thehackernews.com/2019/01/zero-day-exploit-market.html
Well, there’s some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers!
Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online chat applications.
Zerodium—a startup by the infamous French-based company Vupen that buys and sells zero-day exploits to government agencies around the world—said it would now pay up to $2 million for remote iOS jailbreaks and $1 million for exploits that target secure messaging apps.
Tomi Engdahl says:
OXO Breach Involved MageCart Attack That Targeted Customer Data
https://www.bleepingcomputer.com/news/security/oxo-breach-involved-magecart-attack-that-targeted-customer-data/
United States based kitchen utensil manufacturer OXO International disclosed a data breach that spans numerous periods over two years. This breach notification states that customer and payment information may have been exposed and further research by BleepingComputer indicates this was most likely a MageCart attack.
Tomi Engdahl says:
Microsoft Pulls Office 2010 January 2019 Updates After Excel Blunder
https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-office-2010-january-2019-updates-after-excel-blunder/
Tomi Engdahl says:
Microsoft told to Pay €1100 After Forced Windows 10 Upgrade Breaks PC
https://www.bleepingcomputer.com/news/microsoft/microsoft-told-to-pay-1100-after-forced-windows-10-upgrade-breaks-pc/
When Microsoft launched Windows 10 back in 2015, the company was sued by several customers because of its aggressive upgrade push. The software giant still has to deal with legal complaints for forcing Windows 10 installation on Windows PCs without explicit permission.
In another similar case that took place in Finland, Microsoft has now been asked to pay more than €1,100 ($1,258) to a Finnish man for the unwanted upgrade from Windows 8.1 and allegedly breaking his computer.
While the Finnish user had asked €3,000 in compensation for damages, the Finnish Consumer Disputes Panel has asked Microsoft to pay €1,100 to a man whose PC was upgraded to Windows 10 without authorization.
Tomi Engdahl says:
GandCrab Operators Use Vidar Infostealer as a Forerunner
https://www.bleepingcomputer.com/news/security/gandcrab-operators-use-vidar-infostealer-as-a-forerunner/
Tomi Engdahl says:
Näin salasanasi murretaan jopa muutamassa minuutissa – ja se on yllättävän helppoa, sanoo asiantuntija
https://www.hs.fi/teknologia/art-2000005959931.html
Tomi Engdahl says:
Melissa Eddy / New York Times:
Twenty-year-old German man admits to stealing and publishing data on hundreds of lawmakers, journalists, and other figures from every party except far-right AfD
German Man Confesses to Hacking Politicians’ Data, Officials Say
https://www.nytimes.com/2019/01/08/world/europe/germany-hacking-arrest.html
Personal information about hundreds of German politicians, including Chancellor Angela Merkel, was leaked by an anonymous Twitter account. None of those lawmakers were from the far-right party Alternative for Germany.CreditCredit
A 20-year-old German student took advantage of passwords as weak as “Iloveyou” and “1234” to hack into online accounts of hundreds of lawmakers and personalities whose political stances he disliked, officials revealed Tuesday, shaking Berlin’s political establishment and raising questions about data security in Europe’s leading economy.
Tomi Engdahl says:
German Police Seek Help In Finding Parcel Bomber With MAC Address
https://thehackernews.com/2019/01/german-dhl-parcel-bomb-blackmailer.html?m=1
German police are seeking your help in gathering information related to a MAC address that could lead to the cell phone device used by a DHL blackmailer who last year parceled out bombs at different addresses in Brandenburg and Berlin.
During the investigation, the German police successfully communicated with the alleged blackmailer multiple times via an email and succeeded in capturing his/her Motorola brand device’s MAC address f8:e0:79:af:57:eb, which was allegedly connected to several public Wi-Fi networks in Berlin at different times.
Since every electronic device comes with a unique MAC address, German police are trying to use this information to map out all Wi-Fi networks that the culprit used, probably in hope to pinpoint the right CCTV footages and trace the offender.
Though MAC address of a device can be spoofed easily, State Criminal Police Office LKA Brandenburg has requested citizens to check their wireless routers and network logs for the given MAC address
Tomi Engdahl says:
Vietnam threatens to penalize Facebook for breaking its draconian cybersecurity law
https://techcrunch.com/2019/01/09/vietnam-threatens-to-penalize-facebook/?utm_source=tcfbpage&sr_share=facebook
Well, that didn’t take long. We’re less than ten days into 2019 and already Vietnam is aiming threats at Facebook after it violating its draconian cybersecurity law which came into force on January 1.
The U.S. social network stands accused of allowing users in Vietnam to post “slanderous content, anti-government sentiment and libel and defamation of individuals, organisations and state agencies,”
Tomi Engdahl says:
Despite promises to stop, US cell carriers are still selling your real-time phone location data
https://techcrunch.com/2019/01/09/us-cell-carriers-still-selling-your-location-data/?utm_source=tcfbpage&sr_share=facebook
Tomi Engdahl says:
Kim Zetter / Politico:
Sources: Russian security firm Kaspersky Lab helped the US government catch NSA contractor Harold Martin, who was accused of stealing a trove of classified data — The U.S. has accused Kaspersky Lab of working with Russian spies. But sources say the company exposed a massive breach that U.S. authorities missed.
Exclusive: How a Russian firm helped catch an alleged NSA data thief
https://www.politico.com/story/2019/01/09/russia-kaspersky-lab-nsa-cybersecurity-1089131
The U.S. has accused Kaspersky Lab of working with Russian spies. But sources say the company exposed a massive breach that U.S. authorities missed.
Tomi Engdahl says:
Drone sighting briefly halts departing flights at UK’s Heathrow Airport
https://techcrunch.com/2019/01/08/drone-sighting-halts-flights-at-uks-heathrow-airport/?sr_share=facebook&utm_source=tcfbpage
All flights departing Heathrow, the U.K.’s largest airport, were suspended for an hour on Tuesday following a reported drone sighting.
The Metropolitan Police tweeted that it “received reports of a sighting of a drone” near Heathrow
It’s the second reported drone sighting at a U.K. airport in as many months. Gatwick Airport south of London faced two days of disruption following a reported drone sighting just before Christmas.
Tomi Engdahl says:
Who cracked El Chapo’s encrypted chats and brought down the Mexican drug kingpin? Er, his IT manager
https://www.theregister.co.uk/2019/01/09/drug_kingpin_el_chapo_sysadmin/
Feds flipped techie and recorded hundreds of calls
Tomi Engdahl says:
“Your personal data stored with us is not safe”: Early warning alert service breached
http://techgeek.com.au/2019/01/06/your-personal-data-stored-with-us-is-not-safe-early-warning-alert-service-breached/
An Australian early warning service has suffered a significant security breach, with customers receiving emails, text messages and phone calls that their personal data is not safe.
“EWN has been hacked. Your personal data stored with us is not safe. We are trying to fix the security issues,”
Tomi Engdahl says:
Bell wants to track customers’ every move; security experts urge caution
https://globalnews.ca/news/4827327/bell-data-collection/
Canada’s largest telecommunications group is getting mixed reviews for its plan to follow the lead of companies like Google and Facebook in collecting massive amounts of information about the activities and preferences of its customers.
Tomi Engdahl says:
Cambridge Analytica’s parent pleads guilty to breaking UK data law
https://techcrunch.com/2019/01/09/cambridge-analyticas-parent-pleads-guilty-to-breaking-uk-data-law/?sr_share=facebook&utm_source=tcfbpage
Cambridge Analytica’s parent company, SCL Elections, has been fined £15,000 in a UK court after pleading guilty to failing to comply with an enforcement notice issued by the national data protection watchdog, the Guardian reports.
Tomi Engdahl says:
New Windows 10 build silences Cortana, brings passwordless accounts
Though as ever, Home users are special.
https://arstechnica.com/gadgets/2019/01/latest-windows-10-build-makes-setup-quieter-passwords-optional/
Tomi Engdahl says:
DoS Vulnerability Found in Scapy Packet Manipulation Tool
https://www.securityweek.com/dos-vulnerability-found-scapy-packet-manipulation-tool
Scapy, the free and open source packet manipulation tool, is affected by a denial-of-service (DoS) vulnerability, Imperva revealed on Tuesday.
Developed in Python, Scapy is a powerful tool that allows users to forge, decode, send, capture, store, and read packets. It can be used for network discovery, attacks, scans, tracerouting and probing, and its developers say it can replace tools such as hping, nmap, arp-sk, Wireshark, arping, tcpdump, and arpspoof.
While looking into more efficient ways of detecting and mitigating distributed denial-of-service (DDoS) attacks, Imperva researchers noticed that a specially crafted packet can cause Scapy to enter a DoS condition.
If an attacker sends a specially crafted packet that appears to be a RADIUS packet, Scapy enters an infinite loop.
Tomi Engdahl says:
Iran-Linked DNS Hijacking Attacks Target Organizations Worldwide
https://www.securityweek.com/iran-linked-dns-hijacking-attacks-target-organizations-worldwide
Tomi Engdahl says:
Google Patches Critical Vulnerability in Android
https://www.securityweek.com/google-patches-critical-vulnerability-android
Google this week released its first set of security patches for Android in 2019, with fixes for more than two dozen vulnerabilities.
The most important of the security bugs is CVE-2018-9583, a Critical remote code execution vulnerability addressed in System and included in the 2019-01-01 security patch level.
Tomi Engdahl says:
Google Adds DNS-over-TLS Support to Its Public DNS Service
https://www.bleepingcomputer.com/news/google/google-adds-dns-over-tls-support-to-its-public-dns-service/?fbclid=IwAR2SxhKn-BLbYtTS7cCIyao8ifp5GFq1tsXqUKDNtwq3736rD5nqUM9plPc
The DNS-over-TLS is used to protect DNS resolvers and the ones who use them against man-in-the-middle attacks which a third party could use to eavesdrop on Internet connections or manipulate DNS data with malicious intent.
Tomi Engdahl says:
Sam Biddle / The Intercept:
Sources say Ring provided unfiltered access to unencrypted videos in cloud and live feeds to its teams in Ukraine and US, including feeds from inside houses — The “smart home” of the 21st century isn’t just supposed to be a monument to convenience, we’re told, but also to protection …
For Owners of Amazon’s Ring Security Cameras, Strangers May Have Been Watching Too
https://theintercept.com/2019/01/10/amazon-ring-security-camera/
The “smart home” of the 21st century isn’t just supposed to be a monument to convenience, we’re told, but also to protection, a Tony Stark-like bubble of vigilant algorithms and internet-connected sensors working ceaselessly to watch over us. But for some who’ve welcomed in Amazon’s Ring security cameras, there have been more than just algorithms watching through the lens, according to sources alarmed by Ring’s dismal privacy practices.
Ring has a history of lax, sloppy oversight when it comes to deciding who has access to some of the most precious, intimate data belonging to any person: a live, high-definition feed from around — and perhaps inside — their house. The company has marketed its line of miniature cameras, designed to be mounted as doorbells, in garages, and on bookshelves
Despite its mission to keep people and their property secure, the company’s treatment of customer video feeds has been anything but, people familiar with the company’s practices told The Intercept.
Tomi Engdahl says:
Nate Raymond / Reuters:
Massachusetts man sentenced to over 10 years in prison and ordered to pay ~$443,000 in restitution for a DDoS attack on Boston Children’s Hospital in 2014 — BOSTON (Reuters) – A Massachusetts man was sentenced on Thursday to more than 10 years in prison for carrying out a cyberattack …
Massachusetts man gets 10 years in prison for hospital cyberattack
https://www.reuters.com/article/us-massachusetts-cyber/massachusetts-man-gets-10-years-in-prison-for-hospital-cyberattack-idUSKCN1P42J8
Tomi Engdahl says:
Josh Constine / TechCrunch:
Researchers say it is easy to find child porn images on Bing, which also actively suggests related keywords and images; Microsoft says it is working on fixes — A TechCrunch-commissioned report finds damning evidence — Illegal child exploitation imagery is easy to find on Microsoft’s Bing search engine.
https://techcrunch.com/2019/01/10/unsafe-search/
Tomi Engdahl says:
Washington Post:
AT&T and T-Mobile say they will stop selling customers’ location data to 3rd-party service providers by March; Verizon says it’s winding down sharing agreements — AT&T said Thursday it will stop selling its customers’ location data to third-party service providers after a report this week …
http://www.washingtonpost.com/technology/2019/01/10/phone-companies-are-selling-your-location-data-now-some-lawmakers-want-federal-investigation/
Tomi Engdahl says:
TLS Certificates for Many .gov Domains Not Renewed Due to Government Shutdown
https://www.securityweek.com/tls-certificates-many-gov-domains-not-renewed-due-government-shutdown
Many TLS certificates for .gov domains have not been renewed due to the ongoing shutdown of the United States government, making them insecure or inaccessible.
A standoff between U.S. President Donald Trump and the country’s Democratic Party over the controversial Mexico border wall has led to a partial government shutdown. The shutdown started on December 22 and it has entered its 20th day.
As a result, some government services, including ones related to cybersecurity, such as NIST’s Computer Security Resource Center (CSRC), are unavailable until further notice. According to Netcraft, the shutdown has also led to over 80 TLS certificates for .gov domains expiring without being renewed.
The expired certificates are for domains belong to organizations such as NASA, the Department of Justice, the Court of Appeals, and the Lawrence Berkeley National Laboratory.
Since usdoj.gov domains are on the HTTPS Strict Transport Security (HSTS) preload list, web browsers such as Chrome, Safari, Firefox, Edge, Internet Explorer and Opera prevent users from accessing them if their certificate has expired.
Websites that are not on the HSTS list can normally still be accessed by users as the browser’s “advanced” menu allows them to add an exception even if the security certificate is invalid. However, this option is not available for HSTS domains.
“Most of the affected sites will display an interstitial security warning that the user will be able to bypass,”
Tomi Engdahl says:
EU Top Court Adviser: Google Can Limit Right to be Forgotten
https://www.securityweek.com/eu-top-court-adviser-google-can-limit-right-be-forgotten
An adviser to Europe’s top court says Google doesn’t have to extend “right to be forgotten” rules to its search engines globally.
The European Court of Justice’s advocate general released a preliminary opinion Thursday in the case involving the U.S. tech company and France’s data privacy regulator.
Tomi Engdahl says:
Blacklisted Kaspersky Tipped NSA on Security Breach: Media
https://www.securityweek.com/blacklisted-kaspersky-tipped-nsa-security-breach-media
The computer security firm Kaspersky Labs helped the US NSA spy agency uncover one of its worst-ever security breaches — one year before the US banned the company’s products for government use, US media has reported.