This posting is here to collect cyber security news in April 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
402 Comments
Tomi Engdahl says:
How Intel wants to backdoor every computer in the world | Intel Management Engine explained
https://www.youtube.com/watch?v=Lr-9aCMUXzI
Intel embeds Management Engine into all of its computers since 2008. Intel Management Engine has been criticized for its security risks and has been called a backdoor with rootkit possibilities by many security experts and researchers.
This is Intel Management Engine. A subsystem microprocessor that’s operating inside every Intel CPU platform made from 2008 onward.
Despite its name and some basic functions, we don’t know anything about what Intel Management really does.
Intel Management Engine is a computer within a computer. It is running it’s own operating system, called Minix, and is installed by default on every modern computer with an Intel CPU. This probably makes Minix the most widely used operating system in the world.
Tomi Engdahl says:
A Rambus writer points to a study on how voltage glitches can introduce timing violations into a digital circuit, with an example of the PlayStation Vita as susceptible to the fault injection attack.
Fault Injection Attacks PlayStation Vita’s SoC
https://www.rambus.com/blogs/fault-injection-attacks-playstation-vitas-soc/
Security researcher Yifan Lu recently published a detailed paper that examines how voltage glitching causes critical timing violations in CMOS behavior. More specifically, Lu closely analyzes CMOS transistor behavior to better understand when the combinational logic is most susceptible to voltage glitch induced faults. The paper also describes a real-world fault injection attack against the PlayStation Vita’s SoC that gains early (boot time) execution control and dumps the secure boot ROM.
Tomi Engdahl says:
Google Chrome engineers want to block some HTTP file downloads
https://www.zdnet.com/article/google-chrome-engineers-want-to-block-some-http-file-downloads/
Google wants to prevent some file types from being downloaded via HTTP when the website domain shows HTTPS.
Google wants to block some file downloads carried out via HTTP on websites that load via an HTTPS URL.
According to a proposal the browser maker has put forward yesterday, only the download of certain “high-risk” file types will be blocked by default.
This includes EXE (Windows application binary), DMG (Mac application binary), CRX (Chrome extension package), and all the major archive formats, like ZIP, GZIP, BZIP, TAR, RAR, and 7Z.
These file types are considered “high-risk” because they are most likely to be abused to hide malware.
Google said it’s currently not thinking of blocking downloads started from HTTP sites, since the browser is already warning users about the site’s poor security via the “Not Secure” indicator in the URL bar.
Tomi Engdahl says:
Microsoft Edge Uses a Secret Trick And Breaks Internet Explorer’s Security
https://blog.0patch.com/2019/04/microsoft-edge-uses-secret-trick-and.html?m=1
Edge Decided To Use An Undocumented Security Feature.
Internet Explorer Didn’t Get The Memo.
Tomi Engdahl says:
Chipotle customers are saying their accounts have been hacked
https://techcrunch.com/2019/04/17/chipotle-accounts-hacked/?tpcc=ECFB2019
Tomi Engdahl says:
Ecuador says it has been hit with 40 million cyber attacks since Julian Assange was arrested at its embassy in London
https://www.businessinsider.com/ecuador-hit-40-million-cyber-attacks-since-assange-arrest-2019-4?IR=T
The finance ministry and president’s office were targeted from computers in the US, Brazil, Germany, Romania, UK, and France, Patricio Real, Ecuador’s deputy minister for information told AFP.
Since the arrest, a huge number of cyber attacks have been directed at Ecuadorian government websites from groups in support of the WikiLeaks founder
telecommunications ministry, told AFP the attacks were “volumetric.”
Jara said the attacks were “threats from those groups linked to Julian Assange.”
Tomi Engdahl says:
European Churches: Vandalized, Defecated On, and Torched “Every Day”
https://www.gatestoneinstitute.org/14044/europe-churches-vandalized#.XLeC8BuTUpE.facebook
Tomi Engdahl says:
Anonymous Takes Down Ecuador After Assange Arrest
https://angelof-truth.com/2019/04/13/anonymous-takes-down-ecuador-after-assange-arrest/amp/?__twitter_impression=true
Breaking News: The group called anonymous is taking down Ecuador in a move for their illegal eviction of Assange. Anonymous is reporting 30+ sites attacked and down.
Tomi Engdahl says:
Hacker database
https://www.soldierx.com/hdb
Tomi Engdahl says:
https://www.virustotal.com/gui/ip-address/141.105.65.113/relations
Tomi Engdahl says:
A security researcher with a grudge is DocPoint Web 0days on innocent users
https://arstechnica.com/information-technology/2019/04/a-security-researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users/
Exploits published over the past three weeks exposed 160,000 websites to potent attacks.
Tomi Engdahl says:
Security flaw in French government messaging app exposed confidential conversations
https://techcrunch.com/2019/04/19/security-flaw-in-french-government-messaging-app-exposed-confidential-conversations/?tpcc=ECFB2019
The French government just launched its own messaging app called Tchap in order to protect conversations from hackers, private companies and foreign entities. But Elliot Alderson, also known as Baptiste Robert, immediately found a security flaw. He was able to create an account even though the service is supposed to be restricted to government officials.
forked an open-source project called Riot, which is based on an open-source protocol called Matrix.
Tomi Engdahl says:
Saudi Arabia declares all atheists are terrorists in new law to crack down on political dissidents
https://www.independent.co.uk/news/world/middle-east/saudi-arabia-declares-all-atheists-are-terrorists-in-new-law-to-crack-down-on-political-dissidents-9228389.html
Atheists, peaceful protesters and those who go to fight abroad have all been brought under the auspices of new “anti-terror” laws
Tomi Engdahl says:
New human rights to protect against ‘mind hacking’ and brain data theft proposed
https://www.theguardian.com/science/2017/apr/26/new-human-rights-to-protect-against-mind-hacking-and-brain-data-theft-proposed
This article is more than 1 year old
A response to advances in neurotechnology that can read or alter brain activity, new human rights would protect people from theft, abuse and hacking
Tomi Engdahl says:
Mueller report sheds new light on how the Russians hacked the DNC and the Clinton campaign
https://techcrunch.com/2019/04/18/mueller-clinton-arizona-hack/?tpcc=ECFB2019
The Mueller report contains new information about how the Russian government hacked documents and emails from Hillary Clinton’s presidential campaign and the Democratic National Committee .
At one point, the Russians used servers located in the U.S. to carry out the massive data exfiltration effort, the report confirms.
The operatives working for the Russian intelligence directorate, the GRU, sent dozens of targeted spearphishing emails in just five days to the work and personal accounts of Clinton Campaign employees and volunteers, as a way to break into the campaign’s computer systems.
Tomi Engdahl says:
‘MalwareTech’ security researcher pleads guilty
https://www.engadget.com/2019/04/19/marcus-hutchins-malwaretech/?sr_source=Facebook
Marcus Hutchins was a hero for stopping WannaCry, but created Kronos years earlier.
Today he pleaded guilty to a pair of charges related to the malware, for which he faces up to ten years in prison. In a statement posted on his personal website, he said:
As you may be aware, I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security. I regret these actions and accept full responsibility for my mistakes.
Tomi Engdahl says:
Social media influencer convicted for violent plot to hijack website name
https://abcnews.go.com/US/social-media-influencer-convicted-violent-plot-hijack-internet/story?id=62515433
Tomi Engdahl says:
Wipro Intruders Targeted Other Major IT Firms
https://krebsonsecurity.com/2019/04/wipro-intruders-targeted-other-major-it-firms/
The crooks responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro, India’s third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant, new evidence suggests. The clues so far suggest the work of a fairly experienced crime group that is focused on perpetrating gift card fraud.
Tomi Engdahl says:
The Weather Channel goes off the air for 90 minutes after ransomware infection
https://www.zdnet.com/google-amp/article/the-weather-channel-goes-off-the-air-for-90-minutes-after-ransomware-infection/
The Weather Channel IT staff dealt with the ransomware infection by restoring impacted computers from backups.
Tomi Engdahl says:
CIA Offers Proof Huawei Has Been Funded By China’s Military And Intelligence
https://www.forbes.com/sites/zakdoffman/2019/04/20/cia-offers-proof-huawei-has-been-funded-by-chinas-military-and-intelligence/?
Tomi Engdahl says:
How Mueller used Bitcoin to catch Russia
https://edition.cnn.com/2019/04/19/tech/bitcoin-mueller-russia/index.html
Russian operatives used cryptocurrency at almost every stage in their online efforts to interfere in the 2016 U.S. presidential election, according to Special Counsel Robert Mueller’s final report on his investigation.
Systems used in the hacking of the Democratic Party were paid for using Bitcoin, as were online hosting services that supported websites which published hacked materials and were used in the targeting of disinformation at American voters.
Tomi Engdahl says:
New INPIVX Service May Change the Ransomware Game
https://www.bleepingcomputer.com/news/security/new-inpivx-service-may-change-the-ransomware-game/
A new service called Inpivx pushes the ransomware business to a new stage of evolution, making it easy to set up shop for those that lack the technical skills to develop the malware from scratch and build a management panel.
Tomi Engdahl says:
HAXPO: This is a Public Service Announcement: Hacking LTE Public Warning Systems
https://conference.hitb.org/hitbsecconf2019ams/sessions/haxpo-this-is-a-public-service-announcement-hacking-lte-public-warning-systems/
We studied the PWS in LTE network and uncovered vulnerabilities of PWS in LTE air interfaces, i.e., the warning messages of the PWS are not encrypted or signed when they are transmitted over the air. Thus, it is possible that a malicious PWS warning messages can be transmitted. We simply use a low cost soft define radio (SDR) device and modify code of the LTE open source project srsLTE in order to forge the warning messages.
Tomi Engdahl says:
Slashdot reports thar the European Parliament voted last week to interconnect a series of border-control, migration, and law enforcement systems into a gigantic biometrics-tracking database.
This new database will be known as the Common Identity Repository (CIR) and is set to unify records on over 350 million people.
It will be a searchable database of EU and non-EU citizens. Will it be also hackable database that ends up soon for sale at dark web?
https://www.zdnet.com/article/eu-votes-to-create-gigantic-biometrics-database/
https://m.slashdot.org/story/354888
Tomi Engdahl says:
CARBANAK Week Part One: A Rare Occurrence
https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-one-a-rare-occurrence.html
Tomi Engdahl says:
https://www.wired.com/story/netflix-interactive-bandersnatch-hackers-choices/
Tomi Engdahl says:
‘NamPoHyu Virus’ Ransomware Targets Remote Samba Servers
https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/
A new ransomware family called NamPoHyu Virus or MegaLocker Virus is targeting victims a bit differently than other ransomware. Instead of an executable running on a victim’s computer, the attacker is running the ransomware locally and having it remotely encrypt accessible Samba servers.
Tomi Engdahl says:
This Conversation Between A Passenger And An Airline Should Absolutely Terrify You
https://www.iflscience.com/technology/this-conversation-should-terrify-you-viral-thread-about-airport-tech-is-creeping-out-the-internet/
“Presumably these facial recognition scanners are matching my image to something in order to verify my identity,” she wrote. “How does JetBlue know what I look like?”
So how concerned should we be that companies like JetBlue have access to this data?
“You should be concerned,” the Electronic Frontier Foundation wrote on Twitter. “It’s unprecedented for the government to collect and share this kind of data, with this level of detail, with this many agencies and private partners. We need proper oversight and regulation to ensure our privacy is protected.”
Tomi Engdahl says:
EU votes to create gigantic biometrics database
https://www.zdnet.com/article/eu-votes-to-create-gigantic-biometrics-database/
EU Parliament green-lights the creation of the Common Identity Repository (CIR), a gigantic biometrics database.
Tomi Engdahl says:
Fortinet settles charges of selling intentionally mislabeled Chinese-made tech to U.S. military
https://www.cyberscoop.com/fortinet-legal-settlement-china-us-military/
Security vendor Fortinet has agreed to pay the equivalent of $545,000 to settle allegations it illegally sold the U.S. military Chinese technology disguised as American-made equipment, the U.S. Department of Justice announced.
Tomi Engdahl says:
Someone is spoofing big bank IP addresses – possibly to embarrass security vendors
https://www.cyberscoop.com/spoofed-bank-ip-address-greynoise-andrew-morris-bank-of-america/
The last several days have seen a surge in internet traffic mimicking the IP addresses of big U.S. banks in a possible effort to disrupt the cybersecurity personnel and products that help protect organizations from malicious traffic, according to GreyNoise Intelligence, a company that maps internet traffic.
Tomi Engdahl says:
Scranos: New Rapidly Evolving Rootkit-Enabled Spyware Discovered
https://thehackernews.com/2019/04/scranos-rootkit-spyware.html?m=1
Tomi Engdahl says:
https://www.wired.com/story/blockchain-bandit-ethereum-weak-private-keys/
Tomi Engdahl says:
G7 Comes Out in Favor of Encryption Backdoors
https://www.schneier.com/blog/archives/2019/04/g7_comes_out_in.html
There is a weird belief amongst policy makers that hacking an encryption system’s key management system is fundamentally different than hacking the system’s encryption algorithm. The difference is only technical; the effect is the same. Both are ways of weakening encryption.
Comments:
“Encourage”?
What happens if they don’t comply?
Also, this is rather futile, as the tools already exist to protect information that doesn’t have any known backdoors.
How stupid are these people?
Tomi Engdahl says:
23.2 Million Hack Victims Used ’123456″ As Their Password
https://www.zerohedge.com/news/2019-04-21/232-million-hack-victims-used-123456-their-password
A shocking number of people who have been hacked used mind-numbingly simple passwords, according to a breach analysis conducted on behalf of the UK’s National Cyber Security Centre (NCSC).
https://www.ncsc.gov.uk/news/most-hacked-passwords-revealed-as-uk-cyber-survey-exposes-gaps-in-online-security
NCSC’s first ‘UK Cyber Survey’ shows 42% of Brits expect to lose money to online fraud
Breach analysis finds 23.2 million victim accounts worldwide used 123456 as password
Global password risk list published to disclose passwords already known to hackers
Tomi Engdahl says:
PayPal receives patent for ransomware detection technology
https://www.zdnet.com/article/paypal-receives-patent-for-ransomware-detection-technology/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5cbc15460cef930001bcf89b&utm_medium=trueAnthem&utm_source=facebook
PayPal engineer develops novel approach to detecting and stopping ransomware attacks.
PayPal believes it can detect the early stages of a ransomware infection, and take one of two actions –to stop the encryption process, or to save a copy of the untainted original file to a remote server, before it gets encrypted, as a backup, so it can be restored later on.
PayPal’s system will look for a certain action pattern –when the file is duplicated, and high-entropy (encryption) operations are performed on the duplicate.
Tomi Engdahl says:
Deep fakes pose threat in 2020 race -US officials
https://mobile.reuters.com/video/2019/04/09/deep-fakes-pose-threat-in-2020-race-us-o?videoId=535655433&videoChannel=118208
Deep fakes are making a lot of people nervous, especially ahead of the 2020 election. Deep-learning computer applications can now generate fake video and audio that’s so slick, you can’t tell what’s real and what’s not. But now Congress and some states are considering legislation to criminalize the malicious creation and distribution of deep fakes.
Tomi Engdahl says:
Researcher Hijacks a Microsoft Service Using Loophole in Azure Cloud Platform
https://thehackernews.com/2019/04/subdomain-microsoft-azure.html
it turns out that even after disabling the RSS-to-XML converter service, the company forgot to delete nameserver entries, leaving the unclaimed subdomain still pointing to the Azure servers.
Apparently, the indirect control over Microsoft’s subdomain made it possible for him to push arbitrary content or notifications on Windows Live Tiles of various app or websites that are still using meta tags generated by the disabled service.
Tomi Engdahl says:
Wall Street market exit scam? Admins steal $30 million worth of crypto
https://www.hackread.com/wall-street-market-exit-scam-admins-steal-30-million-worth-of-crypto/
Tomi Engdahl says:
Bloomberg:
Sources: Amazon team auditing Alexa commands has access to user location data, making finding customer addresses easy; Amazon says access is tightly controlled — – Some members of Alexa Data Services see latitude and longitude — The team is charged with helping Alexa improve its performance
Amazon’s Alexa Team Can Access Users’ Home Addresses
https://www.bloomberg.com/news/articles/2019-04-24/amazon-s-alexa-reviewers-can-access-customers-home-addresses
An Amazon.com Inc. team auditing Alexa users’ commands has access to location data and can, in some cases, easily find a customer’s home address, according to five employees familiar with the program.
The team, spread across three continents, transcribes, annotates and analyzes a portion of the voice recordings picked up by Alexa. The program, whose existence Bloomberg revealed earlier this month, was set up to help Amazon’s digital voice assistant get better at understanding and responding to commands.
Tomi Engdahl says:
New York Times:
Sources: former DHS Secretary tried to focus White House on potential Russian interference in 2020 election, but was told not to bring it up in front of Trump — WASHINGTON — In the months before Kirstjen Nielsen was forced to resign, she tried to focus the White House on one of her highest priorities …
In Push for 2020 Election Security, Top Official Was Warned: Don’t Tell Trump
https://www.nytimes.com/2019/04/24/us/politics/russia-2020-election-trump.html
Tomi Engdahl says:
Andy Greenberg / Wired:
Researchers find that someone has guessed the private keys of some Ethereum users and siphoned off ~45,000 ether from their accounts; low entropy keys to blame — LAST SUMMER, ADRIAN Bednarek was mulling over ways to steal the cryptocurrency Ethereum. He’s a security consultant; at the time …
A ‘Blockchain Bandit’ Is Guessing Private Keys and Scoring Millions
https://www.wired.com/story/blockchain-bandit-ethereum-weak-private-keys/
Tomi Engdahl says:
Jack Poulson / New York Times:
American companies keep building surveillance tools that are used to violate human rights; workers who organize protests or refuse to comply deserve protections — American companies continue to build surveillance tools that are used to violate human rights. Workers who refuse to comply deserve protections.
Opinion
I Used to Work for Google. I Am a Conscientious Objector.
https://www.nytimes.com/2019/04/23/opinion/google-privacy-china.html
American companies continue to build surveillance tools that are used to violate human rights. Workers who refuse to comply deserve protections.
Tomi Engdahl says:
Toddler gets locked out of her dad’s iPad for 47 years
https://braincharm.com/2019/04/08/toddler-gets-locked-out-of-her-dads-ipad-for-47-years/
Tomi Engdahl says:
https://www.politico.eu/interactive/ireland-blocks-the-world-on-data-privacy/
Tomi Engdahl says:
HOW A TELESCOPE FORUM FEUD ENDED WITH PRISON TIME
Even the victim says the sentence was too harsh
https://www.theverge.com/2018/12/10/18131024/ddos-attack-telescope-forum-cfaa-prison
Tomi Engdahl says:
Most hacked passwords revealed as UK cyber survey exposes gaps in online security
https://www.ncsc.gov.uk/news/most-hacked-passwords-revealed-as-uk-cyber-survey-exposes-gaps-in-online-security
Tomi Engdahl says:
Exploiting SCP to inject malware | SSHtranger things | CVE 2019 6111
https://m.youtube.com/watch?feature=youtu.be&v=30-L2xtv0X0
Tomi Engdahl says:
Blind hacker’s DNS tunneling approach
for those times when everything else is blocked…
https://www.vpnoverdns.com/hack.html
Tomi Engdahl says:
Google Makes it Tough for Rogue App Developers Get Back on Android Play Store
https://thehackernews.com/2019/04/android-google-play-store.html?m=1