Cyber security news in July 2019

This posting is here to collect cyber security news in July 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

 

237 Comments

  1. Tomi Engdahl says:

    “His logic bomb was apparently discovered when the program glitched while he was on vacation, and he was forced to give employees the password so they could fix it.”

    Moral : Don’t go for a vacation when the glitch is about to appear.

    A contract programmer faces 10 years in jail for inserting a ‘logic bomb’ into a spreadsheet that caused the company to keep rehiring him
    https://www.businessinsider.in/a-contract-programmer-faces-10-years-in-jail-for-inserting-a-logic-bomb-into-a-spreadsheet-that-caused-the-company-to-keep-rehiring-him/amp_articleshow/70354739.cms

    Reply
  2. Tomi Engdahl says:

    Researchers hide data in music – and human ears can’t detect it
    https://nakedsecurity.sophos.com/2019/07/17/researchers-hide-data-in-music-and-human-ears-cant-detect-it/

    Researchers have developed a way for data to be secretly transferred inside a music track at a usable rate without turning it into unlistenable mush.

    While using sound waves as a data carrier is not new, applying the principle to music has always been a challenge because even small distortions made when adding data will be noticed by the human ear.

    The technique outlined by Manuel Eichelberger and Simon Tanner of ETH Zurich uses orthogonal frequency-division multiplexing (OFDM) to add data to the musical frequencies humans are less likely to notice whilst avoiding the ones they are sensitive to.

    researchers found it was possible to achieve data rates of 300 to 400 bits per second (bps) over distances of up to 24 metres, with a 10% error rate, without affecting the original music when played to a test group of 40 people.

    Reply
  3. Tomi Engdahl says:

    Data protection
    ‘Anonymised’ data can never be totally anonymous, says study
    https://www.theguardian.com/technology/2019/jul/23/anonymised-data-never-be-anonymous-enough-study-finds

    Findings say it is impossible for researchers to fully protect real identities in datasets

    Reply
  4. Tomi Engdahl says:

    Tony Romm / Washington Post:
    FTC announces a $5B fine against Facebook for repeated privacy violations as part of a settlement that requires federal oversight of its business practices — The settlement between the Federal Trade Commission and Facebook ends a 16-month probe that began after revelations of the tech giant’s entanglement with Cambridge Analytica
    https://www.washingtonpost.com/technology/2019/07/24/us-government-issues-stunning-rebuke-historic-billion-fine-against-facebook-repeated-privacy-violations/

    Reply
  5. Tomi Engdahl says:

    Your Android Phone Can Get Hacked Just By Playing This Video
    https://thehackernews.com/2019/07/android-media-framework-hack.html?fbclid=IwAR29SrF6ib_xuS_mwZuo4eLtVlqPe9gHUuAHTU7PQB0lMWZafURmCbkBy-o&m=1

    a specially crafted innocuous-looking video file can compromise your Android smartphone—thanks to a critical remote code execution vulnerability that affects over 1 billion devices running Android OS between version 7.0 and 9.0 (Nougat, Oreo, or Pie).

    The critical RCE vulnerability (CVE-2019-2107) in question resides in the Android media framework, which if exploited, could allow a remote attacker to execute arbitrary code on a targeted device.

    gain full control of the device

    Google already released a patch earlier this month to address this vulnerability, apparently millions of Android devices are still waiting for the latest Android security update

    Android developer Marcin Kozlowski has uploaded a proof-of-concept for this attack on Github.

    https://github.com/marcinguy/CVE-2019-2107

    Reply
  6. Tomi Engdahl says:

    How Cybercriminals Break into the Microsoft Cloud
    https://www.darkreading.com/cloud/how-cybercriminals-break-into-the-microsoft-cloud/d/d-id/1335314

    Microsoft and Trimarc researchers explore the most common attacks against the cloud and effective defenses and mitigation.

    Reply
  7. Tomi Engdahl says:

    Ransomware Attack Cripples Power Company’s Entire Network
    https://www.bleepingcomputer.com/news/security/ransomware-attack-cripples-power-company-s-entire-network/

    A ransomware attack that hit the South African electric utility City Power from Johannesburg this morning encrypted all its systems, including databases and applications.

    Reply
  8. Tomi Engdahl says:

    BlueKeep guides make imminent public exploit more likely
    https://nakedsecurity.sophos.com/2019/07/26/bluekeep-guides-make-imminent-public-exploit-more-likely/?utm_source=dlvr.it&utm_medium=twitter

    A public exploit for Microsoft’s apocalyptic BlueKeep vulnerability is just days away. In fact, for those with deep enough pockets, it’s already here.

    To refresh your memory. BlueKeep is a vulnerability in the Remote Desktop Protocol (RDP)

    An attacker who exploits it can do two things. First, they can run code remotely on the compromised machine. Secondly, they can use RDP to exploit other machines without any human interaction. That’s a worm, and that’s bad

    The problem is exploiting it properly. Getting code to run on targeted machines without crashing them is technically difficult. That’s why, even though Microsoft acknowledged the vulnerability and patched it on 14 May 2019, we haven’t seen BlueKeep worms swarming across the internet yet.

    One technical expert released workable exploits, while others posted detailed instructions on how to produce them, this week.

    some Python proof-of-concept code,

    The exploit runs code on Windows XP, they said, but warned that it would probably crash Windows 7 or Server 2008 machines.

    They justified the release of the information by saying that the information is “largely already available within the Chinese hacker community”.

    BlueKeep isn’t the only problem facing machines running RDP. Recent research by Sophos showed that criminals are performing massive numbers of simple but effective RDP password guessing attacks every day against internet-facing Windows machines.

    https://nakedsecurity.sophos.com/2019/07/01/rdp-bluekeep-exploit-shows-why-you-really-really-need-to-patch/

    Reply
  9. Tomi Engdahl says:

    Marcus Hutchins, malware researcher and ‘WannaCry hero,’ sentenced to supervised release
    https://tcrn.ch/2Mj9yWw

    Reply
  10. Tomi Engdahl says:

    Judge Rules No Jail Time for WannaCry ‘Killer’ Marcus Hutchins, a.k.a. MalwareTech
    https://thehackernews.com/2019/07/marcus-hutchins-sentenced.html

    Marcus Hutchins, better known as MalwareTech, has been sentenced to “time served” and one year of supervised release for developing and selling the Kronos banking malware.

    Yes, Hutchins will not go to prison, United States District Judge J.P. Stadtmueller ruled today in Milwaukee County Court, after describing his good work as “too many positives on the other side of the ledger.”

    Reply
  11. Tomi Engdahl says:

    FTC Fines Facebook $5b. There’s 2.38b Facebook users. Your privacy on FB is worth $2.10 and you’ll never see a dime of that money.

    Reply
  12. Tomi Engdahl says:

    https://www.bleepingcomputer.com/news/security/ransomware-attacks-prompt-louisiana-to-declare-state-of-emergency/

    Louisiana Governor John Edwards has declared a state of emergency after a wave of ransomware attacks targeted school districts this month. This Emergency Declaration will allow Louisiana state resources and cybersecurity experts to assist local governments in securing their networks.

    Reply
  13. Tomi Engdahl says:

    Mobile malware attacks are booming in 2019: These are the most common threats
    https://www.zdnet.com/article/mobile-malware-attacks-are-booming-in-2019-these-are-the-most-common-threats/

    Researchers at Check Point warn of a 50% increase in cyberattackers targeting smartphones compared with last year.

    Reply
  14. Tomi Engdahl says:

    An exposed password let a hacker access internal Comodo files
    https://tcrn.ch/2SJwpvA

    A hacker gained access to internal files and documents owned by security company and SSL certificate issuer Comodo by using an email address and password mistakenly exposed on the internet.

    The credentials were found in a public GitHub repository owned by a Comodo software developer. With the email address and password in hand, the hacker was able to log into the company’s Microsoft-hosted cloud services. The account was not protected with two-factor authentication.

    Reply
  15. Tomi Engdahl says:

    Bellingcat journalists targeted by failed phishing attempt
    https://tcrn.ch/2JZxL2R

    Reply
  16. Tomi Engdahl says:

    Teenage hackers are offered a second chance under European experiment
    https://www.cyberscoop.com/teenage-hackers-police-britain-netherlands/

    Police in the U.K. and the Netherlands have created a legal intervention campaign for first-time offenders accused of committing cybercrimes

    The average age of an accused cybercriminal is 19 years old

    There is an “overrepresentation” of autistic traits in those offenders

    Many of those people are motivated to try new tricks online to impress their friends, such as stealing a password with a harmless intent, and don’t have the social context to understand that what they are doing is illegal

    push the teenage hacker into a kind of community service that consists of 10 to 20 hours of ethical computer training, and then put them in touch with professionals who can explain possible career paths and point to the best education based on their interests.

    In order to qualify for the program, suspects must confess to their actions, not have a remarkable criminal history and be prepared to change their behavior.

    There is a stark difference in the European and American approaches to cybercriminal enforcement.

    Reply
  17. Tomi Engdahl says:

    What to do when Customs asks for your social-media account info

    https://the-parallax.com/2019/06/12/what-to-do-customs-social-media/

    Reply
  18. Tomi Engdahl says:

    NSA aims to up its cybersecurity game
    It’s setting up a Cybersecurity Directorate to help it work better with the likes of Homeland Security and the FBI.
    https://www.cnet.com/news/nsa-to-unveil-a-cybersecurity-directorate-report-says/

    Reply
  19. Tomi Engdahl says:

    Cyber Warning For OS Inside 2 Billion Industrial, Medical And Enterprise IoT Devices
    https://www.forbes.com/sites/zakdoffman/2019/07/29/warning-as-2-billion-medical-industrial-and-enterprise-iot-devices-at-risk-of-attack/

    A team of security researchers at California-based Armis has disclosed the discovery of 11 zero-day vulnerabilities in one of the world’s most widely used IoT operating systems. VxWorks is so common, in fact, that it powers more than 2 billion devices around the world, including medical equipment, firewalls, elevators and industrial machinery. Armis describes VxWorks as “the most widely used operating system you have likely never heard about.”

    Armis has estimated that the vulnerabilities expose around 200 million of the devices carrying the VxWorks OS to the potential risk of attack.

    A spokesperson for Wind River, the company behind VxWorks, disputed this and told me the number is not that high:

    .

    Reply
  20. Tomi Engdahl says:

    Exclusive: Hack Breaks Your Visa Card’s Contactless Limit For Big Frauds
    https://www.forbes.com/sites/thomasbrewster/2019/07/29/exclusive-hackers-can-break-your-credit-cards-30-contactless-limit/

    Think that £30 limit on contactless payments is going to protect you from big thefts? Think again. 

    Reply
  21. Tomi Engdahl says:

    Kiristäjät vaativat lunnaita Kokemäen kaupungilta – haittaohjelma pisti kaupungin verkon polvilleen
    https://yle.fi/uutiset/3-10899982

    Reply
  22. Tomi Engdahl says:

    Update to iOS 12.4 right away
    https://www.kaspersky.com/blog/ios-critical-vulnerabilities-124/27778/

    Updating your iPhone’s or iPad’s operating system as soon as the new version comes out is always a good idea — almost every new version of iOS contains fixes for some bugs that have been found in previous ones. But this time it might be even more crucial: iOS 12.4 fixes severe vulnerabilities in iMessage that can be exploited without any user interaction.

    Reply
  23. Tomi Engdahl says:

    To Spot MDMA Users, Festivals May Soon Roll Out Thermal Cameras
    https://merryjane.com/news/to-spot-mdma-users-festivals-may-soon-roll-out-thermal-cameras

    Festival organizers claim that thermal cameras may help them find MDMA users who are dangerously overheating, but surveillance in the name of safety is often used against us

    Reply
  24. Tomi Engdahl says:

    US warns small planes are vulnerable to hacking
    https://nypost.com/2019/07/31/us-warns-small-planes-are-vulnerable-to-hacking/?utm_campaign=iosapp&utm_source=facebook_app

    The Department of Homeland Security issued a security alert Tuesday for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft.

    The cybersecurity firm, Rapid7, found that an attacker could potentially disrupt electronic messages transmitted across a small plane’s network, for example by attaching a small device to its wiring, that would affect aircraft systems.

    Engine readings, compass data, altitude and other readings “could all be manipulated to provide false measurements to the pilot,” according to the DHS alert.

    The warning reflects the fact that aircraft systems are increasingly reliant on networked communications systems, much like modern cars. The auto industry has already taken steps to address similar concerns after researchers exposed vulnerabilities.

    Reply
  25. Tomi Engdahl says:

    The hacker who cracked into Capital One—gaining access to more than 100 million credit cards—may have unleashed havoc on many more companies. 

    http://on.forbes.com/6186ELXpg

    Reply
  26. Tomi Engdahl says:

    ‘Our task was to set Americans against their own government’: New details emerge about Russia’s trolling operation
    https://www.businessinsider.com/former-troll-russia-disinformation-campaign-trump-2017-10?fbclid=IwAR27qpOE9jPKoqj7yimXXIqG9Vn-mkP36u__8aaGGhI-5Gz5PedvEpO6gcw&utm_medium=referral&utm_content=topbar&utm_term=desktop&referrer=facebook&r=US&IR=T

    The Russian desk operated bots and trolls that used fake social-media accounts to flood the internet with pro-Trump messages and made-up news.
    The foreign desk was more sophisticated, with trolls required to learn the nuances of American politics to best “rock the boat” on divisive issues.

    “Our task was to set Americans against their own government,” Maxim said, “to provoke unrest and discontent.”

    Reply
  27. Tomi Engdahl says:

    DOD workers bought thousands of Chinese electronics vulnerable to hacks, spying
    https://www.rollcall.com/news/policy/pentagon-dod-workers-bought-thousands-of-hackable-chinese-electronics-spy

    More than 9,000 commercially available products could be used to spy on or hack U.S. military personnel and facilities

    Reply
  28. Tomi Engdahl says:

    New Research: Investigating and Reversing Avionics CAN Bus Systems
    https://blog.rapid7.com/2019/07/30/new-research-investigating-and-reversing-avionics-can-bus-systems/

    This paper examines the security (or lack thereof) in CAN bus networks, specifically as they are implemented in small aircraft.

    CAN bus for aviation. After all, it’s inexpensive, easy to connect (just two wires), EMI-resistant, and it’s rapidly becoming the de-facto standard network that connects electronically controlled sensors and actuators in all sorts of vehicles, aircraft included

    How secure are CAN bus avionics systems?
    Unfortunately, it looks like the avionics sector is lagging in network security when it comes to CAN bus, and I think part of the reason is the heavy reliance on the physical security of airplanes.

    Think about it: If you felt like your internal LAN was totally and completely untouchable by attackers, you probably wouldn’t worry much about software patching or password management. Of course, LANs aren’t impregnable, and neither are CAN bus networks, so we’re worried about this mindset when it comes to avionics security.

    the security implications of deploying CAN bus have been much discussed in the automotive industry

    https://www.rapid7.com/research/report/investigating-can-bus-network-integrity-in-avionics-systems/

    Reply
  29. Tomi Engdahl says:

    Cyberattack On LAPD Confirmed: Data Breach Impacts Thousands Of Officers
    https://www.forbes.com/sites/zakdoffman/2019/07/30/lapd-cyberattack-police-department-confirms-it-has-been-hacked/#155677aa14be

    The Los Angeles Police Department has confirmed that it has been hacked, with the personal information of at least 20,000 people exposed.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*