This posting is here to collect cyber security news in August 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
273 Comments
Tomi Engdahl says:
Microsoft has issued a critical warning across all versions of its platforms, including every version of Windows 10, and told users they must act now.
https://www.forbes.com/sites/gordonkelly/2019/08/13/microsoft-windows-10-upgrade-new-bluekeep-critical-warning-upgrade-windows/
https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/
Let’s see:
Wormable: yes
Exploit likelihood: moderate
Skill to exploit: unknown but assumed intermediate based on previous exploits
Impact: Severe
Public POC: no
Public Exploit: no
Access level: network
Unauthenticated: yes
CVSS: 9.7
Mitigations: moderately effective
Enabling NLA can moderately deter by requiring creds but if you can Mimikatz the machine that’s a useless compensating control.
Tomi Engdahl says:
Biostar security software ‘leaked a million fingerprints’
https://www.bbc.co.uk/news/technology-49343774
Researchers working with cyber-security firm VPNMentor managed to access data from a security tool called Biostar 2.
Tomi Engdahl says:
https://thehackernews.com/2019/08/windows-rdp-wormable-flaws.html?m=1
Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to the recently patched ‘BlueKeep’ RDP vulnerability.
Discovered by Microsoft’s security team itself, all four vulnerabilities, CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226, can be exploited by unauthenticated, remote attackers to take control of an affected computer system without requiring any user interaction.
the vulnerabilities reside in Remote Desktop Services—formerly known as Terminal Services—could be exploited by unauthenticated, remote attackers by sending specially crafted requests over RDP protocol to a targeted system.
Microsoft also says that the company has found “no evidence that these vulnerabilities were known to any third party,” or being exploited in the wild.
If left unpatched, these security vulnerabilities could allow attackers to spread wormable malware
Microsoft August 2019 Patch Tuesday Updates
Besides these four critical security flaws, Microsoft has also patched 89 vulnerabilities as part of the company’s monthly batch of software security updates for August, 25 of which are rated critical and 64 important in severity.
Tomi Engdahl says:
This data leak strikes at the heart of one of the big fears and criticism about biometrics: You can change your username and password with a couple of clicks. Your face and fingerprints are forever.
https://www.technologyreview.com/f/614163/data-leak-exposes-unchangeable-biometric-data-of-over-1-million-people/?utm_medium=tr_social&utm_campaign=site_visitor.unpaid.engagement&utm_source=Facebook#Echobox=1565802376
Tomi Engdahl says:
We checked and yup, it’s no longer 2001. And yet you can pwn a Windows box via Notepad.exe
Google guru shows how WinXP-era text code grants total control
https://www.theregister.co.uk/2019/08/13/windows_notepad_flaw/
Patch Tuesday Software buried in Windows since the days of WinXP can be abused to take complete control of a PC with the help of good ol’ Notepad and some crafty code.
system’s Text Services Framework, which manages keyboard layouts and text input, could be exploited by malware or rogue logged-in users to gain System-level privileges.
The flaw, designated CVE-2019-1162, is patched in this month’s Patch Tuesday release of security fixes from Microsoft. The relevant update should be installed as soon as possible.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1162
Tomi Engdahl says:
https://www.latimes.com/california/story/2019-08-12/facial-recognition-software-mistook-1-in-5-california-lawmakers-for-criminals-says-aclu
In a recent test, facial recognition software incorrectly matched 26 California legislators with mug shots of people who had been arrested. California is considering banning such software from being used with police body cameras.
About 1 in 5 legislators was erroneously matched to a person who had been arrested when the ACLU used the software to screen their pictures against a database of 25,000 publicly available booking photos.
Tomi Engdahl says:
Huawei employees reportedly aided African governments in spying
https://techcrunch.com/2019/08/14/huawei-employees-reportedly-aided-african-governments-in-spying/?tpcc=ECFB2019
A new report from The Wall Street Journal could be another damning piece of evidence for a company already under a good deal of international scrutiny. The paper is reporting that technicians working for Huawei helped members of government in Uganda and Zambia spy on political opponents.
https://www.wsj.com/articles/huawei-technicians-helped-african-governments-spy-on-political-opponents-11565793017
Tomi Engdahl says:
HTTP/2 Denial of Service Advisory (Netflix)
(Discussion on HN – http://bit.ly/2KKdeyo)
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Tomi Engdahl says:
This Hacker Made Clothes That Can Confuse Automatic License Plate Readers
https://www.vice.com/en_us/article/qvgpvv/adversarial-fashion-clothes-that-confuse-automatic-license-plate-readers
Designer Kate Rose presented her “adversarial fashion” line of clothing, which introduces garbage data into license plate reader systems, at DEF CON 27
Tomi Engdahl says:
US Cyber Command has publicly posted malware linked to a North Korea hacking group
https://tcrn.ch/2z0h7tk
U.S. Cyber Command, the sister division of the National Security Agency focused on offensive hacking and security operations, has released a set of newsamples of malware linked to North Korean hackers.
The military unit tweeted Wednesday that it had uploaded the malware to VirusTotal, a widely used database for malware and security research.
https://www.virustotal.com/gui/file/7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1/detection
Tomi Engdahl says:
Why You Should Never Borrow Someone Else’s Charging Cable
https://www.forbes.com/sites/suzannerowankelleher/2019/08/15/why-you-should-never-borrow-someone-elses-charging-cable/?utm_source=FACEBOOK&utm_medium=social&utm_term=Valerie/#76616c657269
Protect your charging cables like you protect your passwords, say cybersecurity experts.
“There are certain things in life that you just don’t borrow,” says Charles Henderson, Global Managing Partner and Head of X-Force Red at IBM Security. “If you were on a trip and realized you forgot to pack underwear, you wouldn’t ask all your co-travelers if you could borrow their underwear. You’d go to a store and buy new underwear.”
Malicious charging cables aren’t a widespread threat at this time, says Henderson, “Mainly because this kind of attack doesn’t scale real well, so if you saw it, it would be a very targeted attack.”
Tomi Engdahl says:
https://innovate.ieee.org/innovation-spotlight/hacking-back-counter-attack/#utm_source=Facebook&utm_medium=social&utm_campaign=Innovation&utm_content=hacking%20back?LT=CMH_WB_2019_LM_XIS_Paid_Social
Tomi Engdahl says:
https://thehackernews.com/2019/08/bluetooth-knob-vulnerability.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29&utm_content=FaceBook&m=1
Tomi Engdahl says:
https://thehackernews.com/2019/08/windows-driver-vulnerability.html?m=1
If you own a device, or a hardware component, manufactured by ASUS, Toshiba, Intel, NVIDIA, Huawei, or other 15 other vendors listed below, you’re probably screwed.
A team of security researchers has discovered high-risk security vulnerabilities in more than 40 drivers from at least 20 different vendors that could allow attackers to gain most privileged permission on the system and hide malware in a way that remains undetected over time, sometimes for years.
Tomi Engdahl says:
Trend Micro Patches Privilege Escalation Bug in its Password Manager
https://www.darkreading.com/vulnerabilities—threats/trend-micro-patches-privilege-escalation-bug-in-its-password-manager/d/d-id/1335525?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Organizations should update to latest build as soon as possible, security vendor says.
Tomi Engdahl says:
Antisurveillance clothes foil cameras by making you look like a car
https://www.cnet.com/news/anti-surveillance-clothes-foil-cameras-by-making-you-look-like-a-car/
The garments introduced at DefCon are meant to confuse systems that track civilians. Talk about a statement piece.
Tomi Engdahl says:
Timothy B. Lee / Ars Technica:
Federal judge rules Georgia will have to fall back to paper ballots if it doesn’t replace its electronic voting machines with a secure system for 2020 election
Judge orders Georgia to switch to paper ballots for 2020 elections
Judge finds several serious flaws with Georgia’s current election technology.
https://arstechnica.com/tech-policy/2019/08/judge-bans-insecure-touchscreen-voting-machines-from-georgia-after-2019/
Election security advocates scored a major victory on Thursday as a federal judge issued a 153-page ruling ordering Georgia officials to stop using its outdated electronic voting machines by the end of the year. The judge accepted the state’s argument that it would be too disruptive to switch to paper ballots for municipal elections being held in November 2019. But she refused to extend that logic into 2020, concluding that the state had plenty of time to phase out its outdated touchscreen machines before then.
The state of Georgia was already planning to phase out its ancient touchscreen electronic voting machines in favor of a new system based on ballot-marking machines.
“The court’s ruling recognizes that Georgia’s voting machines are so insecure, they’re unconstitutional,” Halderman said in an email to Ars. “That’s a huge win for election security that will reverberate across other states that have equally vulnerable systems.”
Tomi Engdahl says:
Kaspersky AV injected unique ID that allowed sites to track users, even in incognito mode
https://arstechnica.com/information-technology/2019/08/kaspersky-av-injected-unique-id-into-webpages-even-in-incognito-mode/
Feature Kaspersky added in 2015 also made it possible to be ID’d across different browsers.
Tomi Engdahl says:
TRAVEL USA
Customs computers shut down, causing delays at airports nationwide
https://abc7ny.com/travel/customs-computers-shut-down-causing-delays-at-airports-nationwide/5472947/
UCB had attempted to use a backup system, but now, passengers are being processed manually
The cause of the shutdown is unknown.
Tomi Engdahl says:
Researchers Show How Easy It Is to Hijack an IoT Surveillance Feed
https://www.securitysales.com/emerging-tech/cybersecurity-tech/researchers-hijack-iot-surveillance-feed/
Researchers replaced an IP camera’s real-time footage with pre-recorded video, highlighting the dangers of weak encryption.
Tomi Engdahl says:
Customs computer system crash causes nationwide airport delays
https://nypost.com/2019/08/16/customs-computer-system-crash-causes-nationwide-airport-delays/?utm_campaign=iosapp&utm_source=facebook_app
The US Customs and Border Protection agency’s computer system experienced a nationwide shutdown Friday — causing major delays and massive lines at airports.
Tomi Engdahl says:
https://knobattack.com/
The specification of Bluetooth includes an encryption key negotiation protocol that allows to negotiate encryption keys with 1 Byte of entropy without protecting the integrity of the negotiation process. A remote attacker can manipulate the entropy negotiation to let any standard compliant Bluetooth device negotiate encryption keys with 1 byte of entropy and then brute force the low entropy keys in real time.
Tomi Engdahl says:
Facial recognition in King’s Cross prompts call for new laws
https://www.bbc.co.uk/news/technology-49333352
There is growing pressure for more details about the use of facial recognition in London’s King’s Cross to be disclosed after a watchdog described the deployment as “alarming”.
Tomi Engdahl says:
https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/
Tomi Engdahl says:
https://pwnies.com/winners/
Tomi Engdahl says:
https://thenextweb.com/hardfork/2019/08/12/canon-dslrs-susceptible-bitcoin-ransomware/
Tomi Engdahl says:
https://blog.tenthamendmentcenter.com/2019/08/police-using-streetlamps-to-spy-on-the-public/
Tomi Engdahl says:
How We Have Prepared for PSD2 SCA Payment Requirements
https://clouden.net/blog/how-we-have-prepared-for-psd2-sca-payment-requirements
Tomi Engdahl says:
How uncertainty in the cyber domain changes war
https://www.fifthdomain.com/show-reporters/black-hat/2019/08/08/how-uncertainty-in-the-cyber-domain-changes-war/
Uncertainty clouds the cyber domain. The ability to blur where attacks originated raises questions about how to strike back, while cyber weapons are changing the theory of deterrence.
Discussions swirl throughout the globe about whether cyberattacks constitute acts of war and whether they warrant a military response. In 2011, the Pentagon decided that they would.
“It’s very easy to say these things; it’s much more different to do these things,”
Tomi Engdahl says:
Democratic presidential nominees are ignoring the issue of our cybersecurity infrastructure
https://techcrunch.com/2019/08/11/democratic-presidential-nominees-are-ignoring-the-issue-of-our-cybersecurity-infrastructure/
Tomi Engdahl says:
OPINION THE WEEKEND INTERVIEW
An ‘Old-School Hacker’ Fights Cybercrime
https://www.wsj.com/articles/an-old-school-hacker-fights-cybercrime-11565994214
After five years in prison, Kevin Mitnick put on a ‘white hat.’ Now he has advice for companies—and for you—about staying safe online.
Tomi Engdahl says:
Karmea moka: Ihmisten tuoreita terveystietoja päätyi tietokoneen mukana kirpputorille – ”Tällä olisi voinut tehdä miljoonavahingot”
https://www.iltalehti.fi/kotimaa/a/cc7fed80-2d7e-4803-81a7-8427c2d83451
Tomi Engdahl says:
I Tried Hiding From Silicon Valley in a Pile of Privacy Gadgets
https://www.bloomberg.com/news/features/2019-08-08/i-tried-hiding-from-silicon-valley-in-a-pile-of-privacy-gadgets
Avoiding digital snoops takes more than throwing money at the problem, but that part can be really fun.
Tomi Engdahl says:
Mobiilimaksuilla laskutettu härskisti kuluttajia – Telia sulki valituksia saaneen palvelun, operaattorit tarkistavat linjauksiaan
https://yle.fi/uutiset/3-10924793
http://www.mobiilimaksuinfo.fi/
Tomi Engdahl says:
Cybersecurity conference attendees possibly exposed to IRL virus
https://mashable.com/article/black-hat-conference-virus-measles.amp?__twitter_impression=true
Hackers and cybersecurity researchers who attended this year’s annual Black Hat information security conference in Las Vegas found themselves on the receiving end of the wrong kind of security notification. On Thursday, the Southern Nevada Health District issued a warning stating that individuals in Vegas over the course of the conference may have been exposed to measles.
Tomi Engdahl says:
These 5 great alternative search engines do what Google can’t
https://www.fastcompany.com/90388493/these-5-great-alternative-search-engines-do-what-google-cant
Tomi Engdahl says:
Is your CISO really C-Level ?
https://pentestmag.com/is-your-ciso-really-c-level/
There’s a big hype around the title CISO – Chief Information Security Officer.
From my point of view, not only it is “over used” but also frequently abused
Tomi Engdahl says:
https://thehackernews.com/2019/08/android-qualcomm-vulnerability.html
Tomi Engdahl says:
Stealing Data Over Open WiFi
https://www.youtube.com/watch?v=NkNgW3TwMy8
Tomi Engdahl says:
INTRODUCING the Screen Crab and Signal Owl by Hak5 – 2601
https://www.youtube.com/watch?v=IBn49r8Gw7Y
Tomi Engdahl says:
High tech is watching you
https://news.harvard.edu/gazette/story/2019/03/harvard-professor-says-surveillance-capitalism-is-undermining-democracy/
Tomi Engdahl says:
Judge orders Georgia to switch to paper ballots for 2020 elections
Judge finds several serious flaws with Georgia’s current election technology.
https://arstechnica.com/tech-policy/2019/08/judge-bans-insecure-touchscreen-voting-machines-from-georgia-after-2019/
Tomi Engdahl says:
This new cryptojacking malware uses a sneaky trick to remain hidden
https://www.zdnet.com/article/this-new-cryptojacking-malware-uses-a-sneaky-trick-to-remain-hidden/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d543e77a341320001ab04bb&utm_medium=trueAnthem&utm_source=facebook
‘Norman’ cryptomining malware was found to have infected almost every system in one organisation during an investigation by security researchers
Tomi Engdahl says:
Capital One Cyber Staff Raised Concerns Before Hack
https://www.wsj.com/articles/capital-one-cyber-staff-raised-concerns-before-hack-11565906781
Cybersecurity employees reported what they saw as staffing issues and other problems to bank’s internal auditors, human-resources department and other senior executives
Tomi Engdahl says:
https://www.forbes.com/sites/suzannerowankelleher/2019/08/15/why-you-should-never-borrow-someone-elses-charging-cable/
Tomi Engdahl says:
RIP Hacker Hoodies? Competition Calls for Better Cybersecurity Art
https://uk.pcmag.com/news/121923/rip-hacker-hoodies-competition-calls-for-better-cybersecurity-art
BY MICHAEL KAN 1 AUG 2019, 7:49 P.M.
Got a creative idea on how to visualize cyber conflict, hacking, and privacy? A new contest wants your submission. ‘There is a massive opportunity to improve the ways in which cybersecurity is communicated, taught, and visualized,’ says the contest’s sponsors.
How might we reimagine a more compelling and relatable visual language for cybersecurity?
https://www.openideo.com/challenge-briefs/cybersecurity-visuals
Tomi Engdahl says:
AusCERT2019 Day 1 AM Keynote by Mikko Hypponen
https://www.youtube.com/watch?v=igNAXqiuXm8
Julkaistu 11.6.2019
‘Computer Security: Yesterday, Today and Tomorrow
Tomi Engdahl says:
https://www.forbes.com/sites/thomasbrewster/2019/07/29/exclusive-hackers-can-break-your-credit-cards-30-contactless-limit/
Tomi Engdahl says:
Ransomware attack in Texas targets local government agencies
https://engt.co/2zbV82F
It appears to have been a coordinated effort.
Tomi Engdahl says:
This week’s Windows updates fix critical ‘wormable’ flaws but may also break Visual Basic apps, macros, and scripts. What should you do?
To patch Windows or not: Do you want BlueKeep bug or broken Visual Basic apps?
https://www.zdnet.com/article/to-patch-windows-or-not-do-you-want-bluekeep-bug-or-broken-visual-basic-apps/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d56c546a341320001ab2c01&utm_medium=trueAnthem&utm_source=facebook
This week’s Windows updates fix critical ‘wormable’ flaws but may also break Visual Basic apps, macros, and scripts. What should you do?