This posting is here to collect cyber security news in August 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
273 Comments
Tomi Engdahl says:
Warning Issued For Millions Of Microsoft Windows 10 Users
https://www.forbes.com/sites/gordonkelly/2019/08/22/microsoft-windows-10-steam-gaming-windows8-windows-7-warning-upgrade-windows/
Microsoft Confirms Update Warning For Windows 10, Windows 8.1 And Windows 7 Users
https://www.forbes.com/sites/daveywinder/2019/08/17/microsoft-confirms-update-warning-for-windows-10-windows-81-and-windows-7-users/
The latest Patch Tuesday update from Microsoft included several critical security fixes. Unfortunately, as Microsoft has now confirmed, it also borked some things. If you haven’t applied that August 13 update and are running on Windows 10, Windows 8.1 or Windows 7, you may want to read this before you do.
“After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error,” Microsoft has stated.
Tomi Engdahl says:
Hackers can turn headphones into ‘acoustic weapons,’ cybersecurity expert warns
https://nypost.com/2019/08/13/hackers-can-turn-headphones-into-acoustic-weapons-cyber-security-expert-warns/
Speakers on your phone, computer and other internet-connected devices could be hacked and used to wreak havoc on your eardrums, warns a new investigation.
A cybersecurity expert claims to have conducted a malware test that found everyday items like headphones could be turned into “acoustic weapons.”
Blasting music at really high volumes is dangerous because it can cause conditions like tinnitus, psychological issues of even deafness.
He also observed that the components in the smart speaker started to melt four or five minutes into his malware attacks and were permanently damaged.
emit frequencies could be used to track someone’s movements
Tomi Engdahl says:
Modifying a Tesla to Become a Surveillance Platform
https://www.schneier.com/blog/archives/2019/08/modifying_a_tes.html
The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car’s built-in cameras — the same dash and rearview cameras providing a 360-degree view used for Tesla’s Autopilot and Sentry features — into a system that spots, tracks, and stores license plates and faces over time.
Tomi Engdahl says:
Dozens of Nigerian nationals arrested in California over alleged $68m love scam
https://mobile.abc.net.au/news/2019-08-24/fbi-take-down-alleged-nigerian-love-scammers-in-46-million-case/11445500?pfmredir=sm
The FBI has charged 80 mostly Nigerian nationals in a $US46-million case
The alleged criminal network targeted the elderly and people susceptible to romance scams
14 defendants were arrested in LA on Thursday while others were still on the run
Tomi Engdahl says:
Hackers are actively trying to steal passwords from two widely used VPNs
https://arstechnica.com/information-technology/2019/08/hackers-are-actively-trying-to-steal-passwords-from-two-widely-used-vpns/?amp=1
The pre-authorization file-reading vulnerabilities resided in the Fortigate SSL VPN, installed on about 480,000 servers, and the competing Pulse Secure SSL VPN, installed on about 50,000 machines, researchers from Devcore Security Consulting reported.
Patches for the Fortigate VPN became available in May and in April for Pulse Secure. But installing the patches can often cause service disruptions that prevent businesses from carrying out essential tasks
Over the past 36 hours, hackers have started spraying the Internet with code that attempts to opportunistically exploit that
Earlier this month, two samples of exploit code for CVE-2018-13379, as the vulnerability is tracked, became publicly available
Tomi Engdahl says:
https://www.wired.com/story/null-license-plate-landed-one-hacker-ticket-hell/
Tomi Engdahl says:
Windows 10 security vulnerabilities list
https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-32238/Microsoft-Windows-10.html
Tomi Engdahl says:
Windows Users Warned To Update Now As ‘Complete Control’ Hack Attack Confirmed
https://www.thegwpf.com/nasa-amazon-wildfires-below-average-rates/?fbclid=IwAR1m87qG1RXPXlZZutobGdGQVNboikjkuI5P7RA0FVuBuF60EvcOK24atCw
The barrier for entry to the Windows compromise club has been lowered by a free attack tool from the dark web
Tomi Engdahl says:
Matt Burgess / WIRED UK:
FireEye: China-linked hacking groups are increasingly targeting healthcare systems to obtain medical research data and the IP for medical devices
China’s hackers are ransacking databases for your health data
https://www.wired.co.uk/article/china-hackers-medical-data-cancer
New research shows cyber espionage groups linked to China are targetting medical research data and the intellectual property for medical devices
Tomi Engdahl says:
Freedom to Tinker:
Chrome team’s idea for a new, but still cookie-based, anti-tracking standard is technically disingenuous and aimed at protecting Google’s business interests
Deconstructing Google’s excuses on tracking protection
https://freedom-to-tinker.com/2019/08/23/deconstructing-googles-excuses-on-tracking-protection/
Blocking cookies is bad for privacy. That’s the new disingenuous argument from Google, trying to justify why Chrome is so far behind Safari and Firefox in offering privacy protections. As researchers who have spent over a decade studying web tracking and online advertising, we want to set the record straight.
Our high-level points are:
1) Cookie blocking does not undermine web privacy. Google’s claim to the contrary is privacy gaslighting.
2) There is little trustworthy evidence on the comparative value of tracking-based advertising.
3) Google has not devised an innovative way to balance privacy and advertising; it is latching onto prior approaches that it previously disclaimed as impractical.
4) Google is attempting a punt to the web standardization process, which will at best result in years of delay.
Tomi Engdahl says:
So they actually do work
Hong Kong Protester Lasers Are Frying Photographers’ Cameras
https://petapixel.com/2019/08/26/hong-kong-protester-lasers-are-frying-photographers-cameras/
Protesters in Hong Kong are widely using handheld laser pointers in their anti-government demonstrations, and some photographers on the ground are reporting damaged sensors after their cameras were exposed to the powerful beams of light.
Beams of green and blue light can be seen at protests being aimed at law enforcement and their cameras
Hong Kong police are labeling the laser pointer an “offensive weapon”, saying it could potentially damage officers’ eyes and skin.
“I’ve seen a lot of lasers used in combat but never like this,” Yon tells PetaPixel
Tomi Engdahl says:
Hacker Claims He Can ‘Turn Off 25,000 Cars’ At The Push Of A Button
https://www.forbes.com/sites/thomasbrewster/2019/08/25/hacker-claims-he-can-immobilize-25000-cars-at-the-push-of-a-button/
Hackers found a way to take over 25,000 car immobilizers and lock down all of them at once.
Your car’s immobilizer is supposed to be used for good. If a crook steals your car, it’s possible for you to connect to the immobilizer, which tracks the vehicle and allows you to stop anyone from turning on the engine. But with one particular immobilizer – the U.K.-made SmarTrack tool from Global Telemetrics – an easy-to-hack vulnerability meant it was simple for researchers at Pen Test Partners to turn on the immobilizer permanently, without the customer knowing a thing.
Tomi Engdahl says:
Protocol used by 630,000 devices can be abused for devastating DDoS attacks
https://www.zdnet.com/article/protocol-used-by-630000-devices-can-be-abused-for-devastating-ddos-attacks/#ftag=CAD-03-10abf5f
Security researchers warn that the WS-Discovery protocol is currently being abused for massive DDoS attacks.
WHAT IS WS-DISCOVERY
WS-Discovery is a multicast protocol that can be used on local networks to “discover” other nearby devices that communicate via a particular protocol or interface.
Most notably, the protocol is used to support inter-device discovery and communications via the SOAP messaging format, using UDP packets — hence why it’s sometimes referred to as SOAP-over-UDP.
WS-Discovery is not a common or well-known protocol, but it’s been adopted by ONVIF, an industry group that promotes standardized interfaces for interoperability of networked products.
ONVIF members include Axis, Sony, Bosch, and others,
WS-DISCOVERY DDOS ATTACKS CAN REACH MASSIVE OUTPUTS
Tomi Engdahl says:
https://thethatsprettygood.com/index.php/2019/08/26/hostinger-hackedmajor-data-breach-password-reset-for-millions/
Dudes where using SHA1
Tomi Engdahl says:
Sex robots with ‘coding errors’ prone to ‘violence and could strangle humans’
https://www.dailystar.co.uk/news/world-news/sex-robots-coding-errors-prone-18992240
Doll collector Brick Dollbanger fears what could happen if robots are not regulated
Tomi Engdahl says:
A Buttplug Hacker Talks Security, Consent, and Why He Hacked a Buttplug
https://gizmodo.com/buttplug-hacker-talks-security-consent-and-why-he-hac-1837252628
Tomi Engdahl says:
ISIS fighter killed by drone bomb he was operating after it ran low on battery and flew back
https://www.thesun.co.uk/news/9797095/isis-fighter-killed-by-drone-bomb/
And the Darwin Natural Selection Award go’s to this..
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/trojan-dropper-malware-found-in-android-app-with-100m-downloads/
Researchers found a Trojan Dropper malicious module hidden within the Android app CamScanner downloaded over 100 million times by Google Play Store users.
Tomi Engdahl says:
2019 – Endpoint Protection Platforms Magic Quadrant
https://pentestmag.com/2019-endpoint-protection-platforms-magic-quadrant/
#pentest #magazine #pentestmag #pentestblog #PTblog #endpoint #protection #platforms #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
‘Never, ever use a debit card,’ warns fraud expert and ex-con artist—here’s what to do instead
https://www.cnbc.com/2019/08/27/debit-cards-are-dangerous-warns-fraud-expert-and-ex-con-artist-frank-abagnale.html
Every year, millions of American consumers — nearly 7% of the population — are victims of scams and fraud. In 2017, the number of fraud victims in the US reached 16.7 million, with $16.8 billion lost.
My story, which is depicted in my 1980 memoir, “Catch Me If You Can,” gave me a wider audience to talk about fraud prevention.
Identity theft is the deliberate use of someone else’s identity (e.g., name, address, Social Security number, bank accounts) to get money and credit, obtain employment, steal property, falsify educational and other credentials, access healthcare and more.
It’s not harder. In fact, it’s about 4,000 times easier today than it was then.
Identify thieves love technology because it gives them a convenient pathway to the details of your life.
Want to avoid identity theft? Never, ever use a debit card. I don’t own one. I never have and I never will. I don’t recommend them to anyone
As I said at the Google talk, a debit card is certainly and truly the worst financial tool ever given to the American consumer. Why? It’s simple: Every time you use one, you put your money and your bank account at risk.
Instead, use a credit card. I use one for practically all of my purchases, even when I’m traveling abroad.
If there’s a large data breach (and you know that there will be) and a criminal does somehow get my credit card number and charges $1 million on it, I’m protected and my credit card company will cancel the card
I won’t be responsible for any purchases made.
Also, keep your check-writing to a minimum
Tomi Engdahl says:
https://techcrunch.com/2019/08/06/warshipping-hackers-ship-exploits-mail-room/
Tomi Engdahl says:
US border officials are increasingly denying entry to travelers over others’ social media
https://tcrn.ch/2zuIvzT
Travelers are increasingly being denied entry to the United States as border officials hold them accountable for messages, images and video on their devices sent by other people.
It’s a bizarre set of circumstances that has seen countless number of foreign nationals rejected from the U.S. after friends, family or even strangers send messages, images or videos over social media sites like Facebook and Twitter, and encrypted messaging apps like WhatsApp, which are then downloaded to the traveler’s phone.
Tomi Engdahl says:
This is a dangerous “new” vector for malware and its getting very popular! Be extremely weary if an app changes ownership. Chinese companies are targeting popular apps, buying them then adding malware to the code. MANY PEOPLE GET AUTOMATICALLY UPDATED TO THE DANGEROUS CODE.
https://www.androidpolice.com/2019/04/27/es-file-manager-vanishes-from-play-store-possibly-part-of-do-global-scandal/
Earlier this week, BuzzFeed News reported how apps on the Play Store from Chinese firm DO Global regularly committed click fraud — automatically clicking on ads on behalf of users. Google has already removed apps and suspended accounts owned by DO Global, and it appears ES File Manager may be part of the ongoing crackdown
https://www.androidpolice.com/2019/04/29/evidence-points-to-a-play-store-ad-fraud-scheme-by-chinese-baidu-spin-off-do-global/
Tomi Engdahl says:
https://gizmodo.com/ring-discloses-over-400-partnerships-with-police-in-mos-1837669511
Amazon’s home security company Ring is opening up about just how many police departments it’s partnered with across the country. Today the company published a map showing hundreds of departments with which it’s inked deals.
Tomi Engdahl says:
Harvard student denied entry into US due to friends’ social media posts
https://www.cnet.com/news/harvard-student-deported-denied-entry-into-us-over-friends-social-media-posts/
Ismail Ajjawi reportedly had his visa canceled after hours of questioning at Boston’s airport.
Tomi Engdahl says:
The new mobile phone scam delivering a problem
https://www.bbc.co.uk/news/business-49450485
“Delivery scams are just one of the increasingly sophisticated methods fraudsters are using to leave victims out of pocket,” warned Adam French, Which? consumer rights expert.
Tomi Engdahl says:
Facial recognition in King’s Cross prompts call for new laws
https://www.bbc.com/news/technology-49333352
Tomi Engdahl says:
The Hong Kong Internet Service Providers Association warns that restricting online access would be ruinous for the region
https://tcrn.ch/32dmS3D
Tomi Engdahl says:
The police know what you’ll do next summer
https://www.newstatesman.com/politics/uk/2019/08/police-know-what-you-ll-do-next-summer
When police use crime-predicting algorithms, they risk bringing into being the world they foresee.
Tomi Engdahl says:
TSA Launches Facial Recognition Pilot at Las Vegas Airport
https://www.nextgov.com/emerging-tech/2019/08/tsa-launches-facial-recognition-pilot-las-vegas-airport/159479/
The agency will assess how the tech verifies travelers’ live facial images against pictures taken from travelers’ identity documents.
The Transportation Security Administration will conduct a short term proof of concept in Las Vegas’ McCarran International Airport to examine how effective facial recognition technology could be at automating travelers’ identity verification
Tomi Engdahl says:
Five More Hackers Become Millionaires on HackerOne
https://www.bleepingcomputer.com/news/security/five-more-hackers-become-millionaires-on-hackerone/
HackerOne says that five more hackers have become millionaires after reporting security vulnerabilities through the vulnerability coordination and bug bounty platform.
Tomi Engdahl says:
https://securityaffairs.co/wordpress/90444/apt/lyceum-apt-middle-east.html
Tomi Engdahl says:
Climate activists plan to use drones to shut down Heathrow Airport next month
https://techcrunch.com/2019/08/29/climate-activists-plan-to-use-drones-to-shut-down-heathrow-airport-next-month/?tpcc=ECFB2019
A UK group of climate activists is planning to fly drones close to Heathrow Airport next month in a direct action they hope will shut down the country’s largest airport for days or even longer.
Tomi Engdahl says:
Ransomware hits hundreds of dentist offices in the US
https://www.zdnet.com/article/ransomware-hits-hundreds-of-dentist-offices-in-the-us/
Ransomware group gains access to dental software backend, deploys ransomware on customers’ systems
Tomi Engdahl says:
https://tcrn.ch/32aEk8L
The Department of Justice said today that a federal grand jury has indicted software engineer Paige Thompson on two counts related to the Capital One data breach that affected over 100 million customers. The charges in the indictment carry penalties of up to 25 years in prison. Thompson will be arraigned in U.S. District Court in Seattle on Sept. 5.
Tomi Engdahl says:
India school-leaving exam: The controversy that cost 23 lives
https://www.bbc.co.uk/news/world-asia-india-48050020
At least 23 teenagers in the southern Indian state of Telangana have killed themselves since their school-leaving exam results were announced in April. BBC Telugu’s Deepthi Bathini explains why the results have become controversial.
In the days following the announcement of the exam results, shocked students and parents protested, alleging there had been errors in marking and demanded the exams be marked again.
It seems there was a mistake in updating the scores. Board officials said Globarena was not involved in the re-evaluation process.
Tomi Engdahl says:
https://medium.com/@mmathieum/google-just-deleted-my-nearly-10-year-old-free-open-source-android-app-7fbc52edc50a
After reading many articles about other Android developers horror stories, my Google Play Publisher account has been terminated… and I don’t really know why… which doesn’t really matter because I had no time to fix it.
Tomi Engdahl says:
Some of Russia’s surveillance tech leaked data for more than a year
https://www.zdnet.com/article/some-of-russias-surveillance-tech-leaked-data-for-more-than-a-year/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d68837a4b188d00011b2240&utm_medium=trueAnthem&utm_source=facebook
Security researcher finds that some of Russia’s SORM wiretapping equipment had been leaking user data.
A Russian security researcher has found that hardware equipment meant to be used by Russian authorities to intercept internet traffic had been leaving data exposed on the internet.
30 SORM DEVICES HAVE LEAKED SURVEILLANCE DATA
But in a talk at the Chaos Constructions security conference last Sunday, on August 25, a Russian security researcher named Leonid Evdokimov revealed that some of these wiretapping devices have been leaking data.
Evdokimov said he found 30 SORM devices installed on the network of 20 Russian ISPs that were running FTP servers that were not secured with a password.
These FTP servers contained traffic logs from past law enforcement surveillance operations
Tomi Engdahl says:
Another Android Fraud Warning: 1.5M Users Are Being Forced To Click Ads
http://on.forbes.com/6185Efc9d
This time it’s from cybersecurity giant Symantec, which said that as many as 1.5 million Android users are having ads clicked for them in what appears to be shady practices by apps hosted on Google Play.
Tomi Engdahl says:
Freedom Hosting II Hacked: 10,613 .onion Sites are Down
https://resources.infosecinstitute.com/freedom-hosting-ii-hacked-10613-onion-sites/
Tomi Engdahl says:
A fifth of the Dark Web is down
https://resources.infosecinstitute.com/freedom-hosting-ii-hacked-10613-onion-sites/
The Anonymous hacktivist group hacked the popular Dark Web hosting provider Freedom Hosting II. Roughly 10,613 .onion sites leveraging on the service have taken down.
Tomi Engdahl says:
Y’all ready for the NSA to protect us from ourselves?[https://www.cyberscoop.com/nsa-firmware-open-source-coreboot-stm-pe-eugene-myers/](https://www.cyberscoop.com/nsa-firmware-open-source-coreboot-stm-pe-eugene-myers/)
Tomi Engdahl says:
How an NSA researcher plans to allow everyone to guard against firmware attacks
https://www.cyberscoop.com/nsa-firmware-open-source-coreboot-stm-pe-eugene-myers/
Tomi Engdahl says:
How one teenager took out a secure Pentagon file sharing site
https://www.fifthdomain.com/dod/army/2019/08/29/how-one-teenager-took-out-a-secure-pentagon-file-sharing-site/
By last October, the Pentagon’s Vulnerability Disclosure Program had processed thousands of loopholes in the Department of Defense’s websites.
Then it received a report from Jack Cable.
Cable found in the DoD’s secure filing system stood out. He discovered a vulnerability known as an “insecure direct object reference,” which involves brute forcing reference numbers in the URL to access different files without authentication.
Tomi Engdahl says:
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html?m=1
Tomi Engdahl says:
https://www.zdnet.com/article/cyber-crime-ransomware-attacks-have-more-than-doubled-this-year/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d668961420dde0001e75134&utm_medium=trueAnthem&utm_source=facebook
Cybercrime: Ransomware attacks have more than doubled this year
File-encrypting malware attacks are back with a vengeance.
Tomi Engdahl says:
Google says hackers have put ‘monitoring implants’ in iPhones for years
https://www.theguardian.com/technology/2019/aug/30/hackers-monitoring-implants-iphones-google-says
Visiting hacked sites was enough for server to gather users’ images and contacts
Tomi Engdahl says:
https://thehackernews.com/2019/08/retadup-botnet-malware.html?m=1
The French law enforcement agency, National Gendarmerie, today announced the successful takedown of one of the largest wide-spread RETADUP botnet malware and how it remotely disinfected more than 850,000 computers worldwide with the help of researchers.
discovered a design flaw in the malware’s C&C protocol that could have been exploited to remove the malware from victims’ computer without executing any extra code.
However, to do that, the plan required researchers to have control over the malware’s C&C server, which was hosted with a hosting provider located in the Ile-de-France region in north-central France.
Tomi Engdahl says:
Consumer Grade Anarchy
https://www.cyberpunks.com/consumer-grade-anarchy/
At the tail end of 2018, a terrorist incident in the UK managed to shut down an international airport.
No-one knows who the perpetrators were, or what their motivations may have been, but the person or persons behind the Gatwick drone fiasco of 19 – 20 December 2018 cost airline companies in excess of $60 million, as well as disrupting the everyday lives of more than 100,000 travelers.
It was easy to do, and for the perpetrator, it was cheap.
Tomi Engdahl says:
Warning Over Terrorist Attacks Using Drones Given By EU Security Chief
https://www.forbes.com/sites/zakdoffman/2019/08/04/europes-security-chief-issues-dire-warning-on-terrorist-threat-from-drones/
This is not new news—the threat from a drone attack on a crowded space in the West has been focusing security minds for some time now. And the real fear from a drone attack is that a chemical or biological payload could be delivered into the midst of a crowded space with relative ease. The challenge with such attacks has always been delivery. A drone takes that challenge away.