Cyber security news October 2019

This posting is here to collect cyber security news in October 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.

 

113 Comments

  1. Tomi Engdahl says:

    sudo had a bug: Potential bypass of Runas user restrictions (CVE-2019-14287) on Linux or Unix-like system. Patch your systems. One can get root access by running:

    sudo -u#-1 /bin/sh
    sudo -u#4294967295 /bin/sh

    https://www.sudo.ws/alerts/minus_1_uid.html

    Reply
  2. Tomi Engdahl says:

    Experts discovered a security policy bypass issue in the Sudo utility that is installed as a command on almost every Linux and Unix system.
    https://securityaffairs.co/wordpress/92519/hacking/sudo-flaw-cve-2019-14287.html

    The Sudo utility that is installed as a command on almost every Linux and Unix system is affected by a security policy bypass issue tracked as CVE-2019-14287.

    The vulnerability could be exploited by an ill-intentioned user or a malicious program to execute arbitrary commands as root on a targeted Linux system, even if the “sudoers configuration” disallows the root access.

    “When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.” reads the security advisory.

    Reply
  3. Tomi Engdahl says:

    https://nakedsecurity.sophos.com/2019/10/15/350-hackers-hunt-down-missing-people-in-first-such-hackathon/

    More than 350 ethical hackers got together in cities across Australia on Friday for a hackathon in which they worked to “cyber trace a missing face”, in the first-ever capture the flag event devoted to finding missing persons.

    Organizers called the results “astounding,” ABC News reports.

    During the six hours the competing teams hammered away at the task of searching for clues that could potentially solve 12 of the country’s most frustrating cold cases. 100 leads were generated every 10 minutes.

    Reply
  4. Tomi Engdahl says:

    Invisible mask: practical attacks on face recognition with infrared
    https://blog.acolyer.org/2019/10/15/invisible-mask/?fbclid=IwAR17H9j0mc7llKI1da9fPXik44Yv4RnB3sx3Ukyhkzkee283T2YgQaHrgNg

    As a result, the adversary masquerading as someone else will be able to walk on the street, without any noticeable anomaly to other individuals but appearing to be a completely different person to the FR (facial recognition) system behind surveillance cameras.

    There are two levels of invisible mask attacks: subverting surveillance systems such that your face will not be recognised, and deliberately impersonating another individual to pass authentication tests. The authors achieved a 100% success rate at avoiding recognition, and a 70% success rate in impersonating a target individual!

    Reply
  5. Tomi Engdahl says:

    JSRAT – Secret Command & Control Channel Backdoor to Control Victims Machine Using JavaScript
    Read:https://gbhackers.com/secret-command-control-channel-backdoor/

    Reply
  6. Tomi Engdahl says:

    Apple insists it’s totally not doing that thing it wasn’t accused of: We’re not handing over Safari URLs to Tencent – just people’s IP addresses
    Cupertino in China Syndrome meltdown
    https://www.theregister.co.uk/2019/10/14/apple_china_tencent/

    Reply
  7. Tomi Engdahl says:

    Building China’s Comac C919 airplane involved a lot of hacking, report says
    https://www.zdnet.com/article/building-chinas-comac-c919-airplane-involved-a-lot-of-hacking-report-says/

    One of China’s most brazen hacking sprees involved intelligence officers, hackers, security researchers, and company insiders.

    Reply
  8. Tomi Engdahl says:

    When Trump Phones Friends, the Chinese and the Russians Listen and Learn
    https://www.google.com/amp/s/www.nytimes.com/2018/10/24/us/politics/trump-phone-security.amp.html

    President Trump has two official iPhones that have limited abilities and a third that is no different from hundreds of millions of iPhones in use around the world.

    When President Trump calls old friends on one of his iPhones to gossip, gripe or solicit their latest take on how he is doing, American intelligence reports indicate that Chinese spies are often listening — and putting to use invaluable insights into how to best work the president and affect administration policy, current and former American officials said.

    Reply
  9. Tomi Engdahl says:

    Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers
    https://www.leboncoincrypto.fr/2019/10/16/phorpiex-botnet-sending-out-millions-of-sextortion-emails-using-hacked-computers/high-tech/66012/

    A decade-old botnet malware that currently controls over 450,000 computers worldwide has recently shifted its operations from infecting machines with ransomware or crypto miners to abusing them for sending out sextortion emails to millions of innocent people.

    Reply
  10. Tomi Engdahl says:

    Mum Discovers eBay Samsung Screen Protector Lets Anyone Open Her Phone
    https://www.ladbible.com/news/technology-mum-discovers-ebay-iphone-screen-protector-lets-anyone-open-her-phone-20191015

    Lisa Neilson, 34, said she bought a £2.70 screen protector online to cover her new Samsung Galaxy S10.

    However, later she found that her left thumb print also unlocked the phone – and soon discovered any print could do so, worryingly.

    Samsung has now launched an investigation into what happened, having advised that people should only use authorised screen protectors.

    Lisa, from Castleford, West Yorkshire, said: “Anyone can access it and could get into the financial apps and transfer funds.”

    Reply
  11. Tomi Engdahl says:

    UK, USA and Australia giving tech advice to Facebook: “Don’t improve your users’ privacy and security by providing end-to-end encryption unless you want to simultaneously degrade their privacy and security by installing a back door into your app…”
    https://www.theguardian.com/technology/2019/oct/03/facebook-surveillance-us-uk-australia-backdoor-encryption

    Reply
  12. Tomi Engdahl says:

    Someone hacked this massive marketplace selling stolen credit cards and removed nearly 26 million records

    https://www.hackread.com/stolen-credit-card-data-trading-marketplace-hacked/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*