This posting is here to collect cyber security news in October 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
223 Comments
Tomi Engdahl says:
Google launches leaked-password checker, will bake it into Chrome in December
https://www.computerworld.com/article/3444237/google-launches-leaked-password-checker-will-bake-it-into-chrome-in-december.html
The company plans to add a hacked-password alert system into its browser by the end of year; Firefox aims to do much the same thing this month.
Tomi Engdahl says:
Microsoft NTLM Vulnerability Let Hackers to Compromise the Network Domain Controller
https://gbhackers.com/microsoft-ntlm/
Tomi Engdahl says:
Teejayx6 – Swipe Lesson (Official Music Video) *FREE MONEY & METHODS*
https://www.youtube.com/watch?v=-xekDJV2iwU
Tomi Engdahl says:
Proof-of-Concept Spy Chips?
https://www.hackster.io/news/proof-of-concept-spy-chips-93f41ed1f061
Tomi Engdahl says:
These are the 29 countries vulnerable to Simjacker attacks
Adaptive Mobile publishes the list of countries where mobile operators ship SIM cards vulnerable to Simjacker attacks.
https://www.zdnet.com/article/these-are-the-29-countries-vulnerable-to-simjacker-attacks/
Tomi Engdahl says:
Russian Secret Weapon Against U.S. 2020 Election Revealed In New Cyberwarfare Report
https://www.forbes.com/sites/zakdoffman/2019/09/24/new-cyberwarfare-report-unveils-russias-secret-weapon-against-us-2020-election/
Tomi Engdahl says:
The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History
https://www.wired.com/story/untold-story-2018-olympics-destroyer-cyberattack/
How digital detectives unraveled the mystery of Olympic Destroyer—and why the next big attack will be even harder to crack.
Tomi Engdahl says:
Catalin Cimpanu / ZDNet:
Researchers find malware operators are now using steganography techniques to hide malicious code in WAV audio files —
WAV audio files are now being used to hide malicious code
https://www.zdnet.com/article/wav-audio-files-are-now-being-used-to-hide-malicious-code/
Steganography malware trend moving from PNG and JPG to WAV files.
Tomi Engdahl says:
Security
Free decrypter released for STOP ransomware, today’s most popular ransomware strain
https://www.zdnet.com/article/free-decrypter-released-for-stop-ransomware-todays-most-popular-ransomware-strain/
New free decrypter can help victims decrypt 148 of the 160 versions of the STOP ransomware.
Tomi Engdahl says:
Jon Porter / The Verge:
Samsung says fingerprint bug on Galaxy devices is due to the sensor reading 3D patterns in screen protectors as fingerprints, will patch it as soon as next week
Samsung says fingerprint security fix is coming as early as next week
https://www.theverge.com/2019/10/18/20920522/samsung-galaxy-s10-note-10-fingerprint-recognition-patch-next-week-bug-biometric-security
And advises removing silicone screen protecting cases for now
Tomi Engdahl says:
Melanie Ehrenkranz / OneZero:
A look inside a community of hackers who tinker with Kindle e-readers to disable Amazon’s tracking, circumvent file format restrictions, install games, and more
Kindle Hackers Are Disabling Tracking and Ads
And installing ‘Zork’ while they’re at it
https://onezero.medium.com/kindle-hackers-are-disabling-tracking-and-ads-d00d1ad804b0
Tomi Engdahl says:
Turns Out It’s Incredibly Easy to Blag Your Way Into Festivals
Three days, three festivals – for free!
https://www.vice.com/en_uk/article/597wq3/blag-into-festivals-five-techniques-all-worked?utm_campaign=sharebutton
Tomi Engdahl says:
Revisiting The BlackHat Hack: How A Security Conference Was Pwned
https://hackaday.com/2019/10/18/revisiting-the-blackhat-hack-how-a-security-conference-was-pwned/
Does anyone remember the Black Hat BCard hack in 2018? This hack has been documented extensively, most notoriously by [NinjaStyle] in his original blog post revealing the circumstances around discovering the vulnerability. The breach ended up revealing the names, email addresses, phone numbers, and personal details of every single conference attendee – an embarrassing leak from one of the world’s largest cybersecurity conferences.
Tomi Engdahl says:
Teens find circumventing Apple’s parental controls is child’s play
https://www.washingtonpost.com/technology/2019/10/15/teens-find-circumventing-apples-parental-controls-is-childs-play/
Kids are outsmarting an army of engineers from Cupertino, Apple’s headquarters in Silicon Valley. And Apple, which introduced Screen Time a year ago in response to pressure to address phone overuse by kids, has been slow to make fixes to its software that would close these loopholes. It’s causing some parents to raise questions about Apple’s commitment to safeguarding kids from harmful content and smartphone addiction.
Everywhere from Reddit to YouTube, kids are sharing tips and tricks that allow them to circumvent Screen Time. They download special software that can exploit Apple security flaws, disabling Screen Time or cracking their parents’ passwords. They search for bugs that make it easy to keep using their phones, unbeknown to parents, like changing the time to trick the system, or using iMessage to watch YouTube videos.
https://protectyoungeyes.com/12-ingenious-screen-time-hacks-how-to-beat-them/
Tomi Engdahl says:
Norwegian Newspaper Website Taken Offline After Content Hack
http://on.forbes.com/61871HMuh
Dagbladet, one of Norway’s best-selling newspapers, was forced to take its popular website offline for a few hours last week as suspected hackers inserted false stories and quotes, including a pro-pedophilia comment attributed to Norway’s Prime Minister, Erna Solberg. One person has been arrested.
Tomi Engdahl says:
Trump Campaign Email Server Was Left Open To Attack
https://www.forbes.com/sites/leemathews/2019/10/17/trump-campaign-email-server-was-left-open-to-attack/#2ac50c771f39
Running a Presidential campaign is hard. Proper cybersecurity is hard, too. The intersection of the two is doubly hard and missteps can be disastrous.
That’s why today’s update from Comparitech is so alarming. Researchers Bob Diachenko and Sebastien Kaul discovered a configuration error that impacted at least 768 websites.
One of those sites: DonaldJTrump.com, one of the many official sites that are part of the effort to re-elect President Trump in 2020.
“Debug mode” in popular webdev tool exposes credentials for hundreds of websites, including Donald Trump’s
https://www.comparitech.com/blog/vpn-privacy/debug-mode-exposes-credentials/
The tool, a PHP framework called Laravel, includes a “debug mode” that lets developers identify errors and misconfigurations before websites go live. The problem is that many developers fail to disable the debug mode after going live, exposing backend website details like database locations, passwords, secret keys, and other sensitive info.
Attackers could have intercepted correspondence with Trump supporters or phish campaign contributors, among other crimes.
To be clear, this is not a breach of user data; no user records were leaked. This exposure instead gave hackers an attack vector to potentially hijack mail servers, explore source code structure, find weak points, re-use passwords on other systems, and mount other types of attacks.
Tomi Engdahl says:
Russian Hackers Disguised As Iranian Spies Attacked 35 Countries
https://www.forbes.com/sites/kateoflahertyuk/2019/10/21/nsa-and-ncsc-warning-russian-hackers-disguised-as-iranian-spies-hacked-35-countries/
Russian cyber actors disguised themselves as Iranian spies so they could stealthily orchestrate attacks on countries across the world, the U.S.’s NSA and U.K.’s NCSC said.
The so-called Turla group, which is also known as Snake or Uroburos, hid in plain sight by acquiring Iranian tools and infrastructure to perform their attacks, the U.K.’s Cyber Security Centre (NCSC) and U.S. National Security Agency said.
Turla used implants derived from Iranian hackers’ previous campaigns, “Neuron” and “Nautilus”–which they obtained through compromising the Iran based hackers themselves.
Tomi Engdahl says:
NordVPN confirms it was hacked. The attacker gained access to the server which had been active for about a month by exploiting an insecure remote management system left by datacenter provider, which NordVPN said it was unaware that such a system existed. Good god. That shows incompetence. https://nordvpn.com/blog/official-response-datacenter-breach/
Tomi Engdahl says:
New Facebook features fight election lies everywhere but ads
https://tcrn.ch/2J6NQTd
Heaven forbid a political candidate’s Facebook account gets hacked. They might spread disinformation…like they’re already allowed to do in Facebook ads…
Today Facebook made a slew of announcements designed to stop 2020 election interference. “The bottom line here is that elections have changed significantly since 2016″ and so has Facebook in response, CEO Mark Zuckerberg said on a call with reporters. “We’ve gone from being on our back foot to proactively going after some of the biggest threats out there”
https://newsroom.fb.com/news/2019/10/update-on-election-integrity-efforts/
Tomi Engdahl says:
Avast Network Breached As Hackers Target CCleaner Again
https://threatpost.com/avast-network-breached-as-hackers-target-ccleaner-again/149358/
Avast said it believes that threat actors are again looking to target CCleaner in a supply chain attack.
Czech antivirus vendor Avast on Monday warned that hackers were able to access its internal network using a temporary VPN account.
Tomi Engdahl says:
These Are the Celebrities Most Likely to Give You a Computer Virus
https://www.bloomberg.com/news/articles/2019-10-22/the-most-dangerous-celebrity-online-is-revealed?cmpid=socialflow-facebook-business&utm_medium=social&utm_source=facebook&utm_content=business&utm_campaign=socialflow-organic
Tomi Engdahl says:
Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app
https://www.theregister.co.uk/2019/10/18/vatican_erosary_insecure/
The technology behind the Catholic Church’s latest innovation, an electronic rosary, is so insecure, it can be trivially hacked to siphon off worshipers’ personal information.
“One of our researchers decided to check out the code, and in just 10 minutes found some glaring issues,”
https://fidusinfosec.com/clicktopray-erosary-account-takeover/
Tomi Engdahl says:
Former Twitter CISO shares his advice for IT security hiring and cybersecurity
https://www.zdnet.com/article/former-twitter-ciso-shares-his-advice-for-it-security-hiring-and-cybersecurity/
Tomi Engdahl says:
Hacker Breached Servers Belonging to Multiple VPN Providers
https://www.bleepingcomputer.com/news/security/hacker-breached-servers-belonging-to-multiple-vpn-providers/?fbclid=IwAR3LDNdNf4ufoCd6AU1259_hwE0aqXXs9jOdUNGIlbtsewDjc83dmJbOQAU
Servers belonging to the NordVPN and TorGuard VPN companies were hacked and attackers stole and leaked the private keys associated with certificates used to secure their web servers and VPN configuration files.
Over the weekend, security researcher @hexdefined tweeted that NordVPN, of which we are an affiliate, was compromised as the private keys for their web site certificate were publicly leaked on the Internet.
this certificate is now expired
Servers for NordVPN, TorGuard, and possibly VikingVPN hacked
Tomi Engdahl says:
NordVPN confirms it was hacked
https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/
https://www.theverge.com/2019/10/21/20925065/nordvpn-server-breach-vpn-traffic-exposed-encryption
Tomi Engdahl says:
India moves closer to regulating internet services as it fears ‘unimaginable disruption to democracy’
https://tcrn.ch/2BsreZr
India said on Monday that it is moving ahead with its plan to revise existing rules to regulate intermediaries — social media apps and others that rely on users to create their content — as they are causing “unimaginable disruption” to democracy.
Tomi Engdahl says:
Alexa and Google Home abused to eavesdrop and phish passwords
Amazon- and Google-approved apps turned both voice-controlled devices into “smart spies.”
https://arstechnica.com/information-technology/2019/10/alexa-and-google-home-abused-to-eavesdrop-and-phish-passwords/
By now, the privacy threats posed by Amazon Alexa and Google Home are common knowledge. Workers for both companies routinely listen to audio of users—recordings of which can be kept forever—and the sounds the devices capture can be used in criminal trials.
Tomi Engdahl says:
EU contracts with Microsoft raising ‘serious’ data concerns, says watchdog
https://tcrn.ch/32Cu89G
Tomi Engdahl says:
“Legislators around the globe have one thing in common: the urge to “eradicate” vaguely defined “online harms”. The rhetoric of danger comprised in online harm has become a driving force behind regulatory responses in liberal democracies. This is exactly the kind of logic frequently used by authoritarian regimes to restrict legitimate debate.”
https://edri.org/content-regulation-whats-the-online-harm/
Tomi Engdahl says:
” In other words, the signatories are requesting what security experts call a “backdoor” for law enforcement to circumvent legitimate encryption methods in order to access private communications.”
https://edri.org/why-weak-encryption-is-everybodys-problem/
Tomi Engdahl says:
Under digital surveillance: how American schools spy on millions of kids
https://www.theguardian.com/world/2019/oct/22/school-student-surveillance-bark-gaggle
Fueled by fears of school shootings, the market has grown rapidly for technologies that monitor students through official school emails and chats
Tomi Engdahl says:
An Air France flight was forced to turn back in midair when staff found an unattended cellphone that wasn’t claimed by any of the passengers
https://www.businessinsider.com/air-france-lands-shannon-airport-unclaimed-cell-phone-2019-10?r=US&IR=T&utm_content=buffer02187&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer-travel
An Air France flight made an emergency landing in Ireland after a mobile phone found on board was not claimed by any passengers.
The phone was deemed safe, and the Irish newspaper The Journal reported that it could have been left by a passenger on a previous flight and gone unnoticed by the cleaning crew.
Air France said in a statement to the aviation news website Simple Flying that the crew “decided to divert as a precautionary measure after a mobile phone was found and not claimed by the passengers on board.”
Tomi Engdahl says:
https://thehackernews.com/2019/10/mssql-server-backdoor.html?m=1
Tomi Engdahl says:
Comcast Is Lobbying Against Encryption That Could Prevent it From Learning Your Browsing History
https://www.vice.com/en_us/article/9kembz/comcast-lobbying-against-doh-dns-over-https-encryption-browsing-data
Motherboard has obtained a leaked presentation internet service providers are using to try and lobby lawmakers against a form of encrypted browsing data.
Tomi Engdahl says:
White House kicks infosec team to curb in IT office shakeup
Senior staffer quits over “highly concerning” lack of security practices.
https://arstechnica.com/information-technology/2019/10/white-house-guts-infosec-team-posturing-itself-to-be-compromised-again/
Tomi Engdahl says:
Senior Infosec Staffer Resigns, Says White House On Track To Be Hacked Again
https://www.forbes.com/sites/leemathews/2019/10/23/senior-infosec-staffer-resigns-says-white-house-on-track-to-be-hacked-again/
The very staff who bolstered White House network defenses in the face of state-sponsored cyberattacks are being driven out. In his memo, Vastakis stated that he and his colleagues were “systematically being targeted for removal […] through various means.”
Tomi Engdahl says:
https://jalopnik.com/google-is-reading-your-license-plates-1839259494
Tomi Engdahl says:
Huawei: Easier to bribe telco staff than build backdoors
https://www.zdnet.com/article/huawei-easier-to-bribe-telco-staff-then-build-backdoors/
https://www.wsj.com/articles/huawei-telecom-gear-much-more-vulnerable-to-hackers-than-rivals-equipment-report-says-11561501573
Tomi Engdahl says:
New York Times abruptly eliminates its “director of information security” position: “there is no need for a dedicated focus on newsroom and journalistic security”
https://boingboing.net/2019/10/23/sitting-ducks-r-us.html
Tomi Engdahl says:
Japanese robot hotel chain ignored repeated warnings that its in-room “bed-facing” robots could be turned into spy devices
https://boingboing.net/2019/10/23/sorry-for-uneasiness.html?fbclid=IwAR2TN8k5WXyVUM0LK09M1yC3eDwWFSxJvT4VMzHAF785wrvf3smVxRNEO6M
Japan’s Henn na Hotel chain, owned by the HIS Group, uses “bed-facing Tapia robots” in its rooms; these robots turn out to be incredibly insecure: you can update them by pairing with them using a NFC sensor at the backs of their heads. The robots do not check the new code for cryptographic signatures, meaning that malicious actors can install any code they want.
Security researcher Lance R. Vick discovered the vulnerability and repeatedly informed HIS Group; after they failed to take any action over 90 days, Vick publicly disclosed the defect in his Twitter stream on Oct 13.
According to Vick, the Tapia robot is slated to be widely deployed during the 2020 Olympics.
“Stay curious, and take everything apart. You will find the security flaws. They are everywhere.”
Tomi Engdahl says:
In the last 10 months, 140 local governments, police stations and hospitals have been held hostage by ransomware attacks
https://edition.cnn.com/2019/10/08/business/ransomware-attacks-trnd/index.html
Tomi Engdahl says:
Like admin/admin at Equifax server?
https://www.theinquirer.net/inquirer/news/3082848/equifax-admin-password-hack-lawsuit
https://www.pcgamer.com/lawsuit-claims-equifax-used-default-admin-password-during-massive-hack/
Tomi Engdahl says:
https://www.theregister.co.uk/2019/10/22/japanese_hotel_chain_sorry_that_bedside_robots_may_have_watched_guests/
Tomi Engdahl says:
https://www.defenseone.com/technology/2019/10/russia-will-test-its-ability-disconnect-internet/160861/
Tomi Engdahl says:
http://www.nsaplayset.org/
Tomi Engdahl says:
A DDoS gang is extorting businesses posing as Russian government hackers
Exclusive: Fake “Fancy Bear” group is demanding money from companies in the financial sector, threatening DDoS attack
https://www.zdnet.com/article/a-ddos-gang-is-extorting-businesses-posing-as-russian-government-hackers/
Tomi Engdahl says:
ATTK of the Pwns: Trend Micro’s antivirus tools ‘will run malware – if its filename is
Try not to save files to your Windows PC called
https://www.theregister.co.uk/2019/10/21/flaw_trend_micro/
Tomi Engdahl says:
Many counties have wiretapping laws requiring telecoms to buy networking equipment with backdoors. For example, the US has the CALEA law, which means that all telecom service providers have to have networking equipment that can save voice phone call data and internet data in the clear. The weakest link is probably the government-mandated backdoors.
https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act
Tomi Engdahl says:
Facebook and Google have been indexing the serial numbers of firearms posted online.
Gun Owners: Here’s Why You Should Think Twice Before Posting Pictures of Your Firearms on Social Media
https://townhall.com/tipsheet/bethbaumann/2019/10/23/big-brothers-watching-think-twice-before-you-post-pictures-of-your-firearms-on-social-media-n2555263/?utm_content=buffer84e2e&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer&fbclid=IwAR2qJ2DE_boUqQVeUBL5CGssULwKlN_6zRNgs04uxlvsCJlaLOCynS-SNY4
According to The Firearms Blog (TFB), the two tech giants are scanning users’ pictures to look for serial numbers. They’re then creating an index of every person’s firearms based on the image scans. If you’ve posted a picture of your firearm on a social networking site and didn’t smear out the serial number, chances are it’s indexed on Google images. Simply type in the serial number in quotes and search images. What comes up?
https://www.thefirearmblog.com/blog/2019/10/22/google-firearm-serial-numbers/
Tomi Engdahl says:
This can happeen…
How I Lost My $50,000 Twitter Username
A story of how PayPal and GoDaddy allowed the attack and caused me to lose my $50,000 Twitter username.
https://medium.com/@N/how-i-lost-my-50-000-twitter-username-24eb09e026dd