This posting is here to collect cyber security news in August 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
273 Comments
Tomi Engdahl says:
Eco-activists planning to shut down Heathrow Airport with drone flights
https://www.eturbonews.com/263892/eco-activists-planning-to-shut-down-heathrow-airport-with-drone-flights/
British eco-‘drone activists’ are planning to ground all flights at London’s Heathrow Airport next month.
A drone activist group calling itself Heathrow Pause and described as a splinter of environmental group Extinction Rebellion has warned that on September 13 its members will be flying drones around Heathrow, forcing the grounding of flights as part of a protest at the planned expansion of the airport.
Tomi Engdahl says:
https://techcrunch.com/2019/08/06/warshipping-hackers-ship-exploits-mail-room/amp/
Tomi Engdahl says:
https://gizmodo.com/buttplug-hacker-talks-security-consent-and-why-he-hac-1837252628/amp
Tomi Engdahl says:
Twitter CEO Jack Dorsey’s Twitter account was hacked to send out racist tweets with the n-word and phrases like ‘Hitler is innocent’
https://www.businessinsider.com/twitter-ceo-jack-dorsey-account-hacked-n-word-hitler-innocent-2019-8
“The hacked tweets were apparently sent using an SMS messaging service called Cloudhopper. Twitter acquired Cloudhopper in 2010 but the service is no longer available to the public. However, Dorsey apparently used a version of the service earlier this year, though most of his tweets are sent from an iPhone.”
Tomi Engdahl says:
https://www.cisecurity.org/advisory/a-vulnerability-in-google-chrome-could-allow-for-arbitrary-code-execution_2019-086/?_ga=2.17681274.254015540.1567198628-1643685459.1564759901
Tomi Engdahl says:
US official confirms that Trump tweeted out a picture from a classified intelligence briefing
https://www.businessinsider.com/trump-tweeted-classified-intelligence-briefing-photo-2019-8?IR=T
A US official told CNBC that a photo of an Iranian launchpad that President Donald Trump tweeted Friday afternoon came from an intelligence briefing Trump received earlier that day.
Tomi Engdahl says:
https://gizmodo.com/jack-dorseys-twitter-account-appears-to-have-been-hacke-1837753063?fbclid=IwAR2-kbzJpiRhXUDBlmVD_MIJpLMrhyVF2rNgN-DrVT6YnRLctOnBvLqsSaA
Tomi Engdahl says:
Secret U.S. Cyber Mission Devastated Iran’s Attack Capabilities, Officials Say
https://www.forbes.com/sites/zakdoffman/2019/08/29/secret-cyber-mission-devastated-irans-attack-capabilities-us-officials-say/?utm_source=FACEBOOK&utm_medium=social&utm_term=Jennie/#6a656e6e696
The cyber conflict between Iran and the U.S. is now a constant—it doesn’t diminish simply because the headlines go away. And it’s a constant that alternates between computer networks and the media. Now, unnamed U.S. officials have told the U.S. media that covert attacks on Iranian intelligence systems in June had such a devastating impact, that the country has yet to recover its capabilities.
Tomi Engdahl says:
So, the Trump administration is going ahead, directly contrary to established social media platform policies, and creating fake accounts for surveillance purposes? And that’s legal?
US says it plans to create fake social media accounts to monitor immigrants
https://www.foxnews.com/politics/us-government-to-use-fake-social-media-accounts-to-monitor-immigrants-seeking-visas-citizenship
U.S. Citizenship and Immigration Services (USCIS) officers can now use fake social media accounts to monitor immigrants seeking visas, green cards and citizenship.
Tomi Engdahl says:
Man Used Internet Registry To Track Down And Beat Up Pedophiles And Sex Offenders
https://trendings.net/man-used-internet-registry-to-track-down-and-beat-up-pedophiles-and-sex-offenders
Tomi Engdahl says:
iPhones have been having ‘monitoring implants’ installed for years, Google researchers warn
https://www.independent.co.uk/life-style/gadgets-and-tech/news/iphone-apple-google-hack-monitoring-implant-website-a9085031.html
Just visiting an affected website would be enough to be spied on
Hackers have been installing “monitoring implants” in people’s phones without their knowledge for years, Google experts have warned.
Thousands of people could have been hit each week and would not even know they had been hit by the exploit, according to security research Ian Beer, from Google’s Project Zero.
Tomi Engdahl says:
Apple still has work to do on privacy
https://techcrunch.com/2019/08/31/apple-still-has-work-to-do-on-privacy/?tpcc=ECFB2019&fbclid=IwAR3a4Shwm4-4pRKegN3tLd9__DuabQI–gno5yvw-j5I0IKxuAao5cG9rsU
There is no doubt that Apple’s self-polished reputation for privacy and security has taken a bit of a battering recently.
On the security front, Google researchers just disclosed a major flaw in the iPhone, finding a number of malicious websites that could hack into a victim’s device by exploiting a set of previously undisclosed software bugs. When visited, the sites infected iPhones with an implant designed to harvest personal data — such as location, contacts and messages.
Malicious websites were used to secretly hack into iPhones for years, says Google
https://techcrunch.com/2019/08/29/google-iphone-secretly-hacked/
Tomi Engdahl says:
Ian Beer / Project Zero:
An in-depth look at five iOS exploit chains that were used in hacked websites for carrying out watering hole attacks against devices running iOS 10 through 12 — Project Zero’s mission is to make 0-day hard. We often work with other companies to find and report security vulnerabilities …
A very deep dive into iOS Exploit chains found in the wild
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
Project Zero’s mission is to make 0-day hard.
Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day.
There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.
TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.
Tomi Engdahl says:
iOS update: iPhone owners urged to download new software to fix strange and potentially disastrous problem
https://www.independent.co.uk/life-style/gadgets-and-tech/news/ios-update-download-12-problems-4-issues-iphone-new-features-a9080546.html?utm_medium=Social&utm_source=Facebook#Echobox=1566917626
Apple has finally released a new update, numbered 12.4.1, which fixes a major security issue in iPhones.
Tomi Engdahl says:
How To Make $1 Million From Hacking: Meet Six Hacker Millionaires
http://on.forbes.com/6189EfWsZ
Tomi Engdahl says:
https://map.hashplane.com/
Tomi Engdahl says:
Google to pay security researchers who find Android apps and Chrome extensions misusing user data
https://techcrunch.com/2019/08/29/google-data-abuse-android-chrome-bug-bounty/
Tomi Engdahl says:
Emmanuel Nwude Carried Out The Biggest Scam In Nigeria
http://www.ladbible.com/community/interesting-emmanuel-nwude-carried-out-the-biggest-scam-in-nigeria-20180825?c=1535235507222
Emmanuel Nwude committed the largest fraud in Nigeria after he sold a non-existent airport
And not for some throwaway amount of money that someone would have chanced being done over. Oh no, this was $242 million (£188m).
It happened between 1995 and 1998 and the victim was an unsuspecting Brazilian, Nelson Sakaguchi, who was director of a bank.
Tomi Engdahl says:
Hacker Releases First Public Jailbreak for Up-to-Date iPhones in Years
https://www.vice.com/en_ca/article/qvgp77/hacker-releases-first-public-iphone-jailbreak-in-years
Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers.
Tomi Engdahl says:
Router Network Isolation Broken By Covert Data Exfiltration
https://www.bleepingcomputer.com/news/security/router-network-isolation-broken-by-covert-data-exfiltration/
Tomi Engdahl says:
Google wants to reduce lifespan for HTTPS certificates to one year
A Google proposal would cut lifespan of SSL certificates from 825 days to 397 days.
https://www.zdnet.com/article/google-wants-to-reduce-lifespan-for-https-certificates-to-one-year/
https://www.venafi.com/blog/jury-out-whether-reducing-certificate-lifetimes-would-improve-security
Tomi Engdahl says:
A Porn Company Bought, Promptly Incinerated a Website That Doxxed Performers
https://futurism.com/the-byte/porn-incinerated-website-server-pornwikileaks
khawarrasheed1996 says:
hi i am new here any one help me to know the rules