Cyber security new December 2019

This posting is here to collect cyber security news in December 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.




  1. Tomi Engdahl says:

    Scientists in Scotland help develop world’s first encryption system that is ‘unbreakable’ by hackers

    New chip stores data as light which is then scrambled differently every single time information is sent onwards

    The world’s first uncrackable security system has been developed by researchers in Scotland, it has been claimed.

    Computer scientists have long feared the arrival of quantum computing would allow encrypted data to be easily decoded by hackers.

    But a global team, including scientists from the University of St Andrews, say they have achieved “perfect secrecy” by creating a chip which effectively generates a one-time-only key every time data is sent through it.

    It works by storing digital information as light which is then passed through a specially engineered silicon chip containing structures which bend and refract that light, scrambling the information.

    Crucially, this bending and refracting is different every time depending on the specific data being sent.

  2. Tomi Engdahl says:

    The search engine that cryptographically protects your privacy

  3. Tomi Engdahl says:

    Three members of a cybercrime group that used the GozNym banking Trojan to steal millions from U.S. businesses were sentenced today in parallel and multi-national prosecutions in Pittsburgh and Tbilisi, Georgia.

    The GozNym group members were charged for stealing “an estimated $100 million from more than 41 000 victims, primarily businesses and their financial institutions” according to a Europol [press release]( from May.


  4. Tomi Engdahl says:

    Russia Plans To Cut Off Some Internet Access Today
    from the how-about-that dept.

    Russia has temporarily shut off many of its citizens’ access to the global internet today in a test of its controversial RuNet program, according to an internal government document.

    RuNet aims to boost the government’s ability to better control internal digital traffic, launch cyber and information attacks against other nations, and track and censor dissidents. The test will evaluate “the possibility of intercepting subscriber traffic and revealing information about the subscriber, blocking communication services,”

    The Dec. 23 test aims to evaluate a system meant to control traffic, veil hackers, and quash dissent

  5. Tomi Engdahl says:

    No, Spotify, You Shouldn’t Have Sent Mysterious USB Drives To Journalists

  6. Tomi Engdahl says:

    Chinese state-sponsored group APT20 has been busy hacking government entities and managed service providers.

    Chinese hacker group caught bypassing 2FA

    Chinese state-sponsored group APT20 has been busy hacking government entities and managed service providers.

    Security researchers say they found evidence that a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA) in a recent wave of attacks.

    The group’s primary targets were government entities and managed service providers (MSPs). The government entities and MSPs were active in fields like aviation, healthcare, finance, insurance, energy, and even something as niche as gambling and physical locks.

    According to researchers, the hackers used web servers as the initial point of entry into a target’s systems, with a particular focus on JBoss, an enterprise application platform often found in large corporate and government networks.

    While on the inside, Fox-IT said the group dumped passwords and looked for administrator accounts, in order to maximize their access. A primary concern was obtaining VPN credentials

    using legitimate tools that were already installed on hacked devices, rather than downloading their own custom-built malware

    Fox-IT analysts said they found evidence the hackers connected to VPN accounts protected by 2FA.

    How they did it remains unclear; although, the Fox-IT team has their theory. They said APT20 stole an RSA SecurID software token from a hacked system, which the Chinese actor then used on its computers to generate valid one-time codes and bypass 2FA at will.

    to make use of the 2 factor authentication codes is to steal an RSA SecurID Software Token and to patch 1 instruction, which results in the generation of valid tokens.

  7. Tomi Engdahl says:

    Mastercard acquires security assessment startup, RiskRecon

    Mastercard announced today that it is acquiring RiskRecon, a Salt Lake City startup that uses publicly available data to build security assessments of organizations. The companies did not share the purchase price.

    It has become increasingly important for financial services companies like Mastercard to help customers navigate cybersecurity, and RiskRecon will give customers an objective score of a company’s risk profile.

  8. Tomi Engdahl says:

    Just a holiday reminder don’t forget to change the default user and password on any IOT devices family members get at christmas

  9. Tomi Engdahl says:

    Colleges are turning students’ phones into surveillance machines, tracking the locations of hundreds of thousands

    When Syracuse University freshmen walk into professor Jeff Rubin’s Introduction to Information Technologies class, seven small Bluetooth beacons hidden around the Grant Auditorium lecture hall connect with an app on their smartphones and boost their “attendance points.”

    And when they skip class? The SpotterEDU app sees that, too, logging their absence into a campus database that tracks them over time and can sink their grade. It also alerts Rubin, who later contacts students to ask where they’ve been. His 340-person lecture has never been so full.

    “They want those points,” he said. “They know I’m watching and acting on it. So, behaviorally, they change.”


    6,000 location data points. Per student. Per day.

    Maybe if your lecture needs to compel attendance the content isn’t worthwhile on it’s own merit.

    And what about the kids that don’t have phones? I know, who am I kidding.

    Is this practice for putting BT sensors in employer’s bathrooms and break rooms so they can determine if you’re not at your desk enough?

    My initial reaction is to tape a phone under the desk in such a classroom and remotely enable the BT on/off.

  10. Tomi Engdahl says:

    This critical Citrix NetScaler bug could affect 80,000 companies
    IT admins managing Citrix systems could have a headache.

  11. Tomi Engdahl says:

    “Security researchers at Proofpoint have uncovered a widespread campaign using Miss Thunberg’s name to trick users into downloading the notorious Emotet malware botnet.”

    Greta Thunberg malware is not the present you want this Christmas

    Hackers targeting students with Greta Thunberg themed email attacks

  12. Tomi Engdahl says:

    BBC: Venäjä kertoo testanneensa onnistuneesti maan sisäistä tietoverkkoa

  13. Tomi Engdahl says:

    Hacker tried to blackmail Apple; threatened to delete 319M iCloud accounts

    A 22-year-old Londoner has been convicted of attempting to blackmail Apple out of $100,000 worth of iTunes cards after falsely claiming he had access to 319 million iCloud accounts.

    He variously threatened to sell access to the account details, and to reset all the accounts…

    Apple said there was no evidence that Albayrak or the TCF had compromised any accounts, and the NCA confirmed

    “Albayrak wrongly believed he could escape justice after hacking in to two accounts and attempting to blackmail a large multinational corporation.

    During the investigation, it became clear that he was seeking fame and fortune. But cybercrime doesn’t pay.”

  14. Tomi Engdahl says:

    Not so IDLE hands: FBI program offers companies data protection via deception
    Newly surfaced doc outlines FBI’s IDLE program—which teases thieves with “decoy data.”

    program, called IDLE (Illicit Data Loss Exploitation), does this by creating “decoy data that is used to confuse illicit… collection and end use of stolen data.”

    FBI hopes will derail all types of attackers, particularly advanced threats from outside and inside the network.

    In a discussion about the FBI’s overall philosophy on fighting cybercrime, Chu told Ars that the FBI is “taking more of a holistic approach” these days. Instead of reacting to specific events or criminal actors, he said, “we’re looking at cyber crime from a key services aspect”—aka, what are the things that cybercriminals target?—”and how that affects the entire cyber criminal ecosystem. What are the centers of gravity, what are the key services that play into that?”

    In the past, the FBI got involved only when a crime was reported. But today, the new approach means playing more of a consultative role to prevent cybercrime

    at FBI Headquarters, there’s a quote there. ‘The most effective weapon against crime is cooperation, the efforts of all law enforcement and the support and understanding of the American people.’ That can not be more true today

    Some information sharing takes the form of collaboration with industry information sharing and analysis centers (ISACs) and “Flash” and “Private Industry Notice” (PIN) alerts on cybercrime issues.

    The concept of using “deception platforms” is one that launched a dozen or so security startups a few years ago, but deception has played a significant role in physical security and military conflict going back at least as far as the (possibly fictional) Trojan Horse. The idea of “honeypots” is intended to draw attackers for the purpose of collecting threat intelligence, and that’s just one well-known example of defensive deception. More complicated deceptive platforms might create entire fake client and server infrastructures (virtual or physical) that attempt to fool attackers into going down dead-ends in the search for sensitive data—giving defenders time to track such attackers and kick them out.

    The goal is to give companies a greater chance of spotting attackers before they are able to get anything of value.

    So rather than being a “honeypot” put in place to attract hackers for threat intelligence purposes, IDLE data is intended to baffle an attacker by obfuscating real data. It’s an attempt to make the illicit use of stolen data much more difficult, or as another official described it, IDLE’s approach is like putting bogus pieces in a jigsaw puzzle. The goal is to confuse attackers about how everything fits together.

    While the program is not classified, FBI officials would not speak in depth about IDLE because of its sensitivity

    How effective IDLE’s approach is to deterring attackers on its own is questionable, Rendition Infosec founder and former National Security Agency operator Jake Williams told Ars. “I’m not sure how much more costly it makes things for Intruders,” he said. “Without increased visibility into the network, it won’t really do much.”

    IDLE data’s worth to the FBI, however, seems clear. IDLE data is “highlighted” in a number of ways, largely analogous to the types of detection done by commercial data loss prevention systems and other security products. The companies that deploy IDLE can monitor access to the dummy files

  15. Tomi Engdahl says:

    Cyberattack on Twitter targeted Epilepsy Foundation with strobing images
    Attackers apparently tried to trigger seizures in followers of the account who have the condition.

    Attackers sent videos of flashing strobe lights to thousands of followers of the Epilepsy Foundation’s Twitter account last month in an apparent attempt to trigger seizures in those with the condition, the foundation said Monday. The attacks, which used the foundation’s Twitter handle and hashtags to get the videos in front of the account’s followers, occurred during National Epilepsy Awareness Month, when more people would be likely checking the feed.

    “These attacks are no different than a person carrying a strobe light into a convention of people with epilepsy and seizures, with the intention of inducing seizures and thereby causing significant harm to the participants,”

  16. Tomi Engdahl says:

    On Monday, Russia completed a series of tests designed to make sure that its internet services could still work when isolated from the world wide web.

    Russia Cuts Off Its Internet, With Mixed Results

    Russia yesterday completed a series of tests designed to make sure that its internet services could still work when isolated from the worldwide web.

    The tests, said to involve state-run institutions and security services, as well as all communications operators, message services and email providers, effectively turned Russia’s internet, RuNet, into the largest intranet in the world.

    Four federal telecom operators took part, with 18 attack scenarios: 12 involving signaling networks of the SS7 phone networking protocol and six the signaling networks of the Diameter protocol, one of the main protocols in 4G networks.

    “It turned out that, in general, both the authorities and telecom operators are ready to effectively respond to possible risks and threats and ensure the functioning of the internet and the unified telecommunication network in Russia,” Alexey Sokolov, deputy head of the Ministry of Digital Development, Communications and Mass Communications, told Pravda.

  17. Tomi Engdahl says:

    Popular chat app ToTok is actually a spying tool of UAE government – report
    Government reportedly uses ToTok to track conversations, locations and other data of those who install the app
    Associated Press

    A chat app that quickly became popular in the United Arab Emirates for communicating with friends and family is actually a spying tool used by the government to track its users, according to a New York Times report.

    The government uses ToTok to track conversations, locations, images and other data of those who install the app on their phones, the Times reported

  18. Tomi Engdahl says:

    Trump still has to sign for this to become law. It would require US telephone providers to implement shaken/stir protocol within 18 months, to stop callerID spoofing and robocalls.

    Congress approves the TRACED Act to fight robocalls

    The legislation could help find and prosecute robocallers.

    Today, Senate approved the TRACED Act, or Telephone Robocall Abuse Criminal Enforcement Act. The legislation could give the government new powers to prosecute robocallers, The Washington Post says. It would also require carriers that authenticate and block spam callers to share those services with customers for free.

  19. Tomi Engdahl says:

    Cryptocurrency-mining botnet uses a Taylor Swift image to hide malware payloads

    MyKingz (Smominru) botnet hides the malware it deploys on infected hosts inside a JPEG of Taylor Swift.

    The name of the botnet is MyKingz, also known as Smominru, DarkCloud, or Hexmen, depending on the cyber-security firm whose report you’re reading.

    MyKingz was first spotted in late 2017. Since then, the botnet has been the largest crypto-mining malware operation on the market.

  20. Tomi Engdahl says:

    Hackers keep dumping Ring credentials online ‘for the giggles’
    Three cache of Ring user credentials have surfaced this week.

  21. Tomi Engdahl says:

    Prison camera hacked, streamed live on YouTube

    BANGKOK – Authorities in Thailand say they are investigating an apparent online break-in by a computer hacker that allowed him to broadcast surveillance video from inside a prison in the country’s south.

    Many surveillance cameras, along with other gadgets, are linked online in what has become known as the Internet of Things, or IoT. Security for such items is often neglected by their users, allowing access by unauthorized parties.

  22. Tomi Engdahl says:

    Threat modeling packages on the npm ecosystem. Can an [event-stream incident]( happen again? How about other supply chain attacks? What will be the next vector of attack that we haven’t seen yet and might it be entirely preventable?

    Why npm lockfiles can be a security blindspot for injecting malicious modules

  23. Tomi Engdahl says:

    Nyt napsahti kipeästi – pahamaineinen haittaohjelma kaatoi yhden maailman tärkeimmistä talouskaupungeista

    Erittäin pahamaineinen Emotet-haittaohjelma pääsi saastuttamaan Frankfurtin kaupungin it-järjestelmät. Iskun vuoksi Frankfurt joutui pudottamaan itsensä netistä.

    Jotta Emotet ei pääsisi jatkamaan Frankfurtista matkaansa muualle, tai ennen kuin se päästäisi sisään jotain vielä pahempaa, Saksan kyberturvaosasto BSI:n neuvoma kaupunki veti hätäjarrusta ja ajoi itse omat järjestelmänsä alas voidakseen kuurata ne huolella.

    Frankfurt shuts down IT network following Emotet infection

    Frankfurt city officials take down IT network to prevent Emotet to be used as a staging point to launch a ransomware attack.

    Frankfurt, one of the largest financial hubs in the world and the home of the European Central Bank, has shut down its IT network this week following an infection with the Emotet malware.

    Frankfurt is the fourth German entity that shut down its IT network in the past two weeks because of Emotet.

    The other three are
    (1) the Justus Liebig University (JLU) in Gießen
    (2) Bad Homburg, another city north of Frankfurt
    (3) the Catholic University in Freiburg

  24. Tomi Engdahl says:

    Facebook is so deep in our ass that you can think something and you’ll start getting ads for it

  25. Tomi Engdahl says:

    How ICE Uses Social Media to Surveil and Arrest Immigrants

    EMAILS SENT BY Immigration and Customs Enforcement officials expose how ICE used social media and information gleaned by for-profit data brokers to track down and arrest an immigrant in Southern California. In the emails, which were disclosed in federal court filings, officials discussed the relationship status of the person, noting that he was “broken hearted,” according to Facebook posts, and confirmed his identity through pictures posted at his father’s birthday party.

    ICE ultimately arrested the person after he “checked in” to a Home Depot on Facebook.

  26. Tomi Engdahl says:

    Microsoft Seizes Web Domains Used by North Korean Hackers

    The US technology giant said a federal court allowed it to take control of 50 domains operated by a group dubbed Thallium, which tricked online users by fraudulently using Microsoft brands and trademarks.

  27. Tomi Engdahl says:

    UN Backs Russia on Internet Convention, Alarming Rights Advocates

    The United Nations on Friday approved a Russian-led bid that aims to create a new convention on cybercrime, alarming rights groups and Western powers that fear a bid to restrict online freedom.

    The General Assembly approved the resolution sponsored by Russia and backed by China, which would set up a committee of international experts in 2020.

    The panel will work to set up “a comprehensive international convention on countering the use of information and communications technologies for criminal purposes,” the resolution said.

    The United States, European powers and rights groups fear that the language is code for legitimizing crackdowns on expression, with numerous countries defining criticism of the government as “criminal.”

  28. Tomi Engdahl says:

    Cyber Attack Forces Airline to Cancel Flights in Alaska

    RavnAir canceled at least a half-dozen flights in Alaska on Saturday — at the peak of holiday travel — following what the company described as “a malicious cyber attack” on its computer network.

    The cancellations affected around 260 passengers, according to company spokeswoman Debbie Reinwand.

    The regional carrier canceled all flights involving its Dash 8 aircraft until noon “because the cyber attack forced us to disconnect our Dash 8 maintenance system and its back-up,”

  29. Tomi Engdahl says:

    Yahoo News:
    Overview of the ongoing efforts by the US to modernize its spy operations, to contain the damage from the 2014 OPM breach, be more resilient to tracking, more — When hackers began slipping into computer systems at the Office of Personnel Management in the spring of 2014 …

    ‘Shattered’: Inside the secret battle to save America’s undercover spies in the digital age

    When hackers began slipping into computer systems at the Office of Personnel Management in the spring of 2014, no one inside that federal agency could have predicted the potential scale and magnitude of the damage. Over the next six months, those hackers — later identified as working for the Chinese government — stole data on nearly 22 million former and current American civil servants, including intelligence officials.

    The data breach, which included fingerprints, personnel records and security clearance background information, shook the intelligence community to its core. Among the hacked information’s other uses, Beijing had acquired a potential way to identify large numbers of undercover spies working for the U.S. government.

  30. Tomi Engdahl says:

    Londoner who tried to blackmail Apple with 300m+ iCloud account resets was reusing stale old creds
    Community service for ‘Turkish Crime Family’ wannabe big dog

    A 22-year-old Londoner has been given 300 hours of community service and a State-enforced bedtime after trying to blackmail Apple with hundreds of millions of previously compromised login credentials.

    Kerem Albayrak, 22, demanded Apple give him $75,000 in crypto-currency or a thousand $100 iTunes gift cards. If the maker of shiny white electronic stuff didn’t comply, Albayrak said he would factory-reset 319 million iCloud accounts and “dump his databases online if his demands were not met,” according to the National Crime Agency.

  31. Tomi Engdahl says:

    Weird News
    Got a Story?

    Voucher Codes
    Funeral Notices


    Google warns of scams targeting elderly users – how to keep your loved ones safe online

    EXCLUSIVE: Google has issued a warning about online scams that specifically target elderly users, and gives its top tips to keep your loved ones safe online

    While older people are often thought of as ‘technophobes’, 60+ year-olds are slowly but surely embracing technology into their lives.

    But Google has issued a warning about online scams that specifically target elderly users.

    Speaking to Mirror Online, Elijah Lawal, online safety communications manager at Google, explained: “No matter how long you’ve been using the internet, the online world continues to present increasingly sophisticated security threats, from manipulative scammers to advanced password hackers.

    “It’s certainly a concern for older internet users — 75% of Brits over 60 report having worried about online safety in the past year.”

    Here are Google’s top tips to help seniors stay safe online this Christmas.
    1. Keep strong, unique passwords
    2. Be careful who you trust
    3. Take care when sharing

  32. Tomi Engdahl says:

    tietoliikennekatkos sairaaloissa – käyttäjän vahinko katkaisi yhteyden potilastietojärjestelmiin

    Satakunnassa erikoissairaanhoitoa tuottavan Satasairaalan tietoverkoissa oli maanantaina päivällä laaja ja erittäin vakavaksi kuvattu tietoliikennekatkos.

    Tietohallintojohtaja Leena Ollonqvist sanoo, että yli tunnin kestänyt katkos johtui vahingosta: joku käyttäjä oli siirtänyt tietokoneensa toiseen paikkaan ja aiheuttanut verkkoon luupin, joka kuormitti koko järjestelmää. Ollonqvist kuvaa tilannetta erittäin vakavaksi.

    – Koneita ei saisi itse siirtää paikasta toiseen. Nyt syntynyt vika on erittäin kriittinen. Vastaavia on vain noin kerran viidessä vuodessa, Ollonqvist sanoo.

  33. Tomi Engdahl says:

    Uusi viranomainen alkaa välittää suomalaisten potilastietoja eteenpäin, mutta lupaa yksityisyyden suojan olevan turvattu

  34. Tomi Engdahl says:

    DNSSEC still fueling DNS amplification attacks, TCP SYN flood attacks rise

    DNS amplification attacks continue to increase in number, growing 4,788% over Q3 2018, according to Nexusguard.

    DNSSEC (Domain Name System Security Extensions) remains the main driver of growth of DNS amplification attacks in the quarter, yet analysts have detected a sharp and concerning rise in TCP SYN flood attacks.

    TCP SYN flood is not a new method, but findings indicate that techniques have grown in sophistication and have emerged as the third most used attack vector, behind DNS amplification and HTTP flood attacks.

  35. Tomi Engdahl says:

    20 Vulnerabilities to Prioritize Patching Before 2020
    Researchers list the top 20 vulnerabilities currently exploited by attack groups around the world.

  36. Tomi Engdahl says:

    Google Chrome impacted by new Magellan 2.0 vulnerabilities
    Magellan 2.0 vulnerabilities were patched in Google Chrome 79.0.3945.79.

    A new set of SQLite vulnerabilities can allow attackers to remotely run malicious code inside Google Chrome, the world’s most popular web browser.

    The vulnerabilities, five, in total, are named “Magellan 2.0,” and were disclosed today by the Tencent Blade security team.

  37. Tomi Engdahl says:

    US Coast Guard discloses Ryuk ransomware infection at maritime facility

    Ransomware infection led to a disruption of camera and physical access control systems, and loss of critical process control monitoring systems.


Leave a Comment

Your email address will not be published. Required fields are marked *