Cyber security new December 2019

This posting is here to collect cyber security news in December 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.




  1. Tomi Engdahl says:

    Now Any Government Can Buy China’s Tools for Censoring the Internet
    Beijing’s ‘autocracy as a service’ is becoming the top choice for governments that want to control the internet

  2. Tomi Engdahl says:

    Labour’s Ben Bradshaw claims he was target of Russian cyber-attack
    Frequent critic of Kremlin interference in the UK was sent suspicious email from Moscow

  3. Tomi Engdahl says:

    IBM sounds alarm about more data-wiping malware from Iran

    IBM’s security experts said Wednesday they have uncovered previously unknown malware developed by Iranian hackers that was used in a data-wiping attack against unnamed energy and industrial organizations the Middle East.

    The newfound malware, dubbed ZeroCleare, “spread to numerous devices on the affected network, sowing the seeds of a destructive attack that could affect thousands of devices and cause disruption that could take months to fully recover from,” Limor Kessem, an Israel-based analyst with IBM’s X-Force incident response team, wrote in a blog post.

  4. Tomi Engdahl says:

    An Update on Android TLS Adoption

    Android 7 (API level 24) introduced the Network Security Configuration in 2016, allowing app developers to configure the network security policy for their app through a declarative configuration file. To ensure apps are safe, apps targeting Android 9 (API level 28) or higher automatically have a policy set by default that prevents unencrypted traffic for every domain.

    Today, we’re happy to announce that 80% of Android apps are encrypting traffic by default.

  5. Tomi Engdahl says:

    Sergiu Gatlan / BleepingComputer:
    Report: BMW discovered and monitored Vietnam-backed hackers who stayed active on its network since at least the spring of 2019; Hyundai was also targeted

    BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets

    The German automotive giant BMW discovered and monitored a group of hackers who infiltrated the company’s networks and stayed active since at least the spring of 2019.

    BMW’s security team spotted the hackers after discovering an instance of the legitimate penetration testing tool Cobalt Strike on a company computer, a tool regularly used in red team testing scenarios to simulate adversaries.

  6. Tomi Engdahl says:

    Atlassian scrambles to fix zero-day security hole accidentally
    disclosed on Twitter
    Twitter security celeb SwiftOnSecurity on Tuesday inadvertently
    disclosed a zero-day vulnerability affecting enterprise software biz
    Atlassian, a flaw that may be echoed in IBM’s Aspera software.

  7. Tomi Engdahl says:

    How Internet resources worth R800 million were stolen and sold on the
    black market
    The theft and sale of large swaths of valuable African Internet
    resources was an inside job, Internet investigator Ron Guilmette has
    concluded after five months of detective work.

  8. Tomi Engdahl says:

    The hilarious real reason why the F-22 can’t be hacked

    The F-22 is the fastest combat aircraft in the U.S. Air Force, even after the development of the F-35.

    “No one in China knows how to program the ’83 vintage IBM software that runs them,” he said.

  9. Tomi Engdahl says:

    In cyber, the US can’t ‘enforce standards that don’t exist’

    Lack of international standards for proper behavior in cyberspace prevents the United States and allies from policing adversaries as needed to protect data and systems, the chief of naval operations said during a service chiefs panel at the Reagan National Defense Forum.

    All four chiefs pledged support to Gen. Paul Nakasone, commander of U.S. Cyber Command. But they also acknowledged the challenge that comes with the lack of international doctrine.

    “We have international norms in the maritime; we don’t have those in cyber,”

    “It makes it difficult to enforce standard that don’t exist, and to therefore hold nations accountable for nefarious behavior. It’s a challenge.”

    “Those types of agreements take time,” he added. “Unfortunately, they sometimes follow a catastrophic event.”

    NATO did confirm in 2017 that it could invoke Article 5 of its charter should one or more member nations find themselves under a serious cyberattack that threatens critical military and civilian infrastructure.

  10. Tomi Engdahl says:

    I asked a hacker to spy on me via my Amazon account. It took him 5 minutes to break in

  11. Tomi Engdahl says:

    Apple and Facebook sent representatives today to Washington, DC, where senators pushed them to create lawful back doors to encrypted data.

    A decades-old debate: Government officials have long argued that encryption makes criminal investigations too hard. Companies, they say, should build in special access that law enforcement could use with a court’s permission. Technologists say creating these back doors would weaken digital security for everyone.

    But the heat is on: “My advice to you is to get on with it,” Senator Lindsey Graham told the Silicon Valley giants at today’s Senate Judiciary Committee hearing. “Because this time next year, if we haven’t found a way that you can live with, we will impose our will on you.” Apple and Facebook representatives at the hearing came under fire from senators in both parties, while Manhattan district attorney Cy Vance, one of the biggest advocates of back doors, was treated as a star witness.

    The risks: Apple and Facebook told the committee that back doors would introduce massive privacy and security threats and would drive users to devices from overseas.

  12. Tomi Engdahl says:

    Congress warns tech companies: Take action on encryption, or we will

    US lawmakers are poised to “impose our will” if tech companies don’t weaken encryption so police can access data.

    Congress sent a warning to tech giants on Tuesday, telling companies including Apple and Facebook that it intends to pass legislation to regulate encryption if Silicon Valley can’t reach an acceptable compromise with law enforcement agencies.

  13. Tomi Engdahl says:

    20 years prison for Romanian hackers who infected 400,000 computers

    Two Romanian hackers namely Bogdan Nicolescu and Rady Miclaus will be spending 20 and 18 years respectively in prison for infecting 400,000 computers with cryptominers and stealing sensitive financial and credential data. The duo is said to have stolen millions of dollars from countless unsuspected users.

  14. Tomi Engdahl says:

    Are You One Of Avast’s 400 Million Users? This Is Why It Collects And Sells Your Web Habits.

    Avast, the multibillion-dollar Czech security company, doesn’t just make money from protecting its 400 million users’ information. It also profits in part because of sales of users’ Web browsing habits and has been doing so since at least 2013.

    That’s led to some labelling its tools “spyware,” the very thing Avast is supposed to be protecting users from. Both Mozilla and Opera were concerned enough to remove some Avast tools from their add-on stores earlier this month, though the anti-virus provider says it’s working with Mozilla to get its products back online.

    But recently appointed chief executive Ondrej Vlcek tells Forbes there’s no privacy scandal here. All that user information that it sells cannot be traced back to individual users, he asserts.

    Here’s how it works, according to Vlcek: Avast users have their Web activity harvested by the company’s browser extensions. But before it lands on Avast servers, the data is stripped of anything that might expose an individual’s identity, such as a name in the URL, as when a Facebook user is logged in. All that data is analysed by Jumpshot, a company that’s 65%-owned by Avast, before being sold on as “insights” to customers. Those customers might be investors or brand managers.

    Avast’s user data sales have attracted concern as recently as last week, though. Adblock Plus founder Wladimir Palant has been tracking Avast’s Web browsing over 2019, and he reported the data slurping to Mozilla and Opera before they removed the add-ons from their stores just last week.

  15. Tomi Engdahl says:

    Venäjä käytti kahta eri vakoilukampanjaa tärvelläkseen Ranskan vaalit:
    Macronin toimisto sumutti vakoojia vitseillä
    Venäjän tiedustelu yritti sotkea Emmanuel Macronin vaalivoiton
    kahdella eri verkkovakoilukampanjalla. Kampanjaväki sumutti vakoojia
    jakamalla heille väärää tietoa.

  16. Tomi Engdahl says:

    Don’t pay off Ryuk ransomware, warn infoseccers: Its creators borked
    the decryptor
    Oracle DBs particularly vulnerable to fake decryptions, say
    researchers. If you’re an Oracle database user and are tempted to pay
    off a Ryuk ransomware infection to get your files back, for pity’s
    sake, don’t. The criminals behind it have broken their own decryptor,
    meaning nobody will be able to unlock files scrambled by the malicious

  17. Tomi Engdahl says:

    Raju hakkerihyökkäys, virussuojaus oli päivän myöhässä 10 vuoden
    edestä valtion asiakirjoja kaapattiin
    tapahtuneen marraskuun 25. päivänä. Hakkerit onnistuivat
    kryptaamaan jopa 7700 gigatavua tiedostoja yhteensä kymmenen vuoden
    ajalta. Valtionhallinnossa oli käytössä haittaohjelmilta suojaava
    virusohjelmisto, mutta kyseisen haitakkeen tunnistustiedot siihen
    saatiin vasta hyökkäystä seuraavana päivänä

  18. Tomi Engdahl says:

    Intel Patches Plundervolt, High Severity Issues in Platform Update
    Intel addressed 14 security vulnerabilities during the December 2019
    Patch Tuesday, with seven of them being high and medium severity
    security flaws impacting multiple platforms including Windows and
    Linux. The security issues patched today were detailed in the 9
    security advisories published by Intel on its Product Security Center,
    with the company having delivered them to customers through the Intel
    Platform Update (IPU) process. The vulnerabilities disclosed today
    could allow authenticated or privileged users to potentially enable
    information disclosure, trigger denial of service states, escalate
    privileges, or execute malicious code at an elevated level of
    privilege via local access. Each advisory comes with a detailed list
    of all affected products as well as recommendations for vulnerable
    products, and also include contact details for users and researchers
    who would want to report other vulnerabilities found in Intel branded
    tech or products.

  19. Tomi Engdahl says:
    A total of 21 vulnerabilities have been patched in Acrobat and Reader, including critical out-of-bounds write, use-after-free, heap overflow, buffer error, untrusted pointer dereference, and security bypass issues that can be exploited for arbitrary code execution.

  20. Tomi Engdahl says:

    Hackers allegedly emptied brokerage accounts with a simple email scam — here’s how to protect yourself

    Brooklyn prosecutors said in november that a Lithuanian man and an unknown co-conspirator emptied the brokerage accounts of hapless victims of hundreds of thousands of dollars. It would have been more, but for a handful of investors who made some seemingly simple but savvy moves to stop the fraud from happening

  21. Tomi Engdahl says:

    #YOLO WINXP RDP VULN RELEASED WITH NO PATCH (via twitter @[DaveFoose]( [](

  22. Tomi Engdahl says:

    Google Confirms Critical Android 8, 9 And 10 ‘Permanent’ Denial Of Service Threat

    The December 2019 Android Security Bulletin has been published by Google and contains details of several vulnerabilities within the Android operating system. In total, three vulnerabilities have been given a critical rating. However, Google has highlighted one of these as being “the most severe,” and for very good reason: a single maliciously crafted message could “cause a permanent denial of service.” If you tend to hang fire when the “a software update is available” notification lands on your Android smartphone, you might want to hit the “yes” button a bit quicker on this occasion. In fact, I’d recommend installing the December security update just as soon as it is available to you. Unfortunately, not all Android devices receive these security updates, and those that do don’t necessarily get them as quickly as they should.

  23. Tomi Engdahl says:

    FBI shares security advice for online shopping
    FBI: Use credit cards rather than debit cards, don’t use public WiFi,
    keep your devices updated, and more. Ahead of the yearly Christmas
    shopping spree, one of the FBI’s regional offices has published
    yesterday a series of security tips to help users stay safe while they
    shop online.

  24. Tomi Engdahl says:

    Beware of bad Santas this Xmas: Piles of insecure smart toys fill
    retailers’ shelves
    Latest Which? study with NCC Group highlights toys it ain’t smart to
    buy. It seems to come around quicker every year the failure of
    so-called smart toys to meet the most basic of security requirements.

  25. Tomi Engdahl says:

    Russian law enforcement officers have raided the Moscow offices of Nginx—the company behind the world’s second most popular web server software—over a copyright infringement complaint filed by Rambler, a Russian Internet portal and email service provider.

    Over 30% of the websites on the Internet today, including many of the world’s most popular sites like Netflix and Twitch, run on the Nginx server.

    Igor Sysoev created the Nginx web server in the early 2000s and open-sourced it in 2004, after which he founded the company Nginx in 2015 that has now been acquired by F5 Networks, an American technology company, for $ 670 million.

  26. Tomi Engdahl says:

    Russian police raid NGINX Moscow office
    Russian search engine claims full ownership of NGINX code

    Russian police have raided today the Moscow offices of NGINX, Inc., a subsidiary of F5 Networks and the company behind the internet’s most popular web server technology.

    Equipment was seized and employees were detained for questioning.

    Moscow police executed the raid after last week the Rambler Group filed a copyright violation against NGINX Inc., claiming full ownership of the NGINX web server code.

    According to the Netcraft December 2019 Web Server Survey, NGINX has market share of 38%.

  27. Tomi Engdahl says:

    Apple Used the DMCA to Take Down a Tweet Containing an iPhone
    Encryption Key
    Apple asked Twitter to take down a viral tweet posted by an
    independent iPhone security researcher. Then, the company backtracked
    and asked for the tweet to be re-posted. Security researchers are
    accusing Apple of abusing the Digital Millennium Copyright Act (DMCA)
    to take down a viral tweet and several Reddit posts that discuss
    techniques and tools to hack iPhones. On Sunday, a security researcher
    who focuses on iOS and goes by the name Siguza posted a tweet
    containing what appears to be an encryption key that could be used to
    reverse engineer the Secure Enclave Processor, the part of the iPhone
    that handles data encryption and stores other sensitive data.

  28. Tomi Engdahl says:

    Hundreds of Counterfeit Sneaker Sites Hacked to Steal Credit Cards
    As the craze for the latest Off-White, Nike, and Adidas sneakers heats
    up, sites selling counterfeit kicks have popped up to capitalize on
    sneakerheads searching for the best deal. To make a bad deal even
    worse, hackers are now targeting these sites to install malicious
    Magecart scripts that also steal your credit card information. When
    shoppers purchase sneakers off of counterfeit sites, they will find
    that they didn’t get the sneakers they were expecting, and in some
    cases, may not get anything at all. In a new report, Malwarebytes has
    discovered a large-scale hacking operation that is targeting these
    counterfeit sneaker sites and infecting them with malicious scripts to
    steal shopper’s credit cards.

  29. Tomi Engdahl says:

    Cybersecurity: This password-stealing hacking campaign is targeting
    governments around the world
    Researchers uncover a phishing campaign attempting to steal login
    credentials from government departments across North America, Europe
    and Asia – and nobody knows who is behind it. A mysterious new
    phishing campaign is targeting government departments and related
    business services around the world in cyber attacks which aim to steal
    the login credentials from the victims.

  30. Tomi Engdahl says:

    Hackers Dupe Facial Recognition Systems With Creepy Mask

    Researchers at the AI firm Kneron were able to easily fool facial recognition systems at a variety of high security locations — including banks, border crossing checkpoints, and airports — using a high quality mask, Fortune reports.

    They suggest that anybody with the capability of creating such a mask could easily fool these systems as well — a grave reality check for widespread facial recognition tech.

    Using the mask, the researchers fooled payment systems by Chinese tech giants Alibaba and WeChat. Some systems were even easier to fool than that — they managed to get through a self-boarding terminal at Schiphol Airport in the Netherlands by using a picture of a face on a phone screen.

  31. Tomi Engdahl says:

    ‘It’s Scary Stuff’: Cyber-Security Expert Says Recording-Device Investigation At Hyatt Hotel Is Not Uncommon

    MINNEAPOLIS (WCCO) – Police are investigating a report of recording devices found in guest rooms at a Minneapolis hotel.

    The cameras were discovered at the downtown Hyatt Regency on Saturday.

    WCCO’s Esme Murphy spoke with a cyber-security expert who warned: Situations like this are both common and hard to detect.

    “It would be very easy to sneak another device onto a hotel’s Wi-Fi network, stream that video over the internet to the computer where the voyeur is sitting,” Lanterman explained.

    surveillance cameras are getting better, smaller and cheaper and can be installed almost anywhere.

  32. Tomi Engdahl says:

    A thief took Facebook hard drives with payroll data from a worker’s car

    They contained payment info for around 29,000 current and former workers.

    It seems Facebook just couldn’t make it through to the end of the year without another privacy-related incident. Only this time around, its own employees are affected. A thief broke into a payroll worker’s car and stole hard drives that reportedly contained unencrypted payroll information for around 29,000 current and former US employees.

  33. Tomi Engdahl says:

    India shuts down internet once again, this time in Assam and Meghalaya

    India maintained a shutdown of the internet in the states of Assam and Meghalaya on Friday, now into 36 hours, to control protests over a controversial and far-reaching new citizen rule.

    The shutdown of the internet in Assam and Meghalaya, home to more than 32 million people, is the latest example of a worrying worldwide trend employed by various governments: preventing people from communicating on the web and accessing information.

  34. Tomi Engdahl says:

    Toys “R” Us Pivots From Teddy Bears to Surveillance×5/toys-r-us-pivots-from-teddy-bears-to-surveillance?utm_source=viceinstaus&utm_campaign=later-linkinbio-vice&utm_content=later-4420858&utm_medium=social

    The once loved toy giant could have simply died a quiet death. Instead it has been co-opted and transformed into a private equity surveillance project.

  35. Tomi Engdahl says:

    Google Confirms Critical Android 8, 9 And 10 ‘Permanent’ Denial Of Service Threat

    However, Google has highlighted one of these as being “the most severe,” and for very good reason: a single maliciously crafted message could “cause a permanent denial of service.” If you tend to hang fire when the “a software update is available” notification lands on your Android smartphone, you might want to hit the “yes” button a bit quicker on this occasion. In fact, I’d recommend installing the December security update just as soon as it is available to you.

  36. Tomi Engdahl says:

    Man who had transplant finds out months later his DNA has changed to that of donor 5,000 miles away

  37. Tomi Engdahl says:

    It turns out that there are essentially no upstream development resources dedicated to x86_32 Linux. Perhaps unsurprisingly, it was
    badly broken.

    i386 architecture will be dropped starting with eoan (Ubuntu 19.10)

    [oss-security] Lots of bugs in 32-bit x86 Linux entry code[email protected]om/

    It turns out that there are essentially no upstream development
    resources dedicated to x86_32 Linux. Perhaps unsurprisingly, it was
    badly broken.

    I’m not even going to try to enumerate individual bugs here. I’m
    guessing that at least all x86_32 kernels that support PTI are
    vulnerable to privilege escalation via a series of ESPFIX bugs, but
    the missing segment override issue could go back years

  38. Tomi Engdahl says:

    If you get a call offering to fix your computer or PayPal/Bank/Tax or any other online account, it is a hoax. No competent professional will ever, ever, volunteer to fix your computer or account. Most like it is a scam to take your money. Do not download any remote control app on your phone from Play/App store to complete KYC or other stuff. Let your elderly friends and family member know it too. Stay safe and avoid scams.

    Most competent professionals don’t even want you to know that they can fix your computer. :-)

  39. Tomi Engdahl says:

    I don’t know if these are fake or not but they are funny as hell….

  40. Tomi Engdahl says:

    Jailed Russian hacker: I hacked Democrats ‘under the command’ of Russian intelligence agents

    A Russian hacker told a Moscow court in August that he was ordered to hack the Democratic National Committee by Russian intelligence agents at the FSB.
    The hacker was arrested in mid-2016 on charges relating to his work with a notorious hacking collective.

    A Russian hacker believed to be a member of a hacking collective called Lurk said in court over the summer that he was ordered by Russia’s security services, known as the FSB, to hack the Democratic National Committee.

  41. Tomi Engdahl says:

    FBI secretly demands a ton of consumer data from credit agencies. Now lawmakers want answers

  42. Tomi Engdahl says:

    Arduino Nano 33 IoT Debugging
    Get your Nano 33 IoT board connected to full GDB debugging so you can solve those bugs and get your project released!

  43. Tomi Engdahl says:





  44. Tomi Engdahl says:

    H:| Npm team warns of new ‘binary planting’ bug
    Npm bug lets booby-trapped npm (JavaScript) packages plant or alter
    binaries on the victim’s system. The team behind npm, the biggest
    package manager for JavaScript libraries, has issued a security alert
    yesterday, advising all users to update to the latest version (6.13.4)
    to prevent “binary planting” attacks.. Also:


Leave a Comment

Your email address will not be published. Required fields are marked *