Cyber security news February 2020

This posting is here to collect cyber security news in February 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.


  1. Tomi Engdahl says:

    Android App Giant With Hundreds Of Millions Of Users Was Just Wiped From Play Store

    The after-effects of Google’s unexpected take-down of 600 apps spewing “disruptive ads” to users worldwide are now taking their toll. This isn’t enterprising back-bedroom malware or an underground movement with masked operators. This is an industry.

  2. Tomi Engdahl says:

    Top software download site came with a backdoor for hackers

    One of the world’s most popular software download sites was hijacked by hackers to deliver malware alongside commonly-used programs, researchers have claimed.

    According to a Dr. Web report, a link to download the free VSDC video converter tool from CNET’s website was compromised, instead forcing users to download a modified installer which came bundled with a trojan.

  3. Tomi Engdahl says:

    All Those Low-Cost Satellites in Orbit Could Be Weaponized by Hackers, Warns Expert

    If hackers were to take control of these satellites, the consequences could be dire. On the mundane end of scale, hackers could simply shut satellites down, denying access to their services.

    Hackers could also jam or spoof the signals from satellites, creating havoc for critical infrastructure. This includes electric grids, water networks and transportation systems.

    Some of these new satellites have thrusters that allow them to speed up, slow down and change direction in space. If hackers took control of these steerable satellites, the consequences could be catastrophic. Hackers could alter the satellites’ orbits and crash them into other satellites or even the International Space Station.

  4. Tomi Engdahl says:

    Android saw a 98 percent drop in apps asking for call and text data
    Google’s attempts to curb permission abuse appear to be working. the
    company revealed that there was a 98 percent drop in the number of
    Play Store apps accessing call log and SMS data in 2019.

  5. Tomi Engdahl says:

    SweynTooth Bug Collection Affects Hundreds of Bluetooth Products
    Security researchers have disclosed a dozen flaws in the
    implementation of the Bluetooth Low Energy technology on multiple
    system-on-a-chip (SoC) circuits that power at least 480 from various
    vendors. Collectively named SweynTooth, the vulnerabilities can be
    used by an attacker in Bluetooth range can crash affected devices,
    force a reboot by sending them into a deadlock state, or bypass the
    secure BLE pairing mode and access functions reserved for authorized
    users.. Report:

  6. Tomi Engdahl says:

    Vulnerabilities in Moxa Networking Device Expose Industrial Environments to Attacks
    According to advisories published on Monday by both Moxa and Talos, AWK-3131A industrial AP/bridge/client devices are affected by 12 vulnerabilities that can be exploited to carry out malicious activities in an attack aimed at an organization’s industrial systems.

  7. Tomi Engdahl says:

    Peripherals With Unsigned Firmware Expose Windows, Linux Computers to Attacks
    Perilous Peripherals: The Hidden Dangers Inside Windows & Linux Computers – Eclypsium
    Five years after the Equation Group HDD hacks, firmware security still
    In a report published today, Eclypsium, a cyber-security firm
    specialized in firmware security, says that the issue of unsigned
    firmware is still a widespread problem among device and peripheral
    manufactures.. Also

  8. Tomi Engdahl says:

    Malware Attack Takes ISS World’s Systems Offline

    Workplace experience and facility management company ISS World was hit this week by a malware attack that forced its systems offline.

  9. Tomi Engdahl says:

    Fraudulent Login Attacks Against Banks Surge: Akamai

    On August 7, 2019, a single credential stuffing attack against a financial services company recorded 55,141,782 malicious login attempts. To put that in perspective, it is more than twice the daily average (22,682,022) of credential abuse attacks detected by Akamai Technologies across all companies in all sectors between December 1, 2017, and November 30, 2019 (a total of 85.42 billion attempts).

  10. Tomi Engdahl says:

    20,000 WordPress Websites Infected via Trojanized Themes

    WordPress Websites Hacked via Vulnerabilities in Two Themes Plugins

    Vulnerabilities in two popular WordPress plugins, ThemeREX Addons and ThemeGrill Demo Importer, are being exploited to hack websites.

  11. Tomi Engdahl says:

    Jon Brodkin / Ars Technica:
    Firefox begins rollout of encrypted DNS over HTTPS (DoH) by default for US-based users to thwart snooping ISPs

  12. Sggreek says:

    Cyber security must be updated every year due to advance technology… thanks

  13. Tomi Engdahl says:

    FEB 20
    Pay Up, Or We’ll Make Google Ban Your Ads

    A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic.

  14. Tomi Engdahl says:

    Cable Modem Jailbreaks

    First of all, the goal of this blog is not to steal internet or clone modems !! We are working on a way where certificates will only be used for encryption and NOT to protect the revenue of the ISPs.

  15. Tomi Engdahl says:

    Analyysi: Facebook paljastaa, miten yhtiö seuraa sinua palvelun ulkopuolella – yhtiö tietää, mitä sovelluksia käytät ja milloin

  16. Tomi Engdahl says:

    Microsoft Users Forced To Set Up A Microsoft Account For Fresh Installations

  17. Tomi Engdahl says:

    Microsoft Brings Defender Antivirus for Linux, Coming Soon for Android and iOS

    Almost within a year after releasing Microsoft Defender Advanced Threat Protection (ATP) for macOS computers, Microsoft today announced a public preview of its antivirus software for various Linux distributions, including Ubuntu, RHEL, CentOS and Debian

    Microsoft is also planning to soon release Defender ATP anti-malware apps for smartphones and other devices running Google’s Android and Apple’s iOS mobile operating systems.

    Since the last few years, hackers have started paying more attention to Linux and macOS platforms, making them a new target for viruses, Trojans, spyware, adware, ransomware, and other nefarious threats.
    Despite the fact that the attack surface for Linux is much much smaller, Linux has its own share of vulnerabilities and malware threats, and you need proactive monitoring to keep your system safe.

  18. Tomi Engdahl says:

    Critical PayPal Security Hack: Multiple Thefts Now Reported—Check Your Settings..

    “We have found a serious issue in PayPal’s contactless payment,” security researcher Markus Fenske explained to me. He claims that when using PayPal there is a vulnerability that Fenske and colleague Andreas Mayer say enables an attacker “near your mobile phone [to have] a virtual credit card which deducts money from your PayPal account.”

  19. Tomi Engdahl says:

    PayPal Users Hit With Fraudulent ‘Target’ Charges via Google Pay
    Hackers are using an unknown method to make fraudulent charges on
    PayPal accounts linked via GooglePay. These transactions are being
    charged through Target stores or Starbucks in the United States even
    though the account holders are in Germany.

  20. Tomi Engdahl says:

    Credit Card Skimmer Running on 13 Sites, Despite Notification
    The tally of shopping websites infected by MageCart Group 12 with
    JavaScript that steals payment card info is seeing a sharp increase.
    Nearly 40 new victims have been discovered.

  21. Tomi Engdahl says:

    DoppelPaymer Ransomware Launches Site to Post Victim’s Data
    The operators of the DoppelPaymer Ransomware have launched a site that
    they will use to shame victims who do not pay a ransom and to publish
    any files that were stolen before computers were encrypted.

  22. Tomi Engdahl says:

    Direct Memory Access (DMA) Attack Software

    PCILeech uses PCIe hardware devices to read and write target system memory. This is achieved by using DMA over PCIe. No drivers are needed on the target systems.
    Works without hardware together with a wide range of software memory acqusition methods supported by the LeechCore library – including capture of remote live memory using DumpIt or WinPmem. PCILeech also supports local capture of memory and a number of memory dump file formats.
    Supports multiple memory acquisition devices. Both hardware and software based. USB3380 based hardware is only able to read 4GB of memory natively, but is able to read all memory if a kernel module (KMD) is first inserted into the target system kernel. FPGA based hardware, and software based methods, are able to read all memory.
    Capable of inserting a wide range of kernel implants into the targeted kernels – allowing for easy access to live ram and the file system via a “mounted drive”. It is also possible to remove the logon password requirement, loading unsigned drivers, executing code and spawn system shells. PCIleech runs on Windows and Linux. Supported target systems are currently the x64 versions of: UEFI, Linux, FreeBSD, macOS and Windows. This requires write access to memory (USB3380 hardware, FPGA hardware or CVE-2018-1038 “Total Meltdown”).
    PCILeech is capable of inserting a wide range of kernel implants into the targeted kernels – allowing for easy access to live ram and the file system via a “mounted drive”.

  23. Tomi Engdahl says:

    Google Patches Chrome Vulnerability Exploited in the Wild
    A Chrome 80 update released on Monday patches three high-severity vulnerabilities, including one that Google says has been exploited in the wild.
    The zero-day vulnerability, tracked as CVE-2020-6418, has been described as a type confusion issue affecting the V8 open source JavaScript engine used by Chrome. Google has credited Clement Lecigne of its Threat Analysis Group for reporting the vulnerability.


Leave a Comment

Your email address will not be published. Required fields are marked *