Cyber security news February 2020

This posting is here to collect cyber security news in February 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.

182 Comments

  1. Tomi Engdahl says:

    Android App Giant With Hundreds Of Millions Of Users Was Just Wiped From Play Store
    https://www.forbes.com/sites/zakdoffman/2020/02/22/this-android-app-giant-with-hundreds-of-millions-of-users-was-just-wiped-from-play-store-heres-what-you-do-now/

    The after-effects of Google’s unexpected take-down of 600 apps spewing “disruptive ads” to users worldwide are now taking their toll. This isn’t enterprising back-bedroom malware or an underground movement with masked operators. This is an industry.

    Reply
  2. Tomi Engdahl says:

    Top software download site came with a backdoor for hackers
    https://www.techradar.com/uk/news/software-download-site-came-with-a-backdoor-for-hackers

    One of the world’s most popular software download sites was hijacked by hackers to deliver malware alongside commonly-used programs, researchers have claimed.

    According to a Dr. Web report, a link to download the free VSDC video converter tool from CNET’s website was compromised, instead forcing users to download a modified installer which came bundled with a trojan.

    Reply
  3. Tomi Engdahl says:

    All Those Low-Cost Satellites in Orbit Could Be Weaponized by Hackers, Warns Expert
    https://www.sciencealert.com/cheap-satellites-in-orbit-could-be-tempting-targets-for-hackers-to-weaponise

    If hackers were to take control of these satellites, the consequences could be dire. On the mundane end of scale, hackers could simply shut satellites down, denying access to their services.

    Hackers could also jam or spoof the signals from satellites, creating havoc for critical infrastructure. This includes electric grids, water networks and transportation systems.

    Some of these new satellites have thrusters that allow them to speed up, slow down and change direction in space. If hackers took control of these steerable satellites, the consequences could be catastrophic. Hackers could alter the satellites’ orbits and crash them into other satellites or even the International Space Station.

    Reply
  4. Tomi Engdahl says:

    Android saw a 98 percent drop in apps asking for call and text data
    https://www.engadget.com/2020/02/12/android-drop-in-app-call-sms-log-requests
    Google’s attempts to curb permission abuse appear to be working. the
    company revealed that there was a 98 percent drop in the number of
    Play Store apps accessing call log and SMS data in 2019.

    Reply
  5. Tomi Engdahl says:

    SweynTooth Bug Collection Affects Hundreds of Bluetooth Products
    https://www.bleepingcomputer.com/news/security/sweyntooth-bug-collection-affects-hundreds-of-bluetooth-products/
    Security researchers have disclosed a dozen flaws in the
    implementation of the Bluetooth Low Energy technology on multiple
    system-on-a-chip (SoC) circuits that power at least 480 from various
    vendors. Collectively named SweynTooth, the vulnerabilities can be
    used by an attacker in Bluetooth range can crash affected devices,
    force a reboot by sending them into a deadlock state, or bypass the
    secure BLE pairing mode and access functions reserved for authorized
    users.. Report: https://asset-group.github.io/disclosures/sweyntooth/.
    Also: https://www.theregister.co.uk/2020/02/13/dozen_bluetooth_bugs/

    Reply
  6. Tomi Engdahl says:

    Vulnerabilities in Moxa Networking Device Expose Industrial Environments to Attacks
    https://www.securityweek.com/vulnerabilities-moxa-networking-device-expose-industrial-environments-attacks
    According to advisories published on Monday by both Moxa and Talos, AWK-3131A industrial AP/bridge/client devices are affected by 12 vulnerabilities that can be exploited to carry out malicious activities in an attack aimed at an organization’s industrial systems.

    Reply
  7. Tomi Engdahl says:

    Peripherals With Unsigned Firmware Expose Windows, Linux Computers to Attacks
    https://www.securityweek.com/peripherals-unsigned-firmware-expose-windows-linux-computers-attacks
    Perilous Peripherals: The Hidden Dangers Inside Windows & Linux Computers – Eclypsium
    https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/
    Five years after the Equation Group HDD hacks, firmware security still
    sucks
    https://www.zdnet.com/article/five-years-after-the-equation-group-hdd-hacks-firmware-security-still-sucks/
    In a report published today, Eclypsium, a cyber-security firm
    specialized in firmware security, says that the issue of unsigned
    firmware is still a widespread problem among device and peripheral
    manufactures.. Also
    https://threatpost.com/lenovo-hp-dell-peripherals-unpatched-firmware/152936/

    Reply
  8. Tomi Engdahl says:

    Malware Attack Takes ISS World’s Systems Offline
    https://www.securityweek.com/malware-attack-takes-iss-worlds-systems-offline

    Workplace experience and facility management company ISS World was hit this week by a malware attack that forced its systems offline.

    Reply
  9. Tomi Engdahl says:

    Fraudulent Login Attacks Against Banks Surge: Akamai
    https://www.securityweek.com/fraudulent-login-attacks-against-banks-surge-akamai

    On August 7, 2019, a single credential stuffing attack against a financial services company recorded 55,141,782 malicious login attempts. To put that in perspective, it is more than twice the daily average (22,682,022) of credential abuse attacks detected by Akamai Technologies across all companies in all sectors between December 1, 2017, and November 30, 2019 (a total of 85.42 billion attempts).

    Reply
  10. Tomi Engdahl says:

    20,000 WordPress Websites Infected via Trojanized Themes
    https://www.securityweek.com/20000-wordpress-websites-infected-trojanized-themes

    WordPress Websites Hacked via Vulnerabilities in Two Themes Plugins
    https://www.securityweek.com/wordpress-websites-hacked-vulnerabilities-two-themes-plugins

    Vulnerabilities in two popular WordPress plugins, ThemeREX Addons and ThemeGrill Demo Importer, are being exploited to hack websites.

    Reply
  11. Tomi Engdahl says:

    Jon Brodkin / Ars Technica:
    Firefox begins rollout of encrypted DNS over HTTPS (DoH) by default for US-based users to thwart snooping ISPs
    https://arstechnica.com/information-technology/2020/02/firefox-turns-encrypted-dns-on-by-default-to-thwart-snooping-isps/

    Reply
  12. Sggreek says:

    Cyber security must be updated every year due to advance technology… thanks

    Reply
  13. Tomi Engdahl says:

    FEB 20
    Pay Up, Or We’ll Make Google Ban Your Ads

    https://krebsonsecurity.com/2020/02/pay-up-or-well-make-google-ban-your-ads/

    A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic.

    Reply
  14. Tomi Engdahl says:

    Cable Modem Jailbreaks
    https://medium.com/@cityhnet/cable-modem-jailbreaks-e98cce92698c

    First of all, the goal of this blog is not to steal internet or clone modems !! We are working on a way where certificates will only be used for encryption and NOT to protect the revenue of the ISPs.

    Reply
  15. Tomi Engdahl says:

    Analyysi: Facebook paljastaa, miten yhtiö seuraa sinua palvelun ulkopuolella – yhtiö tietää, mitä sovelluksia käytät ja milloin
    https://yle.fi/uutiset/3-11186679

    Reply
  16. Tomi Engdahl says:

    Microsoft Users Forced To Set Up A Microsoft Account For Fresh Installations
    https://www.techworm.net/2020/02/set-up-microsoft-account-fresh-installations.html

    Reply
  17. Tomi Engdahl says:

    Microsoft Brings Defender Antivirus for Linux, Coming Soon for Android and iOS
    https://thehackernews.com/2020/02/windows-defender-atp-linux-android.html?m=1

    Almost within a year after releasing Microsoft Defender Advanced Threat Protection (ATP) for macOS computers, Microsoft today announced a public preview of its antivirus software for various Linux distributions, including Ubuntu, RHEL, CentOS and Debian

    Microsoft is also planning to soon release Defender ATP anti-malware apps for smartphones and other devices running Google’s Android and Apple’s iOS mobile operating systems.

    Since the last few years, hackers have started paying more attention to Linux and macOS platforms, making them a new target for viruses, Trojans, spyware, adware, ransomware, and other nefarious threats.
    Despite the fact that the attack surface for Linux is much much smaller, Linux has its own share of vulnerabilities and malware threats, and you need proactive monitoring to keep your system safe.

    Reply
  18. Tomi Engdahl says:

    Critical PayPal Security Hack: Multiple Thefts Now Reported—Check Your Settings..
    https://www.forbes.com/sites/zakdoffman/2020/02/25/critical-paypal-security-hack-multiple-thefts-now-reported-check-your-settings/

    “We have found a serious issue in PayPal’s contactless payment,” security researcher Markus Fenske explained to me. He claims that when using PayPal there is a vulnerability that Fenske and colleague Andreas Mayer say enables an attacker “near your mobile phone [to have] a virtual credit card which deducts money from your PayPal account.”

    Reply
  19. Tomi Engdahl says:

    PayPal Users Hit With Fraudulent ‘Target’ Charges via Google Pay
    https://www.bleepingcomputer.com/news/security/paypal-users-hit-with-fraudulent-target-charges-via-google-pay/
    Hackers are using an unknown method to make fraudulent charges on
    PayPal accounts linked via GooglePay. These transactions are being
    charged through Target stores or Starbucks in the United States even
    though the account holders are in Germany.

    Reply
  20. Tomi Engdahl says:

    Credit Card Skimmer Running on 13 Sites, Despite Notification
    https://www.bleepingcomputer.com/news/security/credit-card-skimmer-running-on-13-sites-despite-notification/
    The tally of shopping websites infected by MageCart Group 12 with
    JavaScript that steals payment card info is seeing a sharp increase.
    Nearly 40 new victims have been discovered.

    Reply
  21. Tomi Engdahl says:

    DoppelPaymer Ransomware Launches Site to Post Victim’s Data
    https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-launches-site-to-post-victims-data/
    The operators of the DoppelPaymer Ransomware have launched a site that
    they will use to shame victims who do not pay a ransom and to publish
    any files that were stolen before computers were encrypted.

    Reply
  22. Tomi Engdahl says:

    Direct Memory Access (DMA) Attack Software

    PCILeech uses PCIe hardware devices to read and write target system memory. This is achieved by using DMA over PCIe. No drivers are needed on the target systems.
    Works without hardware together with a wide range of software memory acqusition methods supported by the LeechCore library – including capture of remote live memory using DumpIt or WinPmem. PCILeech also supports local capture of memory and a number of memory dump file formats.
    Supports multiple memory acquisition devices. Both hardware and software based. USB3380 based hardware is only able to read 4GB of memory natively, but is able to read all memory if a kernel module (KMD) is first inserted into the target system kernel. FPGA based hardware, and software based methods, are able to read all memory.
    Capable of inserting a wide range of kernel implants into the targeted kernels – allowing for easy access to live ram and the file system via a “mounted drive”. It is also possible to remove the logon password requirement, loading unsigned drivers, executing code and spawn system shells. PCIleech runs on Windows and Linux. Supported target systems are currently the x64 versions of: UEFI, Linux, FreeBSD, macOS and Windows. This requires write access to memory (USB3380 hardware, FPGA hardware or CVE-2018-1038 “Total Meltdown”).
    PCILeech is capable of inserting a wide range of kernel implants into the targeted kernels – allowing for easy access to live ram and the file system via a “mounted drive”.
    https://github.com/ufrisk/pcileech/

    Reply
  23. Tomi Engdahl says:

    Google Patches Chrome Vulnerability Exploited in the Wild
    https://www.securityweek.com/google-patches-chrome-vulnerability-exploited-wild
    A Chrome 80 update released on Monday patches three high-severity vulnerabilities, including one that Google says has been exploited in the wild.
    The zero-day vulnerability, tracked as CVE-2020-6418, has been described as a type confusion issue affecting the V8 open source JavaScript engine used by Chrome. Google has credited Clement Lecigne of its Threat Analysis Group for reporting the vulnerability.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*