This posting is here to collect cyber security news in May 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
222 Comments
Tomi Engdahl says:
Shadowserver, an Internet Guardian, Finds a Lifeline
https://www.wired.com/story/shadowserver-funding-trend-micro-internet-society/
Ten weeks ago, Shadowserver’s main source of funding dried up. Now,
it’s back on level footing.
Tomi Engdahl says:
Microsoft IIS servers hacked by Blue Mockingbird to mine Monero
https://www.bleepingcomputer.com/news/security/microsoft-iis-servers-hacked-by-blue-mockingbird-to-mine-monero/
Tomi Engdahl says:
Setting this image as wallpaper could soft-brick your phone
https://www.androidauthority.com/image-wallpaper-crash-soft-brick-1124505/
Here’s a cool and a bit scary story for you this Sunday morning.
Simply setting this image as wallpaper on your phone could cause it to crash and become unable to boot.
The issue was reported by well-known leaker Ice Universe on Twitter and confirmed by dozens of other users.
I was able to replicate the issue on a Google Pixel 2. After setting the image in question as a wallpaper, the phone immediately crashed. It attempted to reboot, but the screen would constantly turn on and off, making it impossible to pass the security screen.
Restarting the device in safe mode (by holding down the volume button during boot-up) did not fix the issue.
A factory reset did bring my Pixel 2 back to normal, but obviously that meant losing all my data.
Many users on Twitter report running into the issue. As user Sebastian noted, the issue can also be reproduced on the emulator bundled with Android Studio.
At this point, it’s not clear what’s causing it, but considering it’s happening on devices from multiple brands, including Google, it’s possible that the image somehow conflicts into an underlying issue with the Android OS. It’s also possible that it was specially crafted to take advantage of an existing vulnerability.
Tomi Engdahl says:
Critical Android flaw lets attackers hijack almost any app, steal data
https://www.welivesecurity.com/2020/05/27/critical-android-flaw-lets-attackers-hijack-almost-any-app-steal-data/?utm_source=facebook&utm_medium=organic&utm_campaign=wls&utm_term=android-critical-flaw&utm_content=news
Left unpatched, the vulnerability could expose almost all Android users to the risk of having their personal data intercepted by attackers
Researchers have found a critical flaw that affects nearly all devices running Android 9.0 or older, which implies that over 90% of Android users could be vulnerable. If exploited, the security hole allows hackers to hijack almost any app and steal victims’ sensitive data, according to researchers at Promon, who uncovered the vulnerability and dubbed it StrandHogg 2.0.
The good news is that malware exploiting the vulnerability has not been observed in the wild. Importantly, Google provided a patch to Android device makers in April 2020, with the fix – for Android versions 8.0, 8.1 and 9.0 – being rolled out to the public as part of the latest assortment of monthly security updates throughout this month. Promon notified Google about the vulnerability in early December 2019.
Indexed as CVE-2020-0096, the elevation of privilege flaw resides in the Android system component and can be abused through a method called reflection that allows malicious apps to impersonate legitimate applications while the victim is none the wiser.
https://source.android.com/security/bulletin/2020-05-01
Tomi Engdahl says:
List of well-known web sites that port scan their visitors
https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/
Last weekend, news heavily circulated that eBay.com was port scanning
visitors’ computers when they browsed their site. To see what other
sites may be using this script, BleepingComputer reached out to
DomainTools, a cybersecurity company specializing in web domain and
DNS threat intelligence. Of the sites we tested, we saw Citibank, TD
Bank, Ameriprise, Chick-fil-A, Lendup, BeachBody, Equifax IQ connect,
TIAA-CREF, Sky, GumTree, and WePay port scanning our computers.
Tomi Engdahl says:
New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based
Attacks Effective
https://thehackernews.com/2020/05/noise-resilient-flush-attack.html
Modern Intel and AMD processors are susceptible to a new form of
side-channel attack. The new variant aims to improve the accuracy of
these attacks even in a noisy multi-core system. It also works
seamlessly against non-Linux Operating Systems, like macOS.
Tomi Engdahl says:
Highly-targeted attacks on industrial sector hide payload in images
https://www.bleepingcomputer.com/news/security/highly-targeted-attacks-on-industrial-sector-hide-payload-in-images/
Attackers looking to steal employee credentials from organizations
tied to the industrial sector deployed highly-targeted operations that
delivered malicious PowerShell scripts in images. Victims in multiple
countries (Japan, the U.K., Germany, Italy) were identified. Some of
them supply equipment and software solutions to industrial
enterprises.
Tomi Engdahl says:
Microsoft bans Trend Micro driver from Windows 10 for “cheating”
hardware tests
https://www.itpro.co.uk/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
Microsoft has blocked a free antivirus tool developed by Trend Micro
after the security firm was accused of designing its driver to “cheat”
hardware tests through coding trickery.
Tomi Engdahl says:
New Octopus Scanner malware spreads via GitHub supply chain attack
https://www.bleepingcomputer.com/news/security/new-octopus-scanner-malware-spreads-via-github-supply-chain-attack/
Security researchers have found a new malware that finds and backdoors
open-source NetBeans projects hosted on the GitHub web-based code
hosting platform to spread to Windows, Linux, and macOS systems and
deploy a Remote Administration Tool (RAT). While investigating this
malware, GitHub Security Lab researchers found 26 open source projects
compromised by Octopus Scanner
Tomi Engdahl says:
200K sites with buggy WordPress plugin exposed to takeover attacks and
wiped sites
https://www.bleepingcomputer.com/news/security/200k-sites-with-buggy-wordpress-plugin-exposed-to-wipe-attacks/
PageLayer is a WordPress plugin with over 200, 000+ active
installations according to numbers available on its WordPress plugins
repository entry.
Tomi Engdahl says:
Hack-For-Hire Criminals Spoof WHO To Target Google Credentials
https://threatpost.com/hack-hire-spoof-who-google-credentials/156100/
Hack-for-hire organizations are the latest group of cybercriminals to
take advantage of the ongoing coronavirus pandemic, using COVID-19 as
a lure in phishing emails bent on stealing victims’ Google
credentials.
Tomi Engdahl says:
Google Threat Analysis Group: Updates about government-backed hacking
and disinformation
https://blog.google/threat-analysis-group/updates-about-government-backed-hacking-and-disinformation
Last month, we sent 1, 755 warnings to users whose accounts were
targets of government-backed attackers.
Tomi Engdahl says:
Virus Apps Expose Tension Between Privacy and Need for Data
https://www.securityweek.com/virus-apps-expose-tension-between-privacy-and-need-data
As more governments turn to tracing apps in the fight against the coronavirus, a deep-rooted tension between the need for public health information and privacy rights has been thrust into the spotlight.
Track-and-trace technology is being touted as a silver bullet that will allow economies to reopen and people to emerge from home confinement, with health authorities keeping tabs on the virus’s spread.
But many fear personal data gathered by governments or companies in the name of pandemic control will be abused for political or commercial gain, or outright oppression in authoritarian states.
“If we are not careful, the epidemic might mark an important watershed in the history of surveillance,” Israeli historian Yuval Noah Harari wrote in The Financial Times at the height of the coronavirus outbreak.
Tomi Engdahl says:
The Security of Your Android Device May Depend on Where You Live
https://www.securityweek.com/security-your-android-device-may-depend-where-you-live
Region-specific Default Configurations and Settings for Android Devices Cause Varied Security Posture for Mobile Users
Tomi Engdahl says:
Israeli Cyber Chief: Major Attack on Water Systems Thwarted
https://www.securityweek.com/israeli-cyber-chief-major-attack-water-systems-thwarted
Israel’s national cyber chief Thursday officially acknowledged the country had thwarted a major cyber attack last month against its water systems, an assault widely attributed to arch-enemy Iran, calling it a “synchronized and organized attack” aimed at disrupting key national infrastructure.
Tomi Engdahl says:
Anonymous Hacked Chicago Police Dept Radios And Played NWA’s ‘F The Police’ During Protests
https://brobible.com/culture/article/anonymous-hacked-chicago-police-dept-scanners-radios-nwa/
On Saturday night while many cities in the US protested police brutality, hacktivist group Anonymous resurfaced to support those criticizing the Minneapolis Police Department in the wake of the death of George Floyd at the hands of police officer Derek Chauvin.
https://www.dailydot.com/debug/anonymous-chicago-cops-radios-fck-tha-police/
Tomi Engdahl says:
DON’T TRACK ME, BRO — As the Minnesota protests have spilled across the country, fueled by protestors angered over the police killing of an unarmed Minneapolis man named George Floyd, the protests have morphed into marches and demonstrations that have turned violent everywhere from New York City to Los Angeles. Curfews are being imposed in major cities around the US at the time of this writing, and at least eight states, as well as the District of Columbia, have requested the National Guard to assist local law enforcement.
Minnesota is now using contact tracing to track protestors, as demonstrations escalate
https://www.google.com/amp/s/bgr.com/2020/05/30/minnesota-protest-contact-tracing-used-to-track-demonstrators/amp/
Minnesota protests are continuing to escalate and inspire similar demonstrations around the country in the wake of police killing an unarmed Minneapolis man this week named George Floyd.
Minnesota officials say they’re using contact tracing to better understand who the protestors are and where they’re coming from.
Contact tracing has previously been used as part of a comprehensive coronavirus response.
Tomi Engdahl says:
Counter Threat Unit Researchers Publish Threat Group Definitions
https://www.secureworks.com/blog/counter-threat-unit-researchers-publish-threat-group-definitions
Today, the Secureworks® Counter Threat Unit (CTU) research team began
publishing Threat Group profiles on the Secureworks website. The
profiles include a summary of the groups, their objectives, other
aliases by which the groups are known, and the malware they use. Both
criminal and government-sponsored Threat Groups are included.. Threat
Profiles: https://www.secureworks.com/research/threat-profiles
Tomi Engdahl says:
Anonymous hack Chicago police radios to play NWA’s ‘Fuck Tha Police’
The hacktivist group announced their return over the weekend
https://www.nme.com/news/music/anonymous-hack-chicago-police-radios-to-play-nwas-fuck-tha-police-2680017?fbclid=IwAR2txftXsL-2Uv6UggfTYocIsjs6uWeuBIEdpnSfbmzIalFW6aeFMxH61gk
Notorious hacker group Anonymous hacked into the Chicago Police Department’s radios and played NWA‘s ‘Fuck Tha Police’ down the line, according to online reports.
The move comes after the group announced their return to social media on Saturday (May 30) in line with global protests over the death of George Floyd in Minneapolis last week
Tomi Engdahl says:
All the security features added in the Windows 10 May 2020 update
Windows 10 v2004 comes with Windows Sandbox improvements, WiFi 6, WPA3, and Windows Hello in Safe Mode.
https://www.zdnet.com/article/all-the-security-features-added-in-the-windows-10-may-2020-update/
Tomi Engdahl says:
New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD
Eighteen of the 26 bugs impact Linux. Eleven have been patched already.
https://www.zdnet.com/article/new-fuzzing-tool-finds-26-usb-bugs-in-linux-windows-macos-and-freebsd/
https://etn.fi/index.php/13-news/10830-tutkijat-loysivat-26-usb-haavoittuvuutta-linux-reikaisin
Lausannessa sijaitsevan EPFL:n eli polyteknisen korkeakoulun tutkijat ovat kehittämällään työkalulla löytäneet peräti 26 haavoittuvuutta USB-ajurien protokollista. Kaikkiaan bugeja löytyi 26. Huomattavaa on se, että bugeista 18 löytyi Linux-käyttöjärjestelmistä.
Tomi Engdahl says:
Virus Apps Expose Tension Between Privacy and Need for Data
https://www.securityweek.com/virus-apps-expose-tension-between-privacy-and-need-data