A variant of a remote code execution vulnerability with Internet Explorer’s scripting engine known as CVE-2018-8373 patched last August has been found in the wild. Looking at the IOCs posted by our colleagues at TrendMicro, we recognized the infrastructure serving this exploit.
Malicious cryptocurrency miners have been the latest ‘trend’ with cybercriminals. This is malicious software that gets installed onto a victim’s system that is able to use it’s processing power to mine a cryptocurrency coin. Thus, making money for the bad actor at the expense of someone else.
Consider this scenario: Two never-before-seen, heavily obfuscated scripts manage to slip past file-based detection and dynamically load an info-stealing payload into memory. The scripts are part of a social engineering campaign that tricks potential victims into running the scripts, which use the file names install_flash_player.js and BME040429CB0_1446_FAC_20130812.XML.PDF.js, to distribute and run the payload.
The payload is sophisticated and particularly elusive, given that it:
Doesn’t touch the disk, and does not trigger antivirus file scanning
Is loaded in the context of the legitimate process that executed the scripts (i.e., wscript.exe)
Leaves no traces on the disk, such that forensic analysis finds limited evidence
These are markers of a fileless threat. Still, Windows Defender Advanced Threat Protection (Windows Defender ATP) antivirus capabilities detect the payload, stopping the attack in its tracks. How is this possible?
In this scenario, Antimalware Scan Interface (AMSI) facilitates detection. AMSI is an open interface that allows antivirus solutions to inspect script behavior by exposing script contents in a form that is both unencrypted and unobfuscated.
Women’s online fashion retailer SHEIN has been hit by malware that snagged 6.42m site visitors’ email addresses and encrypted passwords, the company has announced.
SHEIN said that it discovered the breach on 22 August, but that it actually started in June and continued through early August. Those details may change as the investigation continues
Beginning in early 2018, Unit 42 observed a series of attacks using a previously unreported malware family, which we have named ‘NOKKI’. The malware in question has ties to a previously reported malware family named KONNI, however, after careful consideration, we believe enough differences are present to introduce a different malware family name. To reflect the close relationship with KONNI, we chose NOKKI, swapping KONNI’s Ns and Ks.
Because of code overlap found within both malware families, as well as infrastructure overlap, we believe the threat actors responsible for KONNI are very likely also responsible for NOKKI.
On September 25th, the Port of San Diego announced that their information technology systems had been disrupted by a cyber attack. In an announcement today, it was announced that this disruption was caused by a ransomware attack.
“The Port of San Diego continues to investigate a serious cybersecurity incident that has disrupted the agency’s information technology systems, and the Port’s investigation so far has determined that ransomware was involved in this attack” said Port of San Diego CEO Randa Coniglio.
A new report suggests that front-end security in smart vehicles is improving but the back-end is a different story.
A car was once simply a way to go from A to B and whether or not you purchased a cheap runaround or a luxury model, they all simply had one purpose: travel.
However, our vehicles are now becoming smarter. Rear-view cameras, GPS-based map assistants, mobile apps, self-driving features and always-on connectivity are becoming common, such as through Apple CarPlay and Google’s Android Auto.
Vehicle connectivity provides a new channel for the collection of data, a valuable commodity for automakers and technology vendors. However, this conduit requires Internet access — and this, in turn, has created a channel in which attacks can be performed.
Russia’s GRU has secretly developed and deployed new malware that’s virtually impossible to eradicate, capable of surviving a complete wipe of a target computer’s hard drive, and allows the Kremlin’s hackers to return again and again.
The malware, uncovered by the European security company ESET, works by rewriting the code flashed into a computer’s UEFI chip, a small slab of silicon on the motherboard that controls the boot and reboot process. Its apparent purpose is to maintain access to a high-value target in the event the operating system gets reinstalled or the hard drive replaced—changes that would normally kick out an intruder.
ESET researchers have shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe
This blogpost describes a way to exploit a Linux kernel bug (CVE-2018-17182) that exists since kernel version 3.16. While the bug itself is in code that
is reachable even from relatively strongly sandboxed contexts, this blogpost only describes a way to exploit it in environments that use Linux kernels
that haven’t been configured for increased security (specifically, Ubuntu 18.04 with kernel linux-image-4.15.0-34-generic at version 4.15.0-34.37). This
demonstrates how the kernel configuration can have a big impact on the difficulty of exploiting a kernel bug.
Suomi.fi-tunnistautumispalvelu kärsi tiistaina iltapäivällä toimintavaikeuksista, jotka johtuivat palvelunestohyökkäyksestä. Monet tunnistautumisen kautta toimivat palvelut olivat poissa käytöstä, ennen kuin hyökkäys saatiin laantumaan muun muassa ulkomailta tulevaa liikennettä palvelusta pois ohjaamalla.
Ulkomailla on yhä enemmän Suomen kansalaisia ja muita ulkoasiainhallinnon palveluiden käyttäjiä. Palveluiden saatavuus häiriintyy, jos ratkaisumallina on katkaista ulkomaanliikenne palveluihin.
Mikäli palvelu tai palvelun osa ylikuormittuu, Holmroos-Kolarista on yleensä parempi vaihtoehto rajoittaa liikennettä osittain siten, että suurimmalle osalle käyttäjistä palvelu toimii. Palvelun toimimattomuudesta kärsivien käyttäjien määrä voidaan minimoida, kunnes tilanne saadaan vakautettua ja palautettua ennalleen.
The flaw in Election Systems & Software’s Model 650 high-speed ballot-counting machine was detailed in 2007
Election machines used in more than half of U.S. states carry a flaw disclosed more than a decade ago that makes them vulnerable to a cyberattack, according to a report to be delivered Thursday on Capitol Hill.
Teens blame politicians and social media sites for failing to protect them
A majority of U.S. teens have been subject to online abuse, according to a new study from Pew Research Center, out this morning. Specifically, that means they’ve experienced at least one of a half-dozen types of online cyberbullying, including name-calling, being subject to false rumors, receiving explicit images they didn’t ask for, having explicit images of themselves shared without their consent, physical threats, or being constantly asked about their location and activities in a stalker-ish fashion by someone who is not their parents.
Of these, name-calling and being subject to false rumors were the top two categories of abuse teens were subject to, with 42% and 32% of teens reporting it had happened to them.
a large majority – 90% – of teens now believe that online harassment is a problem and 63% say it’s what they consider a “major” problem.
girls and boys are both harassed online in fairly equal measure
receiving or avoiding abuse is directly tied to how much screen time teens put in.
That is, the more teens go online, the more abuse they’ll receive.
Forty-five percent of teens say they’re online almost constantly, and they are more likely to be harassed, as a result.
Many of the top media sites were largely built by young people when they were first founded, and those people were often men. The sites were created in an almost naive fashion, with regard to online abuse. Protections – like muting, filters, blocking, and reporting – were generally introduced in a reactive fashion
After all, device addiction resulting in increased exposure to online abuse is not a plague that only affects teens.
Facebook on Friday said an attack on its computer network led to the exposure of information from nearly 50 million of its users.
The company discovered the breach earlier this week, finding that attackers had exploited a feature in Facebook’s code that allowed them to take over user accounts. Facebook fixed the vulnerability and notified law enforcement officials.
More than 90 million of Facebook’s users were forced to log out of their accounts Friday morning, a common safety measure for compromised accounts.
Senator Mark Warner (D-VA) has issued a stern reprimand to Facebook over today’s revelation that 50 million users had their access token stolen by a hacker. “This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users” Warner writes. As I’ve said before – the era of the Wild West in social media is over.”
[Update: FTC Commisioner Rohit Chopra has now tweeted that “I want answers” regarding the Facebook hack, further strengthening the possibility that today’s problem will trigger more calls for regulation.]
Were you unexpectedly logged out of your Facebook session just this morning (28th September, 2018)? Well, there is a reason for that, and it had to do with a brand new security vulnerability in Facebook, BBC reported
The security flaw resided in a feature known as “View As”. According to Facebook, attackers were able to exploit the feature to gain control of users’ accounts. The flaw was discovered on Tuesday this week, and the police have also been informed.
Facebook users that had potentially been affected by the bug were prompted to re-log-in on Friday. The number of affected users amounts to 50 million. Fortunately, the bug has already been addressed, as reported by Facebook’s head of security, Guy Rosen.
Today we have news of a confirmed security vulnerability that impacts tens of millions of legacy Dell EMC servers. This vulnerability is known and is a broader industry-wide issue that impacts far more than Dell EMC iDRAC. We are calling this one iDRACula short for “integrated Dell Remote Access Controller unauthorized load access.” Earlier this week, a user on the STH forums posted that along with another individual, they were able to bypass the Dell EMC iDRAC firmware protections and load their own custom firmware onto the iDRAC baseboard management controller both via local access and via a remote access method.
Virtually every server today is shipped with an embedded computer that allows for remote administration.
Dell EMC PowerEdge servers are one of, if not the, most respected brands in the server industry. PowerEdge management uses their BMC and a software management solution called iDRAC (integrated Dell Remote Access Controller.)
Another day, another major security breach, and even more pain for Facebook which in recent months has failed to keep up with the FANG euphoria.
Facebook said that on September 25 it discovered a security breach which affected almost 50 million accounts. The company said it’s investigating the breach, which allowed hackers to take over a person’s account.
Facebook is cleaning up after a major security incident exposed the account data of millions of users. What’s already been a rocky year after the Cambridge Analytica scandal
What happened?
Facebook says at least 50 million users’ data may be at risk after attackers exploited a vulnerability that allowed them access to personal data. The company also preventively secure 40 million additional accounts out of an abundance of caution.
What data were the hackers after?
Facebook CEO Mark Zuckerberg said that the company has not seen any accounts compromised and improperly accessed — although it’s early days and that may change. But Zuckerberg said that the attackers were using Facebook developer APIs
Some users are reporting that they are unable to post today’s big story about a security breach affecting 50 million Facebook users. The issue appears to only affect particular stories from certain outlets, at this time one story from The Guardian and one from the Associated Press, both reputable press outlets.
Even if you never log into Facebook itself these days, the other apps and services you use might be impacted by Facebook’s latest big, bad news.
Third-party apps and sites affected too
Due to the nature of the hack, Facebook cannot rule out the fact that attackers may have also accessed any Instagram account linked to an affected Facebook
“So the vulnerability was on Facebook, but these access tokens enable someone to use [a connected account] as if they were the account holder themselves — this does mean they could have access other third party apps that were using Facebook login,” Facebook Vice President of Product Management Guy Rosen explained on the call.
Tietoturvaongelman takia kaikkiaan 90 miljoonaa Facebookin käyttäjää joutuu kirjautumaan uudelleen sisään palveluun kaikilla laitteillaan. Facebook kirjaa varotoimena ainakin 40 miljoonaa käyttäjää automaattisesti ulos tileiltään.
Facebook is already facing immense fallout from revelations this morning that a hacker exploited a security flaw in a popular feature of the social network to steal account credentials of as many as 50 million users. The company is now facing a class-action complaint filed on behalf of one California resident, Carla Echavarria, and one Virginia resident, Derick Walker. Both allege that Facebook’s lack of proper security has exposed them and additional potential class members to a significantly increased chance of identity theft as a result of the breach.
Zoho .com was pulled offline on Monday after the company’s domain registrar received phishing complaints, the company’s chief executive said.
The web-based office suite company, which also provides customer relationship and invoicing services to small businesses, tweeted that the site was “blocked” earlier in the day by TierraNet, which administers its domain name.
Wired:
How the security breach that made 50M Facebook accounts vulnerable to takeover worked and what information may have been accessed — FACEBOOK’S PRIVACY PROBLEMS severely escalated Friday when the social network disclosed that an unprecedented security issue, discovered September 25, impacted almost 50 million user accounts.
an unprecedented security issue, discovered September 25, impacted almost 50 million user accounts. Unlike the Cambridge Analytica scandal, in which a third-party company erroneously accessed data that a then-legitimate quiz app had siphoned up, this vulnerability allowed attackers to directly take over user accounts.
The bugs that enabled the attack have since been patched, according to Facebook. The company says that the attackers could see everything in a victim’s profile, although it’s still unclear if that includes private messages or if any of that data was misused. As part of that fix, Facebook automatically logged out 90 million Facebook users from their accounts Friday morning, accounting both for the 50 million that Facebook knows were affected, and an additional 40 million that potentially could have been
“We were able to fix the vulnerability and secure the accounts, but it definitely is an issue that it happened in the first place.”
MARK ZUCKERBERG, FACEBOOK
Facebook says that affected users will see a message at the top of their News Feed about the issue when they log back into the social network.
Facebook has yet to identify the hackers, or where they may have originated. “We may never know,” Guy Rosen, Facebook’s vice president of product, said on a call with reporters Friday. The company is now working with the Federal Bureau of Investigations to identify the attackers.
“This is a really serious security issue, and we’re taking it really seriously,”
The social network says its investigation into the breach began on September 16, when it saw an unusual spike in users accessing Facebook. On September 25, the company’s engineering team discovered that hackers appear to have exploited a series of bugs
“This is a complex interaction of multiple bugs,” Rosen said, adding that the hackers likely required some level of sophistication.
That also explains Friday morning’s logouts; they served to reset the access tokens of both those directly affected and any additional accounts “that have been subject to a View As look-up” in the last year, Rosen said.
“It’s easy to say that security testing should have caught this, but these types of security vulnerabilities can be extremely difficult to spot or catch since they rely on having to dynamically test the site itself as it’s running,”
The vulnerability couldn’t have come at a worse time for Facebook, whose executives are still reeling from a series of scandals that unfolded in the wake of the 2016 US presidential election.
The social network already faces multiple federal investigations into its privacy and data-sharing practices
“There simply might be no suitable trace or intelligence allowing investigators to connect the dots.”
SECURITY RESEARCHER LUKASZ OLEJNIK
It also faces the specter of more aggressive regulation from Congress, on the heels of a series of occasionally contentious hearings about data privacy.
vice chairman of the Senate Intelligence Committee, called for a “full investigation” into the breach. “Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures,”
Facebook may also face unprecedented scrutiny in Europe, where the new General Data Protection Regulation, or GDPR, requires companies disclose a breach to a European agency within 72 hours of it occurring. In cases of high risk to users, the regulation also requires that they be notified directly. Facebook says it has notified the Irish Data Protection Commission about the issue.
This is the second security vulnerability that Facebook has disclosed in recent months. In June, the company announced it had discovered a bug that made up to 14 million people’s posts publicly viewable to anyone for days.
Will Oremus / Slate:
Facebook says hackers could have also gained access to users’ accounts on other apps and websites, including Instagram and Oculus accounts, via Facebook Login — Hours after Facebook announced on Friday a huge data breach that affected at least 50 million users, the news got worse.
Motherboard:
Facebook: vulnerability was the result of 3 distinct bugs and was introduced in July 2017, attackers could use the account as if they were the account holder — Facebook “discovered a security issue” that the company said allowed attackers to “take over people’s accounts.”
Facebook disclosed that hackers stole data from 50 million people on Friday.
In a blog post, Facebook’s vice president of product management Guy Rosen said that the company’s engineering team “discovered a security issue affecting almost 50 million accounts.”
“It’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As,” a feature that lets people see what their own profile looks like to someone else,” Rosen wrote. “This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.”
“The vulnerability itself was the result of three distinct bugs and was introduced in July 2017,” Rosen told reporters in a press call. “It’s important to say—the attackers could use the account as if they were the account holder.”
Facebook “discovered a security issue” that the company said allowed attackers to “take over people’s accounts.”
Apple’s VP of software technology described privacy as a “core value” for the company.
“We want your device to know everything about you but we don’t think we should,” Bud Tribble told them in his opening remarks.
Facebook was not at the commerce committee hearing which, as well as Apple, included reps from Amazon, AT&T, Charter Communications, Google and Twitter.
According to Reuters, Facebook has the capability to wiretap Messenger calls “with some effort,” but it’s unable to do so for WhatsApp calls. The government now seems to have dropped its request.
Fresno-based federal judge won’t force Facebook to help MS-13 investigation.
A federal judge in Fresno, California recently denied prosecutors’ request to force Facebook to wiretap voice calls by suspected gang members conducted over Messenger.
“Currently, there is no practical method available by which law enforcement can monitor these calls,” FBI Special Agent Ryan Yetter wrote
While traditional telecom companies must give access to police under a 1990s-era law known as CALEA, Internet-based calls are exempt, despite the government’s previous efforts to change the law.
An uncorrected security flaw in a vote-counting machine used in 23 US states leaves it vulnerable to hacking 11 years after the manufacturer was alerted to it, security researchers say.
The M650 high-speed ballot scanner is made by Election Systems & Software, the nation’s leading elections equipment vendor.
M650. If successfully hacked by someone intent on changing vote totals in a swing-state county, “it could flip the Electoral College,” he said.
“One infected disk can take over the entire election system,”
initially detected the flaw in a 2007 report
Cybersecurity experts have long complained that the nation’s antiquated elections infrastructure is highly vulnerable to tampering — now a critical concern given documented Russian attempts to influence the 2016 presidential election.
elections are administered by the states and security is typically shortchanged. Other recommendations included retiring electronic machines that lack a “human-readable” paper trail and making reliable post-election audits mandatory.
The DefCon village, now in its second year, was attended by more than 100 elections officials from across the nation. Senior officials from the National Security Agency and the Department of Homeland Security endorsed its organizers’ assertion that the best way to secure elections equipment is to let friendly hackers attack it.
Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles.
vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people.
“This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts,” Facebook wrote. “Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
The company said it was just beginning its investigation, and that it doesn’t yet know some basic facts about the incident, such as whether these accounts were misused, if any private information was accessed, or who might be responsible for these attacks.
A Facebook spokesperson confirmed that while it was technically possible that an attacker could have abused this bug to target third-party apps and sites that use Facebook logins, the company doesn’t have any evidence so far that this has happened.
“We have invalidated data access for third-party apps for the affected individuals,” the spokesperson said, referring to the 90 million account that were forcibly logged out today and presented with a notification about the incident at the top of their feed.
Original story:
Facebook says there is no need for users to reset their passwords as a result of this breach, although that is certainly an option.
Hide and Seek, a new IoT botnet discovered by our honeypot system in early January, has quickly gained notoriety after amassing over 90,000 devices in a large botnet in a matter of days. While the first variant performed brute force attacks over the Telnet service to jack into devices, later updates involved new command injection exploits in a device’s web interface, which extended the botnet’s capabilities to IPTV cameras.
The newly identified samples add functionality by exploiting the Android Debug Bridge (ADB) over Wi-Fi feature in Android devices
As of 29 September, the EU-wide legislation on the electronic identification (eIDAS Regulation) will enter into force enabling cross-border recognition of the electronic ID and allowing citizens and business to share their identity data when necessary. People will be able to use their electronic ID (eID) such as ID cards, driver licenses, bank cards and fill tax returns online, access medical records and online public services across the EU.
The Verge:
A look at how HSI, the investigative arm of ICE, used a New Deal-era warrant called the customs summons to help shutdown South Korean spycam porn site Soranet — How did US customs officials get involved in taking down a South Korean porn site? — Over the course of this summer …
In South Korea, molka is closely associated with the now-defunct site Soranet — a “hub of pornographic materials in Korea,” according to one anti-trafficking group. Though police shut down the site in 2016, and Korean police arrested one of Soranet’s admins this past June, the site continues to be the central cultural touchstone in the battle over nonconsensual pornography and other abusive porn in South Korea.
The battle over Soranet is the culmination of a new wave of feminist activism in South Korea, a highly developed country that nonetheless holds societal views on gender that are considered regressive in other OECD countries.
Agents from the investigative arm of ICE attempted to help chase down Soranet admins
HSI investigates cross-border crimes, from money laundering to human trafficking to weapons smuggling. In the case of Soranet, it appears HSI issued a customs summons — a New Deal-era administrative warrant originally meant to address, say, illegal imports — in order to demand information about Soranet’s admins from Google, Yahoo, and Microsoft.
The Verge’s reporting suggests that this is one of the first times that a customs summons has been used to pursue a website operating abroad.
It’s unclear when HSI agents began using customs summonses in online child porn cases.
Records from more than two dozen child porn investigations, including one from 2017, show HSI agents sent customs summons to ISPs like Comcast as well as tech companies like PayPal, Yahoo, and Google.
The origins of Soranet seem jarringly benign for a site that has mobilized tens of thousands of protesters to take to the streets and an international effort to track down its administrators.
For “Sora,” Soranet’s anonymous founder, access to erotic material is a democratic right.
The site launched a time of fierce debate over whether the Korean government should block “obscene” websites in the name of protecting minors. Sora peppered free expression banners in between the sexy GIFs on the homepage.
Soranet catered to a broad spectrum of orientations, yearnings, and fetishes.
Soranet would later claim the site blocked users who uploaded photos taken without consent, saying it “immediately deletes the postings that seem like revenge porn.”
Sora added a disclaimer to the homepage: Soranet wasn’t targeted to “Koreans living in Korea,” but was rather “an adult-only service for Korean language users in North America, Japan, Australia, and Europe, where adult content is legal.”
In November 2015, the Korean government decided to take down Soranet for good
“Korean politicians, as well as the elected chief of the Korean National Police Agency, have publicly pledged to suppress the Website,” Doe 1 wrote in a May 2016 motion. “These Korean authorities have apparently enlisted the help of agents of the United States government.” (Doe 1’s attorney also declined to discuss the case.)
Estonian police are seeking to recover 152 million euros ($178 mln) in a lawsuit filed on Thursday against digital security firm Gemalto, following a recall last year when security flaws were found in citizen ID cards produced by the firm.
The vulnerabilities to hacker attacks found in government- issued ID cards supplied by the Franco-Dutch company marked an embarrassing setback for Estonia, which has billed itself as the world’s most digitalised “e-government”.
Most of its 1.3 million people use electronic ID cards to access public services digitally.
The PPA also said it planned to file separate claims for other breaches of the contract. Estonia had used Gemalto and its predecessor for its ID cards since 2002, but replaced the manufacturer with Idemia after it found serious security flaws last year.
The Guardian:
UK’s Conservative Party conference app allowed anyone to login without a password, just by using attendee’s email, revealed personal details like phone numbers
Images posted to social media show people accessing data of senior Tories such as Boris Johnson and Michael Gove
A major flaw in the Conservatives’ official conference mobile phone application has made the private data of senior party members – including cabinet ministers – accessible to anyone that logged in as that particular conference attendee.
The data of hundreds of attendees to the Tory conference could be viewed by second guessing attendees’ email addresses, with Boris Johnson, Michael Gove, Gavin Williamson and others among those whose personal information – including their phone numbers – was made accessible.
Once logged into the app, users were able to both amend and make the personal details of prominent MPs public. Twitter users claimed Johnson’s picture had been briefly changed to one featuring a pornographic image.
Labour said that the mishap raised questions around national security and recommended the Tories provide computer training to their members. “How can we trust this Tory government with our country’s security when they can’t even build a conference app that keeps the data of their members, MPs and others attending safe and secure?”, said John Trickett, the shadow Cabinet Office minister.
“The Conservative party should roll out some basic computer security training to get their house in order.”
The Information Commissioner’s Office (ICO) said it would be making inquiries about the breach and added that “organisations have a legal duty to keep personal data safe and secure”.
Under GDPR, organisations must notify the ICO within 72 hours of becoming aware of a personal data breach, if it could pose a risk to people’s rights and freedoms. The app’s privacy policy states that it complies with the EU’s GDPR.
A Momentum spokesperson criticised the “staggering incompetence” of the Conservative party and cited the success of its own in-house app during the Labour party conference this week.
Sam Schechner / Wall Street Journal:
EU’s privacy watchdog says Facebook notified them about breach on Thursday evening; experts say that seems to comply with GDPR and may limit exposure to fines — Privacy watchdog looks into whether social network violated European’s Union new privacy law — A European Union privacy watchdog …
A European Union privacy watchdog could fine Facebook Inc. as much as $1.63 billion for a data breach announced Friday in which hackers compromised the accounts of more than 50 million users, if regulators find the company violated the bloc’s strict new privacy law.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
493 Comments
Tomi Engdahl says:
Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT
https://blog.malwarebytes.com/threat-analysis/2018/09/buggy-implementation-of-cve-2018-8373-used-to-deliver-quasar-rat/
A variant of a remote code execution vulnerability with Internet Explorer’s scripting engine known as CVE-2018-8373 patched last August has been found in the wild. Looking at the IOCs posted by our colleagues at TrendMicro, we recognized the infrastructure serving this exploit.
Tomi Engdahl says:
The Coin Rush
https://umbrella.cisco.com/blog/2018/09/26/the-coin-rush/
Subscribe
Malicious cryptocurrency miners have been the latest ‘trend’ with cybercriminals. This is malicious software that gets installed onto a victim’s system that is able to use it’s processing power to mine a cryptocurrency coin. Thus, making money for the bad actor at the expense of someone else.
Tomi Engdahl says:
Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV
https://cloudblogs.microsoft.com/microsoftsecure/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/
Consider this scenario: Two never-before-seen, heavily obfuscated scripts manage to slip past file-based detection and dynamically load an info-stealing payload into memory. The scripts are part of a social engineering campaign that tricks potential victims into running the scripts, which use the file names install_flash_player.js and BME040429CB0_1446_FAC_20130812.XML.PDF.js, to distribute and run the payload.
The payload is sophisticated and particularly elusive, given that it:
Doesn’t touch the disk, and does not trigger antivirus file scanning
Is loaded in the context of the legitimate process that executed the scripts (i.e., wscript.exe)
Leaves no traces on the disk, such that forensic analysis finds limited evidence
These are markers of a fileless threat. Still, Windows Defender Advanced Threat Protection (Windows Defender ATP) antivirus capabilities detect the payload, stopping the attack in its tracks. How is this possible?
In this scenario, Antimalware Scan Interface (AMSI) facilitates detection. AMSI is an open interface that allows antivirus solutions to inspect script behavior by exposing script contents in a form that is both unencrypted and unobfuscated.
Tomi Engdahl says:
Malware hits fashion giant SHEIN; 6.42 million online shoppers affected
https://nakedsecurity.sophos.com/2018/09/27/malware-hits-fashion-giant-shein-6-42-million-online-shoppers-affected/
Women’s online fashion retailer SHEIN has been hit by malware that snagged 6.42m site visitors’ email addresses and encrypted passwords, the company has announced.
SHEIN said that it discovered the breach on 22 August, but that it actually started in June and continued through early August. Those details may change as the investigation continues
Tomi Engdahl says:
New KONNI Malware attacking Eurasia and Southeast Asia
https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/
Beginning in early 2018, Unit 42 observed a series of attacks using a previously unreported malware family, which we have named ‘NOKKI’. The malware in question has ties to a previously reported malware family named KONNI, however, after careful consideration, we believe enough differences are present to introduce a different malware family name. To reflect the close relationship with KONNI, we chose NOKKI, swapping KONNI’s Ns and Ks.
Because of code overlap found within both malware families, as well as infrastructure overlap, we believe the threat actors responsible for KONNI are very likely also responsible for NOKKI.
Tomi Engdahl says:
Port of San Diego Affected by a Ransomware Attack
https://www.bleepingcomputer.com/news/security/port-of-san-diego-affected-by-a-ransomware-attack/
On September 25th, the Port of San Diego announced that their information technology systems had been disrupted by a cyber attack. In an announcement today, it was announced that this disruption was caused by a ransomware attack.
“The Port of San Diego continues to investigate a serious cybersecurity incident that has disrupted the agency’s information technology systems, and the Port’s investigation so far has determined that ransomware was involved in this attack” said Port of San Diego CEO Randa Coniglio.
Tomi Engdahl says:
How automakers are tackling connected vehicle vulnerability management
https://www.zdnet.com/article/how-automakers-are-tackling-the-connected-vehicle-cyberthreat-landscape/
A new report suggests that front-end security in smart vehicles is improving but the back-end is a different story.
A car was once simply a way to go from A to B and whether or not you purchased a cheap runaround or a luxury model, they all simply had one purpose: travel.
However, our vehicles are now becoming smarter. Rear-view cameras, GPS-based map assistants, mobile apps, self-driving features and always-on connectivity are becoming common, such as through Apple CarPlay and Google’s Android Auto.
Vehicle connectivity provides a new channel for the collection of data, a valuable commodity for automakers and technology vendors. However, this conduit requires Internet access — and this, in turn, has created a channel in which attacks can be performed.
Tomi Engdahl says:
Fancy Bear, the Russian Election Hackers, Have a Nasty New Weapon
If Putin’s new malware hits you, don’t bother wiping your hard drive. Just throw out your computer.
https://www.thedailybeast.com/fancy-bear-the-russian-election-hackers-have-a-nasty-new-weapon
Russia’s GRU has secretly developed and deployed new malware that’s virtually impossible to eradicate, capable of surviving a complete wipe of a target computer’s hard drive, and allows the Kremlin’s hackers to return again and again.
The malware, uncovered by the European security company ESET, works by rewriting the code flashed into a computer’s UEFI chip, a small slab of silicon on the motherboard that controls the boot and reboot process. Its apparent purpose is to maintain access to a high-value target in the event the operating system gets reinstalled or the hard drive replaced—changes that would normally kick out an intruder.
Tomi Engdahl says:
LOJAX
First UEFI rootkit found in the wild, courtesy of the Sednit group
https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf
Tomi Engdahl says:
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
ESET researchers have shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe
Tomi Engdahl says:
Facebook Is Giving Advertisers Access to Your Shadow Contact Information
https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051
Tomi Engdahl says:
A cache invalidation bug in Linux memory management
https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html
This blogpost describes a way to exploit a Linux kernel bug (CVE-2018-17182) that exists since kernel version 3.16. While the bug itself is in code that
is reachable even from relatively strongly sandboxed contexts, this blogpost only describes a way to exploit it in environments that use Linux kernels
that haven’t been configured for increased security (specifically, Ubuntu 18.04 with kernel linux-image-4.15.0-34-generic at version 4.15.0-34.37). This
demonstrates how the kernel configuration can have a big impact on the difficulty of exploiting a kernel bug.
Tomi Engdahl says:
https://www.tivi.fi/Kaikki_uutiset/palvelunestohyokkayksen-torjunta-heratti-kritiikkia-ulkomaan-liikenteen-katkaiseminen-ei-ole-kestava-ratkaisu-6742804
Suomi.fi-tunnistautumispalvelu kärsi tiistaina iltapäivällä toimintavaikeuksista, jotka johtuivat palvelunestohyökkäyksestä. Monet tunnistautumisen kautta toimivat palvelut olivat poissa käytöstä, ennen kuin hyökkäys saatiin laantumaan muun muassa ulkomailta tulevaa liikennettä palvelusta pois ohjaamalla.
Ulkomailla on yhä enemmän Suomen kansalaisia ja muita ulkoasiainhallinnon palveluiden käyttäjiä. Palveluiden saatavuus häiriintyy, jos ratkaisumallina on katkaista ulkomaanliikenne palveluihin.
Mikäli palvelu tai palvelun osa ylikuormittuu, Holmroos-Kolarista on yleensä parempi vaihtoehto rajoittaa liikennettä osittain siten, että suurimmalle osalle käyttäjistä palvelu toimii. Palvelun toimimattomuudesta kärsivien käyttäjien määrä voidaan minimoida, kunnes tilanne saadaan vakautettua ja palautettua ennalleen.
Tomi Engdahl says:
Uber pays $148m over data breach cover-up
https://www.bbc.com/news/technology-45666280
Ride-hailing firm Uber is paying $148m (£113m) to settle legal action over a cyber-attack that exposed data from 57 million customers and drivers.
The massive breach happened in 2016 but Uber sought to hide it from regulators.
The company paid the hackers behind the intrusion $100,000 to delete the data they grabbed from Uber’s cloud servers.
The payment settles action brought by the US government and 50 states over Uber’s failure to disclose details of the data loss.
Tomi Engdahl says:
U.S.
Voting Machine Used in Half of U.S. Is Vulnerable to Attack, Report Finds
https://www.wsj.com/articles/widely-used-election-systems-are-vulnerable-to-attack-report-finds-1538020802?mod=e2fb
The flaw in Election Systems & Software’s Model 650 high-speed ballot-counting machine was detailed in 2007
Election machines used in more than half of U.S. states carry a flaw disclosed more than a decade ago that makes them vulnerable to a cyberattack, according to a report to be delivered Thursday on Capitol Hill.
Tomi Engdahl says:
Pew: A majority of U.S. teens are bullied online
https://techcrunch.com/2018/09/27/pew-a-majority-of-u-s-teens-are-bullied-online/?utm_source=tcfbpage&sr_share=facebook
Teens blame politicians and social media sites for failing to protect them
A majority of U.S. teens have been subject to online abuse, according to a new study from Pew Research Center, out this morning. Specifically, that means they’ve experienced at least one of a half-dozen types of online cyberbullying, including name-calling, being subject to false rumors, receiving explicit images they didn’t ask for, having explicit images of themselves shared without their consent, physical threats, or being constantly asked about their location and activities in a stalker-ish fashion by someone who is not their parents.
Of these, name-calling and being subject to false rumors were the top two categories of abuse teens were subject to, with 42% and 32% of teens reporting it had happened to them.
a large majority – 90% – of teens now believe that online harassment is a problem and 63% say it’s what they consider a “major” problem.
girls and boys are both harassed online in fairly equal measure
receiving or avoiding abuse is directly tied to how much screen time teens put in.
That is, the more teens go online, the more abuse they’ll receive.
Forty-five percent of teens say they’re online almost constantly, and they are more likely to be harassed, as a result.
Many of the top media sites were largely built by young people when they were first founded, and those people were often men. The sites were created in an almost naive fashion, with regard to online abuse. Protections – like muting, filters, blocking, and reporting – were generally introduced in a reactive fashion
After all, device addiction resulting in increased exposure to online abuse is not a plague that only affects teens.
Tomi Engdahl says:
Facebook Network Breach Affects Up to 50 Million Users
https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html
Facebook on Friday said an attack on its computer network led to the exposure of information from nearly 50 million of its users.
The company discovered the breach earlier this week, finding that attackers had exploited a feature in Facebook’s code that allowed them to take over user accounts. Facebook fixed the vulnerability and notified law enforcement officials.
More than 90 million of Facebook’s users were forced to log out of their accounts Friday morning, a common safety measure for compromised accounts.
Tomi Engdahl says:
Facebook hack could hasten regulation as Sen. Warner says Congress must “step up”
https://techcrunch.com/2018/09/28/facebook-breach-warner/?sr_share=facebook&utm_source=tcfbpage
Senator Mark Warner (D-VA) has issued a stern reprimand to Facebook over today’s revelation that 50 million users had their access token stolen by a hacker. “This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users” Warner writes. As I’ve said before – the era of the Wild West in social media is over.”
[Update: FTC Commisioner Rohit Chopra has now tweeted that “I want answers” regarding the Facebook hack, further strengthening the possibility that today’s problem will trigger more calls for regulation.]
Tomi Engdahl says:
50M Facebook Users Exposed by Security Bug Were Asked to Re-Log-In
https://sensorstechforum.com/50m-facebook-users-exposed-security-bug-asked-re-log/
Were you unexpectedly logged out of your Facebook session just this morning (28th September, 2018)? Well, there is a reason for that, and it had to do with a brand new security vulnerability in Facebook, BBC reported
The security flaw resided in a feature known as “View As”. According to Facebook, attackers were able to exploit the feature to gain control of users’ accounts. The flaw was discovered on Tuesday this week, and the police have also been informed.
Facebook users that had potentially been affected by the bug were prompted to re-log-in on Friday. The number of affected users amounts to 50 million. Fortunately, the bug has already been addressed, as reported by Facebook’s head of security, Guy Rosen.
Tomi Engdahl says:
iDRACula Vulnerability Impacts Millions of Legacy Dell EMC Servers
https://www.servethehome.com/idracula-vulnerability-impacts-millions-of-legacy-dell-emc-servers/
Today we have news of a confirmed security vulnerability that impacts tens of millions of legacy Dell EMC servers. This vulnerability is known and is a broader industry-wide issue that impacts far more than Dell EMC iDRAC. We are calling this one iDRACula short for “integrated Dell Remote Access Controller unauthorized load access.” Earlier this week, a user on the STH forums posted that along with another individual, they were able to bypass the Dell EMC iDRAC firmware protections and load their own custom firmware onto the iDRAC baseboard management controller both via local access and via a remote access method.
Virtually every server today is shipped with an embedded computer that allows for remote administration.
Dell EMC PowerEdge servers are one of, if not the, most respected brands in the server industry. PowerEdge management uses their BMC and a software management solution called iDRAC (integrated Dell Remote Access Controller.)
Tomi Engdahl says:
Facebook Discovered Security Breach Affecting 50 Million Accounts, Stock Slides
https://www.zerohedge.com/news/2018-09-28/facebook-discovered-security-breach-affecting-50-million-accounts-stock-slides
Another day, another major security breach, and even more pain for Facebook which in recent months has failed to keep up with the FANG euphoria.
Facebook said that on September 25 it discovered a security breach which affected almost 50 million accounts. The company said it’s investigating the breach, which allowed hackers to take over a person’s account.
Tomi Engdahl says:
Just saw this https://www.rt.com/usa/439861-facebook-admits-security-breach-affected/
Tomi Engdahl says:
Everything you need to know about Facebook’s data breach affecting 50M users
https://techcrunch.com/2018/09/28/everything-you-need-to-know-about-facebooks-data-breach-affecting-50m-users/?utm_source=tcfbpage&sr_share=facebook
Facebook is cleaning up after a major security incident exposed the account data of millions of users. What’s already been a rocky year after the Cambridge Analytica scandal
What happened?
Facebook says at least 50 million users’ data may be at risk after attackers exploited a vulnerability that allowed them access to personal data. The company also preventively secure 40 million additional accounts out of an abundance of caution.
What data were the hackers after?
Facebook CEO Mark Zuckerberg said that the company has not seen any accounts compromised and improperly accessed — although it’s early days and that may change. But Zuckerberg said that the attackers were using Facebook developer APIs
Tomi Engdahl says:
https://www.wired.com/story/facebook-security-breach-third-party-sites/?mbid=social_fb
Tomi Engdahl says:
Facebook blocked users from posting some stories about its security breach
https://techcrunch.com/2018/09/28/facebook-blocks-guardian-story/?utm_source=tcfbpage&sr_share=facebook
Some users are reporting that they are unable to post today’s big story about a security breach affecting 50 million Facebook users. The issue appears to only affect particular stories from certain outlets, at this time one story from The Guardian and one from the Associated Press, both reputable press outlets.
Tomi Engdahl says:
https://newsroom.fb.com/news/2018/09/security-update/
Tomi Engdahl says:
What Instagram users need to know about Facebook’s security breach
https://techcrunch.com/2018/09/28/facebook-hack-instagram-facebook-login/?utm_source=tcfbpage&sr_share=facebook
Even if you never log into Facebook itself these days, the other apps and services you use might be impacted by Facebook’s latest big, bad news.
Third-party apps and sites affected too
Due to the nature of the hack, Facebook cannot rule out the fact that attackers may have also accessed any Instagram account linked to an affected Facebook
“So the vulnerability was on Facebook, but these access tokens enable someone to use [a connected account] as if they were the account holder themselves — this does mean they could have access other third party apps that were using Facebook login,” Facebook Vice President of Product Management Guy Rosen explained on the call.
Tomi Engdahl says:
Facebook hakkeroitu: Vaikuttaa 90 miljoonaan käyttäjään – varotoimia myös Suomessa
https://m.kauppalehti.fi/uutiset/facebook-hakkeroitu-vaikuttaa-90-miljoonaan-kayttajaan/j9zxrvax?ref=twitter:47a6
Tietoturvaongelman takia kaikkiaan 90 miljoonaa Facebookin käyttäjää joutuu kirjautumaan uudelleen sisään palveluun kaikilla laitteillaan. Facebook kirjaa varotoimena ainakin 40 miljoonaa käyttäjää automaattisesti ulos tileiltään.
Tomi Engdahl says:
Everything you need to know about Facebook’s data breach affecting 50M users
https://techcrunch.com/2018/09/28/everything-you-need-to-know-about-facebooks-data-breach-affecting-50m-users/?utm_source=tcfbpage&sr_share=facebook
Tomi Engdahl says:
Facebook faces class-action lawsuit over massive new hack
https://www.theverge.com/2018/9/28/17916076/facebook-hack-lawsuit-login-info-50-million-users-affected
Facebook is already facing immense fallout from revelations this morning that a hacker exploited a security flaw in a popular feature of the social network to steal account credentials of as many as 50 million users. The company is now facing a class-action complaint filed on behalf of one California resident, Carla Echavarria, and one Virginia resident, Derick Walker. Both allege that Facebook’s lack of proper security has exposed them and additional potential class members to a significantly increased chance of identity theft as a result of the breach.
Tomi Engdahl says:
US military given the power to hack back/defend forward
https://nakedsecurity.sophos.com/2018/09/20/us-military-given-the-power-to-hack-back-defend-forward/
Tomi Engdahl says:
Zoho pulled offline after phishing complaints, CEO says
https://techcrunch.com/2018/09/24/zoho-pulled-offline-after-phishing-complaints-ceo-says/?utm_source=tcfbpage&sr_share=facebook
Zoho .com was pulled offline on Monday after the company’s domain registrar received phishing complaints, the company’s chief executive said.
The web-based office suite company, which also provides customer relationship and invoicing services to small businesses, tweeted that the site was “blocked” earlier in the day by TierraNet, which administers its domain name.
Tomi Engdahl says:
Woman pleads guilty to hacking police surveillance cameras
https://www.zdnet.com/article/woman-pleads-guilty-to-hacking-police-surveillance-cameras/
A chase around Europe led to the extradition of a 28-year-old who infected police equipment with ransomware days before Trump’s inauguration.
Tomi Engdahl says:
Wired:
How the security breach that made 50M Facebook accounts vulnerable to takeover worked and what information may have been accessed — FACEBOOK’S PRIVACY PROBLEMS severely escalated Friday when the social network disclosed that an unprecedented security issue, discovered September 25, impacted almost 50 million user accounts.
EVERYTHING WE KNOW ABOUT FACEBOOK’S MASSIVE SECURITY BREACH
https://www.wired.com/story/facebook-security-breach-50-million-accounts/
an unprecedented security issue, discovered September 25, impacted almost 50 million user accounts. Unlike the Cambridge Analytica scandal, in which a third-party company erroneously accessed data that a then-legitimate quiz app had siphoned up, this vulnerability allowed attackers to directly take over user accounts.
The bugs that enabled the attack have since been patched, according to Facebook. The company says that the attackers could see everything in a victim’s profile, although it’s still unclear if that includes private messages or if any of that data was misused. As part of that fix, Facebook automatically logged out 90 million Facebook users from their accounts Friday morning, accounting both for the 50 million that Facebook knows were affected, and an additional 40 million that potentially could have been
“We were able to fix the vulnerability and secure the accounts, but it definitely is an issue that it happened in the first place.”
MARK ZUCKERBERG, FACEBOOK
Facebook says that affected users will see a message at the top of their News Feed about the issue when they log back into the social network.
Facebook has yet to identify the hackers, or where they may have originated. “We may never know,” Guy Rosen, Facebook’s vice president of product, said on a call with reporters Friday. The company is now working with the Federal Bureau of Investigations to identify the attackers.
“This is a really serious security issue, and we’re taking it really seriously,”
The social network says its investigation into the breach began on September 16, when it saw an unusual spike in users accessing Facebook. On September 25, the company’s engineering team discovered that hackers appear to have exploited a series of bugs
“This is a complex interaction of multiple bugs,” Rosen said, adding that the hackers likely required some level of sophistication.
That also explains Friday morning’s logouts; they served to reset the access tokens of both those directly affected and any additional accounts “that have been subject to a View As look-up” in the last year, Rosen said.
“It’s easy to say that security testing should have caught this, but these types of security vulnerabilities can be extremely difficult to spot or catch since they rely on having to dynamically test the site itself as it’s running,”
The vulnerability couldn’t have come at a worse time for Facebook, whose executives are still reeling from a series of scandals that unfolded in the wake of the 2016 US presidential election.
The social network already faces multiple federal investigations into its privacy and data-sharing practices
“There simply might be no suitable trace or intelligence allowing investigators to connect the dots.”
SECURITY RESEARCHER LUKASZ OLEJNIK
It also faces the specter of more aggressive regulation from Congress, on the heels of a series of occasionally contentious hearings about data privacy.
vice chairman of the Senate Intelligence Committee, called for a “full investigation” into the breach. “Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures,”
Facebook may also face unprecedented scrutiny in Europe, where the new General Data Protection Regulation, or GDPR, requires companies disclose a breach to a European agency within 72 hours of it occurring. In cases of high risk to users, the regulation also requires that they be notified directly. Facebook says it has notified the Irish Data Protection Commission about the issue.
This is the second security vulnerability that Facebook has disclosed in recent months. In June, the company announced it had discovered a bug that made up to 14 million people’s posts publicly viewable to anyone for days.
Tomi Engdahl says:
Will Oremus / Slate:
Facebook says hackers could have also gained access to users’ accounts on other apps and websites, including Instagram and Oculus accounts, via Facebook Login — Hours after Facebook announced on Friday a huge data breach that affected at least 50 million users, the news got worse.
The Massive Facebook Hack Might Have Affected Other Apps and Websites, Too
https://slate.com/technology/2018/09/facebook-hack-50-million-affected-apps-other-websites.html
Tomi Engdahl says:
Motherboard:
Facebook: vulnerability was the result of 3 distinct bugs and was introduced in July 2017, attackers could use the account as if they were the account holder — Facebook “discovered a security issue” that the company said allowed attackers to “take over people’s accounts.”
Facebook Hacked, 50 Million Users Affected
https://motherboard.vice.com/en_us/article/mbw3zb/facebook-hacked-50-million-users-affected
Facebook disclosed that hackers stole data from 50 million people on Friday.
In a blog post, Facebook’s vice president of product management Guy Rosen said that the company’s engineering team “discovered a security issue affecting almost 50 million accounts.”
“It’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As,” a feature that lets people see what their own profile looks like to someone else,” Rosen wrote. “This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.”
“The vulnerability itself was the result of three distinct bugs and was introduced in July 2017,” Rosen told reporters in a press call. “It’s important to say—the attackers could use the account as if they were the account holder.”
Facebook “discovered a security issue” that the company said allowed attackers to “take over people’s accounts.”
Tomi Engdahl says:
Facebook Is Giving Advertisers Access To Your Shadow Contact Information
https://www.gizmodo.com.au/2018/09/facebook-is-giving-advertisers-access-to-your-shadow-contact-information/
Tomi Engdahl says:
Facebook is weaponizing security to erode privacy
But that’s a dangerous game to play…
https://techcrunch.com/2018/09/29/facebook-is-weaponizing-security-to-erode-privacy/?sr_share=facebook&utm_source=tcfbpage
Apple’s VP of software technology described privacy as a “core value” for the company.
“We want your device to know everything about you but we don’t think we should,” Bud Tribble told them in his opening remarks.
Facebook was not at the commerce committee hearing which, as well as Apple, included reps from Amazon, AT&T, Charter Communications, Google and Twitter.
Tomi Engdahl says:
Mozilla’s Firefox Monitor will now alert you when one of your accounts was hacked
https://techcrunch.com/2018/09/25/mozillas-firefox-monitor-will-now-alert-you-when-one-of-your-accounts-was-hacked/
Earlier this year, Mozilla announced Firefox Monitor, a service that tells you if your online accounts were hacked in a recent data breach.
https://monitor.firefox.com
Tomi Engdahl says:
According to Reuters, Facebook has the capability to wiretap Messenger calls “with some effort,” but it’s unable to do so for WhatsApp calls. The government now seems to have dropped its request.
FBI: We can’t listen to Facebook Messenger voice calls. Judge: Tough luck
https://arstechnica.com/tech-policy/2018/09/facebook-cant-be-ordered-to-wiretap-messenger-calls-judge-rules/
Fresno-based federal judge won’t force Facebook to help MS-13 investigation.
A federal judge in Fresno, California recently denied prosecutors’ request to force Facebook to wiretap voice calls by suspected gang members conducted over Messenger.
“Currently, there is no practical method available by which law enforcement can monitor these calls,” FBI Special Agent Ryan Yetter wrote
While traditional telecom companies must give access to police under a 1990s-era law known as CALEA, Internet-based calls are exempt, despite the government’s previous efforts to change the law.
Tomi Engdahl says:
11-year-old security flaw in vote scanner still isn’t fixed
https://nypost.com/2018/09/28/11-year-old-security-flaw-in-vote-scanner-still-isnt-fixed/?utm_campaign=iosapp&utm_source=facebook_app
An uncorrected security flaw in a vote-counting machine used in 23 US states leaves it vulnerable to hacking 11 years after the manufacturer was alerted to it, security researchers say.
The M650 high-speed ballot scanner is made by Election Systems & Software, the nation’s leading elections equipment vendor.
M650. If successfully hacked by someone intent on changing vote totals in a swing-state county, “it could flip the Electoral College,” he said.
“One infected disk can take over the entire election system,”
initially detected the flaw in a 2007 report
Cybersecurity experts have long complained that the nation’s antiquated elections infrastructure is highly vulnerable to tampering — now a critical concern given documented Russian attempts to influence the 2016 presidential election.
elections are administered by the states and security is typically shortchanged. Other recommendations included retiring electronic machines that lack a “human-readable” paper trail and making reliable post-election audits mandatory.
The DefCon village, now in its second year, was attended by more than 100 elections officials from across the nation. Senior officials from the National Security Agency and the Department of Homeland Security endorsed its organizers’ assertion that the best way to secure elections equipment is to let friendly hackers attack it.
ES&S disagreed.
Tomi Engdahl says:
Facebook Security Bug Affects 90M Users
https://krebsonsecurity.com/2018/09/facebook-security-bug-affects-90m-users/
Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles.
vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people.
“This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts,” Facebook wrote. “Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
The company said it was just beginning its investigation, and that it doesn’t yet know some basic facts about the incident, such as whether these accounts were misused, if any private information was accessed, or who might be responsible for these attacks.
A Facebook spokesperson confirmed that while it was technically possible that an attacker could have abused this bug to target third-party apps and sites that use Facebook logins, the company doesn’t have any evidence so far that this has happened.
“We have invalidated data access for third-party apps for the affected individuals,” the spokesperson said, referring to the 90 million account that were forcibly logged out today and presented with a notification about the incident at the top of their feed.
Original story:
Facebook says there is no need for users to reset their passwords as a result of this breach, although that is certainly an option.
Tomi Engdahl says:
Hide and Seek IoT Botnet Learns New Tricks: Uses ADB over Internet to Exploit Thousands of Android Devices
https://labs.bitdefender.com/2018/09/hide-and-seek-iot-botnet-learns-new-tricks-uses-adb-over-internet-to-exploit-thousands-of-android-devices/?utm_source=SMGlobal&utm_medium=Facebook&utm_campaign=labs
Hide and Seek, a new IoT botnet discovered by our honeypot system in early January, has quickly gained notoriety after amassing over 90,000 devices in a large botnet in a matter of days. While the first variant performed brute force attacks over the Telnet service to jack into devices, later updates involved new command injection exploits in a device’s web interface, which extended the botnet’s capabilities to IPTV cameras.
The newly identified samples add functionality by exploiting the Android Debug Bridge (ADB) over Wi-Fi feature in Android devices
Tomi Engdahl says:
Press release: UK intelligence agency admits unlawfully spying on Privacy International
https://privacyinternational.org/press-release/2283/press-release-uk-intelligence-agency-admits-unlawfully-spying-privacy
Tomi Engdahl says:
Cross-border digital identification for EU countries: Major step for a trusted Digital Single Market
https://ec.europa.eu/digital-single-market/en/news/cross-border-digital-identification-eu-countries-major-step-trusted-digital-single-market
As of 29 September, the EU-wide legislation on the electronic identification (eIDAS Regulation) will enter into force enabling cross-border recognition of the electronic ID and allowing citizens and business to share their identity data when necessary. People will be able to use their electronic ID (eID) such as ID cards, driver licenses, bank cards and fill tax returns online, access medical records and online public services across the EU.
Tomi Engdahl says:
Brett Solomon / Wired:
Digital ID systems, as they are being developed today, are ripe for exploitation and abuse; citizens must advocate for principles that shield fundamental rights
https://www.wired.com/story/digital-ids-are-more-dangerous-than-you-think/
Tomi Engdahl says:
The Verge:
A look at how HSI, the investigative arm of ICE, used a New Deal-era warrant called the customs summons to help shutdown South Korean spycam porn site Soranet — How did US customs officials get involved in taking down a South Korean porn site? — Over the course of this summer …
How ICE used an obscure rule to pursue the owners of a Korean porn site
How did US customs officials get involved in taking down a South Korean porn site?
https://www.theverge.com/2018/9/27/15186356/ice-korean-porn-customs-law-soranet-spycam-homeland-security
In South Korea, molka is closely associated with the now-defunct site Soranet — a “hub of pornographic materials in Korea,” according to one anti-trafficking group. Though police shut down the site in 2016, and Korean police arrested one of Soranet’s admins this past June, the site continues to be the central cultural touchstone in the battle over nonconsensual pornography and other abusive porn in South Korea.
The battle over Soranet is the culmination of a new wave of feminist activism in South Korea, a highly developed country that nonetheless holds societal views on gender that are considered regressive in other OECD countries.
Agents from the investigative arm of ICE attempted to help chase down Soranet admins
HSI investigates cross-border crimes, from money laundering to human trafficking to weapons smuggling. In the case of Soranet, it appears HSI issued a customs summons — a New Deal-era administrative warrant originally meant to address, say, illegal imports — in order to demand information about Soranet’s admins from Google, Yahoo, and Microsoft.
The Verge’s reporting suggests that this is one of the first times that a customs summons has been used to pursue a website operating abroad.
It’s unclear when HSI agents began using customs summonses in online child porn cases.
Records from more than two dozen child porn investigations, including one from 2017, show HSI agents sent customs summons to ISPs like Comcast as well as tech companies like PayPal, Yahoo, and Google.
The origins of Soranet seem jarringly benign for a site that has mobilized tens of thousands of protesters to take to the streets and an international effort to track down its administrators.
For “Sora,” Soranet’s anonymous founder, access to erotic material is a democratic right.
The site launched a time of fierce debate over whether the Korean government should block “obscene” websites in the name of protecting minors. Sora peppered free expression banners in between the sexy GIFs on the homepage.
Soranet catered to a broad spectrum of orientations, yearnings, and fetishes.
Soranet would later claim the site blocked users who uploaded photos taken without consent, saying it “immediately deletes the postings that seem like revenge porn.”
Sora added a disclaimer to the homepage: Soranet wasn’t targeted to “Koreans living in Korea,” but was rather “an adult-only service for Korean language users in North America, Japan, Australia, and Europe, where adult content is legal.”
In November 2015, the Korean government decided to take down Soranet for good
“Korean politicians, as well as the elected chief of the Korean National Police Agency, have publicly pledged to suppress the Website,” Doe 1 wrote in a May 2016 motion. “These Korean authorities have apparently enlisted the help of agents of the United States government.” (Doe 1’s attorney also declined to discuss the case.)
Tomi Engdahl says:
Tarmo Virki / Reuters:
Estonia sues Gemalto for €152M over security flaw that made the country’s citizen ID cards vulnerable to hacking last year
Estonia sues Gemalto for 152 mln euros over ID card flaws
https://www.reuters.com/article/estonia-gemalto/estonia-sues-gemalto-for-152-mln-euros-over-id-card-flaws-idUSL8N1WD5JZ
Estonian police are seeking to recover 152 million euros ($178 mln) in a lawsuit filed on Thursday against digital security firm Gemalto, following a recall last year when security flaws were found in citizen ID cards produced by the firm.
The vulnerabilities to hacker attacks found in government- issued ID cards supplied by the Franco-Dutch company marked an embarrassing setback for Estonia, which has billed itself as the world’s most digitalised “e-government”.
Most of its 1.3 million people use electronic ID cards to access public services digitally.
The PPA also said it planned to file separate claims for other breaches of the contract. Estonia had used Gemalto and its predecessor for its ID cards since 2002, but replaced the manufacturer with Idemia after it found serious security flaws last year.
Tomi Engdahl says:
The Guardian:
UK’s Conservative Party conference app allowed anyone to login without a password, just by using attendee’s email, revealed personal details like phone numbers
Major security flaw in Tory conference app reveals users’ data
https://www.theguardian.com/politics/2018/sep/29/tory-conference-app-flaw-reveals-private-data-of-senior-mps
Images posted to social media show people accessing data of senior Tories such as Boris Johnson and Michael Gove
A major flaw in the Conservatives’ official conference mobile phone application has made the private data of senior party members – including cabinet ministers – accessible to anyone that logged in as that particular conference attendee.
The data of hundreds of attendees to the Tory conference could be viewed by second guessing attendees’ email addresses, with Boris Johnson, Michael Gove, Gavin Williamson and others among those whose personal information – including their phone numbers – was made accessible.
Once logged into the app, users were able to both amend and make the personal details of prominent MPs public. Twitter users claimed Johnson’s picture had been briefly changed to one featuring a pornographic image.
Labour said that the mishap raised questions around national security and recommended the Tories provide computer training to their members. “How can we trust this Tory government with our country’s security when they can’t even build a conference app that keeps the data of their members, MPs and others attending safe and secure?”, said John Trickett, the shadow Cabinet Office minister.
“The Conservative party should roll out some basic computer security training to get their house in order.”
The Information Commissioner’s Office (ICO) said it would be making inquiries about the breach and added that “organisations have a legal duty to keep personal data safe and secure”.
Under GDPR, organisations must notify the ICO within 72 hours of becoming aware of a personal data breach, if it could pose a risk to people’s rights and freedoms. The app’s privacy policy states that it complies with the EU’s GDPR.
A Momentum spokesperson criticised the “staggering incompetence” of the Conservative party and cited the success of its own in-house app during the Labour party conference this week.
Tomi Engdahl says:
Sam Schechner / Wall Street Journal:
EU’s privacy watchdog says Facebook notified them about breach on Thursday evening; experts say that seems to comply with GDPR and may limit exposure to fines — Privacy watchdog looks into whether social network violated European’s Union new privacy law — A European Union privacy watchdog …
Facebook Faces Potential $1.63 Billion Fine in Europe Over Data Breach
Privacy watchdog looks into whether social network violated European’s Union new privacy law
https://www.wsj.com/articles/facebook-faces-potential-1-63-billion-fine-in-europe-over-data-breach-1538330906
A European Union privacy watchdog could fine Facebook Inc. as much as $1.63 billion for a data breach announced Friday in which hackers compromised the accounts of more than 50 million users, if regulators find the company violated the bloc’s strict new privacy law.