This posting is here to collect cyber security news in April 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
402 Comments
Tomi Engdahl says:
Israeli Watchdog Finds Online Manipulation Ahead of Vote
https://www.securityweek.com/israeli-watchdog-finds-online-manipulation-ahead-vote
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
Security researcher finds massive spam operation in an unsecured server, now inactive, which sent 5M+ emails over 10 days that 160K+ people clicked through
https://techcrunch.com/2019/04/02/inside-a-spam-operation/?guccounter=1
Tomi Engdahl says:
Russia demands access to VPN providers’ servers
https://www.networkworld.com/article/3385050/russia-demands-access-to-vpn-providers-servers.html
10 VPN service providers have been ordered to link their servers in Russia to the state censorship agency by April 26
Tomi Engdahl says:
Facebook asked some users for their email passwords, because why not
https://arstechnica.com/information-technology/2019/04/facebook-asked-some-users-for-their-email-passwords-because-why-not/
And two third-party developers left the data from millions of Facebook users exposed in S3 bucket
Tomi Engdahl says:
Are We Sleepwalking Into A Control Society?
https://medium.com/swlh/are-we-sleepwalking-into-a-control-society-b7156b803ba6
Urban data is used to trace issues even before they occur. Sounds comforting? That’s unless authorities are going to intervene on our predicted behavior.
Tomi Engdahl says:
Azure AD Password Protection Available, Lowers Spray Attack Risks
https://www.bleepingcomputer.com/news/security/azure-ad-password-protection-available-lowers-spray-attack-risks/
The Azure Active Directory (AD) Password Protection feature which blocks commonly used and compromised passwords to dramatically reduce the risks raised by password spray attacks is now generally available.
While already in public preview since June 2018, Azure AD Password Protection now allows all admins to prevent users of cloud and hybrid environments from picking passwords which are easily guessable or known to have been included in recent data breaches, thus making it a lot harder for malicious actors to abuse them with password spray attacks.
Tomi Engdahl says:
Bashlite IoT Malware Updated with Mining and Backdoor Commands, Targets WeMo Devices
https://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-iot-malware-updated-with-mining-and-backdoor-commands-targets-wemo-devices/
We uncovered an updated Bashlite malware designed to add infected internet-of-things devices to a distributed-denial-of-service (DDoS) botnet. Trend Micro detects this malware as Backdoor.Linux.BASHLITE.SMJC4, Backdoor.Linux.BASHLITE.AMF, Troj.ELF.TRX.XXELFC1DFF002, and Trojan.SH.BASHDLOD.AMF. Based on the Metasploit module it exploits, the malware targets devices with the WeMo Universal Plug and Play (UPnP) application programming interface (API).
This updated iteration of Bashlite is notable. For one, its arrival method is unique in that it doesn’t rely on specific vulnerabilities (e.g., security flaws assigned with CVEs). It instead abuses a publicly available remote-code-execution (RCE) Metasploit module.
Tomi Engdahl says:
Researcher prints ‘PWNED!’ on hundreds of GPS watches’ maps due to unfixed API
https://www.zdnet.com/article/researcher-prints-pwned-on-hundreds-of-gps-watches-maps-due-to-unfixed-api/
Over 20 GPS watch models still allow threat actors to track device owners, tinker with watch functions.
A German security researcher has printed the word “PWNED!” on the tracking maps of hundreds of GPS watches after the watch vendor ignored vulnerability reports for more than a year, leaving thousands of GPS-tracking watches –some of which are used by children and the elderly– open to attackers.
Speaking at the Troopers 2019 security conference that was held in Heidelberg, Germany, at the end of March, security researcher Christopher Bleckmann-Dreher presented a series of vulnerabilities impacting over 20 models of GPS watches manufactured by Austrian company Vidimensio.
Back in December 2017, Dreher discovered flaws in the mechanism through which the GPS watches communicate with this backend API server.
His researcher began after German authorities banned the sale children’s smartwatches with remote-listening capabilities
Tomi Engdahl says:
In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code
https://thehackernews.com/2019/04/js-sniffers-credit-card-hacking.html
Tomi Engdahl says:
Mystery of the Chinese woman who allegedly tried to sneak into Trump’s Mar-a-Lago with a USB stick of malware
She faces two federal charges after apparently getting as far as reception
https://www.theregister.co.uk/2019/04/02/trump_china_malware_usb_stick/
A Chinese woman was caught sneaking into President Trump’s Mar-a-Lago country club with a thumb drive of malware, it was claimed yesterday.
Tomi Engdahl says:
Ex-Mozilla CTO: US border cops demanded I unlock my phone, laptop at SF airport – and I’m an American citizen
Techie says he was grilled for three hours after refusing to let agents search his devices
https://www.theregister.co.uk/2019/04/02/us_border_patrol_search_demand_mozilla_cto/
Tomi Engdahl says:
RPC Bug Hunting Case Studies – Part 2
https://www.fortinet.com/blog/threat-research/rpc-bug-hunting-case-studies—part-2.html
Tomi Engdahl says:
http://www.etn.fi/index.php/13-news/9320-xiaomin-omassa-softassa-vakava-haavoittuvuus
Tomi Engdahl says:
Ukraine under CyberAttack
https://pentestmag.com/ukraine-under-cyberattack/
New cyber attack on the business of Ukraine. Full analysis of the latest version of SmokeBot Loader.
Tomi Engdahl says:
Computer virus alters cancer scan images
https://www.bbc.com/news/technology-47812475
A computer virus that can add fake tumours to medical scan images has been created by cyber-security researchers.
In laboratory tests, the malware altered 70 images and managed to fool three radiologists into believing patients had cancer.
Not cool. This reminds me an older incident: https://www.wired.com/2008/03/hackers-assault-epilepsy-patients-via-computer/
Tomi Engdahl says:
Bayer contains cyber attack it says bore Chinese hallmarks
https://www.reuters.com/article/us-bayer-cyber-idUSKCN1RG0NN
German drugmaker Bayer has contained a cyber attack it believes was hatched in China, the company said, highlighting the risk of data theft and disruption faced by big business.
“There is no evidence of data theft,” Bayer said in a statement
“This type of attack points toward the ‘Wicked Panda’ group in China, according to security experts,” the spokesman added
Tomi Engdahl says:
Phishing Attack Uses Browser Extension Tool SingleFile to Obfuscate Malicious Log-in Pages
https://blog.trendmicro.com/trendlabs-security-intelligence/phishing-attack-uses-browser-extension-tool-singlefile-to-obfuscate-malicious-log-in-pages/
Tomi Engdahl says:
IcedID Banking Trojan Spruces Up Injection Tactics to Add Stealth
https://securityintelligence.com/icedid-banking-trojan-spruces-up-injection-tactics-to-add-stealth/
Tomi Engdahl says:
Microsoft Finds Backdoor in Huawei Laptops That Could Give Hackers Access
https://www.theepochtimes.com/microsoft-finds-backdoor-in-huawei-laptops-that-could-give-hackers-access_2863926.html
Researchers at U.S. tech giant Microsoft recently revealed that they discovered a backdoor in certain Huawei laptop models that allowed unprivileged users to gain access to all laptop data.
This vulnerability is similar to the technique DoublePulsar, a malware tool leaked by the hacker group The Shadow Brokers in early 2017. It had infected more than 200,000 computers running on Microsoft Windows software within a few weeks.
From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw
https://www.microsoft.com/security/blog/2019/03/25/from-alert-to-driver-vulnerability-microsoft-defender-atp-investigation-unearths-privilege-escalation-flaw/
Tomi Engdahl says:
Xiaomi Vulnerability: When Security Is Not What it Seems
https://blog.checkpoint.com/2019/04/04/xiaomi-vulnerability-when-security-is-not-what-it-seems/
Smartphones usually come with pre-installed apps, some of which are useful and some that never get used at all. What a user does not expect, however, is for a preinstalled app to be an actual liability to their privacy and security.
Check Point Research recently discovered a vulnerability in one of the preinstalled apps in one of the world’s biggest mobile vendors, Xiaomi, which, with almost 8% market share in 2018, ranks third in the mobile phone market. Ironically, it was the pre-installed security app, ‘Guard Provider’, which should protect the phone from malware, which exposes the user to an attack.
Tomi Engdahl says:
540 Million Facebook User Records Found On Unprotected Amazon Servers
https://thehackernews.com/2019/04/facebook-app-database.html
First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now…
…the bad week gets worse with a new privacy breach.
More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers.
The exposed datasets do not directly come from Facebook; instead, they were collected and unsecurely stored online by third-party Facebook app developers.
Tomi Engdahl says:
RUSSIAN HACKERS GO FROM FOOTHOLD TO FULL-ON BREACH IN 19 MINUTES
https://www.wired.com/story/russian-hackers-speed-intrusion-breach/
Tomi Engdahl says:
Microsoft Not Concerned About Disclosed Edge, IE Flaws
https://www.securityweek.com/microsoft-not-concerned-about-disclosed-edge-ie-flaws
Microsoft does not seem too concerned about the risk posed by unpatched Internet Explorer and Edge vulnerabilities for which proof-of-concept (PoC) exploits were recently made public.
Researcher James Lee last week published PoC exploits for same-origin policy (SOP) bypass vulnerabilities affecting Microsoft’s Internet Explorer and Edge web browsers. He said he had reported his findings to the company 10 months ago, but received no reply and the flaws remain unpatched.
https://www.securityweek.com/poc-exploits-released-unpatched-edge-ie-vulnerabilities
Tomi Engdahl says:
Cisco Patches Router Vulnerabilities Targeted in Attacks
https://www.securityweek.com/cisco-patches-router-vulnerabilities-targeted-attacks
Cisco on Thursday announced new patches it has released for the RV320 and RV325 routers to correctly address vulnerabilities that have been targeted in attacks for over two months.
Tomi Engdahl says:
New ‘Xwo’ Malware Looks for Exposed Services, Default Passwords
https://www.securityweek.com/new-xwo-malware-looks-exposed-services-default-passwords
A recently identified malware family is actively scanning the Internet for exposed web services and default passwords, AT&T Alien Labs reports.
The firm that resulted from AT&T’s acquisition of AlienVault calls the new malware Xwo, based on the name of the threat’s primary module.
Tomi Engdahl says:
Hundreds Targeted in Recent Roaming Mantis Campaign
https://www.securityweek.com/hundreds-targeted-recent-roaming-mantis-campaign
Hundreds of users have been targeted with malware over the past month as part of attacks that Kaspersky Lab has linked to last year’s Roaming Mantis campaign.
Tomi Engdahl says:
NVIDIA Patches High Severity Flaws in Tegra Drivers
https://www.securityweek.com/nvidia-patches-high-severity-flaws-tegra-drivers
NVIDIA this week released security patches to address multiple vulnerabilities in the Tegra Linux Driver Package (L4T), including several flaws assessed with a “high” severity rating.
Tomi Engdahl says:
US Colleges Halt Work With Huawei Following Federal Charges
https://www.securityweek.com/us-colleges-halt-work-huawei-following-federal-charges
Tomi Engdahl says:
https://source.android.com/security/reports/Google_Android_Security_2018_Report_Final.pdf
Tomi Engdahl says:
Computer virus alters cancer scan images
https://www.bbc.com/news/technology-47812475
A computer virus that can add fake tumours to medical scan images has been created by cyber-security researchers
Tomi Engdahl says:
Credit Card Sized Deauther With Oled Screen
https://www.instructables.com/id/Credit-Card-Sized-Deauther-With-Oled-Screen/
Tomi Engdahl says:
Firefox launches Lockbox: The safest password manager for Android
https://www.technotification.com/2019/03/firefox-lockbox-password-manager-android.html
Tomi Engdahl says:
Executive Order on Coordinating National Resilience to Electromagnetic Pulses
https://www.whitehouse.gov/presidential-actions/executive-order-coordinating-national-resilience-electromagnetic-pulses/
Tomi Engdahl says:
Study maps ‘extensive Russian GPS spoofing’
https://www.bbc.com/news/technology-47786248
Tomi Engdahl says:
Man stole $122m from Facebook and Google by sending them random bills, which the companies dutifully paid
https://boingboing.net/2019/03/24/evaldas-rimasauskas.html
Tomi Engdahl says:
Researchers find mountains of sensitive data on totalled Teslas in junkyards
https://boingboing.net/2019/03/30/greentheonly.html
Tomi Engdahl says:
Cybercrime groups continue to flourish on Facebook
https://techcrunch.com/2019/04/05/talos-facebook-cybercrime-groups/?tpcc=ECFB2019
You might be surprised what you can buy on Facebook, if you know where to look.
a wave of Facebook groups dedicated to making money from a variety of illicit and otherwise sketchy online behaviors
74 groups researchers detected boasted a cumulative 385,000 members.
Talos found posts openly selling credit card numbers with three-digit CVV codes, some with accompanying photos of the card’s owner.
Tomi Engdahl says:
Airbnb guest found hidden surveillance camera by scanning Wi-Fi network
https://arstechnica.com/information-technology/2019/04/airbnb-guest-found-hidden-surveillance-camera-by-scanning-wi-fi-network/
Airbnb initially didn’t ban offender despite rule against undisclosed cameras.
Tomi Engdahl says:
Android security: 0.04% of downloads on Google Play in 2018 were ‘potentially harmful apps’
https://techcrunch.com/2019/04/01/android-security-0-04-of-downloads-on-google-play-in-2018-were-potentially-harmful-apps/
Tomi Engdahl says:
Albany, NY, is coping with a ransomware attack
https://edition-m.cnn.com/2019/04/06/politics/albany-new-york-ransomware-attack/index.html
Tomi Engdahl says:
TLS CBC Padding Oracles in 2019
https://www.tripwire.com/state-of-security/vert/tls-cbc-padding-oracles/
countless hours studying CBC padding oracle attacks toward the development of a new scan tool called padcheck. Using this tool, I was able to identify thousands of popular domains which could be targeted by an active network adversary (i.e. MiTM) to hijack authenticated HTTPS sessions.
The underlying vulnerabilities break down into two main categories which I have named Zombie POODLE and GOLDENDOODLE.
*UPDATE: Padcheck source is now available on GitHub: https://github.com/Tripwire/padcheck
Tomi Engdahl says:
Hackers beat university cyber-defences in two hours
https://www.bbc.com/news/education-47805451
A test of UK university defences against cyber-attacks found that in every case hackers were able to obtain “high-value” data within two hours.
The tests were carried out by “ethical hackers” working for Jisc, the agency providing internet services to the UK’s universities and research centres.
They were able to access personal data, finance systems and research networks.
University research projects have been major hacking targets, with more than 1,000 cyber-attacks last year.
Tomi Engdahl says:
The teenage hackers who’ve been given a second chance
https://www.bbc.com/news/uk-england-devon-46757849
Step inside the offices of Bluescreen and you’ll find some of the UK’s most talented young hackers, dragged from a world of crime to fight for the other side.
These computer experts have swapped the confines of their bedrooms for a fairly ordinary looking cyber-security company in Plymouth.
Bluescreen employs hackers the authorities have deemed worthy of a second chance, who pit their wits against some of the anonymous online criminals they used to see as brothers in arms.
Tomi Engdahl says:
Planetary Ransomware Decryptor Gets Your Files Back For Free
https://www.bleepingcomputer.com/ransomware/decryptor/planetary-ransomware-decryptor-gets-your-files-back-for-free/
Tomi Engdahl says:
Jason Kint / Nieman Lab:
Survey: fewer than 50% of US adults expect Google to collect data on users’ activities on its platforms or apps, track personal browsing for ad targeting, more — Numerous privacy scandals over the past couple of years have fueled the need for increased examination of tech companies’ data tracking practices.
Does Google meet its users’ expectations around consumer privacy? This news industry research says no
https://www.niemanlab.org/2019/04/does-google-meet-its-users-expectations-around-consumer-privacy-this-news-industry-research-says-no/
A significant majority of consumers do not expect Google to track their activities across their lives, their locations, on other sites, and on other platforms.
Tomi Engdahl says:
Camera Above the Classroom
http://www.sixthtone.com/news/1003759/camera-above-the-classroom
Chinese schools are using facial recognition on students. But should they?
Jason Todd first discovered his school’s secret on the internet.
It was late September 2018, less than a month after high school had started. Jason was idly scrolling through his news feed on the Chinese microblogging site Weibo when he saw a trending hashtag — #ThankGodIGraduatedAlready — and clicked it.
Under the hashtag, someone had posted a photo depicting a bird’s-eye view of a classroom. Around 30 students sat at their desks, facing the blackboard. Their backpacks lay discarded at their feet. It looked like a typical Chinese classroom.
Tomi Engdahl says:
Facebook Got Caught Phishing For Friends
https://www.eff.org/deeplinks/2019/04/facebook-got-caught-phishing-friends
Once again, Facebook is in the news for bad security practices, dark design patterns, and secretly reappropriating sensitive data meant for “authentication” to its own ends. Incredibly, this time, the company managed to accomplish all three in one fell swoop.
Tomi Engdahl says:
Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists
https://www.washingtonpost.com/technology/2019/04/03/hospital-viruses-fake-cancerous-nodes-ct-scans-created-by-malware-trick-radiologists/
Researchers in Israel created malware to draw attention to serious security weaknesses in medical imaging equipment and networks.
Tomi Engdahl says:
Security flaws found in Xiaomi mobile apps
https://www.itproportal.com/news/security-flaws-found-in-xiaomi-mobile-apps/
Built-in security app would allow a hacker to perform a man-in-the-middle attack.
Tomi Engdahl says:
Phishing malware “distribution centre” uncovered
https://www.itproportal.com/news/phishing-malware-distribution-centre-uncovered/
Major Amazon-esque distribution facility hidden in plain sight.
Web servers from the US are being used by hackers to distribute banking trojans, but also to steal information and spread ransomware.
The company traced almost a dozen different malware types to the servers: Dridex, Gootkit, IcedID, Nymaim, Trickbot, Fareit, Neutrino, AZORult, Gandcrab and Hermes.
The spokesperson says this type of work allows non-US-based hackers to avoid geoblocks on content from restricted countries (think Iran or North Korea).
“These findings demonstrate the enduring effectiveness of phishing to spread malware and infect enterprise systems,” the spokesperson continues.