Cyber security news in June 2019

This posting is here to collect cyber security news in June 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.



  1. Tomi Engdahl says:

    The CBP Theft Is Exactly What Privacy Experts Said Would Happen

    The more information the government collects, the more attractive that information is to bad actors.

  2. Tomi Engdahl says:

    Mobile Hacking Firm Cellebrite’s New Premium Tool can Hack & Extract Data From All iOS and High-end Android Devices

    Cellebrite released a public statement that they can hack any iOS and High-end Android devices for law enforcement agencies.

  3. Tomi Engdahl says:

    How the US Military’s Latest Surveillance Technology Was Inspired by Hollywood

    A new type of aerial surveillance, enabled by rapid advances in imaging and computing technology, is quietly replacing traditional drone video cameras. Wide-area motion imaging (WAMI) aims to capture an entire city within a single image, giving operators a God-like view in which they can follow multiple incidents simultaneously, and track people or vehicles backward in time.

  4. Tomi Engdahl says:

    Facebook lawyer says users ‘have no expectation of privacy’

    “There is no invasion of privacy at all, because there is no privacy.”

  5. Tomi Engdahl says:

    CISA Issues Alert Against BlueKeep Remote Desktop Exploit

    a successful remote code execution on a computer running a vulnerable version of Windows 2000

  6. Tomi Engdahl says:


    The simple act of using Facebook, Snyder claimed, negated any user’s expectation of privacy:

    There is no privacy interest, because by sharing with a hundred friends on a social media platform, which is an affirmative social act to publish, to disclose, to share ostensibly private information with a hundred people, you have just, under centuries of common law, under the judgment of Congress, under the SCA, negated any reasonable expectation of privacy.

    An outside party can’t violate what you yourself destroyed, Snyder seemed to suggest

  7. Tomi Engdahl says:

    A Rogue Raspberry Pi Let Hackers Into NASA’s JPL Network

    A rogue Raspberry Pi helped hackers access NASA JPL systems

    JPL might have the technology to make Martian rovers, but it’s seriously lacking in cybersecurity measures.

    Investigators looked into the research center’s network security controls after an April 2018 security breach, wherein a Raspberry Pi that was not authorized to be linked to the JPL network was targeted by hackers. The attackers were able to steal 500 megabytes of data from one of its major mission systems

    Diving deeper into the system gave the hackers access to several major missions, including NASA’s Deep Space Network — its network of spacecraft communication facilities. As a result, the security teams of some sensitive programs, such as the Orion Multi-Purpose Crew Vehicle and the International Space Station, have chosen to disconnect from the agency’s network

  8. Tomi Engdahl says:

    Florida city pays $600,000 to hackers who seized its computer system

    The Riviera Beach City Council voted unanimously this week to pay the hackers’ demands, believing the Palm Beach suburb had no choice if it wanted to retrieve its records, which the hackers encrypted. The council already voted to spend almost $1 million on new computers and hardware

  9. Tomi Engdahl says:

    Linux PCs, Servers, Gadgets Can Be Crashed by ‘Ping of Death’ Network Packets

    The Register reports that it is possible to crash network-facing Linux servers, PCs, smartphones and tablets, and gadgets, or slow down their network connections, by sending them a series of maliciously crafted packets. It is also possible to hamper FreeBSD machines

  10. Tomi Engdahl says:

    It’s Surprisingly Easy to Hack the Precision Time Protocol

    When it comes to synchronizing large and important networks, every microsecond counts, and NTP is not always accurate enough. One of the most effective approach for this is called IEEE 1588-2008 or the Precision Time Protocol (PTP).

    A team of researchers from IBM and Marist College recently identified a remarkably simple but effective way to hack a PTP network.

    The researchers were able to infiltrate the network by “sniffing” out the ANNOUNCE and SYNC packets of the legitimate master clock. Next, they created a rogue master clock.

    The tested slave was unable to recover from this kind of attack.

  11. Tomi Engdahl says:

    I thought a ping of death DoS attack was a thing of the past. Boy, I was wrong. Apparently, both FreeBSD & Linux, are affected. Patches are already released. However, I am getting random ssh dropouts since we patched our Linux boxes. Is anyone seeing that?

  12. Tomi Engdahl says:

    LTE flaws let hackers ‘easily’ spoof presidential alerts

    Using off-the-shelf equipment and open-source software, a working exploit made it possible to send a simulated alert to every phone in a 50,000-seat football stadium with little effort, with the potential of causing “cascades of panic,” said researchers at the University of Colorado Boulder in a paper out this week.

    Their attack worked in nine out of 10 tests, they said.

    Last year the Federal Emergency Management Agency sent out the first “presidential alert” test using the Wireless Emergency Alert (WEA) system.

    The researchers said fixing the vulnerabilities would “require a large collaborative effort between carriers, government stakeholders and cell phone manufacturers.”

  13. Tomi Engdahl says:

    Trump approved cyber-strikes against Iran’s missile systems

    President Trump approved an offensive cyberstrike that disabled Iranian computer systems used to control rocket and missile launches, even as he backed away from a conventional military attack in response to its downing Thursday of an unmanned U.S. surveillance drone, according to people familiar with the matter.

    The administration on Saturday warned industry officials to be alert for cyberattacks originating from Iran.

    Thursday’s strikes against the Revolutionary Guard represented the first offensive show of force since Cyber Command was elevated to a full combatant command in May.

  14. Tomi Engdahl says:

    Stuxnet patient zero: Kaspesky Lab identifies worm’s first victims in Iran

  15. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    NASA says it was hacked in April 2018 via an unauthorized Raspberry Pi on the network; hackers had access for nearly a year, stealing Mars mission-related data — NASA described the hackers as an “advanced persistent threat,” a term generally used for nation-state hacking groups.

    NASA hacked because of unauthorized Raspberry Pi connected to its network

    NASA described the hackers as an “advanced persistent threat,” a term generally used for nation-state hacking groups.

  16. Tomi Engdahl says:

    Nat Levy / GeekWire:
    Leaked Microsoft memo says Slack, AWS, Google Docs, PagerDuty, and even GitHub are prohibited or discouraged from internal use, primarily over security concerns

    No Slack for you! Microsoft puts rival app on internal list of ‘prohibited and discouraged’ software

  17. Tomi Engdahl says:

    Warning Issued For Millions Of Microsoft Windows 10 Users

    estimate is conservative with the number realistically set to be hundreds of millions.

    The flaw lies in PC-Doctor Toolbox, systems analysis software which is rebadged and pre-installed on PCs made by some of the world’s biggest computer retailers, including Dell, its Alienware gaming brand, Staples and Corsair.

    impacts both Windows 10 business and home PCs and enables hackers to gain complete control of your computer.

  18. Tomi Engdahl says:

    US struck Iranian military computers this week

    U.S. military cyber forces launched a strike against Iranian military computer systems on Thursday

    attacks, which specifically targeted Iran’s Islamic Revolutionary Guard Corps computer system

    The IRGC, which was designated a foreign terrorist group by the Trump administration earlier this year, is a branch of the Iranian military.

    There was no immediate reaction Sunday morning in Iran to the U.S. claims. Iran has hardened and disconnected much of its infrastructure from the internet after the Stuxnet computer virus

    The cyberattacks are the latest chapter in the U.S. and Iran’s ongoing cyber operations targeting the other.

    In recent weeks, hackers believed to be working for the Iranian government have targeted U.S.

    CrowdStrike shared images of the spear-phishing emails

    cyber experts said they have seen an increase in Iranian hacking efforts.

    “This is not a remote war (anymore),” said Sergio Caltagirone, vice president of threat intelligence at Dragos Inc. “This is one where Iranians could quote unquote bring the war home to the United States.”

    Iran has also shown a willingness to conduct destructive campaigns

    experts say the Iranians would not necessarily immediately exploit any access they gain into computer systems and may seek to maintain future capabilities

    “It’s important to remember that cyber is not some magic offensive nuke you can fly over and drop one day,”

  19. Tomi Engdahl says:

    Cloudflare issues affecting numerous sites on Monday AM [Update: fixed]

    According to Cloudflare, it identified a possible route leak that’s impacting some of the Cloudflare IP ranges

  20. Tomi Engdahl says:

    Researchers Send Fake Presidential Alerts to Stadium of 50,000 Using LTE Vulnerability

    Researchers figured out a way to exploit the system that sends presidential emergency alerts to our phones, simulating their method on a 50,000 seat football stadium in Colorado with a 90 percent success rate.

    The researchers tested this LTE vulnerability by creating their own malicious cell tower channel using off-the-shelf hardware and open-source software

  21. Tomi Engdahl says:

    Global Telecom Carriers Attacked by Suspected Chinese Hackers

    Attack targeted 20 people believed to have ties to China across Asia, Europe, Africa and Middle East, according to a cybersecurity firm report

    Hackers believed to be backed by China’s government have infiltrated the cellular networks of at least 10 global carriers, swiping users’ whereabouts, text-messaging records and call logs

  22. Tomi Engdahl says:

    Global phone networks attacked by hackers

    Hackers targeted mobile phone networks around the world to snoop on specific users, according to a report.

    The level of access they gained to the networks meant they could have shut them down had they wanted to.

    “The hackers used phishing attacks to get privileged access to networks and could potentially have closed them down.”

  23. Tomi Engdahl says:

    Hackers hit over a dozen mobile carriers and could shut down networks, researchers find

    “Hacking a company that has mountains of data that is always updating is the holy grail for an intelligence agency.”

  24. Tomi Engdahl says:

    Hackers are stealing years of call records from hacked cell networks
    At least 10 cell networks have been hacked over the past seven years

  25. Tomi Engdahl says:

    Security firms demonstrate subdomain hijack exploit vs. EA/Origin

    Two security firms graphically demonstrate the danger of subdomain hijacking.

    Israeli security firms Check Point and CyberInt partnered up this week to find, exploit, and demonstrate a nasty security flaw that allows attackers to hijack player accounts in EA/Origin’s online games. The exploit chains together several classic types of attacks—phishing, session hijacking, and cross-site scripting—but the key flaw that makes the entire attack work is poorly maintained DNS.

    With the working subdomain, the attacker was able to harvest the authentication token from an existing active EA session before exploiting it directly and in real time.

    According to Alex and Oded, the kind of oversight made here by EA/Origin is depressingly common in large companies. Devops teams don’t talk to infosec teams, neither of them talks to more traditional ops teams that manage core services like company-wide DNS, and mistakes get made.

  26. Tomi Engdahl says:

    Karl Bode / VICE:
    Researchers demonstrate how the US Wireless Emergency Alert system, which uses LTE networks, can be easily spoofed with “pirate” cell towers to cause mass panic — With a pirate cell tower, it’s easy to send fake emergency alerts warning of a terrorist attack, nuclear bomb, or other disaster.

    Researchers Demonstrate How U.S. Emergency Alert System Can Be Hijacked and Weaponized

    With a pirate cell tower, it’s easy to send fake emergency alerts warning of a terrorist attack, nuclear bomb, or other disaster.

  27. Tomi Engdahl says:

    Catalin Cimpanu / ZDNet:
    Less than a week after ransomware victim Riviera City paid ~$600K, another Florida town, Lake City, votes to pay ~$500K in BTC to ransomware hackers

    Second Florida city pays giant ransom to ransomware gang in a week

    Lake City officials give in and agree to pay nearly $500,000 to ransomware gang.

  28. Tomi Engdahl says:

    U.S. cyber attacks on Iranian targets not successful, Iran minister says

  29. Tomi Engdahl says:

    Sources: hackers likely belonging to Five Eyes governments used Regin malware in late 2018 to infiltrate Russian search giant Yandex and spy on users — WASHINGTON/LONDON/SAN FRANCISCO (Reuters) – Hackers working for Western intelligence agencies broke into Russian internet search company Yandex …

    Exclusive: Western intelligence hacked ‘Russia’s Google’ Yandex to spy on accounts – sources

    Hackers working for Western intelligence agencies broke into Russian internet search company Yandex (YNDX.O) in late 2018 deploying a rare type of malware in an attempt to spy on user accounts

    The malware, called Regin, is known to be used by the “Five Eyes” intelligence-sharing alliance of the United States, Britain, Australia, New Zealand and Canada

    Western cyberattacks against Russia are seldom acknowledged or spoken about in public.

  30. Tomi Engdahl says:

    Wall Street Journal:
    Inside AMD’s battle with the US government over a deal with the supercomputer developer Sugon, which saved AMD but helped China get advanced chip technology

    How a Big U.S. Chip Maker Gave China the ‘Keys to the Kingdom’

    Advanced Micro Devices revived its fortunes through the deal, and sparked a national-security battle

  31. Tomi Engdahl says:

    An 14-year-old’s Internet-of-Things worm is bricking shitty devices by the thousands

    A hacker calling themself Light Leafon who claims to be a 14-year-old is responsible for a new IoT worm called Silex that targets any Unix-like system by attempting a login with default credentials; upon gaining access, the malware enumerates all mounted disks and writes to them from /dev/random until they are filled, then it deletes the devices’ firewall rules and removes its network config and triggers a restart — this effectively bricks the device, rendering it useless until someone performs the complex dance needed to download and reinstall the device’s firmware.

  32. Tomi Engdahl says:

    U.S. cyber attacks on Iranian targets not successful, Iran minister says

  33. Tomi Engdahl says:

    BGP Route Leak Sends European Traffic Via China

    On Thursday June 6, 2019, traffic destined to some of Europe’s biggest mobile providers was misdirected in a roundabout path through the Chinese-government-controlled China Telecom, in some cases for more than two hours.

    “Swiss data center colocation company AS21217 leaked over 70,000 routes to China Telecom (AS4134) in Frankfurt, Germany. China Telecom then announced these routes on to the global internet redirecting large amounts of internet traffic destined for some of the largest European mobile networks through China Telecom’s network. Impacts were seen by some of Europe’s largest networks in Switzerland, Holland, and France among other countries.”

  34. Tomi Engdahl says:

    University attacked by its own vending machines, smart light bulbs & 5,000 IoT devices

    A university, attacked by its own malware-laced soda machines and other botnet-controlled IoT devices, was


Leave a Comment

Your email address will not be published. Required fields are marked *