Cyber security news in July 2019

This posting is here to collect cyber security news in July 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.



  1. Tomi Engdahl says:

    If you are in Kazakhstan and unable to access the Internet service without installing a certificate, you’re not alone.
    The Kazakhstan government has once again issued an advisory to all major local Internet Service Providers (ISPs) asking them to make it mandatory for all their customers to install government-issued root certificates on their devices in order to regain access to the Internet services.

  2. Tomi Engdahl says:

    the government is essentially launching a “man in the middle” attack on every resident of the country

    The root certificate in question, labeled as “trusted certificate” or “national security certificate,” if installed, allows ISPs to intercept and monitor users’ encrypted HTTPS and TLS connections, helping the government spy on its citizens and censor content.

  3. Tomi Engdahl says:

    Kazakhstan government is now intercepting all HTTPS traffic

    Kazakh government first wanted to intercept all HTTPS traffic way back in 2016, but they backed off after several lawsuits.

  4. Tomi Engdahl says:

    My browser, the spy: How extensions slurped up browsing histories from 4M users
    Have your tax returns, Nest videos, and medical info been made public?

    When we use browsers to make medical appointments, share tax returns with accountants, or access corporate intranets, we usually trust that the pages we access will remain private. DataSpii, a newly documented privacy issue in which millions of people’s browsing histories have been collected and exposed, shows just how much about us is revealed when that assumption is turned on its head.

    DataSpii begins with browser extensions—available mostly for Chrome but in more limited cases for Firefox as well—that, by Google’s account, had as many as 4.1 million users.

  5. Tomi Engdahl says:

    No, You Don’t Need a Burner Phone at a Hacking Conference

    Every year, infosec Twitter debates whether people should bring a burner phone to conferences like Def Con or Black Hat. Here’s why we think you don’t need to worry about that.

  6. Tomi Engdahl says:

    Hackers breach FSB contractor, expose Tor deanonymization project and more

    SyTech, the hacked company, was working on research projects for the FSB, Russia’s intelligence service.

    Hackers stole 7.5TB of data from the contractor’s network, and they defaced the company’s website with a “yoba face,” an emoji popular with Russian users that stands for “trolling.”

    Hackers posted screenshots of the company’s servers on Twitter and later shared the stolen data with Digital Revolution, another hacking group who last year breached Quantum, another FSB contractor.

  7. Tomi Engdahl says:

    Met Police website hacked, tweets ‘F*CK THE POLICE’

    It appears hackers briefly took over UK Metropolitan Police’s website

  8. Tomi Engdahl says:

    Russia’s Secret Intelligence Agency Hacked: ‘Largest Data Breach In Its History’

    Red faces in Moscow this weekend, with the news that hackers have successfully targeted FSB—Russia’s Federal Security Service. The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world. The data was passed to mainstream media outlets for publishing.

  9. Tomi Engdahl says:

    Office 365 declared illegal in German schools due to privacy risks
    Microsoft’s future in Germany is in question again.

  10. Tomi Engdahl says:

    Although the press release specifically targets Office 365, it notes that competing Apple and Google cloud suites also do not satisfy German privacy regulations for use in schools.

  11. Tomi Engdahl says:

    VoIP’s Big Security Problem? It’s SIP

    Session Initiation Protocol (SIP) is essential for most forms of Voice-over-IP (VoIP) communications, but by itself, it’s insecure and easily hacked. Here’s what you need to know to protect your calls and your network.

  12. Tomi Engdahl says:

    Russian FSB Intel Agency Contractor Hacked, Secret Projects Exposed

    A contractor for the Russian Federal Security Service (FSB) has been hacked and secret projects that were being developed for the intelligence agency were leaked to Russian Media.

    In addition, BBC Russia reports that the hackers stole 7.5TB of data from the contractor’s network. This data includes information about numerous non-public projects that were being developed by Sytech on behalf of the Russian government and its intelligence agency.

  13. Tomi Engdahl says:

    FTC hits Equifax with fine of up to $700M for 2017 data breach

    Credit agency Equifax will pay up to $700 million in fines as part of a settlement with federal authorities over a data breach in 2017.

    700 million looks like a lot of money, but when looking this way the settlement money does not look big at all:

    Equifax settlement for data breach will only cost it $4 per person

    There are concerns the penalty is just a drop in the bucket.

  14. Tomi Engdahl says:

    Cyber threats from the U.S. and Russia are now focusing on civilian infrastructure

    Targeting civilian infrastructure opens a dangerous new front in cyber hostilities between the U.S.
    Joe Cheravitch
    5 hours ago

  15. Tomi Engdahl says:

    ‘My job application was withdrawn by someone pretending to be me’

  16. Tomi Engdahl says:

    Haven’t had time to read FaceApp’s 37 minute long terms and conditions ? Don’t worry, Man did and he breaks it down, exploring the A.I. FaceApp, it’s connection to Russian Intelligence and the potential of using it to advance digital tribalism on the World Wide Web.

    FaceApp: Russiagate 2.0, Tribalism, KGB, VR, AI, Facial Recognition
    An episode of Man Behind The Machine

  17. Tomi Engdahl says:

    RDP exposed: the wolves already at your door

    For the last two months the infosec world has been waiting to see if and when criminals will successfully exploit CVE-2019-0708, the remote, wormable vulnerability in Microsoft’s RDP (Remote Desktop Protocol), better known as BlueKeep.

    The expectation is that sooner or later a BlueKeep exploit will be used to power some self-replicating malware that spreads around the world

    criminals around the world are already abusing RDP successfully every day,

    Many of the millions of RDP servers connected to the internet are protected by no more than a username and password, and many of those passwords are bad enough to be guessed

    criminal markets selling both stolen RDP credentials and compromised computers. The technique is so successful that the criminals crippling city administrations, hospitals, utilities and enterprises with targeted ransomware attacks, and demanding five- or six-figure ransoms, seem to like nothing more

    They set up ten geographically dispersed RDP honeypots and sat back to observe. One month and over four million password guesses later they switched off the honeypots, just as CVE-2019-0708 was announced.

    The low interaction honeypots were Windows machines in a default configuration, hosted on Amazon’s AWS cloud infrastructure. They were set up to log login attempts while ensuring attackers could never get in

    The first honeypot to be discovered was found just one minute and twenty four seconds after it was switched on. The last was found in just a little over 15 hours.

    Between them, the honeypots received 4.3 million login attempts at a rate that steadily increased

    While the majority of attacks were quick and simple attempts to dig out an administrator password with a very short password list, some attackers employed more sophisticated tactics.

    What to do?
    RDP password guessing shouldn’t be a problem – it isn’t new, and it isn’t particularly sophisticated – and yet it underpins an entire criminal ecosystem.

    In theory, all it takes to solve the RDP problem is for all users to avoid really bad passwords. But the evidence is they won’t

    While there are a number of things that administrators can do to harden RDP servers, most notably two-factor authentication, the best protection against the dual threat of password guessing and vulnerabilities like BlueKeep is simply to take RDP off the internet. Switch off RDP where it isn’t absolutely necessary, or make it accessible only via a VPN (Virtual Private Network) if it is.

  18. Tomi Engdahl says:

    There is nothing newsworthy in the projects exposed here, everything was known or expected. The fact of the breach itself, its scale and apparent ease is of more note. Contractors remain the weak link in the chain for intelligence agencies worldwide—to emphasize the point, just last week, a former NSA contractor was jailed in the U.S. for stealing secrets over two decades. And the fallout from Edward Snowden continues to this day.

  19. Tomi Engdahl says:

    U.S. attorney general William Barr says Americans should accept security risks of encryption backdoors

    U.S. attorney general William Barr has said consumers should accept the risks that encryption backdoors pose to their personal cybersecurity to ensure law enforcement can access encrypted communications.

  20. Tomi Engdahl says:

    Facebook and Google track what porn you’re watching, even when you’re in incognito

    Porn sites are riddled with web trackers, including from Google, Facebook, and Oracle, according to researchers at Microsoft, Carnegie Mellon, and the University of Pennsylvania.

    Google and Facebook said data from these trackers was not used to build marketing profiles of users.

  21. Tomi Engdahl says:

    NSA Forms Cybersecurity Directorate Under More Assertive U.S. Effort

    The National Security Agency will create a cybersecurity directorate later this year as part of a wider effort to more closely align the agency’s offensive and defensive operations, U.S. officials said.

  22. Tomi Engdahl says:

    Hacked Bluetooth hair straighteners are too hot to handle

    What do cigarettes, candles, and faulty electrical appliances have in common with one another?

    The answer is they are among the top causes of house fires in countries such as the US and UK.

    hair straighteners.

    They get hot (235 degrees Celsius, or 455 degrees Fahrenheit) and are easy to leave turned on inadvertently, which together explains why Hampshire Fire and Rescue estimates that up to 2016 they have been responsible for as many as 650,000 house fires in the UK alone.

    Correct: Pen Test Partners researcher Stuart Kennedy found enough weaknesses to remotely override the product’s chosen temperature setting as someone is using it. Writes Kennedy:

    For instance, if somebody was using the straighteners at 120°C and had a sleep time of say 5 mins after use, you could change that to 235°C and 20 mins sleep time.

    What went wrong when the Glamoriser had the smart stuff added?

    just fire up the app on their own phone and do the whole thing from there as long as the owner wasn’t connected or is out of range.

    It’s not dissimilar to the case of hot tub hacking, another IoT calamity

  23. Tomi Engdahl says:

    Researchers spotlight the lie of ‘anonymous’ data

    Researchers from two universities in Europe have published a method they say is able to correctly re-identify 99.98% of individuals in anonymized datasets with just 15 demographic attributes.

  24. Tomi Engdahl says:

    Siemens contractor pleads guilty to planting logic bomb in company spreadsheets

    Logic bomb would crash spreadsheets after a certain date, resulting in Siemens hiring the contractor to fix the latest bugs.

  25. Tomi Engdahl says:

    VLC Media Player Plagued By Unpatched Critical RCE Flaw

    According to NIST, the bug ranks 9.8 out of 10 on the CVSS 3.0 scale, making it critical severity. Despite the level of severity, no patch is currently available for the vulnerability.

  26. Tomi Engdahl says:

    Report: NSO Group’s Pegasus Spyware Can Break Into Cloud Services, Transmit User Data to Servlet

    Israeli spyware company NSO Group’s powerful Pegasus malware—the same spyware implicated in a breach of WhatsApp earlier this year—is capable of scraping a target’s data from the servers of Apple, Google, Amazon, Facebook, and Microsoft, according to a report in the Financial Times on Friday.

  27. Tomi Engdahl says:

    Flaws in widely used corporate VPNs put company secrets at risk

  28. Tomi Engdahl says:

    Kazakhstan government is now intercepting all HTTPS traffic

    Kazakh government first wanted to intercept all HTTPS traffic way back in 2016, but they backed off after several lawsuits.


Leave a Comment

Your email address will not be published. Required fields are marked *