Cyber security news August 2019

This posting is here to collect cyber security news in August 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.



  1. Tomi Engdahl says:

    Warning Issued For Millions Of Microsoft Windows 10 Users

    Microsoft Confirms Update Warning For Windows 10, Windows 8.1 And Windows 7 Users

    The latest Patch Tuesday update from Microsoft included several critical security fixes. Unfortunately, as Microsoft has now confirmed, it also borked some things. If you haven’t applied that August 13 update and are running on Windows 10, Windows 8.1 or Windows 7, you may want to read this before you do.

    “After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an “invalid procedure call error,” Microsoft has stated.

  2. Tomi Engdahl says:

    Hackers can turn headphones into ‘acoustic weapons,’ cybersecurity expert warns

    Speakers on your phone, computer and other internet-connected devices could be hacked and used to wreak havoc on your eardrums, warns a new investigation.

    A cybersecurity expert claims to have conducted a malware test that found everyday items like headphones could be turned into “acoustic weapons.”

    Blasting music at really high volumes is dangerous because it can cause conditions like tinnitus, psychological issues of even deafness.

    He also observed that the components in the smart speaker started to melt four or five minutes into his malware attacks and were permanently damaged.

    emit frequencies could be used to track someone’s movements

  3. Tomi Engdahl says:

    Modifying a Tesla to Become a Surveillance Platform

    The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car’s built-in cameras­ — the same dash and rearview cameras providing a 360-degree view used for Tesla’s Autopilot and Sentry features­ — into a system that spots, tracks, and stores license plates and faces over time.

  4. Tomi Engdahl says:

    Dozens of Nigerian nationals arrested in California over alleged $68m love scam

    The FBI has charged 80 mostly Nigerian nationals in a $US46-million case
    The alleged criminal network targeted the elderly and people susceptible to romance scams
    14 defendants were arrested in LA on Thursday while others were still on the run

  5. Tomi Engdahl says:

    Hackers are actively trying to steal passwords from two widely used VPNs

    The pre-authorization file-reading vulnerabilities resided in the Fortigate SSL VPN, installed on about 480,000 servers, and the competing Pulse Secure SSL VPN, installed on about 50,000 machines, researchers from Devcore Security Consulting reported.

    Patches for the Fortigate VPN became available in May and in April for Pulse Secure. But installing the patches can often cause service disruptions that prevent businesses from carrying out essential tasks

    Over the past 36 hours, hackers have started spraying the Internet with code that attempts to opportunistically exploit that

    Earlier this month, two samples of exploit code for CVE-2018-13379, as the vulnerability is tracked, became publicly available

  6. Tomi Engdahl says:

    Windows Users Warned To Update Now As ‘Complete Control’ Hack Attack Confirmed

    The barrier for entry to the Windows compromise club has been lowered by a free attack tool from the dark web

  7. Tomi Engdahl says:

    Matt Burgess / WIRED UK:
    FireEye: China-linked hacking groups are increasingly targeting healthcare systems to obtain medical research data and the IP for medical devices

    China’s hackers are ransacking databases for your health data

    New research shows cyber espionage groups linked to China are targetting medical research data and the intellectual property for medical devices

  8. Tomi Engdahl says:

    Freedom to Tinker:
    Chrome team’s idea for a new, but still cookie-based, anti-tracking standard is technically disingenuous and aimed at protecting Google’s business interests

    Deconstructing Google’s excuses on tracking protection

    Blocking cookies is bad for privacy. That’s the new disingenuous argument from Google, trying to justify why Chrome is so far behind Safari and Firefox in offering privacy protections. As researchers who have spent over a decade studying web tracking and online advertising, we want to set the record straight.

    Our high-level points are:

    1) Cookie blocking does not undermine web privacy. Google’s claim to the contrary is privacy gaslighting.

    2) There is little trustworthy evidence on the comparative value of tracking-based advertising.

    3) Google has not devised an innovative way to balance privacy and advertising; it is latching onto prior approaches that it previously disclaimed as impractical.

    4) Google is attempting a punt to the web standardization process, which will at best result in years of delay.

  9. Tomi Engdahl says:

    So they actually do work

    Hong Kong Protester Lasers Are Frying Photographers’ Cameras

    Protesters in Hong Kong are widely using handheld laser pointers in their anti-government demonstrations, and some photographers on the ground are reporting damaged sensors after their cameras were exposed to the powerful beams of light.

    Beams of green and blue light can be seen at protests being aimed at law enforcement and their cameras

    Hong Kong police are labeling the laser pointer an “offensive weapon”, saying it could potentially damage officers’ eyes and skin.

    “I’ve seen a lot of lasers used in combat but never like this,” Yon tells PetaPixel

  10. Tomi Engdahl says:

    Hacker Claims He Can ‘Turn Off 25,000 Cars’ At The Push Of A Button

    Hackers found a way to take over 25,000 car immobilizers and lock down all of them at once.

    Your car’s immobilizer is  supposed to be used for good. If a crook steals your car, it’s possible for you to connect to the immobilizer, which tracks the vehicle and allows you to stop anyone from turning on the engine. But with one particular immobilizer – the U.K.-made SmarTrack tool from Global Telemetrics – an easy-to-hack vulnerability meant it was simple for researchers at Pen Test Partners to turn on the immobilizer permanently, without the customer knowing a thing.

  11. Tomi Engdahl says:

    Protocol used by 630,000 devices can be abused for devastating DDoS attacks

    Security researchers warn that the WS-Discovery protocol is currently being abused for massive DDoS attacks.

    WS-Discovery is a multicast protocol that can be used on local networks to “discover” other nearby devices that communicate via a particular protocol or interface.

    Most notably, the protocol is used to support inter-device discovery and communications via the SOAP messaging format, using UDP packets — hence why it’s sometimes referred to as SOAP-over-UDP.

    WS-Discovery is not a common or well-known protocol, but it’s been adopted by ONVIF, an industry group that promotes standardized interfaces for interoperability of networked products.

    ONVIF members include Axis, Sony, Bosch, and others,


  12. Tomi Engdahl says:

    Sex robots with ‘coding errors’ prone to ‘violence and could strangle humans’

    Doll collector Brick Dollbanger fears what could happen if robots are not regulated

  13. Tomi Engdahl says:

    ISIS fighter killed by drone bomb he was operating after it ran low on battery and flew back

    And the Darwin Natural Selection Award go’s to this..

  14. Tomi Engdahl says:

    Researchers found a Trojan Dropper malicious module hidden within the Android app CamScanner downloaded over 100 million times by Google Play Store users.

  15. Tomi Engdahl says:

    2019 – Endpoint Protection Platforms Magic Quadrant

    #pentest #magazine #pentestmag #pentestblog #PTblog #endpoint #protection #platforms #cybersecurity #infosecurity #infosec

  16. Tomi Engdahl says:

    ‘Never, ever use a debit card,’ warns fraud expert and ex-con artist—here’s what to do instead

    Every year, millions of American consumers — nearly 7% of the population — are victims of scams and fraud. In 2017, the number of fraud victims in the US reached 16.7 million, with $16.8 billion lost.

    My story, which is depicted in my 1980 memoir, “Catch Me If You Can,” gave me a wider audience to talk about fraud prevention.

    Identity theft is the deliberate use of someone else’s identity (e.g., name, address, Social Security number, bank accounts) to get money and credit, obtain employment, steal property, falsify educational and other credentials, access healthcare and more.

    It’s not harder. In fact, it’s about 4,000 times easier today than it was then.

    Identify thieves love technology because it gives them a convenient pathway to the details of your life.

    Want to avoid identity theft? Never, ever use a debit card. I don’t own one. I never have and I never will. I don’t recommend them to anyone

    As I said at the Google talk, a debit card is certainly and truly the worst financial tool ever given to the American consumer. Why? It’s simple: Every time you use one, you put your money and your bank account at risk.

    Instead, use a credit card. I use one for practically all of my purchases, even when I’m traveling abroad.

    If there’s a large data breach (and you know that there will be) and a criminal does somehow get my credit card number and charges $1 million on it, I’m protected and my credit card company will cancel the card

    I won’t be responsible for any purchases made.

    Also, keep your check-writing to a minimum

  17. Tomi Engdahl says:

    US border officials are increasingly denying entry to travelers over others’ social media

    Travelers are increasingly being denied entry to the United States as border officials hold them accountable for messages, images and video on their devices sent by other people.

    It’s a bizarre set of circumstances that has seen countless number of foreign nationals rejected from the U.S. after friends, family or even strangers send messages, images or videos over social media sites like Facebook and Twitter, and encrypted messaging apps like WhatsApp, which are then downloaded to the traveler’s phone.

  18. Tomi Engdahl says:

    This is a dangerous “new” vector for malware and its getting very popular! Be extremely weary if an app changes ownership. Chinese companies are targeting popular apps, buying them then adding malware to the code. MANY PEOPLE GET AUTOMATICALLY UPDATED TO THE DANGEROUS CODE.

    Earlier this week, BuzzFeed News reported how apps on the Play Store from Chinese firm DO Global regularly committed click fraud — automatically clicking on ads on behalf of users. Google has already removed apps and suspended accounts owned by DO Global, and it appears ES File Manager may be part of the ongoing crackdown

  19. Tomi Engdahl says:

    Amazon’s home security company Ring is opening up about just how many police departments it’s partnered with across the country. Today the company published a map showing hundreds of departments with which it’s inked deals.

  20. Tomi Engdahl says:

    Harvard student denied entry into US due to friends’ social media posts

    Ismail Ajjawi reportedly had his visa canceled after hours of questioning at Boston’s airport.

  21. Tomi Engdahl says:

    The new mobile phone scam delivering a problem

    “Delivery scams are just one of the increasingly sophisticated methods fraudsters are using to leave victims out of pocket,” warned Adam French, Which? consumer rights expert.

  22. Tomi Engdahl says:

    Facial recognition in King’s Cross prompts call for new laws

  23. Tomi Engdahl says:

    The Hong Kong Internet Service Providers Association warns that restricting online access would be ruinous for the region

  24. Tomi Engdahl says:

    The police know what you’ll do next summer

    When police use crime-predicting algorithms, they risk bringing into being the world they foresee.

  25. Tomi Engdahl says:

    TSA Launches Facial Recognition Pilot at Las Vegas Airport

    The agency will assess how the tech verifies travelers’ live facial images against pictures taken from travelers’ identity documents.

    The Transportation Security Administration will conduct a short term proof of concept in Las Vegas’ McCarran International Airport to examine how effective facial recognition technology could be at automating travelers’ identity verification

  26. Tomi Engdahl says:

    Five More Hackers Become Millionaires on HackerOne

    HackerOne says that five more hackers have become millionaires after reporting security vulnerabilities through the vulnerability coordination and bug bounty platform.

  27. Tomi Engdahl says:

    Climate activists plan to use drones to shut down Heathrow Airport next month

    A UK group of climate activists is planning to fly drones close to Heathrow Airport next month in a direct action they hope will shut down the country’s largest airport for days or even longer.

  28. Tomi Engdahl says:

    Ransomware hits hundreds of dentist offices in the US

    Ransomware group gains access to dental software backend, deploys ransomware on customers’ systems

  29. Tomi Engdahl says:

    The Department of Justice said today that a federal grand jury has indicted software engineer Paige Thompson on two counts related to the Capital One data breach that affected over 100 million customers. The charges in the indictment carry penalties of up to 25 years in prison. Thompson will be arraigned in U.S. District Court in Seattle on Sept. 5.

  30. Tomi Engdahl says:

    India school-leaving exam: The controversy that cost 23 lives

    At least 23 teenagers in the southern Indian state of Telangana have killed themselves since their school-leaving exam results were announced in April. BBC Telugu’s Deepthi Bathini explains why the results have become controversial.

    In the days following the announcement of the exam results, shocked students and parents protested, alleging there had been errors in marking and demanded the exams be marked again.

    It seems there was a mistake in updating the scores. Board officials said Globarena was not involved in the re-evaluation process.

  31. Tomi Engdahl says:

    After reading many articles about other Android developers horror stories, my Google Play Publisher account has been terminated… and I don’t really know why… which doesn’t really matter because I had no time to fix it.

  32. Tomi Engdahl says:

    Some of Russia’s surveillance tech leaked data for more than a year

    Security researcher finds that some of Russia’s SORM wiretapping equipment had been leaking user data.

    A Russian security researcher has found that hardware equipment meant to be used by Russian authorities to intercept internet traffic had been leaving data exposed on the internet.

    But in a talk at the Chaos Constructions security conference last Sunday, on August 25, a Russian security researcher named Leonid Evdokimov revealed that some of these wiretapping devices have been leaking data.

    Evdokimov said he found 30 SORM devices installed on the network of 20 Russian ISPs that were running FTP servers that were not secured with a password.

    These FTP servers contained traffic logs from past law enforcement surveillance operations

  33. Tomi Engdahl says:

    Another Android Fraud Warning: 1.5M Users Are Being Forced To Click Ads

    This time it’s from cybersecurity giant Symantec, which said that as many as 1.5 million Android users are having ads clicked for them in what appears to be shady practices by apps hosted on Google Play.

  34. Tomi Engdahl says:

    A fifth of the Dark Web is down

    The Anonymous hacktivist group hacked the popular Dark Web hosting provider Freedom Hosting II. Roughly 10,613 .onion sites leveraging on the service have taken down.

  35. Tomi Engdahl says:

    Y’all ready for the NSA to protect us from ourselves?[](

  36. Tomi Engdahl says:

    How an NSA researcher plans to allow everyone to guard against firmware attacks

  37. Tomi Engdahl says:

    How one teenager took out a secure Pentagon file sharing site

    By last October, the Pentagon’s Vulnerability Disclosure Program had processed thousands of loopholes in the Department of Defense’s websites.

    Then it received a report from Jack Cable.

    Cable found in the DoD’s secure filing system stood out. He discovered a vulnerability known as an “insecure direct object reference,” which involves brute forcing reference numbers in the URL to access different files without authentication.

  38. Tomi Engdahl says:

    Google says hackers have put ‘monitoring implants’ in iPhones for years

    Visiting hacked sites was enough for server to gather users’ images and contacts

  39. Tomi Engdahl says:

    The French law enforcement agency, National Gendarmerie, today announced the successful takedown of one of the largest wide-spread RETADUP botnet malware and how it remotely disinfected more than 850,000 computers worldwide with the help of researchers.

    discovered a design flaw in the malware’s C&C protocol that could have been exploited to remove the malware from victims’ computer without executing any extra code.
    However, to do that, the plan required researchers to have control over the malware’s C&C server, which was hosted with a hosting provider located in the Ile-de-France region in north-central France.

  40. Tomi Engdahl says:

    Consumer Grade Anarchy

    At the tail end of 2018, a terrorist incident in the UK managed to shut down an international airport.
    No-one knows who the perpetrators were, or what their motivations may have been, but the person or persons behind the Gatwick drone fiasco of 19 – 20 December 2018 cost airline companies in excess of $60 million, as well as disrupting the everyday lives of more than 100,000 travelers.

    It was easy to do, and for the perpetrator, it was cheap.

  41. Tomi Engdahl says:

    Warning Over Terrorist Attacks Using Drones Given By EU Security Chief

    This is not new news—the threat from a drone attack on a crowded space in the West has been focusing security minds for some time now. And the real fear from a drone attack is that a chemical or biological payload could be delivered into the midst of a crowded space with relative ease. The challenge with such attacks has always been delivery. A drone takes that challenge away.


Leave a Comment

Your email address will not be published. Required fields are marked *