Cyber security news September 2019

This posting is here to collect cyber security news in September 2019.

I post links to security vulnerability news to comments of this article.

If you are interested in cyber security trends, read my Cyber security trends 2019 posting.

You are also free to post related links.




  1. Tomi Engdahl says:

    Sophos open-sources Sandboxie, an utility for sandboxing any application
    Sandboxie is now a free download. Source code to be open-sourced at a later date.

  2. Tomi Engdahl says:

    “SIM Swap” and Its Effects on SMS Based Authentication

    As providers of centralized access to enterprise and consumer apps and resources, Identity and Access Management (IAM) vendors play a crucial role in providing controls to detect and remediate SIM Swap account takeovers.

  3. Tomi Engdahl says:

    “SIM Swap” and Its Effects on SMS Based Authentication

    As providers of centralized access to enterprise and consumer apps and resources, Identity and Access Management (IAM) vendors play a crucial role in providing controls to detect and remediate SIM Swap account takeovers.

  4. Tomi Engdahl says:

    After Payroll Provider Collapses, Banks Drain Employee Accounts

    MyPayrollHR collapse stirs allegations, questions, anger

    The problems created by the closing of MyPayrollHR may take a long time to resolve. The FBI has been contacted and lawsuits are expected. Employers are trying to clean up the mess.

  5. Tomi Engdahl says:

    RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

    Many computers emit a high-pitched noise during operation, due to vibration in some of their electronic components. These acoustic emanations are more than a nuisance: they can convey information about the software running on the computer and, in particular, leak sensitive information about security-related computations.

  6. Tomi Engdahl says:

    Someone Used the Domino’s Pizza App to SWAT a California Home

    Victims of these acts have been seriously injured and even killed by police officers who have responded to the phony emergency calls.

  7. Tomi Engdahl says:

    How Hackers Are Spying on US & Canadian Special Forces

    The United States military has over 2 million uniformed members.

    In reality, however, a mere 2% of that force – an elite group known as Special Operations Forces (SOF) – are fighting more and more of America’s battles.

    In fact, Special Operations troops execute missions in over 80 countries on a continual basis.

    while the SOF (and other military forces) have access to traditional field communications – think radios – they also have access to many of the same communications tools used by civilian work teams and individuals.

    These commercial (COTS) digital comms tools are useful to SOF teams

    WhatsApp, Telegram, and Signal are the COTS apps of choice for many SOF teams.

    And even though those app companies like to tout their supposed security credentials, they are all subject to serious INFOSEC flaws.

  8. Tomi Engdahl says:

    ‘Why won’t Microsoft spy for the US?’ Trump adviser’s query, recounted in exec’s book, shows need for global norms in tech

  9. Tomi Engdahl says:

    Cyber Warfare: U.S. General Warns Of Danger From Terrorist ‘Dirty Bomb’ Attack

    The most serious cyber warfare threats facing the West come from China and Russia, that much is undebatable, with Iran and North Korea a step or two behind.

    Much of the cyber threat focused on military, critical infrastructure and commercial targets in the West is developed by so-called Advanced Persistent Threat (APT) groups allied with and funded by nation state agencies, but not embedded within them. We have seen these often arms-length entities double-hat their activities, conducting likely state-mandated operations while freelancing for personal gain as well.

  10. Tomi Engdahl says:

    How To Find Out In Five Seconds If Your Online Accounts Have Been Breached

    good place to check is Enter your personal and work email addresses and it will tell you all of the potential sites where your credentials have been likely compromised,” says Barlow. “Most people find that they’ve been compromised on multiple sites.”

  11. Tomi Engdahl says:

    What Are The Biggest Challenges In Cybersecurity Right Now?

    The cybersecurity war continues to be very asymmetric. Attackers are relentless with the speed and volume of their threats. They collaborate and share information. They have toolkits available on easy to access marketplaces that enable other attackers to customize their attacks, increasing the number of threat actors globally. The attacker needs to be right just once, and has the advantage of time to find the weakest link/point in an enterprise.

  12. Tomi Engdahl says:

    New Cyber Warning: ISIS Or Al-Qaeda Could Attack Using ‘Dirty Bomb’

    With this in mind, Stewart has warned that if al-Qaeda or ISIS were able to purchase cyberattack capabilities or even services from such a group then swathes of critical infrastructure could be at risk. Russia and China have such capabilities, but play the balance between impact and implications—causing damage but stopping short of prompting devastating repercussions. Terror groups have no such constraints and often operate at the margins of their capabilities.

    Stewart singled out power grids as a particular danger, and one can only imagine the war-gaming and theorizing around such an attack within Cyber Command during his tenure. “Losing power for an extended period of time,” he warned, “is not just about inconvenience,” with hospitals and cold supply chains at particular risk. We have seen attacks on power companies and assets from both East and West. It has become something of a frontline.

  13. Tomi Engdahl says:

    Joseph Menn: “How the Cult of the Dead Cow Helped Shape Modern Cybersecurity” | Talks at Google

  14. Tomi Engdahl says:

    Whoa, bot wars: As cybercrooks add more AI to their arsenal, the goodies will have to too
    The future is automated, says Trend Micro bod

    Infosec techies should prepare to both fend off AI attacks and welcome the technology into their armoury of tools, reckons Trend Micro’s director of cybercrime research.

    The security world is standing on the brink of an AI-powered arms race

  15. Tomi Engdahl says:

    Drone attacks strike major Saudi Aramco facility, oilfield

    Saudi Arabia: major fire at world’s largest oil refinery after drone attack

    Drones attacked the world’s largest oil processing facility in Saudi Arabia and a major oilfield operated by Saudi Aramco early on Saturday, the kingdom’s interior ministry said, sparking a huge fire at a processor crucial to global energy supplies

  16. Tomi Engdahl says:

    The world’s largest oil plant in Saudi Arabia was attacked by 10 explosive drones ahead Aramco’s plans for the biggest IPO ever

  17. Tomi Engdahl says:

    “After an alleged drone attack struck a giant refinery and one of its major oil fields, Saudi Arabia’s Interior Ministry announced on Saturday that the government would shut-in half of its national oil production. At current production levels, that would amount to roughly 5 million barrels of oil per day, or 5% of global crude production, suddenly being taken off the market.”

  18. Tomi Engdahl says:

    Protect yourself from the hidden costs of free Wi-Fi

    If a Wi-Fi connection is free and open to you, it’s also free and open to hackers. Firefox Private Network is a desktop extension that helps secure and protect your connection everywhere you use Firefox. Try it free during our beta trial.

  19. Tomi Engdahl says:

    SYDNEY (Reuters) – Australian intelligence determined China was responsible for a cyber-attack on its national parliament and three largest political parties before the general election in May, five people with direct knowledge of the matter told Reuters.

  20. Tomi Engdahl says:

    Exclusive: Russia carried out a ‘stunning’ breach of FBI communications system, escalating the spy game on U.S. soil

  21. Tomi Engdahl says:

    Microsoft has a quality control problem. Right now, Windows 10 updates are a minefield with some updates causing more problems than they fix. And now new warnings suggest Microsoft’s latest Window 10 updates might be one of the worst. 

  22. Tomi Engdahl says:

    125 New Flaws Found in Routers and NAS Devices from Popular Brands
    September 17, 2019

  23. Tomi Engdahl says:

    The Facebook page ‘Vets for Trump’ was hijacked by a North Macedonian businessman. It took months for the owners to get it back.

    Then in March, say its longtime operators, a North Macedonian businessman hijacked it, leaving the Americans to watch helplessly as their page began operating under foreign control. Their messages seeking help from Facebook led to months of miscommunication and inaction.

    The saga of Vets for Trump is a case study in how misinformation and political activism can become intertwined, and how the line between domestic and foreign actors can blur in an online world where social media accounts can be bought, sold and even hijacked. Ferreting out misinformation could become even harder ahead of the election as Facebook expands its private “groups,” which are less transparent than “pages” such as Vets for Trump.

  24. Tomi Engdahl says:

    By exploiting the WS-Discovery protocol, a new breed of DDoS attack can get a huge rate of return.
    One of the trickiest things about stopping DDoS attacks is that hackers constantly develop new variations on familiar themes. Take a recent strike against an unnamed gaming company, which used an amplification technique to turn a relatively tiny jab into a digital haymaker.
    On Wednesday, researchers from Akamai’s DDoS mitigation service Prolexic detailed a 35 gigabit per second attack against one of its clients at the end of August. Compared to the most powerful DDoS attacks ever recorded, which have topped 1 terabit per second, that might not sound like a lot. But the attackers used a relatively new technique—one that can potentially yield a more than 15,000 percent rate of return on the junk data it spews at a victim.

  25. Tomi Engdahl says:

    Madhumita Murgia / Financial Times:
    Researchers: many streaming dongles and TVs, including those made Amazon, Roku, Samsung, and LG, are sending user data to firms such as Netflix and Facebook — The smart TVs in our homes are leaking sensitive user data to companies including Netflix, Google and Facebook even when some devices are idle …

    Smart TVs sending private data to Netflix and Facebook
    Two studies find devices share information on location and usage with advertisers

    the smart TVs in our homes are leaking sensitive user data to companies including Netflix, Google and Facebook even when some devices are idle, according to two large-scale analyses.

    a number of smart TVs, including those made by Samsung and LG, and the streaming dongles Roku and Amazon’s FireTV were sending out data such as location and IP address to Netflix and third-party advertisers.

    Amazon, Google, Akamai and Microsoft were the most frequently contacted companies, partly because these companies provide cloud and networking services for smart devices to operate on, the researchers said.

    Information Exposure for Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach.

  26. Tomi Engdahl says:

    Joseph Cox / VICE:
    Repo men are scanning and uploading locations of cars they drive past into DRN, a surveillance database of 9B license plates accessible by private investigators — Repo men are passively scanning and uploading the locations of every car they drive by into DRN, a surveillance database …

    This Company Built a Private Surveillance Network. We Tracked Someone With It

    Repo men are passively scanning and uploading the locations of every car they drive by into DRN, a surveillance database of 9 billion license plate scans accessible by private investigators.

  27. Tomi Engdahl says:

    Lauren Smiley / Wired:
    How data from the victim’s Fitbit and a neighbor’s Ring surveillance camera played a crucial role in the arrest of a 90-year-old suspect in a murder trial in CA

  28. Tomi Engdahl says:

    Zack Whittaker / TechCrunch:
    Documents found on an unprotected backup drive of a Nokia Networks employee shed light on Russia’s secret network surveillance system, known as SORM — A data leak exposes SORM surveillance at Russia’s top telco — In cities across Russia, large boxes in locked rooms are directly connected …

    Documents reveal how Russia taps phone companies for surveillance
    A data leak exposes SORM surveillance at Russia’s top telco

    In cities across Russia, large boxes in locked rooms are directly connected to the networks of some of the country’s largest phone and internet companies.

    These unsuspecting boxes, some the size of a washing machine, house equipment that gives the Russian security services access to the calls and messages of millions of citizens. This government surveillance system remains largely shrouded in secrecy, even though phone and web companies operating in Russia are forced by law to install these large devices on their networks.

    The documents were found on an unprotected backup drive owned by an employee of Nokia Networks (formerly Nokia Siemens Networks), which through a decade-long relationship maintains and upgrades MTS’s network — and ensures its compliance with SORM.

    Chris Vickery, director of cyber risk research at security firm UpGuard, found the exposed files and reported the security lapse to Nokia. In a report out Wednesday, UpGuard said Nokia secured the exposed drive four days later.

    “A current employee connected a USB drive that contained old work documents to his home computer,” said Nokia spokesperson Katja Antila in a statement. “Due to a configuration mistake, his PC and the USB drive connected to it was accessible from the internet without authentication.”

    Alexander Isavnin, an expert at Roskomsvoboda and the Internet Protection Society, told TechCrunch that work related to SORM, however, is “classified” and requires engineers to obtain special certifications for work. He added that it’s not uncommon for the FSB to demand telecom and internet companies buy and use SORM equipment from a pre-approved company of its choosing.

    The documents show that between 2016 and 2017, Nokia planned and proposed changes to MTS’s network as part of the telecom giant’s “modernization” effort.

  29. Tomi Engdahl says:

    Dan Goodin / Ars Technica:
    Researchers discover a weakness in the WS-Discovery protocol, found in over 800,000 IoT devices, that lets hackers amplify DDoS attacks — WSD is supposed to be confined to local networks. It’s not, and researchers are concerned. — Hackers have found a new way to amplify the crippling effects …

    Protocol found in webcams and DVRs is fueling a new round of big DDoSes
    WSD is supposed to be confined to local networks. It’s not, and researchers are concerned.

    Hackers have found a new way to amplify the crippling effects of denial-of-service technique by abusing an improperly implemented tool found in almost 1 million network-connected cameras, DVRs, and other Internet-of-things devices.

    The technique abuses WS-Discovery, a protocol that a wide array of network devices use to automatically connect to one another. Often abbreviated as WSD, the protocol lets devices send user datagram protocol packets over port 3702 that describe the device capabilities and requirements. Devices that receive the probes can respond with replies that can be tens to hundreds of times bigger.

    Researchers with content delivery network Akamai were recently in the process of investigating WSD amplification when a customer in the gaming industry was hit with just such an attack. At its peak, it generated 35Gb per second of junk traffic. That’s nowhere close to record-setting attacks of 620 Gbps in 2016 and 1.7Tb per second last year. Still, the new amplification method is concerning, in part because the pool of available devices—which Akamai estimates is more than 802,000—is so large.

    “It’s going to be pretty bad, especially once the bad guys figure it out,” Akamai researcher Chad Seaman told Ars. “It’s bad enough that most people should be concerned about being hit with it.

    A researcher with Netscout, meanwhile, told Ars the DDoS mitigation service has seen 1,000 WSD-based attacks in the past three months, 473 of them in the past 30 days. The biggest attack delivered about 150Gbps and about 35 million packets per second. In a recent report, Netscout said it first saw attacks in May. The technique can amplify bandwidth by about 300 fold.

  30. Tomi Engdahl says:

    Ryan Tracy / Wall Street Journal:
    Report: ~75 countries are using AI for surveillance and Huawei is providing surveillance tech in 50 countries, far more than its nearest competitor Hikvision

    World Catching Up With China on Surveillance Tech
    China leads world in facial-recognition and other new surveillance technologies, report says

  31. Tomi Engdahl says:

    The FBI Tried to Plant a Backdoor in an Encrypted Phone Network

    The FBI wanted a backdoor in Phantom Secure, an encrypted phone company that sold to members of the Sinaloa cartel, and which is linked to the alleged leaking of sensitive law enforcement information in Canada.

  32. Tomi Engdahl says:

    TurboTax Glitch Led To $216 Million Tax Bill For Thrift Store Worker

  33. Tomi Engdahl says:

    Thousands of Google Calendars Possibly Leaking Private Information Online

    “Warning — Making your calendar public will make all events visible to the world, including via Google search. Are you sure?”
    Remember this security warning? No?

  34. Tomi Engdahl says:

    Smart TVs, Subscription Services Leak Data to Facebook, Google

  35. Tomi Engdahl says:

    HP printers try to send data back to HP about your devices and what you print
    15 Sep 2019

    I noticed that the final step required the downloading of an app of some sort onto a phone or computer. This set off my crapware detector.

    Of course, in reality it was a way to try and get people to sign up for expensive ink subscriptions and/or hand over their email addresses, plus something even more nefarious that we’ll talk about shortly (there were also some instructions for how to download a printer driver tacked onto the end). This was a shame, but not unexpected. I’m sure that the HP ink department is saddled with aggressive sales quotas,

    they are confronted with their biggest test: the “Data Collection Notice & Settings”.

    In summary, HP wants its printer to collect all kinds of data that a reasonable person would never expect it to. This includes metadata about your devices, as well as information about all the documents that you print, including timestamps, number of pages, and the application doing the printing (HP state that they do stop short of looking at the contents of your documents).

    HP wants to use the data they collect for a wide range of purposes, the most eyebrow-raising of which is for serving advertising.

    At this point everything has become clear – the job of this setup app is not only to sell expensive ink subscriptions; it’s also to collect what apparently passes for informed consent in a court of law. I clicked the boxes to indicate “Jesus Christ no, obviously not, why would anyone ever knowingly consent to that”

    meaning of “Store anonymous usage information” includes “send analytics data back to HP’s servers so that it can be used for targeted advertising”

  36. Tomi Engdahl says:

    The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite
    At the Defcon hacking conference next year, the Air Force will bring a satellite for fun and glory.

  37. Tomi Engdahl says:

    The Strike On Saudi Oil Facilities Was Unprecedented And It Underscores Far Greater Issues

    Air defense systems aren’t magic and many currently have serious limitations when it comes to spotting and engaging drones and cruise missiles.

    don’t know how better to say it—there was some really shoddy and downright reckless reporting over the weekend on the Saudi oil infrastructure attacks.

    The post-strike satellite images provided by the U.S. Government clearly show just how precise the weapons used were, punching near-identical placed holes into major components of Saudi Arabia’s oil apparatus.

    the attacks could have come from any vector-based on impact information alone—Iraq, Yemen, Iran, or even a boat in the Persian Gulf. The weapons could even have been launched from within a nearby friendly country by clandestine forces

    Low-flying cruise missiles and slow-flying drones with small radar cross-sections remain a very problematic vulnerability to even the best integrated air defense systems on the planet.

    This is why electronic warfare—from jamming to microwave directed energy weapons—is so attractive for dealing with this threat. These systems have the potential to drop a whole swarm or large swathes of it in a way that kinetic systems cannot.

    The big takeaway is that this is just the beginning. You are getting a glimpse at the future of warfare in these satellite photos and quite honestly, considering how omnipresent this threat has become, we are lucky a couple busted up oil production facilities were the only result of such an eye-opening attack.

  38. Tomi Engdahl says:

    Inmates built computers hidden in ceiling, connected them to prison network
    Ohio prison’s lax supervision was akin to “an episode from Hogan’s Heroes.”

  39. Tomi Engdahl says:

    Windows 10 Warning As Microsoft Confirms Update Breaks Windows Defender

    Windows 10 update breaks Windows Defender

    Windows Defender was recently boosted by an industry-respected AV Test report that gave it a perfect rating alongside F-Secure Safe 17 and Norton Security 22 for home antivirus protection. The differentiator is that Windows Defender is a free solution that comes installed as part of Windows 10. This was excellent news for both Microsoft, which has been working hard to make Defender a top-notch security offering, and users who can get the best protection out there without splashing the cash. Until that is, Microsoft went and broke it with an update.

  40. Tomi Engdahl says:

    Medicine show: Crown Sterling demos 256-bit RSA key-cracking at private event
    Demo of crypto-cracking algorithm fails to convince experts.

    The video of the demonstration is here. (The video was briefly marked as private, but is now back again.)
    The demo was displayed from a MacBook Pro, but it appeared that it was being run in part via a secure shell session to a server. Grant claimed that the work could be used to “decrypt” a 512-bit RSA key in “as little as five hours” using what Grant described as “standard computing.”

  41. Tomi Engdahl says:

    Crown Sterling Claims to Factor RSA Keylengths First Factored Twenty Years Ago
    The press release goes on: “Crown Sterling also announced the consistent decryption of 512-bit
    asymmetric public key in as little as five hours also using standard computing.” They didn’t
    demonstrate it, but if they’re right they’ve matched a factoring record set in 1999.

  42. Tomi Engdahl says:

    New Linux kernel buffer overflow flaw QEMU-KVM reported!

    Kernel vulnerabilities can leave your infrastructure vulnerable, and therefore non-compliant.

    QEMU-KVM virtual instances using the vhost/vhost_net network back end use a kernel buffer to maintain a log of dirty pages. The bounds of this log are not checked by the kernel and can be made to overflow by forcing the virtual machine to migrate.

    This can happen when the VM is cloud-hosted and suffers a temporary resource surge or memory leak.

    This vulnerability is in all Linux kernels, from 2.6.34 to the most recent. The only known mitigation is to upgrade to the latest 5.3 kernel.

  43. Tomi Engdahl says:

    Hackers target transportation and shipping companies in new trojan malware campaign

    Previously unknown malicious tools are being deployed in cyberattacks being conducted by a group researchers have named xHunt – after anime references used in their campaigns.

  44. Tomi Engdahl says:

    Massive wave of account hijacks hits YouTube creators
    YouTube creators from the auto and car community were hit the hardest in what appears to be a coordinated attack.


Leave a Comment

Your email address will not be published. Required fields are marked *