This posting is here to collect cyber security news in December 2019.
I post links to security vulnerability news to comments of this article.
If you are interested in cyber security trends, read my Cyber security trends 2019 posting.
You are also free to post related links.
197 Comments
Tomi Engdahl says:
https://harpers.org/archive/2020/01/click-here-to-kill-dark-web-hitman/
Earlier that month, a user had logged on to Camorra Hitmen with the Tor browser—the most popular way to access the dark web—and created an account with the alias Mastermind365. Five days later, Mastermind365 sent a message asking whether it was possible for a hit man to carry out a kidnapping instead of a murder. The site’s administrator replied that it was, but it would be more expensive, because such an operation was riskier.
In the weeks after law enforcement alerted Stern to the hit, she received no updates on her case. If the FBI had learned anything new, the bureau wasn’t sharing it with her.
the reality of a murder plot was more unsettling than anything she had written. Both the FBI and DHS seemed hapless in the face of it, and Stern was becoming paranoid.
The idea of an online assassination market was conceived long before it was possible to build one, and long before there was anything resembling the dark web. In 1995, Jim Bell, an anarchist engineer who had studied at M.I.T. and worked at Intel, began writing a serialized essay titled “Assassination Politics” that proposed a theoretical framework for encouraging and crowdsourcing the murder of public officials.
The essay imagined a website or platform where users could anonymously nominate someone to be killed and pledge a dollar amount toward the bounty.
Implicit in the design was that the best way to predict when someone is going to die is to kill them yourself.
In 2013, a developer using the alias Kuwabatake Sanjuro created what he called the Assassination Market. It was built largely according to Bell’s specifications, with a system in place for submitting predictions and donations. In an interview with Forbes, Sanjuro said that his ultimate intent was to destroy “all governments, everywhere.”
July 2018—the same month that a hit was taken out on Alexis Stern—the Forecast Foundation, a nonprofit that promotes decentralized technologies, launched a user-friendly protocol called Augur that made it easy to set up blockchain-based prediction markets.
Monteiro has good reason to doubt law enforcement’s ability to handle highly technical investigations like these
June 2018, news came of a second death from the kill list.
Despite the repulsive intent, there’s an element of black comedy to some of the logs from Yura’s sites. For one thing, the users’ eagerness to believe the service is real leads them to ignore obvious signs that they are being scammed. Yura’s marketplaces, for example, use stock photos of assassins or photos pulled from Google image searches.
according to Monteiro, eight people have been arrested for ordering murders through Yura’s websites,
Murder marketplaces may force us to reexamine—and redefine—what constitutes criminal intent. Though judgments have been somewhat inconsistent, courts seem to regard making a payment of any amount as proof that the desire for harm is sincere.
David Wilson, a professor of criminology at Birmingham City University who studies contract killers, says that a surprising number of economically desperate young men are willing to take on these brutal jobs
Tomi Engdahl says:
https://medium.com/@sloane_ryan/im-a-37-year-old-mom-i-spent-seven-days-online-as-an-11-year-old-girl-here-s-what-i-learned-9825e81c8e7d
Tomi Engdahl says:
Web Cache Deception attacks still impact websites with ‘substantial
user populations’
https://www.zdnet.com/article/web-cache-deception-attacks-still-impact-websites-with-substantial-user-populations/
Two years after first being disclosed, web cache deception attacks
impact 25 of today’s most popular websites. Almost two years after
first being documented, Web Cache Deception attacks are still a major
issue, and they still impact many popular websites. New academic
research published this month reveals that 25 of the Alexa Top 5,000
websites are still impacted by Web Cache Deception (WCD) attacks.
Tomi Engdahl says:
Over 435K Security Certs Can Be Compromised With Less Than $3,000
https://www.bleepingcomputer.com/news/security/over-435k-security-certs-can-be-compromised-with-less-than-3-000/
After analyzing millions of RSA keys and certificates generated on low
entropy lightweight IoT devices, security researchers at Keyfactor
discovered that more than 435,000 of them shared their prime factors
making it easy to derive their private key and compromise them. RSA
keys are derived from random prime numbers (prime factors) and are
used to securely transfer data to a remote source by encrypting it
with the publicly available key, a process that only allows the remote
source to decrypt the information using a private key.. Also:
https://www.theregister.co.uk/2019/12/16/internet_of_crap_encryption/
Tomi Engdahl says:
Georgia voter check-in tablets no longer use default ’1234′ password, officials say
https://www.ajc.com/news/state–regional-govt–politics/georgia-voter-check-tablets-longer-use-default-1234-password-officials-say/PugVlxmFwJVdac5N4CoevN/
Tomi Engdahl says:
Don’t know if you’ve seen this.
A rather interesting way to respond. Retaliation through openness. Can it be the new way forward?
Hackers hit Norsk Hydro with ransomware. The company responded with transparency | Transform
https://news.microsoft.com/transform/hackers-hit-norsk-hydro-ransomware-company-responded-transparency/
Tomi Engdahl says:
Putin Still Uses Obsolete Windows XP, Report Says
https://www.themoscowtimes.com/2019/12/17/putin-still-uses-obsolete-windows-xp-report-says-a68639
Russian President Vladimir Putin appears to still use Microsoft’s discontinued Windows XP operating system.
Microsoft stopped releasing security updates for Windows XP and Office 2003, with occasional exceptions, in April 2014. Russian officials are technically banned from using foreign software as Moscow aims to protect national interests amid fears of foreign espionage and boost Russia’s tech industry.
Windows XP is installed both on Putin’s desktop in the Kremlin and at his official residence Novo-Ogaryovo west of Moscow, Open Media said, citing Kremlin press service photographs published this fall.
Putin avoids smartphones and has long viewed the internet with suspicion.
https://www.tivi.fi/uutiset/vladimir-putinin-koneella-edelleen-ikivanha-windows-kayttojarjestelma-tuki-loppui-ajat-sitten/292b068e-7a74-4d9e-958b-fc69abf4a6c3
Tomi Engdahl says:
Some other news sources on that:
https://www.theguardian.com/world/2019/dec/17/vladimir-putin-still-uses-obsolete-windows-xp-despite-hacking-risk
https://www.thedailybeast.com/kremlin-accidentally-reveals-vladimir-putin-still-uses-windows-xp
Tomi Engdahl says:
YES, SENDING KURT EICHENWALD A GIF CAN BE A CRIME
A tweet that gave the journalist an epileptic seizure isn’t covered by the First Amendment.
https://theoutline.com/post/8439/jail-assault-gif-kurt-eichenwald-seizure?zd=1&zi=hdofiqqj
In December 15, 2016, after appearing on Tucker Carlson’s show to argue about Trump, journalist Kurt Eichenwald opened his Twitter account at his home in Dallas to a tweet from a man named John Rivello. The tweet contained an animated, epileptogenic GIF, and that GIF — as intended — triggered a seizure for Eichenwald, who is epileptic.
Four months later, the Maryland-based Rivello was charged by both Dallas County, where Eichenwald lives, for assault with a deadly weapon and, briefly, by the Northern District of Texas under the federal cyberstalking statute.
Before this case, it would have seemed bizarre to think that a tweet could cause physical injury, but it turns out the world is pretty stupid and people are cruel. If a tweet can be manipulated to cause a seizure, the First Amendment isn’t at risk if the law adapts to criminalize those tweets.
tweeted an animated GIF at Eichenwald designed to trigger a seizure in people with epilepsy. Overlaid on the GIF, as a favor to any future jury who would have to consider his intent, was the phrase “YOU DESERVE A SEIZURE FOR YOUR POSTS.”
GIF played automatically and, as per Rivello’s plan, he suffered a seizure, which was declared in a follow up tweet from his wife. Further easing any doubt about his intent, Rivello allegedly told his online pals that he was going to do it, and then after he did it bragged about it.
that seizure left him vulnerable to additional ones; he had another a week later. The second one forced him to increase the dosage of his anti-convulsive medication, despite profoundly debilitating side effects, and he spent Christmas of 2016 in a sedated haze.
The original indictment explains the charges in one tight paragraph, alleging that Rivello:
intentionally, knowingly and recklessly cause[d] bodily injury … by inducing a seizure with an animated strobe image, knowing that the complainant was susceptible to seizures and that such animations are capable of causing seizures and said defendant did use and exhibit a deadly weapon, to-wit: a Tweet and a Graphics Interchange Format (GIF) and an Electronic Device and Hands.
Rivello and his counsel have been mounting a defense on First Amendment grounds.
PUNCHING SOMEONE IN THE FACE COMMUNICATES A MESSAGE, BUT IT ISN’T ONE PROTECTED BY THE FIRST AMENDMENT.
Rivello argues that he is being punished for his speech, but the text of his tweet is the one thing he’s not being charged for. The indictment spells it out pretty clearly: Rivello knew Eichenwald had epilepsy and he knew the GIF was capable of causing seizures. The act of tweeting brought the charge, not the message.
GIF intended to cause a debilitating seizure is, in fact, integral to the crime of assault.
On December 6, the prosecutor presented a new indictment, replacing the “deadly weapon” charge, with a lesser charge that the assault caused “serious bodily injury” and without the hate crime enhancement.
As we find new ways to hurt each other, the law will eventually catch up.
Tomi Engdahl says:
https://www.zdnet.com/article/russian-military-moves-closer-to-replacing-windows-with-astra-linux/
https://itsfoss.com/russia-switching-to-linux/
Tomi Engdahl says:
Any protected computer system is only as safe as whoever’s in charge of it, so hopefully that person doesn’t go rogue. Here’s a clear example: The Securities and Exchange Commission has charged an IT admin at Santa Clara-based Palo Alto Networks (PANW) and four others with an insider trading plot that reaped “over $7 million in illegal trading profits” at its apex in 2017, Reuters reported on Tuesday.
https://gizmodo.com/sec-doj-bust-alleged-insider-trading-scheme-by-it-admi-1840498101
Tomi Engdahl says:
New Orleans declares state of emergency following ransomware attack
https://techcrunch.com/2019/12/14/new-orleans-declares-state-of-emergency-following-ransomware-attack/
Tomi Engdahl says:
If You Think Encryption Back Doors Won’t Be Abused, You May Be a Member of Congress
https://reason.com/2019/12/16/if-you-think-encryption-back-doors-wont-be-abused-you-may-be-a-member-of-congress/
In the middle of a scandal over FISA surveillance, leaders want still more power to snoop on your secret stuff.
The FBI was way too lax when it sought a secret warrant to wiretap former Trump aide Carter Page. Yet some of the very same people who have been publicly aghast at the circumstances Page scandal are still trying to hammer companies like Apple and Facebook into compromising everybody’s data security to give law enforcement access to your stuff.
Tomi Engdahl says:
Visa Security Alert – CYBERCRIME GROUPS TARGETING FUEL DISPENSER
MERCHANTS
http://click.broadcasts.visa.com/xfm/?30761/0/0624013ddc6f39785bf56d504f3b812e/lonew
In summer 2019, Visa Payment Fraud Disruption (PFD) identified three
unique attacks targeting merchant point-of-sale (POS) systems that
were likely carried out by sophisticated cybercrime groups. Two of the
attacks targeted the POS systems of North American fuel dispenser
merchants. PFD recently reported on the observed increase of POS
attacks against fuel dispenser merchants, and it is likely these
merchants are an increasingly attractive target for cybercrime groups.
Track 1 and track 2 payment card data was at risk in the merchant’s
POS environments due to the lack of secure acceptance technology,
(e.g. EMV® Chip, Point-to-Point Encryption, Tokenization, etc.) and
non-compliance with PCI DSS.The activity detailed in this alert
highlights continued targeting of POS systems, as well as
targetedinterest in compromising fuel dispenser merchants to obtain
track . Read also:
https://usa.visa.com/dam/VCOM/global/support-legal/documents/visa-security-alert-attacks-targeting-fuel-dispenser-merchant-pos.pdf
Tomi Engdahl says:
BreakingApp WhatsApp Crash & Data Loss Bug
https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
Some of the latest news regarding WhatsApp vulnerabilities are
relating to a manipulation of the WhatsApp protocol using a tool built
by Check Point Research in order to validate WhatsApp security without
jeopardizing WhatsApp end to end encryption. This tool allows a user
to modify WhatsApp messages before being sent and change the general
parameters, such as participant’s phone number. Read also:
https://www.theregister.co.uk/2019/12/17/whatsapp_group_chat_crash_vulnerability/,
https://thehackernews.com/2019/12/whatsapp-group-crash.html
https://www.zdnet.com/article/this-whatsapp-bug-could-allow-hackers-to-crash-the-app-and-delete-group-chats-forever/,
https://www.wired.com/story/whatsapp-group-chat-crash-bug/
https://www.tivi.fi/uutiset/tv/bf84cbef-83f1-4916-9b01-ce6d23c4de0c
https://www.is.fi/digitoday/tietoturva/art-2000006345948.html
Tomi Engdahl says:
F-SECURE FINDS MAJOR VULNERABILITIES IN POPULAR WIRELESS PRESENTATION
SYSTEM
https://press.f-secure.com/2019/12/16/f-secure-finds-major-vulnerabilities-in-popular-wireless-presentation-system/
Security consultants warn that the devices we trust without a second
thought are attackers’ favorite targets.
Attackers
can use the flaws to intercept and manipulate information during
presentations, steal passwords and other confidential information, and
install backdoors and other malware. Barco’s ClickShare wireless
presentation system is a collaboration tool
ClickShare is a
market-leading wireless presentation system with a market share of 29%
according to FutureSource Consulting’s “Global wireless presentation
solutions 2019″ report.*. F-Secure Consulting’s Dmitry Janushkevich, a
senior consultant that specializes in hardware security, says the
popularity of these user-friendly tools make them logical targets for
attack, which is what compelled his team to investigate. Read also:
https://www.tivi.fi/uutiset/tv/495e810b-04c3-45b9-9dcf-ae55e7913469,
https://www.wired.com/story/dten-video-conferencing-vulnerabilities/
and
https://www.computerweekly.com/news/252475460/Barco-fixes-ClickShare-wireless-flaw-but-users-still-at-risk
Tomi Engdahl says:
Microsoftin neuvo: näin et kannusta kyberrikollisia
https://www.tivi.fi/uutiset/tv/7b29a743-3129-4564-ac1b-c77cc9b7c87e
Haittaohjelmien hyöky on pannut amerikkalaiset taas kerran
ihmettelemään sitä, pitäisikö lunnaiden vaatijoille maksaa vai ei.
Microsoft on ensi kertaa tehnyt oman kantansa selväksi: ei missään
nimessä. Ohjelmistojätin mukaan kaikkien organisaatioiden on syytä
varautua ajoissa kiristyshaittaohjelmien kaltaisiin hyökkäyksiin. Kyse
on ennemminkin “kun”- eikä “jos”-tilanteesta, Microsoft arvioi
yritysten tietoturvan yleistä tilaa. Lue myös:
https://www.zdnet.com/article/microsoft-we-never-encourage-a-ransomware-victim-to-pay/
Tomi Engdahl says:
TP-Link Router Bug Lets Attackers Login Without Passwords
https://www.bleepingcomputer.com/news/security/tp-link-router-bug-lets-attackers-login-without-passwords/
TP-Link patched a critical vulnerability impacting some of its Archer
routers that could allow potential attackers to void their admin
passwords and remotely take control of the devices over LAN via a
Telnet connection. “If exploited, this router vulnerability can allow
a remote attacker to take control of the router’s configuration via
Telnet on the local area network (LAN) and connect to a File Transfer
Protocol (FTP) server through the LAN or wide area network (WAN), ”
found IBM X-Force Red’s Grzegorz Wypych. To exploit this security
flaw, attackers have to send an HTTP request containing a character
string longer than the allowed number of bytes, with the result being
that the user password is completely voided and replaced with an empty
value.
Tomi Engdahl says:
Ransomware ‘Crisis’ in US Schools: More Than 1, 000 Hit So Far in 2019
https://www.darkreading.com/threat-intelligence/ransomware-crisis-in-us-schools-more-than-1000-hit-so-far-in-2019/d/d-id/1336634
Meanwhile, the mayor of the city of New Orleans says no ransom money
demands were made as her city struggles to recover from a major
ransomware attack launched last week. Ransomware attacks have
continued pummeling US schools, with 11 new school districts 226
schools hit since October, while major US cities such as New Orleans
and Pensacola gradually recover from attacks this month.
Tomi Engdahl says:
Facebook’s Tor Site Down for Over a Week Due to Expired TLS Cert
https://www.bleepingcomputer.com/news/security/facebooks-tor-site-down-for-over-a-week-due-to-expired-tls-cert/
Facebook has announced that its Tor gateway will be down for one to
two weeks due to an expired TLS certificate. This is a bit strange as
it normally should not take two weeks to renew a certificate.
Tomi Engdahl says:
Lazarus pivots to Linux attacks through Dacls Trojan
https://www.zdnet.com/article/lazarus-pivots-to-linux-attacks-through-dacls-trojan/
Lazarus, an advanced persistent threat (APT) group, has expanded its
reach with the development and use of a Trojan designed to attack
Linux systems.
Tomi Engdahl says:
South Korean industrial giants slammed in active info-stealing APT
campaign
https://www.zdnet.com/article/south-korean-industrial-giants-slammed-in-new-info-stealing-hacker-campaign/
Over 200 companies are reported as victims of the covert
cyberespionage effort. An ongoing cyberespionage campaign against
industrial, engineering, and manufacturing organizations has been
exposed by researchers.
Tomi Engdahl says:
Iranian Attacks on Industrial Control Systems
https://www.schneier.com/blog/archives/2019/12/iranian_attacks.html
At the CyberwarCon conference in Arlington, Virginia, on Thursday,
Microsoft security researcher Ned Moran plans to present new findings
from the company’s threat intelligence group that show a shift in the
activity of the Iranian hacker group APT33, also known by the names
Holmium, Refined Kitten, or Elfin. Microsoft has watched the group
carry out so-called password-spraying attacks over the past year that
try just a few common passwords across user accounts at tens of
thousands of organizations. That’s generally considered a crude and
indiscriminate form of hacking. But over the last two months,
Microsoft says APT33 has significantly narrowed its password spraying
to around 2, 000 organizations per month, while increasing the number
of accounts targeted at each of those organizations almost tenfold on
Tomi Engdahl says:
CNN:
The Epilepsy Foundation files criminal complaint against 30+ unidentified Twitter users for coordinated attack of seizure-inducing videos to its feed last month
A Twitter cyberattack on the Epilepsy Foundation posted strobing images that could trigger seizures
https://edition.cnn.com/2019/12/17/tech/epilepsy-strobe-twitter-attack-trnd/
Attackers sent videos of flashing and strobing lights to people on Twitter last month as part of a cyberattack which deliberately targeted people with epilepsy.
The attacks targeted the Twitter feed of the Epilepsy Foundation, the organization said Monday.
Using the foundation’s handle and hashtags, the attackers posted videos and GIFs that used triggering light flashes. And they did it during National Epilepsy Awareness Month in November — when the greatest number of people with epilepsy would be following the account.
The Foundation identified at least 30 different accounts participating in the calculated action, Allison Nichol, the Epilepsy Foundation’s director of legal advocacy told CNN. The Foundation was not able to say how many people were affected by the attacks.
People with photosensitive epilepsy are sensitive to flashing lights or particular visual patterns that may trigger seizures, the Epilepsy Foundation says.
“While the population of those with photosensitive epilepsy is small, the impact can be quite serious. Many are not even aware they have photosensitivity until they have a seizure,” Jacqueline French, chief medical and innovation officer of the Epilepsy Foundation said in a statement.
Epilepsy Foundation Files Criminal Complaint and Requests Investigation in Response to Attacks on Twitter Feed
https://www.epilepsy.com/release/2019/12/epilepsy-foundation-files-criminal-complaint-and-requests-investigation-response
The Epilepsy Foundation has filed formal criminal complaints with law enforcement authorities outlining a series of attacks on its Twitter feed designed to trigger seizure(s) in people with epilepsy. The attacks, which used the Foundation’s Twitter handle and hashtags to post flashing or strobing lights, deliberately targeted the feed during National Epilepsy Awareness Month when the greatest number of people with epilepsy and seizures were likely to be following the feed.
“Flashing lights at certain intensities or certain visual patterns can trigger seizures in those with photosensitive epilepsy,” said Jacqueline French, M.D., chief medical and innovation officer of the Epilepsy Foundation and professor of Neurology at NYU Langone Health’s Comprehensive Epilepsy Center. “While the population of those with photosensitive epilepsy is small, the impact can be quite serious. Many are not even aware they have photosensitivity until they have a seizure.”
“Twitter is one of the largest places of public gathering that exists today,” said Allison Nichol, Esq., director of legal advocacy for the Epilepsy Foundation. “These attacks are no different than a person carrying a strobe light into a convention of people with epilepsy and seizures, with the intention of inducing seizures and thereby causing significant harm to the participants. The fact that these attacks came during National Epilepsy Awareness Month only highlights their reprehensible nature. The Foundation is fully cooperating with law enforcement and intends to utilize all available avenues to ensure that those responsible are held fully accountable.”
The Foundation’s attacks were similar to the attacks involving author Kurt Eichenwald.
For about 3% of people with epilepsy, exposure to flashing lights at certain intensities or certain visual patterns can trigger seizures.
Tomi Engdahl says:
Catalin Cimpanu / ZDNet:
After a cyber attack, Canadian medical lab LifeLabs paid a ransom to recover the stolen data of 15M+ customers, which included login info and test results — Data breach took place in early November, and hackers also gained access to 85,000 laboratory test results.
LifeLabs pays hackers to recover data of 15 million customers
https://www.zdnet.com/article/lifelabs-pays-hackers-to-recover-data-of-15-million-customers/
Data breach took place in early November, and hackers also gained access to 85,000 laboratory test results.
Tomi Engdahl says:
Joseph Cox / VICE:
Ring device testing shows it lacks safeguards that would deter credential stuffing and brute force attacks, making 2FA a key part of securing accounts — It’s not so much being watched. It’s that I don’t really know if I’m being watched or not. — From across the other side of the world …
We Tested Ring’s Security. It’s Awful
Ring lacks basic security features, making it easy for hackers to turn the company’s cameras against its customers.
https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security
Tomi Engdahl says:
https://www.securityweek.com/vulnerability-whatsapp-allows-attackers-crash-group-chats
Tomi Engdahl says:
Encryption law: 40% of firms say they have lost sales after passage
https://itwire.com/government-tech-policy/encryption-law-40-of-firms-say-they-have-lost-sales-after-passage.html?__cf_chl_jschl_tk__=78fcb351432a91e0668a9dfc7b37e32604a38f87-1576731529-0-AU-23oGRKnKCnycH6S7nb0c8VaRNv76qSK_Qw1ALwTtoTv2a_oPjASbCtKoSPasovE4zmnZuU_cS70igfdxH4JZetEb4fWUZhCnJohXxZ0rlJuutXfz2vl5vq-Ny6yheLjy_Ii63BEGD1ouTvnliAP6AFIFaCGX1xaOujF2UXRe-Lh0S4ZiJhUwl6v63IlT2SCUT34N-9OZXOcyqyVrTlmppwF-EGnEzwIanbFrywMUcizjPK7DnIe78qGGFNmJpxYqLLa2pG426KC4YjhOOhP9eysYbFaNGsf3rrJfI8xNZTUQoblQwi5C_a64kAJ5WGjOmiLNGWU90woMzEmen7p_wPXREIaIkaro2ivFku5uknJXSKfBptpWFc6gAgXPF3Q
Two-fifths of the respondents to a survey about the encryption law passed by the Coalition Government last year say they have lost sales or other commercial opportunities as a result of the law being in place.
Practically all respondents said their assessment of the impact of the law on the reputation of Australian tech firms in the global market would be negative, with 51% said it would be “very negative” and another 44% choosing “somewhat negative”.
While 3% were neutral on this question, not a single respondent said the law would have anything close to a positive iimpact
The law, officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, was passed on 6 December 2018
“Encrypted communication is a huge issue for law enforcement and the balance between the privacy of citizens and effective policing of criminal activity is top of mind for governments, technology companies, citizens and privacy organisations all over the world
Tomi Engdahl says:
New Orleans declares state of emergency following ransomware attack
https://techcrunch.com/2019/12/14/new-orleans-declares-state-of-emergency-following-ransomware-attack/
New Orleans declared a state of emergency and shut down its computers after a cyber security event, the latest in a string of city and state governments to be attacked by hackers.
Numerous local and state governments have been plagued by ransomware, a file-encrypting malware that demands money for the decryption key. Pensacola, Florida and Jackson County, Georgia are just a few examples of the near-constant stream of ransomeware attacks over the past year. Louisiana state government was attacked in November, prompting officials to deactivate government websites and other digital services and causing the governor to declare a state of emergency. It was the state’s second declaration related to a ransomware attack in less than six months.
Governments and local authorities are particularly vulnerable as they’re often underfunded and unresourced, and unable to protect their systems from some of the major threats.
New Orleans, it appears was somewhat prepared, which officials said was the result of training and its ability to operate without internet. The investigation is in its early stages, but for now it appears that city employees didn’t interact with or provide credentials or any information to possible attackers, according to officials.
Tomi Engdahl says:
Lauren Feiner / CNBC:
Lawmakers balk after Facebook explains how it collects and monetizes location data of users who have denied location services in their smartphone OS for its app — – In response to a letter from Sen. Josh Hawley, R-Mo., and Sen. Chris Coons, D-Del., Facebook explained why it tracks users’ locations …
Facebook fails to convince lawmakers it needs to track your location at all times
https://www.cnbc.com/2019/12/17/facebook-responds-to-senators-questions-on-location-tracking-policy.html
In response to a letter from Sen. Josh Hawley, R-Mo., and Sen. Chris Coons, D-Del., Facebook explained why it tracks users’ locations even when their tracking services are turned off.
The lawmakers now say Facebook should give users more control over their data.
Facebook said it used location data to target ads and for certain security functions.
Tomi Engdahl says:
“In order for any political system to operate successfully, most of the population must be willing to accept the outcomes that system produces. But now we have gotten to the point where a large portion of the population is ready to start burning things down if election results don’t go their way.”
Tomi Engdahl says:
Court says data swept up by the NSA is protected by the Fourth Amendment
https://engt.co/34BssNO
Judges found the incidental collection through PRISM to be legal, but querying that data might not be.
Tomi Engdahl says:
Facebook says it can locate users who opt out of tracking
https://news.yahoo.com/facebook-says-locate-users-opt-tracking-032431090.html?guccounter=1&guce_referrer=aHR0cDovL20uZmFjZWJvb2suY29tLw&guce_referrer_sig=AQAAADUd6sRM68EfNb1TDwN5WfpmvYtul3vwRKc_58NOH1WOeN1-5Bm0AlsnwlPkpz42le21uANGVNKbLcfrpPESZMyS8llDk0yV0Tv_GbErARfN2PgjHU6SPp0XnVNiWHrB2lFzlQIbqTBZKWPyHp2MUbCxIlW08xKZhT_Ol-Tc9eVQ
Facebook contended that knowing a user’s whereabouts has benefits ranging from showing ads for nearby shops to fighting hackers
San Francisco (AFP) – Facebook can determine where users are even if they opt out of having their whereabouts tracked, the company revealed in a letter sent to US senators.
In the missive, which was widely shared on social media Tuesday, Facebook explained ways it can still figure out where people are after they have selected not to share precise location data with the company.
Tomi Engdahl says:
Indian Government orders Mobile Internet to be suspended in the Capital, says Airtel.
https://thenextweb.com/in/2019/12/19/indian-government-orders-mobile-internet-to-be-suspended-in-the-capital-says-airtel/
Amid protests across the nation over new and upcoming citizenship laws in India, a major carrier called Airtel said in a now-deleted tweet that the government has ordered mobile data, voice, and SMS services to be suspended in some parts of the country’s capital of New Delhi.
This is alarming because it illustrates that the country’s government is clamping down on citizens‘ efforts to voice their opinions on numerous issues plaguing India right now, and restricting their ability to coordinate protests.
Tomi Engdahl says:
https://edri.org/spain-new-law-threatens-internet-freedoms/
On 5 November 2019, the Royal Decree-Law 14/2019 that had been adopted on 31 October was published in the Spanish Official State Gazette (BOE). This was just five days before the general elections that would take place on 10 November, under an undefined “exceptionality and urgency”, and justified by the “challenges posed by new technologies from the point of view of public security”. Those challenges being, according to the Decree, “disinformation activities” and,“interference in political participation processes”.
This Royal Decree-Law modifies the regulation on the internet and electronic communications in order to grant the government greater powers to control these technologies in a range of vaguely defined situations. The Decree-Law defines an access to the network increasingly administered by the state, with no obligation for a judicial ruling to limit the access.
Tomi Engdahl says:
Over 1,500 Ring passwords have been found on the dark web
https://tcrn.ch/2PDzQEf
A security researcher has found on the dark web 1,562 unique email addresses and passwords associated with Ring doorbell passwords.
The list of passwords was uploaded on Tuesday to an anonymous dark web text-sharing site commonly used to share stolen passwords or illicit materials. A security researcher found the cache of email addresses and passwords, which can be used to log in to and access the cameras, as well as their time zone and the doorbell’s location, such as “driveway” or “front door.”
The researcher reported the findings to Amazon — which owns the Ring brand — but Amazon asked that the researcher not discuss their findings publicly.
At the time of writing, the dark web listing is still accessible.
A Data Leak Exposed The Personal Information Of Over 3,000 Ring Users
https://www.buzzfeednews.com/article/carolinehaskins1/data-leak-exposes-personal-data-over-3000-ring-camera-users
“This gives a potential attacker access to view cameras in somebody’s home — that’s a real serious potential invasion of privacy right there.”
Tomi Engdahl says:
Thousands of students in Germany queue for email access
https://www.bbc.com/news/technology-50838673
Some 38,000 students in Germany have been asked to queue in person for a new email password, after their university was hit by a cyber-attack.
The students at Justus Liebig University (JLU) Giessen have been asked to provide proof of identity in person because of “legal requirements”.
The attack, on 8 December, initially took the entire university offline.
Students have been asked to bring an ID card to the university’s gym at an allotted time determined by their birth date.
According to the published schedule, it will take a full five days to process all students.
Meanwhile, the university has made 1,200 USB sticks available to staff so computers can be scanned for viruses.
Tomi Engdahl says:
A Zero-day Vulnerability in TP-link Router Let Hackers Gain Admin Privilege & Take Full Control of It Remotely
https://gbhackers.com/tp-link-router/
Researchers discovered a new firmware vulnerability in TP-link Archer C5 (v4) routers Let the attacker gain an Admin Password, and allow them remote takeover the router.
Once the vulnerability has successfully exploited, a remote attacker takes over the router configurated through Telnet on the local area network (LAN) and connects to a File Transfer Protocol (FTP) server via both LAN and WAN.
The vulnerability marked as “Critical” severity since it grants access to unauthorized third-party access due to the improper authentication, and it affects the TP-link Archer C5 router that deployed in both home and business environments.
will allow an attacker to enable the Guest WiFi, through which an attacker enters into the internal network.
An attacker could trigger the vulnerability by just sending the vulnerable HTTP request to be granted access to the device.
“But the Common Gateway Interface (CGI) validation here is only based on the referrer’s HTTP headers that used to matches the IP address or the domain associated with tplinkwifi.net, and then the routers Main domain (HTTPD), will recognize it as valid .”
voiding the admin password when string length exceeds the allowed number of bytes.
Tomi Engdahl says:
Severed fibre optic cables disrupted internet access in parts of eastern Europe, Iran and Turkey on Thursday.
The issue, which lasted for about two hours, was caused by multiple fibre cables being physically cut at the same time, a highly unusual thing to happen.
Google goes offline after fibre cables cut
https://www.bbc.com/news/technology-50851420
Severed fibre optic cables disrupted internet access in parts of eastern Europe, Iran and Turkey on Thursday.
The issue, which lasted for about two hours, was caused by multiple fibre cables being physically cut at the same time, a highly unusual thing to happen.
Tomi Engdahl says:
A Data Leak Exposed The Personal Information Of Over 3,000 Ring Users
https://www.buzzfeednews.com/article/carolinehaskins1/data-leak-exposes-personal-data-over-3000-ring-camera-users
Tomi Engdahl says:
Maze Ransomware Operators Publish Victim Data Online
https://www.securityweek.com/maze-ransomware-operators-publish-victim-data-online
As if having their data encrypted wasn’t bad enough, businesses that fell victim to Maze ransomware now face another threat: their data could become public.
For a while, Maze’s operators have been harvesting data from the victim organizations, to eventually use it as leverage if payment to decrypt files is not received. Now, they threaten to release the data for all those victims who refuse to pay the ransom.
On said website, the Maze operators publish data such as initial date of infection, some stolen documents (Office, text and PDF files), the total volume of data supposedly harvested from the organization, and the IP addresses and machine names of the infected servers.
The move is not surprising, especially since the individuals behind Maze have been engaged in exfiltrating victim data for a while now, and have also been threatening to out that information publicly if the victim does not pay the requested ransom.
Tomi Engdahl says:
Drew Harwell / Washington Post:
Study of 189 facial recognition algorithms shows they misidentify people of color more often than white people, confirming facial recognition tech’s racial bias — Facial-recognition systems misidentified people of color more often than white people, a landmark federal study released Thursday shows …
https://www.washingtonpost.com/technology/2019/12/19/federal-study-confirms-racial-bias-many-facial-recognition-systems-casts-doubt-their-expanding-use/
Tomi Engdahl says:
Cybercriminals Celebrate the Holidays
https://www.securityweek.com/cybercriminals-celebrate-holidays
Whether It’s Stealing Your Information or Selling it Online, the Holidays are a Bonanza for Cybercriminals
Tomi Engdahl says:
India gets more aggressive with internet shutdowns to curb protests
https://tcrn.ch/2tCm6kL
The move comes as the Indian government attempts to silence tens of millions of people across the nation as they protest the introduction of a controversial new citizenship law that discriminates against Muslims.
Access Now, a digital rights group, reported earlier this year that India alone had about 134 of 196 documented shutdowns in 2018. According to Internet Shutdowns, a service operated by New Delhi-based digital advocacy group Software Law and Freedom Centre, there have been about 95 documented cases of internet shutdowns in India this year, up from 91 last week.
Tomi Engdahl says:
Just because it’s legal, it doesn’t mean it’s right
https://tcrn.ch/36VOlcj
Companies often tout their compliance with industry standards — I’m sure you’ve seen the logos, stamps and “Privacy Shield Compliant” declarations. As we, and the FTC, were reminded a few months ago, that label does not mean that the criteria was met initially, much less years later when finally subjected to government review.
Tomi Engdahl says:
Bank of England audio leak followed loss of key cybersecurity staff
https://www.theguardian.com/business/2019/dec/21/bank-of-england-audio-leak-followed-loss-of-key-cybersecurity-staff
Exclusive: former employees say at least 20 security staff were reassigned or left in past year
The Bank of England restructured its security department and lost multiple senior employees in charge of protecting some of Britain’s most critical financial infrastructure shortly before it suffered a major breach, the Observer can reveal.
central bank admitted that hedge funds had gained early access to its market-moving press conferences via a backup audio feed
Watchdog investigates Bank of England security breach
https://www.theguardian.com/business/2019/dec/19/hedge-funds-hacked-into-bank-of-england-briefings
Raising questions over whether hedge funds managed to profit from accessing the market-sensitive press conference seconds ahead of others, the breach comes after years of efforts to prevent misconduct in financial markets in the wake of the 2008 financial crisis.
Threadneedle Street said that the misuse of the back-up audio feed – which is up to eight seconds faster than its main video feed – was “wholly unacceptable” and had been done without the Bank’s knowledge or consent. The video feed is the main vehicle for broadcasting the press conference, and is handled by the financial news and data company Bloomberg.
The third-party supplier was reportedly connected to a market news service that charged clients between £2,500 and £5,000, according to the Times.
Statisma tweeted in April that it could provide customers with feeds “up to 10 seconds faster than watching them on live TV”, including for press conferences held by the Bank, the US Federal Reserve and European Central Bank.
company received advance copies of speeches and other market-moving publications while it was linked to an unnamed, accredited news organisation
The breach will be of particular embarrassment to the Bank, given its recent focus on the security policies of the companies it regulates
Tomi Engdahl says:
A Twitter cyberattack on the Epilepsy Foundation posted strobing images that could trigger seizures
https://edition.cnn.com/2019/12/17/tech/epilepsy-strobe-twitter-attack-trnd/
Attackers sent videos of flashing and strobing lights to people on Twitter last month as part of a cyberattack which deliberately targeted people with epilepsy.
The attacks targeted the Twitter feed of the Epilepsy Foundation, the organization said Monday.
Using the foundation’s handle and hashtags, the attackers posted videos and GIFs that used triggering light flashes. And they did it during National Epilepsy Awareness Month in November — when the greatest number of people with epilepsy would be following the account.
The Foundation identified at least 30 different accounts participating in the calculated action
People with photosensitive epilepsy are sensitive to flashing lights or particular visual patterns that may trigger seizures, the Epilepsy Foundation says.
“These attacks are no different than a person carrying a strobe light into a convention of people with epilepsy and seizures, with the intention of inducing seizures and thereby causing significant harm to the participants,
A similar attack in 2016
In 2016, a Maryland man was charged with aggravated assault with a deadly weapon after deliberately tweeting a strobing GIF to a journalist with epilepsy.
The man sent the tweet to journalist Kurt Eichenwald, with the message: “You deserve a seizure for your post,” according to a federal criminal complaint.
Eichenwald said the flashing message immediately triggered a seizure.
“More than 40 ppl sent strobes once they found out they could trigger seizures,”
Tomi Engdahl says:
Visa warns that hackers are scraping card details from gas pumps
https://www.engadget.com/2019/12/16/visa-gas-station-fraud-malware/
Cybercrime groups are actively exploiting a weakness in gas station point-of-sale (POS) networks to steal credit card data, Visa has revealed. The company’s fraud disruption teams are investigating several incidents in which a hacking group known as Fin8 defrauded fuel dispenser merchants. In each case, the attackers gained access to the POS networks via malicious emails and other unknown means. They then installed POS scraping software that exploited the lack of security with old-school mag stripe cards that lack a chip.
Tomi Engdahl says:
Pretty high bar ““zero-click kernel code execution with persistence and kernel PAC bypass”
Apple Will Reward $1.5 Million USD Bounty to Anyone Able to Hack an iPhone
The previously invite-only bug program is now open to the public.
https://hypebeast.com/2019/12/apple-1-5-million-bounty-hack-iphone
Tomi Engdahl says:
The Hacker Who Took Down a Country
Daniel Kaye, also known as Spdrman, found regular jobs tough but corporate espionage easy. He’s about to get out of prison.
https://www.bloomberg.com/news/features/2019-12-20/spiderman-hacker-daniel-kaye-took-down-liberia-s-internet