This posting is here to collect cyber security news in March 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
112 Comments
Tomi Engdahl says:
Facebook OAuth Framework Vulnerability
https://www.amolbaikar.com/facebook-oauth-framework-vulnerability/
“Login with Facebook” feature follows the OAuth 2.0 Authorization Protocol to exchange the tokens between facebook.com and third-party website. The flaw could allow an attackers to hijack the OAuth flow and steal the access tokens which they could use to take over user accounts. Malicious websites can steal access_token for the most common apps at the same time and could gain access to multiple services, third-party websites. Such as Instagram, Oculus, Netflix, Tinder, Spotify, etc.
Tomi Engdahl says:
https://www.trustedsec.com/blog/detecting-cve-20200688-remote-code-execution-vulnerability-on-microsoft-exchange-server/
Tomi Engdahl says:
Protect our Speech and Security Online: Reject the Graham-Blumenthal Proposal
https://act.eff.org/action/protect-our-speech-and-security-online-reject-the-graham-blumenthal-proposal
Tomi Engdahl says:
Shodan Pentesting Guide
Delving deep into Shodan’s mine
https://community.turgensec.com/shodan-pentesting-guide/
Tomi Engdahl says:
https://pentestmag.com/why-cloud-networking-is-a-must-for-flexibility-scalability-and-visibility/
Tomi Engdahl says:
All the networks. Found by Everyone.
https://www.wigle.net/
Tomi Engdahl says:
Chrome 80 update cripples top cybercrime marketplace
90% of all stolen credentials on the Genesis Store came from the AZORult malware. Now, the malware doesn’t work in Chrome 80.
https://www.zdnet.com/article/chrome-80-update-cripples-top-cybercrime-marketplace/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook
Tomi Engdahl says:
Venäläinen hakukone tunnistaa kasvot pelottavan tehokkaasti – kasvojentunnistus on uhka yksityisyydensuojalle
https://yle.fi/aihe/artikkeli/2020/03/01/venalainen-hakukone-tunnistaa-kasvot-pelottavan-tehokkaasti-kasvojentunnistus?utm_source=facebook-share&utm_medium=social&fbclid=IwAR1QBuTl5-FDOBcNGgOvAv7_j6HX8J94zyFvujk3hbixangDzVk38PVWqLc
Tomi Engdahl says:
Ex-NSA hacker made four pieces of state-created Mac malware run his own code
https://9to5mac.com/2020/03/02/state-created-mac-malware/
Security researcher and former NSA hacker Patrick Wardle has demonstrated a way to modify state-created Mac malware to run his own code instead of the payloads from the government servers.
Tomi Engdahl says:
Project Svalbard, Have I Been Pwned and its Ongoing Independence
https://www.troyhunt.com/project-svalbard-have-i-been-pwned-and-its-ongoing-independence/
Tomi Engdahl says:
Beware of criminals pretending to be WHO
https://www.who.int/about/communications/cyber-security
Tomi Engdahl says:
Legal services giant Epiq Global offline after ransomware attack
https://tcrn.ch/32IjqQ5
Tomi Engdahl says:
Letsencrypt will be revoking a lot of certificates in next 24hrs due to the CAA bug.
The bug: when a certificate request contained N domain names that needed CAA rechecking, Boulder would pick one domain name and check it N times
[https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864](https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864)
Tomi Engdahl says:
Let’s Encrypt discovered a bug in their system. Sadly, this means they need to revoke the certificates that were affected by this bug on 04/March/2020. It is believed that 3,048,289, currently-valid TLS certificates are affected. Here is how to find if you are affected and how to fix it your certificates. https://www.cyberciti.biz/security/letsencrypt-is-revoking-certificates-on-march-4/
Tomi Engdahl says:
https://thehackernews.com/2020/03/lets-encrypt-certificate-revocation.html?m=1
Tomi Engdahl says:
https://www.schneier.com/blog/archives/2020/03/wi-fi_chip_vuln.html
Tomi Engdahl says:
Robinhood’s downtime as a stress test for the consumer fintech boom
https://techcrunch.com/2020/03/04/robinhoods-downtime-as-a-stress-test-for-the-consumer-fintech-boom/
Earlier this week, the popular free stock trading service Robinhood suffered downtime over a two-day period. The company, a well-funded unicorn taking on incumbents in its industry, failed to operate properly when the public markets were surging on Monday (bad) and falling on Tuesday (very bad).
Tomi Engdahl says:
The Graham-Blumenthal Bill: A New Path for DOJ to Finally Break Encryption
https://www.eff.org/deeplinks/2020/03/graham-blumenthal-bill-new-path-doj-finally-break-encryption
Members of Congress are about to introduce a bill that will undermine the law that undergirds free speech on the Internet. If passed, the bill known as the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, will fulfill a long-standing dream of U.S. law enforcement. If passed, it could largely mark the end of private, encrypted messaging on the Internet.
The Department of Justice and the FBI have long seen encryption as a threat.
U.S. law enforcement agencies spent the next 25 years villainizing the widespread adoption of encryption and highlighting a series of awful criminal acts in their efforts to scare elected officials into requiring backdoors.
In recent years, they’ve used acts of terrorism like the mass shootings in San Bernardino and Pensacola to press for draconian changes to the law.
William Barr have blamed encryption for sexual crimes against children. Not only are these crimes horrific to hear about, but they are nearly impossible to get objective information about.
Meanwhile, we face immense challenges to building secure systems, and strong encryption is one the best tools we have available to protect ourselves. Encryption preserves the ability to have private, secure communications in an increasingly insecure world. Members of the government, the military and law enforcement themselves use encryption to protect their communications, as do journalists, activists and those at risk of domestic abuse, among many others. We should not sacrifice the power of these fundamental technologies, even in the name of important law enforcement goals.
What “best practices” would that commission demand in the name of protecting children? We know that offering backdoors to encryption would be high on the list. Attorney General William Barr has demanded “lawful access” to encrypted messages, over and over again. So have his predecessors.
The ability to have a private conversation is fundamental in a democratic society, and Congress should not be disincentivizing these companies from developing secure platforms.
Tomi Engdahl says:
Critical Android Security Risk Confirmed, Millions Of Devices Can Be ‘Rooted’ — Update Now, If You Can
https://www.forbes.com/sites/daveywinder/2020/03/04/critical-android-security-risk-confirmed-millions-of-devices-can-be-rooted—update-now-if-you-can/
The March 2020 Android security update bulletin has arrived, and it contains confirmation from Google of an elevation-of-privilege vulnerability (CVE-2020-0069) that not only affects millions of Android devices but which is also being actively exploited by cybercriminals.
known to be within the command queue driver of several 64-bit chips produced by the Taiwanese manufacturer, MediaTek. Details first began to emerge online early in 2019, and an exploit script was published in April 2019 that could enable an attacker to “get root” of a vulnerable device. Unsurprisingly then, the vulnerability has been deemed critical with a CVSS v3.0 score of 9.3.
Real-world risk as the exploit is in the wild
So, this isn’t some highly convoluted, easy in the labs but the real-world is different, type exploit as seen in the recent $5 smartphone hack story. This is the real deal; a vulnerability that potentially affects millions of devices and being actively exploited by cybercriminals as you are reading this
Tomi Engdahl says:
Beware Of This New Windows 10 Ransomware Threat Hiding In Plain Sight
https://www.forbes.com/sites/daveywinder/2020/03/05/beware-of-this-new-windows-10-ransomware-threat-hiding-in-plain-sight/
Windows Explorer as part of their ransomware attack process.
A strain of the Mailto (NetWalker) ransomware can inject malicious code right into Windows Explorer, researchers at security solutions company Quick Heal discovered. By using a technique of “process hollowing” to achieve this process code injection, the ransomware actors hope to evade detection.
Tomi Engdahl says:
Intel CPU Security Alert For Millions Of Users As ‘Unfixable’ Crypto Flaw Revealed
https://www.forbes.com/sites/daveywinder/2020/03/05/intel-cpu-security-alert-for-millions-of-users-as-unfixable-crypto-flaw-revealed/
If your computer isn’t running an up to date Intel 10th generation CPU, then I’ve got some bad news; an “unfixable” crypto vulnerability with impossible to detect exploits has been confirmed. Researchers have uncovered an Intel CPU read-only memory (ROM) vulnerability with the potential for attackers to compromise encryption keys and steal data.
Tomi Engdahl says:
Alleged Vault 7 leaker trial finale: Want to know the CIA’s password for its top-secret hacking tools? 123ABCdef
https://www.theregister.co.uk/2020/03/05/cia_leak_trial/
Tales of terrible security, poor compartmentalization, and more, emerge from the Schulte hearings
Tomi Engdahl says:
This Small Company Is Turning Utah Into a Surveillance Panopticon
https://www.vice.com/en_us/article/k7exem/banjo-ai-company-utah-surveillance-panopticon
Banjo is applying artificial intelligence to government-owned surveillance and traffic cameras across the entire state of Utah to tell police about “anomalies.”
Tomi Engdahl says:
Backdoor malware is being spread through fake security certificate alerts
https://www.zdnet.com/article/backdoor-malware-is-being-spread-through-fake-security-certificate-alerts/
Victims of this new technique are invited to install a malicious “security certificate update” when they visit compromised websites.
Tomi Engdahl says:
Apple Can’t Kill A New iOS Hack On Hundreds Of Millions Of iPhones
https://www.forbes.com/sites/thomasbrewster/2019/11/11/apple-cant-kill-a-new-ios-jailbreak-on-hundreds-of-millions-of-iphones/
Tomi Engdahl says:
NEW INTEL CSME CPU BUG IS ‘UNFIXABLE’ SECURITY VULNERABILITY AFFECTING CHIPSETS RELEASED OVER LAST FIVE YEARS
https://www.newsweek.com/intel-csme-cpu-bug-unfixable-security-vulnerability-chipsets-five-years-1490746
Tomi Engdahl says:
Defense contractor CPI knocked offline by ransomware attack
https://techcrunch.com/2020/03/05/cpi-ransomware-defense-contractor/
Tomi Engdahl says:
Ransomware Attackers Use Your Cloud Backups Against You
https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/
Backups are one the most, if not the most, important defense against ransomware, but if not configured properly, attackers will use it against you.
Recently the DoppelPaymer Ransomware operators published on their leak site the Admin user name and password for a non-paying victim’s Veeam backup software.
Tomi Engdahl says:
https://www.fifthdomain.com/2020/03/02/a-hacker-group-says-it-has-major-defense-companies-data/
Tomi Engdahl says:
Hackers Can Use Ultrasonic Waves to Secretly Control Voice Assistant Devices
https://thehackernews.com/2020/03/voice-assistants-ultrasonic-waves.html
Tomi Engdahl says:
Your rooted Android phone can jailbreak an iPhone with checkra1n
https://www.xda-developers.com/jailbreak-apple-iphone-using-checkra1n-rooted-android-phone/
Tomi Engdahl says:
WARNING! A new critical 17-years-old RCE vulnerability opens nearly all popular #Linux based operating systems and many other embedded devices to remote hackers.
https://thehackernews.com/2020/03/ppp-daemon-vulnerability.html?m=1
The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.
Discovered by IOActive security researcher Ilja Van Sprundel, the critical issue is a stack buffer overflow vulnerability that exists due to a logical error in the Extensible Authentication Protocol (EAP) packet parser of the pppd software
The vulnerability, tracked as CVE-2020-8597 with CVSS Score 9.8, can be exploited by unauthenticated attackers to remotely execute arbitrary code on affected systems and take full control over them.
For this, all an attacker needs to do is to send an unsolicited malformed EAP packet to a vulnerable ppp client or a server over a direct serial link, ISDN, Ethernet, SSH, SOcket CAT, PPTP, GPRS, or ATM networks.
According to the researcher, Point-to-Point Protocol Daemon versions 2.4.2 through 2.4.8 — all versions released in the last 17 years — are vulnerable to this new remote code execution vulnerability.
Some of the widely-used, popular Linux distributions, listed below, have already been confirmed impacted, and many other projects are most likely affected as well.
Debian
Ubuntu
SUSE Linux
Fedora
NetBSD
Red Hat Enterprise Linux
Users with affected operating systems and devices are advised to apply security patches as soon as possible, or when it becomes available.
At the time of writing, The Hacker News is not aware of any public proof-of-concept exploit code
Tomi Engdahl says:
[Cybercriminals exploit coronavirus panic by creating hundreds of fraudulent websites offering fake information and home test kits to steal users' data and make cash](https://www.dailymail.co.uk/sciencetech/article-8076199/Hackers-exploit-coronavirus-creating-hundreds-fake-websites-steal-data-make-profit.html)
Tomi Engdahl says:
Dan Goodin / Ars Technica:
An unfixable flaw in nearly all Intel chips released in last five years allows sophisticated attackers access to mask ROM of its chipsets and microprocessors
5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable
Converged Security and Management Engine flaw may jeopardize Intel’s root of trust.
https://arstechnica.com/information-technology/2020/03/5-years-of-intel-cpus-and-chipsets-have-a-concerning-flaw-thats-unfixable/
Tomi Engdahl says:
Microsoft Issues Windows 10 Update Warning
https://www.forbes.com/sites/gordonkelly/2020/03/07/microsoft-windows-10-warning-crashes-boot-audio-slowdown-problems-upgrade-windows-10-free/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Valerie/#76616c657269
Windows 10 users, yes it has been a rocky spell, but you need to be on high alert yet again. Here’s everything you need to know.
Picked up by both BleepingComputer and Windows Latest, the early problems with Microsoft’s new KB4535996 Windows 10 update are now spiralling out of control. Here are the main issues you need to be aware of:
Boot Problems And Crashes
Blue screen crashes at login
Performance issues
Sound and audio hardware issues
Microsoft Visual Studio signtool.exe stops working
Microsoft has stated that they are aware of the issue and are working on a resolution for release in mid-March.
Windows 10 KB4535996 Update Issues: Crashes, Slowdowns, Audio, More
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4535996-update-issues-crashes-slowdowns-audio-more/
Tomi Engdahl says:
Pulled from interwebz because hackers were using the computing power for mining crypto.
Their words
BLACKOUT ON UNIVERSITY OF KENTUCKY’S CAMPUS TO STOP HACKERS
https://www.wtvq.com/2020/03/08/blackout-university-kentuckys-campus-stop-hackers/
– As University of Kentucky Hospital tries to fight against the coronavirus, the university also fought off a cyber security threat.
the hackers were using UK’s computing power to mine cryptocurrency.
Blanton says no personal health or private information was accessed or downloaded, but it slowed down UK healthcare systems for several weeks.
Tomi Engdahl says:
British Columbia
Hackers infiltrate computer systems at B.C. paper mills
https://www.cbc.ca/news/canada/british-columbia/paper-excellence-canada-malware-infection-1.5474274?__vfz=medium%3Dsharebar
Employees at the Crofton Mill north of Victoria, B.C., on Vancouver Island are having to use paper production machines in manual mode after the company’s computer systems were infiltrated by malware.
“If you don’t have that, you can’t do anything,” said Kissack, adding the software that was infected is critical to operations because it communicates to the mill machines how much paper they need to produce and in what dimensions it needs to be cut.
“Our paper mills didn’t have the ability to run, because they didn’t know what it was that they should be manufacturing,” explained Kissack.
Kissack said, for now, the company is trying to do what it can by “going back old school” and trying to run the machines in manual mode. Even the fax machine is seeing a renaissance moment while email is down.
Tomi Engdahl says:
Hackers can clone millions of Toyota, Hyundai, and Kia keys
Encryption flaws in common anti-theft feature expose vehicles from major OEMs.
https://arstechnica.com/cars/2020/03/hackers-can-clone-millions-of-toyota-hyundai-and-kia-keys/
Tomi Engdahl says:
A newly discovered malware campaign suggests that hackers have themselves become the targets of other hackers, who are infecting and repackaging popular hacking tools with malware.
Hackers are targeting other hackers by infecting their tools with malware
https://blog.cyberknowtz.com/hackers-are-targeting-other-hackers-by-infecting-their-tools-with-malware
https://www.cybereason.com/blog/whos-hacking-the-hackers-no-honor-among-thieves
Tomi Engdahl says:
Hacking Tools Are Being Infected With Malware
BY MATTHEW HUMPHRIES 10 MAR 2020, 11:27 A.M.
https://uk.pcmag.com/web-sites/125185/hacking-tools-are-being-infected-with-malware
Hackers realized they can gain access to compromised systems and sensitive data by hacking other hackers.
Tomi Engdahl says:
Firefox Bug Opens iPhone AirPods to Third-Party Snooping
https://threatpost.com/firefox-bug-opens-airpods-to-snooping/153569/
While rated moderate, Melick identified a Firefox flaw (CVE-2020-6812) impacting iPhone users in a novel way. “[This is] a vulnerability that would allow a website with camera or microphone access to gather information on the user through the connected AirPods,” wrote the researcher.
Tomi Engdahl says:
Microsoft Issues Windows 10 Update Warning
https://www.forbes.com/sites/gordonkelly/2020/03/10/microsoft-windows-10-warning-crashes-boot-audio-slowdown-problems-upgrade-windows-10-free/
Windows 10 users, yes it has been a rocky spell, but you need to be on high alert yet again. Here’s everything you need to know.
Tomi Engdahl says:
De Blasio must ditch encrypted messaging app, watchdog groups say
https://nypost.com/2020/03/09/de-blasio-must-ditch-encrypted-messaging-app-watchdog-groups-say/?utm_campaign=iosapp&utm_source=facebook_app
It’s municipal government — not Mission Impossible!
Good government groups demanded Monday that Mayor Bill de Blasio end his staff’s use of messaging apps that encrypt and automatically delete messages, because they provide a powerful and easy tool to circumvent the state’s open government laws.
“We believe that messaging apps like Signal, Telegram and Confide do not preserve public records that can be disclosed under the Freedom of Information Law,” they added.
A slew of prominent good government groups signed onto the letter, including Reinvent Albany, Common Cause, the League of Women Voters and the New York News Publishers Association, which includes the New York Times and Wall Street Journal.
“City Hall abides by the rules for record retention. Use of a messaging app doesn’t change that,” said City Hall press secretary Freddi Goldstein. “The mayor is using Signal in his personal capacity, not to conduct government business.”
Tomi Engdahl says:
Chinese company develops facial recognition tech that can ID people wearing masks
https://nypost.com/2020/03/09/chinese-company-develops-facial-recognition-tech-that-can-id-people-wearing-masks/?utm_campaign=iosapp&utm_source=facebook_app
BEIJING – A Chinese company says it has developed the country’s first facial recognition technology that can identify people when they are wearing a mask, as most are these days because of the coronavirus and help in the fight against the disease.
China employs some of the world’s most sophisticated systems of electronic surveillance, including facial recognition.
But the coronavirus, which emerged in Hubei province late last year, has resulted in almost everyone wearing a surgical mask outdoors in the hope of warding off the virus – posing a particular problem for surveillance.
Tomi Engdahl says:
Microsoft Leaks Info on Wormable Windows SMBv3 CVE-2020-0796 Flaw
https://www.bleepingcomputer.com/news/security/microsoft-leaks-info-on-wormable-windows-smbv3-cve-2020-0796-flaw/
Microsoft leaked info on a security update for a ‘wormable’ pre-auth remote code execution vulnerability found in the Server Message Block 3.0 (SMBv3) network communication protocol that reportedly should have been disclosed as part of this month’s Patch Tuesday.
Tomi Engdahl says:
Beware of ‘Coronavirus Maps’ – It’s a malware infecting PCs to steal passwords
https://thehackernews.com/2020/03/coronavirus-maps-covid-19.html
Tomi Engdahl says:
The EARN IT Bill Is the Government’s Plan to Scan Every Message Online
https://www.eff.org/deeplinks/2020/03/earn-it-bill-governments-not-so-secret-plan-scan-every-message-online
Tomi Engdahl says:
https://www.schneier.com/blog/archives/2020/03/the_earn-it_act.html
Tomi Engdahl says:
Federal employees may soon be ordered to work from home. That could pose serious cybersecurity risks
https://www.washingtonpost.com/nation/2020/03/13/federal-employees-may-soon-be-ordered-work-home-that-could-pose-serious-cybersecurity-risks/?utm_campaign=wp_main&utm_medium=social&utm_source=facebook
Hundreds of thousands of federal workers and congressional staff may soon be asked to work remotely full time as the coronavirus spreads, putting reams of sensitive government data at higher risk of hacking and threatening to overwhelm outdated government computer systems.
The surge in telework will mark a first-of-its-kind test for the government, which has struggled to update and secure its arcane technology systems after a string of damaging data breaches during the Obama administration.
Tomi Engdahl says:
https://www.infosecurity-magazine.com/news/us-scraps-missiles-over/