Cyber security news March 2020

This posting is here to collect cyber security news in March 2020.

I post links to security vulnerability news with short descriptions to comments section of this article.

If you are interested in cyber security trends, read my Cyber security trends 2020 posting.

You are also free to post related links to comments.


  1. Tomi Engdahl says:

    Research finds a new way to hack Siri and Google Assistant with ultrasonic waves

  2. Tomi Engdahl says:

    Cyber Attack? Then We Fight Back: Sen. King
    Amidst the usual calls for government reform and corporate responsibility, the Cyberspace Solarium Commission makes a surprisingly hard-headed case for old-school deterrence.

  3. Tomi Engdahl says:

    EU online terrorist content legislation risks undermining press freedom

  4. Tomi Engdahl says:

    Alert (AA20-073A) – Enterprise VPN Security
    As organizations prepare for possible impacts of Coronavirus Disease
    2019 (COVID-19), many may consider alternate workplace options for
    their employees. Remote work optionsor teleworkrequire an enterprise
    virtual private network (VPN) solution to connect employees to an
    organization’s information technology (IT) network. As organizations
    elect to implement telework, the Cybersecurity and Infrastructure
    Security Agency (CISA) encourages organizations to adopt a heightened
    state of cybersecurity.

  5. Tomi Engdahl says:

    Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks
    to people actually looking for them
    The number of vulnerabilities in open source projects surged almost 50
    per cent in 2019, according to security biz WhiteSource, which can be
    seen as good news in the sense that you don’t find what you’re not
    looking for. Read also:

  6. Tomi Engdahl says:

    WordPress Plugin Bug Allows Malicious Code Injection on 100K Sites
    Vulnerabilities in the Popup Builder WordPress plugin could allow
    unauthenticated attackers to inject malicious JavaScript code into
    popups displayed on tens of thousands of websites, to steal
    information, and to potentially fully take over targeted sites.

  7. Tomi Engdahl says:

    Working from Home: COVID-19′s Constellation of Security Challenges
    Organizations are sending employees and students home to work and
    learn but implementing the plan opens the door to more attacks, IT
    headaches and brand-new security challenges. As the threat of
    coronavirus continues to spread, businesses are sending employees home
    to work remotely, and students are moving to online classes. But with
    the social distancing comes a new threat a cyber-related one.

  8. Tomi Engdahl says:

    The effects of climate change on cybersecurity
    To understand how climate change and the methods to counteract its
    rapid ascent will affect cybersecurity, we first have to look at how
    computing contributes to global warming. Your first instinct about
    their relationship is probably right: computing involves energy
    consumption and heat production. As long as we cannot produce enough
    “clean energy” to satisfy our needs for electricity, the energy
    consumed by computingand security within itwill continue to contribute
    to global warming.

  9. Tomi Engdahl says:

    Cyberattack on HHS meant to slow coronavirus response, sources say

    The Department of Health and Human Services experienced some form of cyberattack Sunday night related to its coronavirus response, administration sources confirmed to ABC News Monday.

    The attempt was to slow down operations, sources said.

  10. Tomi Engdahl says:

    Microsoft Teams goes down as coronavirus forces millions to work from home

    Popular remote working platform suffers major outage

  11. Tomi Engdahl says:

    Computer systems at UK and UK HealthCare hobbled by massive, month-long cyber attack

    The University of Kentucky and UK HealthCare conducted a major reboot of their computer systems early Sunday morning in an effort to end a month-long cyber attack that university officials say is the most substantial cyber intrusion in university history.

    The unidentified “threat actors” infiltrated Kentucky’s largest university system in early February from somewhere outside the United States and installed malware that utilized UK’s vast processing capabilities to mine cryptocurrency, such as Bitcoin,

  12. Tomi Engdahl says:

    sneaky attempt to end encryption is worming its way through Congress

    The EARN IT Act could give law enforcement officials the backdoor they have long wanted — unless tech companies come together to stop it

  13. Tomi Engdahl says:

    Let the good times roll for Android malware.

    Coinbase Card Users Can Now Make Crypto-Backed Payments With Google Pay
    Mar 17, 2020 at 14.35 UTC

    Google Pay users can now make payments with cryptocurrencies, thanks to a tie-up with Coinbase’s debit card offering.

  14. Tomi Engdahl says:

    Alfred Ng / CNET:
    HHS waives penalties for the use of non-HIPAA compliant video chatting services, like FaceTime and Skype, for telehealth during COVID-19 outbreak — The coronavirus crisis is pushing the US government to loosen one of its only laws on data privacy. The Department of Health and Human Services …

    US waives potential health privacy penalties during coronavirus crisis

    Doctors in the states can start using Facebook Messenger and FaceTime to diagnose patients, without worrying about violating privacy laws.

  15. Tomi Engdahl says:

    Open-source bug bonanza: Vulnerabilities up almost 50 per cent thanks to people actually looking for them
    Can’t fix flaws if you don’t look for them

    The number of vulnerabilities in open source projects surged almost 50 per cent in 2019, according to security biz WhiteSource, which can be seen as good news in the sense that you don’t find what you’re not looking for.

    In its annual vulnerability report, the biz attributes the growing vulnerability count with increased awareness of open source security. That’s a consequence of widespread adoption of open source components and the overall growth of the community in recent years, not to mention media attention of data exposure.

  16. Tomi Engdahl says:

    Firefox Password Manager To Be Secured With Windows 10 Credentials

    Mozilla is making changes to the Firefox Lockwise password manager so that users will need to enter their Windows 10 credentials before being allowed to edit or view saved logins.

  17. Tomi Engdahl says:

    Millions of Americans are suddenly working from home. That’s a huge security risk

    The dramatic expansion of teleworking by US schools, businesses and government agencies in response to the coronavirus is raising fresh questions about the capacity and security of the tools many Americans use to connect to vital workplace systems and data.

  18. Tomi Engdahl says:

    1065] FINALLY! A Fingerprint Gun Safe With Truth in Labeling (CaCaGoo)

  19. Tomi Engdahl says:

    Finnish hackers created a coalition to offer their help to crucial functions of the society for free if they have an IT security problem during the Corona virus crisis:

  20. Tomi Engdahl says:

    The U.S. wants smartphone location data to fight coronavirus. Privacy advocates are worried.

    Federal health officials say they could use anonymous, aggregated user data collected by the tech companies to map the spread of the virus.

  21. Tomi Engdahl says:

    Smartphone data reveal which Americans are social distancing (and not)

    D.C. gets an ‘A’ while Wyoming earns an ‘F’ for following coronavirus stay-at-home advice, based on the locations of tens of millions of phones

  22. Tomi Engdahl says:

    I Got My File From Clearview AI, and It Freaked Me Out
    Here’s how you might be able to get yours

  23. Tomi Engdahl says:

    IMPORTANT — It’s under active zero-day attacks. No patch available, so all Windows users are highly recommended to immediately apply workarounds (mentioned in the article) to reduce the risk of getting hacked.

    According to Microsoft, both unpatched flaws are being used in limited, targeted attacks and impact all supported versions of the Windows operating system—including Windows 10, 8.1 and Server 2008, 2012, 2016, and 2019 editions, as well as Windows 7 for which Microsoft ended its support on January 14, 2020.

    Both vulnerabilities reside in the Windows Adobe Type Manager Library, a font parsing software that not only parses content when open with a 3rd-party software but also used by Windows Explorer to display the content of a file in the ‘Preview Pane’ or ‘Details Pane’ without having users to open it.

    “For systems running supported versions of Windows 10, a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities,” Microsoft said.

    At this moment, though it’s not clear if the flaws can also be triggered remotely over a web browser by convincing a user to visit a web-page containing specially-crafted malicious OTF fonts, there are multiple other ways an attacker could exploit the vulnerability, such as through the Web Distributed Authoring and Versioning (WebDAV) client service.

    No Patch Yet Available; Apply Workarounds
    Microsoft said it’s aware of the issue and working on a patch, which the company would release to all Windows users as part of its next Patch Tuesday updates, on 14th April.
    “Enhanced Security Configuration does not mitigate this vulnerability,” the company added.

    1) Disable the Preview Pane and Details Pane in Windows Explorer

    2) Disable the WebClient service

    3) Rename or Disable ATMFD.DLL
    Microsoft is also urging users to rename Adobe Type Manager Font Driver (ATMFD.dll) file to temporarily disable the embedded font technology, which could cause certain 3rd-party apps to stop working.

  24. Tomi Engdahl says:

    A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic.
    Tracked as CVE-2020-7982, the vulnerability resides in the OPKG package manager of OpenWrt that exists in the way it performs integrity checking of downloaded packages using the SHA-256 checksums embedded in the signed repository index.
    While an ‘opkg install’ command is invoked on the victim system, the flaw could allow a remote man-in-the-middle attacker in a position to intercept the communication of a targeted device to execute arbitrary code by tricking the system into installing a malicious package

  25. Tomi Engdahl says:

    US Government Sites Give Bad Security Advice
    Many U.S. government Web sites now carry a message prominently at the
    top of their home pages meant to help visitors better distinguish
    between official U.S. government properties and phishing pages.
    Unfortunately, part of that message is misleading and may help
    perpetuate a popular misunderstanding about Web site security and
    trust that phishers have been exploiting for years now.

  26. Tomi Engdahl says:

    Three More Ransomware Families Create Sites to Leak Stolen Data
    Three more ransomware families have created sites that are being used
    to leak the stolen data of non-paying victims and further illustrates
    why all ransomware attacks must be considered data breaches. Ever
    since Maze created their “news” site to publish stolen data of their
    victims who choose not to pay, other ransomware actors such as
    Sodinokibi/REvil, Nemty, and DoppelPaymer have been swift to follow.

  27. Tomi Engdahl says:

    Vulnerability reporting is dysfunctional
    In January, we released a study showing the ease of SIM swaps at five
    U.S. prepaid carriers. These attacksin which an adversary tricks
    telecoms into moving the victims phone number to a new SIM card under
    the attackers controldivert calls and SMS text messages away from the
    victim. This allows attackers to receive private information such as
    SMS-based authentication codes, which are . often used in multi-factor
    login and password recovery procedures.

  28. Tomi Engdahl says:

    Python backdoor attacks and how to prevent them
    Python backdoor attacks are increasingly common. Iran, for example,
    used a MechaFlounder Python backdoor attack against Turkey last year.
    Scripting attacks are nearly as common as malware-based attacks in the
    United States and, according to the most recent Crowdstrike Global
    Threat Report, scripting is the most common attack vector in the EMEA

  29. Tomi Engdahl says:

    With many people around the world working from home, hackers now have more easy pickings because security levels in households and VPNs are often less secure than in the office environment. For instance, hackers are changing Domain Name System (DNS) settings and gain access through routers to promote fake coronavirus information apps, mostly in Germany and France

  30. Tomi Engdahl says:

    WireGuard 1.0 released in Linux 5.6. WireGuard is a new VPN technology that is simpler and better performing than IPsec/OpenVPN.

  31. Tomi Engdahl says:

    Algo VPN is a set of Ansible scripts that simplify the setup of a personal WireGuard and IPsec VPN. It uses the most secure defaults available and works with common cloud providers.

  32. Tomi Engdahl says:

    Somebody’s dropping F@H on vulnerable systems instead of a crypto miner

    “Honeypot just got hit with a payload that drops something very compute-intensive. It doesn’t install a coinminer, but instead Folding@Home. (no IOCs because it does something good)”

  33. Tomi Engdahl says:

    Work from home: Videoconferencing with security in mind
    At the time of writing one-third of the worlds population is enduring
    restricted movement to stem the spread of COVID-19. The lockdown has
    driven huge swaths of the working population to become remote workers,
    many for the first time. The sudden surge in employees, students,
    teachers, and many other professionals working from home is driving a
    huge increase in demand for videoconferencing, online

    COVID-19 Impact: Cyber Criminals Target Zoom Domains
    While the world is struggling with the Coronavirus outbreak, many
    countries have implemented precautionary measures. Schools are being
    closed, communities are asked to shelter-in-place, and many
    organizations have enabled their employees to work remotely. As a
    result, video communication platforms are the daily norm. As the
    interest and usage of these platforms increases, cyber criminals stay
    a step . ahead. For instance, Check Point Research recently discovered
    a technique which could have allowed a threat actor to identify and
    join active Zoom meetings.

  34. Tomi Engdahl says:


    ZOOM, THE video conferencing service whose use has spiked amid the Covid-19 pandemic, claims to implement end-to-end encryption, widely understood as the most private form of internet communication, protecting conversations from all outside parties. In fact, Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.

    Zoom offers reliability, ease of use, and at least one very important security assurance: As long as you make sure everyone in a Zoom meeting connects using “computer audio” instead of calling in on a phone, the meeting is secured with end-to-end encryption, at least according to Zoom’s website, its security white paper, and the user interface within the app. But despite this misleading marketing, the service actually does not support end-to-end encryption for video and audio content, at least as the term is commonly understood.

    In Zoom’s white paper, there is a list of “pre-meeting security capabilities” that are available to the meeting host that starts with “Enable an end-to-end (E2E) encrypted meeting.”

    Zoom spokesperson wrote, “Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection.”

    The encryption that Zoom uses to protect meetings is TLS, the same technology that web servers use to secure HTTPS websites. This means that the connection between the Zoom app running on a user’s computer or phone and Zoom’s server is encrypted

    This is known as transport encryption, which is different from end-to-end encryption because the Zoom service itself can access the unencrypted video and audio content of Zoom meetings. So when you have a Zoom meeting, the video and audio content will stay private from anyone spying on your Wi-Fi, but it won’t stay private from the company.

    For a Zoom meeting to be end-to-end encrypted, the video and audio content would need to be encrypted in such a way that only the participants in the meeting have the ability to decrypt it.

    This is how end-to-end encryption in messaging apps like Signal work

    “When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,” the Zoom spokesperson wrote, apparently referring to Zoom servers as “end points” even though they sit between Zoom clients. “The content is not decrypted as it transfers across the Zoom cloud” through the networking between these machines.

    group video conferencing is difficult to encrypt end to end.

    The only feature of Zoom that does appear to be end-to-end encrypted is in-meeting text chat.

  35. Tomi Engdahl says:

    Apparently you can just dial random 10-digit Zoom conference URLs until you hit an active room.

    Chicago Politicians’ Zoom Call Interrupted By Porn-Streaming Hijackers

    “Zoom bombing” is on the rise, the FBI has warned. On Tuesday, Chicago aldermen and state reps were the latest victims.

    A virtual press conference hosted by Chicago politicians was cut short after someone hijacked the conference call and started streaming pornographic images.

    a private press conference with organizers, health officials and reporters on popular teleconferencing platform Zoom.

    was interrupted by a person who said: “Yeah, I don’t care.”

    As confusion set in, a pornographic video that included images of a woman who was not fully clothed began playing on the video call.

  36. Tomi Engdahl says:

    Memcached has a crash-me bug, but hey, only about 83,000 public-facing servers appear to be running it
    Yes, you may have detected some sarcasm


Leave a Comment

Your email address will not be published. Required fields are marked *