This posting is here to collect cyber security news in May 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
222 Comments
Tomi Engdahl says:
Firefox 76 Brings Security Patches, Breached Password Alerts
https://www.securityweek.com/firefox-76-brings-security-patches-breached-password-alerts
Tomi Engdahl says:
In A Pandemic Crisis, All Sectors Need To Be On High Cyber Alert – An Interview With Ian Thornton-Trump
https://pentestmag.com/in-a-pandemic-crisis-all-sectors-need-to-be-on-high-cyber-alert-an-interview-with-ian-thornton-trump/
#pentest #magazine #pentestmag #pentestblog #PTblog #interview #COVID19 #pandemic #cybersecurity #infosecurity #infosec
Tomi Engdahl says:
Another Stuxnet-Style Vulnerability Found in Schneider Electric Software
https://www.securityweek.com/another-stuxnet-style-vulnerability-found-schneider-electric-software
Tomi Engdahl says:
Samsung patches 0-click vulnerability impacting all smartphones sold
since 2014
https://www.zdnet.com/article/samsung-patches-0-click-vulnerability-impacting-all-smartphones-sold-since-2014/#ftag=RSSbaffb68
The security flaw resides in how the Android OS flavor running on
Samsung devices handles the custom Qmage image format (.qmg), which
Samsung smartphones started supporting on all devices released since
late 2014. Jurczyk says the Qmage bug can be exploited in a zero-click
scenario, without any user interaction. This happens because Android
redirects all images sent to a device to the Skia library for
processing — such as generating thumbnail previews — without a
user’s knowledge. The researcher discovered the vulnerability in
February and reported the issue to Samsung. The South Korean phone
maker patched the bug in its May 2020 security updates.
Tomi Engdahl says:
For 8 years, a hacker operated a massive IoT botnet just to download
Anime videos
https://www.zdnet.com/article/for-8-years-a-hacker-operated-a-massive-iot-botnet-just-to-download-anime-videos/#ftag=RSSbaffb68
The botnet consisted solely of D-Link NAS and NVR devices and the
botnet peaked at 10, 000 bots in 2015.
Tomi Engdahl says:
Zoom Agrees to Step Up Security After New York Probe
https://www.securityweek.com/zoom-agrees-step-security-after-new-york-probe
Tomi Engdahl says:
https://www.securityweek.com/cisco-patches-high-severity-vulnerabilities-security-products
Tomi Engdahl says:
https://www.securityweek.com/critical-flaw-codesys-industrial-controller-software-allows-code-execution
Tomi Engdahl says:
Bank is ‘robbed’ by a monkey: Staff discover ATM ripped out from the wall … but CCTV shows Indian premises were targeted by curious animal
https://www.dailymail.co.uk/news/article-8296581/Bank-robbed-monkey-India.html
State Bank of India ATM located close to presidential palace hit by a ‘thief’
Police were called after the front of the machine was pulled open Wednesday
Officers reviewed CCTV and found the robber was actually a curious monkey
Tomi Engdahl says:
Microsoft Investigating GitHub Account Hacking Claims
https://www.securityweek.com/microsoft-investigating-github-account-hacking-claims
Microsoft says it’s investigating claims that its GitHub account has been hacked, and while some say the leaked files appear to be legitimate, it’s unlikely that they contain any sensitive information.
A post offering some of the files for free on a hacker forum claims that the data is 54 GB compressed and 500 GB uncompressed, but software engineer Rafael Rivera, who also confirmed that the files appear to be real, said there are only roughly 63 GB of files when uncompressed.
The leaked data includes source code for Azure, Office, and some Windows runtime files and APIs, Under the Breach said, adding that while the leaked files did not appear to include anything sensitive they could hold keys and passwords left by mistake in the code.
Tomi Engdahl says:
Security researcher Bob Diachenko discovered one of NSO’s contact-tracing systems on the internet, unprotected and without a password, for anyone to access. After he contacted the company, NSO pulled the unprotected database offline. Diachenko said he believes the database contains dummy data.
https://techcrunch.com/2020/05/07/nso-group-fleming-contact-tracing/amp/?guccounter=1&guce_referrer=aHR0cHM6Ly90LmNvLzZ1YjZIcjRGVGk_YW1wPTE&guce_referrer_sig=AQAAACP9Evr-V76D1NsRpsMApArOcwKsoY8vn4pJ3QRT4ddT0eX5rrSRj_u5DZGgo2PECiX5HYqMUOV9TkhdyEB-AoYc9976UhIGyeej4B7-6eEWRNIw8FyV_eYl6KnsloWxiVxm7I9hi5JdARt_T6QR6-lJ-9q6fi_p9WwU5MPLFA1x
Tomi Engdahl says:
Ari Levy / CNBC:
Zoom is acquiring Keybase, a 25-person startup, to add end-to-end encryption to video calls, the first acquisition in the company’s nine-year history — – Zoom is acquiring Keybase, a 25-person start-up in New York, to add end-to-end encryption to video calls.
Zoom buys Keybase — its first acquisition — as part of 90-day plan to fix security flaws
https://www.cnbc.com/2020/05/07/zoom-buys-keybase-in-first-deal-as-part-of-plan-to-fix-security.html
Lauren Feiner / CNBC:
Zoom reaches agreement with NY AG over security concerns; Zoom agrees to maintain security protocols, including protections for students, admits no wrongdoing
Zoom strikes a deal with NY AG office, closing the inquiry into its security problems
https://www.cnbc.com/2020/05/07/zoom-strikes-a-deal-with-ny-ag-office-closing-security-inquiry.html
Tomi Engdahl says:
California identifies nail salons as source of coronavirus community spread, Gov. Newsom says
https://www.cnbc.com/2020/05/07/coronavirus-california-identifies-nail-salons-as-source-of-spread-gov-newsom-says.html
Community spread of the coronavirus in California began in a nail salon, Gov. Gavin Newsom said Thursday, as other states allow their manicurists to reopen.
“This whole thing started in the state of California, the first community spread, in a nail salon,” Newsom said at a news briefing. “I’m very worried about that.”
State health directors have put some “red flags” on nail salons as a high-risk business, Newsom added, likening them to gyms and hair salons.
Tomi Engdahl says:
Cisco: These 12 high-severity bugs in ASA and Firepower security software need patching
https://www.zdnet.com/article/cisco-these-12-high-severity-bugs-in-asa-and-firepower-security-software-need-patching/
Cisco has disclosed a dozen high-severity flaws affecting its Adaptive Security Appliance (ASA) software and Firepower Threat Defense (FTD) software.
The updates address eight denial-of-service issues affecting its security software, an information disclosure vulnerability, a memory-leak flaw, a path-traversal vulnerability, and an authentication bypass.
The bug with the highest CVSS score of 9.1 in this ASA and FTD disclosure bundle is a path-traversal vulnerability in ASA and FTD software, which is tracked as CVE-2020-3187 and was reported by Mikhail Klyuchnikov of security company Positive Technologies.
An attacker can exploit the issue by sending a crafted HTTP request containing directory traversal character sequences, allowing the attacker to view or delete files on the system.
However, Cisco notes that when the device is reloaded after exploitation, any files that were deleted are restored. Also, the attacker can only view and delete files with the web services file system, which is enabled when the device is configured with WebVPN or AnyConnect features
The authentication bypass, tracked as CVE-2020-3125, is because Cisco’s ASA doesn’t properly verify the identity of the Kerberos authentication protocol key distribution center (KDC) when it successfully receives an authentication response.
Tomi Engdahl says:
This Script Sends Junk Data to Ohio’s Website for Snitching on Workers
https://www.vice.com/en_us/article/wxqemy/this-script-sends-junk-data-to-ohios-website-for-snitching-on-workers?utm_content=1588989605&utm_medium=social&utm_source=VICE_facebook
An anonymous hacker wrote a script to sabotage Ohio’s ‘COVID-19 Fraud’ website, which allows companies to report employees and prevent them from collecting unemployment insurance.
The script works by automatically generating fake information and entering it into the form. For example, the companies are taken from a list of the top 100 employers in the state of Ohio—including Wendy’s, Macy’s, and Kroger—and names and addresses are randomly created using freely-available generators found online. Once all the data is entered, the script has to defeat a CAPTCHA-like anti-spam measure at the end of the form.
The anonymous hacker told Motherboard they created the script as a form of direct action against the exploitation of working people during the COVID-19 crisis.
Tomi Engdahl says:
It’s Not Just Zoom. Google Meet, Microsoft Teams, and Webex Have Privacy Issues, Too.
https://www.consumerreports.org/video-conferencing-services/videoconferencing-privacy-issues-google-microsoft-webex/
CR evaluated videoconferencing privacy policies and found these services may collect more data than consumers realize
Tomi Engdahl says:
Attacking SCADA: Vulnerabilities in Schneider Electric SoMachine and
M221 PLC (CVE-2017-6034 and CVE-2020-7489)
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vulnerabilities-in-schneider-electric-somachine-and-m221-plc/
SCADA/OT security has been a growing concern for quite some time. This
technology controls some of our most essential services and utilities,
like our nuclear plants and electric grids. While most of these
implementations are protected to a certain extent by unique
complexity, 24/7 monitoring, and built-in fault tolerance and
redundancy, vulnerabilities and attacks targeting them should not be
discounted.
Tomi Engdahl says:
As Remote Work Becomes the Norm, Security Fight Moves to Cloud,
Endpoints
https://www.darkreading.com/cloud/as-remote-work-becomes-the-norm-security-fight-moves-to-cloud-endpoints/d/d-id/1337774
As states and cities look to lifting stay-at-home orders, the
increased level of employees working remotely will not disappear. That
means many businesses will be moving more of their infrastructure to
the cloud and having to deal with the security challenges that come
from a hybrid infrastructure, experts said this week.
Tomi Engdahl says:
Hackers Target WHO by Posing as Think Tank, Broadcaster
https://www.bloomberg.com/news/articles/2020-05-07/hackers-target-who-by-posing-as-think-tank-broadcaster
The messages began arriving in World Health Organization employees
inboxes in early April, seemingly innocuous emails about the
coronavirus from news organizations and researchers. But a close
examination revealed that they contained malicious links, and some
security experts have traced the emails to a hacking group in Iran
believed to be sponsored by the government.
Tomi Engdahl says:
India’s Covid-19 Contact Tracing App Could Leak Patient Locations
The system’s use of GPS data could let hackers pinpoint who reports a positive diagnosis.
https://www.wired.com/story/india-covid-19-contract-tracing-app-patient-location-privacy/
AS COUNTRIES AROUND the world rush to build smartphone apps that can help track the spread of Covid-19, privacy advocates have cautioned that those systems could, if implemented badly, result in a dangerous mix of health data and digital surveillance. India’s new contact tracing app may serve as a lesson in those privacy pitfalls: Security researchers say it could reveal the location of Covid-19 patients not only to government authorities but to any hacker clever enough to exploit its flaws.
Independent security researcher Baptiste Robert published a blog post today sounding that warning about India’s Health Bridge app, or Aarogya Setu, created by the government’s National Informatics Centre.
https://medium.com/@fs0c131y/aarogya-setu-the-story-of-a-failure-3a190a18e34
Tomi Engdahl says:
Gartner named Synopsys a leader for fourth year in a row in Gartner’s Magic Quadrant for Application Security Testing (AST). The other three quadrants are visionaries, challengers, and niche players. Application security testing market is “the buyers and sellers of products and services designed to analyze and test applications for security vulnerabilities,” according to Gartner.
https://news.synopsys.com/2020-05-01-Synopsys-Named-a-Leader-in-the-Gartner-Magic-Quadrant-for-Application-Security-Testing-for-Fourth-Consecutive-Year
Tomi Engdahl says:
Andy Greenberg / Wired:
Researcher: PCs with Thunderbolt ports have an unpatchable flaw letting hackers with physical access circumvent data safeguards; some new PCs are not affected — The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and affects any PC manufactured before 2019.
Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking
The so-called Thunderspy attack takes less than five minutes to pull off with physical access to a device, and it affects any PC manufactured before 2019.
https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/
Security paranoiacs have warned for years that any laptop left alone with a hacker for more than a few minutes should be considered compromised. Now one Dutch researcher has demonstrated how that sort of physical access hacking can be pulled off in an ultra-common component: The Intel Thunderbolt port found in millions of PCs.
On Sunday, Eindhoven University of Technology researcher Björn Ruytenberg revealed the details of a new attack method he’s calling Thunderspy. On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer—and even its hard disk encryption—to gain full access to the computer’s data. And while his attack in many cases requires opening a target laptop’s case with a screwdriver, it leaves no trace of intrusion and can be pulled off in just a few minutes. That opens a new avenue to what the security industry calls an “evil maid attack,” the threat of any hacker who can get alone time with a computer in, say, a hotel room. Ruytenberg says there’s no easy software fix, only disabling the Thunderbolt port altogether.
Tomi Engdahl says:
Oklahoma University’s Virtual Graduation Ceremony Disrupted by Racist Hacker
https://time.com/5834845/oklahoma-city-university-zoom-racism-hacker/?utm_source=facebook&utm_medium=social&utm_campaign=editorial&utm_term=u.s._&linkId=88324707&fbclid=IwAR2Gxq3twCbYPlm0GQ5UafTq5fx17IT8YAsy8YRgCPeZIk8htcqNiDvOtAk
Oklahoma City University’s virtual graduation was disrupted on Saturday when a hacker interrupted the ceremony by displaying a swastika and a racial slur during the school’s Zoom call.
More than 650 people were watching the ceremony.
“It’s bad enough we couldn’t have a live ceremony, and then this happened,”
Tomi Engdahl says:
April 2020s Most Wanted Malware: Agent Tesla Remote Access Trojan
Spreading Widely In COVID-19 Related Spam Campaigns
https://blog.checkpoint.com/2020/05/11/april-2020s-most-wanted-malware-agent-tesla-remote-access-trojan-spreading-widely-in-covid-19-related-spam-campaigns/
Our latest Global Threat Index for April 2020 has found several
COVID-19 related spam campaigns distributing a new variant of the
Agent Tesla remote access trojan, moving it up to 3rd place in the
Index, impacting 3% of organizations worldwide. The new variant of
Agent Tesla has been modified to steal Wi-Fi passwords in addition to
other information such as Outlook email credentials from target PCs.
Tomi Engdahl says:
Package delivery giant Pitney Bowes confirms second ransomware attack
in 7 months
https://www.zdnet.com/article/package-delivery-giant-pitney-bowes-confirms-second-ransomware-attack-in-7-months/
Package and mail delivery giant Pitney Bowes has suffered a second
ransomware attack in the past seven months, ZDNet has learned. The
incident came to light today after a ransomware gang known as Maze
published a blog post claiming to have breached and encrypted the
company’s network.. Also:
https://www.bleepingcomputer.com/news/security/maze-ransomware-fails-to-encrypt-pitney-bowes-steals-files/
Tomi Engdahl says:
Microsoft and Intel project converts malware into images before
analyzing it
https://www.zdnet.com/article/microsoft-and-intel-project-converts-malware-into-images-before-analyzing-it/
Microsoft and Intel have recently collaborated on a new research
project that explored a new approach to detecting and classifying
malware. Called STAMINA (STAtic Malware-as-Image Network Analysis),
the project relies on a new technique that converts malware samples
into grayscale images and then scans the image for textural and
structural patterns specific to malware samples.
Microsoft and Intel project converts malware into images before analyzing it
https://www.zdnet.com/article/microsoft-and-intel-project-converts-malware-into-images-before-analyzing-it/
Microsoft and Intel Labs work on STAMINA, a new deep learning approach for detecting and classifying malware.
Tomi Engdahl says:
Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking
https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/
SECURITY PARANOIACS HAVE warned for years that any laptop left alone
with a hacker for more than a few minutes should be considered
compromised. Now one Dutch researcher has demonstrated how that sort
of physical access hacking can be pulled off in an ultra-common
component: The Intel Thunderbolt port found in millions of PCs.. Also:
https://thehackernews.com/2020/05/thunderbolt-vulnerabilities.html.
https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/.
https://www.zdnet.com/article/thunderbolt-flaws-affect-millions-of-computers-even-locking-unattended-devices-wont-help/.
https://www.bleepingcomputer.com/news/security/new-thunderbolt-security-flaws-affect-systems-shipped-before-2019/
Tomi Engdahl says:
Ransomware Hit ATM Giant Diebold Nixdorf
https://krebsonsecurity.com/2020/05/ransomware-hit-atm-giant-diebold-nixdorf/
Diebold Nixdorf, a major provider of automatic teller machines (ATMs)
and payment technology to banks and retailers, recently suffered a
ransomware attack that disrupted some operations. The company says the
hackers never touched its ATMs or customer networks, and that the
intrusion only affected its corporate network.
Tomi Engdahl says:
Venäläishakkereiden jättipotti? Kolmen vuoden viestit kopioitu
https://www.tivi.fi/uutiset/tv/7a6d0622-1d9f-473d-8179-177ff018d5b9
Saksassa on kerrottu tempusta, johon syylliseksi tai vähintään
takapiruksi epäillään Venäjän sotilastiedustelupalvelua GRU:ta. Kyse
on liittokansleri Angela Merkelin sähköpostilaatikoiden murtamisesta.
Tomi Engdahl says:
WordPress plugin bugs can let hackers take over almost 1M sites
https://www.bleepingcomputer.com/news/security/wordpress-plugin-bugs-can-let-hackers-take-over-almost-1m-sites/
Two high severity vulnerabilities found in the Page Builder WordPress
plugin installed on more than 1,000,000 sites can let hackers create
new admin accounts, plant backdoors, and ultimately take over the
compromised websites.
Tomi Engdahl says:
Threat Spotlight: Astaroth Maze of obfuscation and evasion reveals
dark stealer
https://blog.talosintelligence.com/2020/05/astaroth-analysis.html
Cisco Talos is detailing an information stealer, Astaroth, that has
been targeting Brazil with a variety of lures, including COVID-19 for
the past nine to 12 months. Complex maze of obfuscation and
anti-analysis/evasion techniques implemented by Astaroth inhibit both
detection and analysis of the malware family. I: Creative use of
YouTube channel descriptions for encoded and encrypted command and
control communications (C2) implemented by Astaroth.
Tomi Engdahl says:
DEF CON is canceled… No, for real. The in-person event is canceled. We’re not joking. It’s canceled. We mean it
Virus knocks hackers online: Show will try going virtual amid pandemic
https://www.theregister.co.uk/2020/05/08/defcon_canceled_coronavirus/
Tomi Engdahl says:
When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security
https://thunderspy.io/
Thunderspy targets devices with a Thunderbolt port. If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep.
Thunderspy is stealth, meaning that you cannot find any traces of the attack. It does not require your involvement, i.e., there is no phishing link or malicious piece of hardware that the attacker tricks you into using. Thunderspy works even if you follow best security practices by locking or suspending your computer when leaving briefly, and if your system administrator has set up the device with Secure Boot, strong BIOS and operating system account passwords, and enabled full disk encryption. All the attacker needs is 5 minutes alone with the computer, a screwdriver, and some easily portable hardware.
We have found 7 vulnerabilities in Intel’s design and developed 9 realistic scenarios how these could be exploited by a malicious entity to get access to your system, past the defenses that Intel had set up for your protection.
Tomi Engdahl says:
“Thunderbolt is a proprietary I/O protocol promoted by Intel and included in a number of laptops, desktops, and other systems. As an external interconnect, it allows exposing the system’s internal PCI Express (PCIe) domain to external devices. This enables high-bandwidth, low-latency use cases, such as external graphics cards. Being PCIe-based, Thunderbolt devices possess Direct Memory Access-enabled I/O, allowing complete access to the state of a PC and the ability to read and write all of system memory.” https://thunderspy.io/assets/reports/breaking-thunderbolt-security-bjorn-ruytenberg-20200417.pdf
Tomi Engdahl says:
https://threatpost.com/millions-thunderbolt-devices-thunderspy-attack/155620/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/10762-koronaroskaposteilla-kalastellaan-wifi-salasanoja
Huhtikuussa haittaohjelmaa jaettiin liitetiedostona useissa koronavirusaiheisissa roskapostikampanjoissa, jotka houkuttelivat uhria lataamaan haitallisen tiedoston tarjoamalla mielenkiintoista tietoa pandemiasta. Esimerkiksi Maailman terveysjärjestö WHO:n nimissä lähetetyn viestin aiheena olivat koronavirusrokotteet.
Check Pointin tutkijat varoittavat myös, että ”MVPower DVR Remote Code Execution” oli yhä yleisin hyväksikäytetty haavoittuvuus. Sitä esiintyi 46 prosentissa yritysverkoista maailmanlaajuisesti. Tätä seurasi ”OpenSSL TLS DTLS Heartbeat Information Disclosure”, jonka esiintyvyys oli 41 prosenttia. Kolmannella sijalla oli “Command Injection over HTTP Payload”, esiintyvyydeltään 40 prosenttia.
Suomessa huhtikuun yleisin haittaohjelma oli modulaarinen Emotet-troijalainen, jota esiintyi 1,8 prosentissa maan yritysverkoista. Toisella sijalla oli Mirai, joka on tunnettu IoT (Internet of Things) -laitteiden tartuttamisesta ja massiivisista DDoS-hyökkäyksistä. Maan kolmanneksi yleisin haittaohjelma oli kryptovaluutan louhija XMRig.
Tomi Engdahl says:
Vulnerabilities in ‘Page Builder’ Plugin Expose 1 Million WordPress Websites
https://www.securityweek.com/vulnerabilities-page-builder-plugin-expose-1-million-wordpress-websites
Two high-severity vulnerabilities addressed recently in SiteOrigin’s Page Builder WordPress plugin could allow an attacker to execute code in a website administrator’s browser.
WordPress plugin bugs can let hackers take over almost 1M sites
https://www.bleepingcomputer.com/news/security/wordpress-plugin-bugs-can-let-hackers-take-over-almost-1m-sites/
Two high severity vulnerabilities found in the Page Builder WordPress
plugin installed on more than 1,000,000 sites can let hackers create
new admin accounts, plant backdoors, and ultimately take over the
compromised websites.
Tomi Engdahl says:
Cybersecurity Threats to the Food Supply Chain
https://www.securityweek.com/cybersecurity-threats-food-supply-chain
Tomi Engdahl says:
U.S. Cyber Command Shares More North Korean Malware Variants
https://www.securityweek.com/us-cyber-command-shares-more-north-korean-malware-variants
The United States Cyber Command (USCYBERCOM) has uploaded five malware samples to VirusTotal total today, which it has attributed to the North Korean threat group Lazarus
Tomi Engdahl says:
Ransomware Forces Shutdown of Texas Judiciary Network
https://www.securityweek.com/ransomware-forces-shutdown-texas-judiciary-network
Tomi Engdahl says:
Microsoft May 2020 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2020+Patch+Tuesday/26114/
This month we got an average Patch Tuesday with patches for 111
vulnerabilities total. Sixteen of them are critical and, according to
Microsoft, none of them was previously disclosed or are being
exploited. Amongst critical vulnerabilities, there is a remote code
execution (RCE) on Media Foundation caused by a memory corruption
vulnerability (CVE-2020-1126). To exploit the vulnerability, an
attacker has to convince the victim to open a specially crafted
document or access a malicious webpage. It affects Windows 10, Windows
Server 2016, and 2019.. Also:
https://www.zdnet.com/article/microsoft-may-2020-patch-tuesday-fixes-111-vulnerabilities/.
https://www.bleepingcomputer.com/news/microsoft/may-2020-patch-tuesday-microsoft-fixes-111-vulnerabilities-13-critical/.
https://threatpost.com/microsoft-111-bugs-may-patch-tuesday/155669/
Tomi Engdahl says:
Tuhansissa Android-sovelluksissa karmea virhe: Nimet, osoitteet ja
jopa henkilötunnukset vaarassa
https://www.is.fi/digitoday/tietoturva/art-2000006504944.html
opa 24 000 Android-sovellusta virallisessa Google Play -latauskaupassa
vaarantaa käyttäjien arkaluonteisia tietoja tahattomasti,
Comparitech-verkkosivusto selvitti. Syynä on sovelluskehityksessä
käytetyn Firebase-työkalun huolimaton käyttö, ja kehittäjien tulisi
ensi tilassa tarkistaa asetuksensa.
Tomi Engdahl says:
Out-of-date, insecure open-source software is everywhere
https://www.zdnet.com/article/out-of-date-insecure-open-source-software-is-everywhere/
Open source rules. Everyone from Apple to Microsoft to Zoom uses it.
Don’t believe me? Synopsys, a software and silicon design company,
which also covers intellectual property, reported in its 2020 Open
Source Security and Risk Analysis (OSSRA) report that nearly all (99%)
of audited codebases contained at least one open-source component.
Tomi Engdahl says:
US Says Chinese Hacking Vaccine Research: Reports
https://www.securityweek.com/us-says-chinese-hacking-vaccine-research-reports
Tomi Engdahl says:
Researchers Analyze Entry Points, Vectors for Manufacturing System Attacks
https://www.securityweek.com/researchers-analyze-entry-points-vectors-manufacturing-system-attacks
It’s not uncommon for traditional malware to make its way into industrial environments and in many cases they are detected by existing security solutions, but sophisticated attackers looking to target industrial organizations are more likely to launch attacks that specifically target operational technology (OT) systems to make their attack more efficient and less likely to be detected.
Tomi Engdahl says:
One of the rare instances where a DDoS led to meaningful change
Ohio Has Stopped Kicking Workers Off Unemployment After A Hacker Targeted Its Website
https://www.vice.com/en_us/article/n7wwdw/ohio-has-stopped-kicking-workers-off-unemployment-after-a-hacker-targeted-its-website
The state is reconsidering its policy after a hacker released a script that automatically submits junk data to its ‘COVID-19 fraud’ website, which allows employers to report workers who refuse to work during the pandemic.
The state of Ohio won’t deny unemployment benefits to people who refuse to work during the COVID-19 pandemic after people targeted the website it was using to track these workers, according to officials at the state’s Department of Job and Family Services (ODJFS).
The state previously set up a “fraud” website encouraging employers to report those who refused to go back on the job, angering workers and labor rights advocates.
State officials say they are now reconsidering the policy after Motherboard reported that a hacker created a script to flood the “COVID-19 Fraud” website with junk data, with the goal of making it impossible to process these claims.
Tomi Engdahl says:
Senate Votes to Allow FBI to Look at Your Web Browsing History Without a Warrant
The government just got even more power to spy on your internet habits as millions remain quarantined at home.
https://www.vice.com/en_us/article/jgxxvk/senate-votes-to-allow-fbi-to-look-at-your-web-browsing-history-without-a-warrant
Tomi Engdahl says:
Ransomware now demands extra payment to delete stolen files
https://www.bleepingcomputer.com/news/security/ransomware-now-demands-extra-payment-to-delete-stolen-files/
A ransomware family has begun a new tactic of not only demanding a
ransom for a decryptor but also demanding a second ransom not to
publish files stolen in an attack. For years, ransomware operators
have been claiming to steal data before encrypting a company’s network
and then threatening to release the data if a victim does not pay.
Tomi Engdahl says:
Intel Improves Hardware Shield in New 10th Gen Core vPro Processors
https://www.securityweek.com/intel-improves-hardware-shield-new-10th-gen-core-vpro-processors
Intel on Wednesday announced its new 10th Gen Core vPro processors, which include an enhanced version of Hardware Shield that provides advanced threat detection capabilities.
According to Intel, its new Core vPro processors are designed to provide better performance, built-in security features, and fast and reliable connectivity with integrated Wi-Fi 6.
In terms of security, the new processors include Hardware Shield, a component of the vPro platform that is designed to improve the security of a device by locking down the hardware to protect the BIOS and preventing attackers from compromising the operating system through malicious code injections.
The Hardware Shield in the latest vPro version brings new threat detection capabilities that leverage the power of the GPU in order to ensure minimal impact on the CPU’s performance.
“Intel Hardware Shield now includes advanced threat detection and extended protection beyond system memory to help improve the detection of advanced threats while reducing false positives and minimizing performance impact,” Intel told SecurityWeek.
Tomi Engdahl says:
Beware of Sick Behavior Masquerading as Coronavirus
https://www.securityweek.com/beware-sick-behavior-masquerading-coronavirus
As early as January, phishing emails containing phony COVID-19 public health warnings were circulating in Japan.
Other forms of cyberattack, including a denial of service attack against the U.S. Department of Health and Human services on March 15, and a fraudulent website distributing a new variant of ransomware named “CoronaVirus” identified a few days later, also occurred. And misleading mobile apps began to proliferate. Altogether, we uncovered 376 Android mobile apps related to COVID-19. Many of them, it turned out, were benign. But others contained spyware to collect sensitive user data and insisted on receiving dangerous permissions.
We discovered multiple apps that demanded access to perform account authentication, to capture and collect photos, to receive packets not directly addressed to the device, to create network sockets, remove accounts, delete passwords, request authentication tokens, and write to the phone’s embedded sim card. Seeking the ability to access a user’s contact list is a particularly dangerous form of permission because, among other things, it enables someone who secures that information to impersonate you and anyone else on that list in malicious ways.
We also found a number of app download links that claimed to be specific to COVID-19 but which actually served up entirely different applications, some of which were rigged with malicious files requiring an extensive number of dangerous permissions. The files they would download included riskware, adware, potentially unwanted programs, contact collection tools, and SMS management capabilities.