This posting is here to collect cyber security news in May 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
222 Comments
Tomi Engdahl says:
White Supremacists Built a Website to Doxx Interracial Couples — and It’s Going to Be Hard to Take Down
https://www.vice.com/en_us/article/n7ww4w/white-supremacists-built-a-website-to-doxx-interracial-couples-and-its-going-to-be-hard-to-take-down?utm_source=vicenewsfacebook&fbclid=IwAR2pXdcmF0zaGfxP5hiDhYGo1invX9B_hrKM-z17nCJvNA5mFBnq1ei457c
Racists have published a hate-filled database targeting white women dating black and brown men as “traitors” — and some are being harassed online.
On May 5, Allison, whose real name is being withheld for her safety, received a strange DM. It was from a woman she didn’t know, who informed her that she was on a disturbing website that was compiling information about white women in interracial relationships.
When she went to the website, she found her name, photos, and social media handles under the label “traitors.”
“It was weird, and strange, and creepy,” said Allison, 28. “I was thinking, ‘Who takes the time to do this?’”
The website names, shames, and effectively promotes violence against interracial couples and families — and it’s been circulated in some of the darkest corners of the internet
White supremacists have long invoked “racial purity” to justify horrific racism and brutal acts of violence against nonwhite people.
“A website like this is concerning for reasons even beyond the repulsive hate it promotes. The site is yet another example of how certain online spaces are being designed to literally facilitate harassment,”
Tomi Engdahl says:
Joka kolmannen suomalaisen sähköpostiosoite löytyy darkwebistä
https://etn.fi/index.php/13-news/10767-joka-kolmannen-suomalaisen-sahkopostiosoite-loytyy-darkwebista
Ruotsin johtavan tietovuotoihin erikoistuneen Defentryn keräämän datan perusteella useamman kuin joka kolmannen (37 %) suomalaisen sähköpostiosoite ja salasana löytyvät hakkereiden suosimasta pimeästä verkosta. MySafety on avannut Hakkeroitu.fi-palvelun, jossa voi tarkistaa, ovatko henkilökohtaiset tiedot vuotaneet nettiin.
MySafety muistuttaa, että nettirikollisuus ja identiteettivarkaudet ovat lisääntyneet merkittävästi koronaepidemian aikana ja kuluttajilla on akuutti tarve suojautua niitä vastaan. Lisääntyneen tietoisuuden lisäksi suojautumiseen tarvitaan konkreettisia työkaluja. Tähän tarpeeseen maksuton Hakkeroitu.fi-palvelu vastaa.
Defentryn datasta ilmenee, että suomalaisten käyttämistä sähköpostiosoitteista pimeästä verkosta löytyy salasanoineen eniten gmail-osoitteita, toiseksi eniten hotmail-osoitteita ja kolmanneksi eniten live-osoitteita.
Tomi Engdahl says:
https://www.pandasecurity.com/mediacenter/mobile-news/perils-of-video-calls/
Governments across the world have been instructing people to work from
home as much as possible to limit the spread of the deadly Covid-19
virus. As a result, weve seen an increase in the use of video
conferencing services to host virtual meetings between colleagues. And
families are also getting together online to stay in touch using the
same tools.
Tomi Engdahl says:
Access-as-a-Service Remote Access Markets in the Cybercrime
Underground
https://ke-la.com/access-as-a-service-remote-access-markets-in-the-cybercrime-underground/
Remote Access Markets are automated stores that allow attackers to
exchange access credentials to compromised websites and services. As
such, they represent an endless stream of opportunities for attackers;
buying access to an organization as a service lowers the skill bar for
further exploitation and exposes organizations to a plethora wave of
online threats from ransomware to card skimming.
Tomi Engdahl says:
Scammers steal $10 million from Norway’s state investment fund
https://www.bleepingcomputer.com/news/security/scammers-steal-10-million-from-norways-state-investment-fund/
Fraudsters running business email compromise scams were able to
swindle Norfund, Norways state investment fund, out of $10 million.
The attackers took their time before pulling the trigger and took
action to ensure that the theft would be discovered long after they
got the money.
Tomi Engdahl says:
COVID-19 blamed for 238% surge in cyberattacks against banks
https://www.zdnet.com/article/covid-19-blamed-for-238-surge-in-cyberattacks-against-banks/
The coronavirus pandemic has been connected to a 238% surge in
cyberattacks against banks, new research claims. On Thursday, VMware
Carbon Black released the third edition of the Modern Bank Heists
report, which says that financial organizations experienced a massive
uptick in cyberattack attempts between February and April this year –
the same months in which COVID-19 began to spread rapidly across the
globe.
Tomi Engdahl says:
Huawei denies involvement in buggy Linux kernel patch proposal
https://www.zdnet.com/article/huawei-denies-involvement-in-buggy-linux-kernel-patch-proposal/
Huawei denied on Monday having any official involvement in an insecure
patch submitted to the Linux kernel project over the weekend; patch
that introduced a “trivially exploitable” vulnerability. The buggy
patch was submitted to the official Linux kernel project via its
mailing list on Sunday. Named HKSP (Huawei Kernel Self Protection),
the patch allegedly introduced a series of security-hardening options
to the Linux kernel.
Tomi Engdahl says:
UK electricity middleman hit by cyber-attack
Elexon said the incident only impacted its internal IT network, employee laptops, and company email server.
https://www.zdnet.com/article/uk-electricity-middleman-hit-by-cyber-attack/
Elexon, a crucial middleman in the UK power grid network, reported that it fell victim to a cyber-attack earlier today.
Tomi Engdahl says:
https://tbsnews.net/world/hackers-demand-42-million-ranson-after-hacking-celebrity-law-firm-threaten-release-dirty
Tomi Engdahl says:
Criminal group that hacked law firm threatens to release Trump documents
https://www.nbcnews.com/tech/security/criminal-group-hacked-law-firm-threatens-release-trump-documents-n1208366?fbclid=IwAR0OHNtMfoVqT9oicHvHVBJNoe2fgEXlfHdB1uh55WjZDr-925_7AIPZkl0
A known criminal enterprise released a large set of stolen files, at least some of which appeared legitimate.
A cybercriminal gang that hacked a major entertainment law firm claims it will release information on President Donald Trump if it doesn’t receive $42 million in ransom.
The group, a known criminal enterprise, didn’t offer any proof it had information compromising to Trump. It did, however, release a large set of stolen files from the law firm, Grubman Shire Meiselas & Sacks. NBC News reviewed some of the documents, and they appear legitimate.
The law firm said that Trump is not a client and has never been. A spokesperson for the firm said it wasn’t clear which of its clients have been compromised.
The group uses ransomware — a type of malicious software — to break into a victim’s networks and encrypt them, demanding a fee to unlock them. If the victim doesn’t pay up, the group slowly leaks out unencrypted versions of files stolen from those networks to prompt payment.
Though the gang tends to release legitimately hacked files, they left no clue of whether they actually had compromising information on Trump or whether this was a ploy to put more pressure on the law firm to pay.
“On the one hand, I think it’s bulls—,” said Brett Callow, who studies ransomware gangs at the antivirus company Emsisoft. “But on the other hand, getting a rep for bluffing isn’t helpful to extortionists. They need their victims to believe that their threats are real and will be carried through.”
Grubman, Shire, Meiselas & Sacks said in a statement Friday that law firms have not been immune to escalating attacks by foreign cybercriminals. “Despite our substantial investment in state-of-the-art technology security, foreign cyberterrorists have hacked into our network and are demanding $42 million as ransom,”
Tomi Engdahl says:
U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs
https://krebsonsecurity.com/2020/05/u-s-secret-service-massive-fraud-against-state-unemployment-insurance-programs/
A memo seen by KrebsOnSecurity that the Secret Service circulated to field offices around the United States on Thursday says the ring has been filing unemployment claims in different states using Social Security numbers and other personally identifiable information (PII) belonging to identity theft victims, and that “a substantial amount of the fraudulent benefits submitted have used PII from first responders, government personnel and school employees.”
The Service’s memo suggests the crime ring is operating in much the same way as crooks who specialize in filing fraudulent income tax refund requests with the states and the U.S. Internal Revenue Service (IRS), a perennial problem that costs the states and the U.S. Treasury hundreds of millions of dollars in revenue each year.
“Between March and April, the number of fraudulent claims for unemployment benefits jumped 27-fold to 700,” the state Employment Security Department (ESD) told The Seattle Times.
Tomi Engdahl says:
The UK accidentally left secret plans for its COVID-19 contact-tracing app on an open Google Drive
https://www.businessinsider.com/uk-leaves-plans-contact-tracing-app-open-google-drive-2020-5
The UK government accidentally left documents outlining the the potential future for its contact-tracing app on a publicly accessible Google Drive, Wired UK reports.
According to the documents future versions of the app might ask for more data, track geolocation, and allow people to set a “COVID-19 status.”
The drive was spotted by Wired UK, and contained documents including one entitled “Product Direction: Release One” and labelled “OFFICIAL – SENSITIVE.”
A link to the open drive was included in a batch of documents published intended to detail the data and privacy protections and risks of the contact-tracing app, known as a Data Privacy Impact Assessment (DPIA).
The Google Drive has now been made private after Wired alerted the Department of Health and NHSX (the digital wing of the NHS) to the fact it was accessible.
Tomi Engdahl says:
UK electricity middleman hit by cyber-attack
https://www.zdnet.com/article/uk-electricity-middleman-hit-by-cyber-attack/
Elexon said the incident only impacted its internal IT network, employee laptops, and company email server.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/software/zoom-global-outage-preventing-meetings-video-and-audio/
Zoom has a global outage that is preventing users from joining meetings or see video and hear audio once they have joined. There is currently no indication as to when the issue will be resolved.
Tomi Engdahl says:
Danger zone! Brit research supercomputer ARCHER’s login nodes exploited in cyber-attack, admins reset passwords and SSH keys
https://www.theregister.co.uk/2020/05/13/uk_archer_supercomputer_cyberattack/
Assault on TOP500-listed machine may have hit Euro HPC too, warn sysops
Updated One of Britain’s most powerful academic supercomputers has fallen victim to a “security exploitation” of its login nodes, forcing the rewriting of all user passwords and SSH keys.
Tomi Engdahl says:
Likely Breach Shuts Down Arkansas Unemployment Program
https://www.securityweek.com/likely-breach-shuts-down-arkansas-unemployment-program
Tomi Engdahl says:
Hackers Can Inject Code Into WordPress Sites via Flaw in Product Review Plugin
https://www.securityweek.com/hackers-can-inject-code-wordpress-sites-flaw-product-review-plugin
A vulnerability addressed recently in the WP Product Review Lite plugin for WordPress could be abused by unauthenticated attackers to hack websites.
WP Product Review Lite is designed for creating product reviews on WordPress websites. It supports the creation of a top products review widget and also allows monetization through the addition of a “buy now” button in posts. The plugin has more than 40,000 installations.
Last week, the team of developers behind the plugin addressed an unauthenticated persistent Cross-Site Scripting (XSS) vulnerability that could have been exploited to inject code into all of a website’s product pages.
Unauthenticated Stored Cross Site Scripting in WP Support Review
https://labs.sucuri.net/unauthenticated-stored-cross-site-scripting-in-wp-support-review/
Tomi Engdahl says:
Crypto-Mining Campaign Hits European Supercomputers
https://www.securityweek.com/crypto-mining-campaign-hits-european-supercomputers
Several supercomputers across Europe were taken offline last week after being targeted in what appears to be a crypto-mining campaign.
In a notice on Saturday, the Swiss National Supercomputing Centre (CSCS) revealed that it too has been hit, along with other “HPC [High Performance Computing] and academic data centres of Europe and around the world.”
Tomi Engdahl says:
FBI finds al Qaeda link after breaking encryption on Pensacola attacker’s iPhone
https://edition.cnn.com/2020/05/18/politics/pensacola-shooting-al-qaeda/index.html
The Saudi military trainee who killed three US sailors and wounded several others in a terror attack last year on a military base in Pensacola, Florida, was in touch with a suspected al Qaeda operative, according to multiple US officials briefed on the matter.
Tomi Engdahl says:
This Service Helps Malware Authors Fix Flaws in their Code
https://krebsonsecurity.com/2020/05/this-service-helps-malware-authors-fix-flaws-in-their-code/
Enter malware testing services like the one operated by RedBear, the
administrator of a Russian-language security site called Krober[.]biz,
which frequently blogs about security weaknesses in popular malware
tools.. RedBears service is marketed not only to malware creators, but
to people who rent or buy malicious software and services from other
cybercriminals. A chief selling point of this service is that, crooks
being crooks, you simply cant trust them to be completely honest.
Tomi Engdahl says:
Crypto-Mining Campaign Hits European Supercomputers
https://www.securityweek.com/crypto-mining-campaign-hits-european-supercomputers
Tomi Engdahl says:
One million brute force attacks on RDP connections every day
https://www.pandasecurity.com/mediacenter/security/brute-force-rdp/
Even before the current situation, this kind off RDP cyberattack was
extremely common: There were around 150,000 attempts every day.
However, at the start of March, when the stricter lockdown measures
came into effect, almost a million attempted brute force attacks on
RDP connections were registered every day
Tomi Engdahl says:
Israel behind cyberattack that caused ‘total disarray’ at Iran port – report
https://www.timesofisrael.com/israel-said-behind-cyberattack-that-caused-total-disarray-at-iran-port-report/
Washington Post cites officials saying Jerusalem carried out ‘highly accurate’ hack, apparently in retaliation for Iranian attempt to target Israeli water infrastructure
Tomi Engdahl says:
Colorado’s unemployment system, slammed with coronavirus claims, inadvertently exposed people’s private data
https://coloradosun.com/2020/05/18/colorado-unemployment-private-data-released/
The unauthorized access is blamed on a vendor’s technical issue and was identified and blocked within an hour after it was noticed on Saturday, according to the Colorado Department of Labor and Employment
Tomi Engdahl says:
Suit: ADT employee spied on customers’ home security systems
https://apnews.com/6e885b29749e2db50f8f628f212cb37c
Two federal class-action lawsuits have been filed against ADT, one of the largest security companies in the country, alleging that an employee spied on customers and children over a seven-year period through their home security cameras.
The lawsuits, filed Monday, allege ADT showed negligence and breached contracts by failing to provide security, among other concerns. Both lawsuits say the employee was able to view customers’ intimate and private moments, including when they were nude or partially dressed.
The breach was discovered in March after an ADT customer in DeSoto, Texas, reported an unauthorized email address on her account. An internal investigation discovered the employee’s personal email address was added on 220 ADT customers’ accounts in the Dallas-Fort Worth area.
“We took immediate action and put measures in place to prevent this from happening again,” ADT said in a written statement Monday.
“I am just horrified that a company that holds itself as the number one security option allowed this to happen,” attorney Amy Carter said. “They gave access to someone’s home when they were seeking additional security.”
Tomi Engdahl says:
European supercomputers hacked to mine cryptocurrency
https://www.welivesecurity.com/2020/05/18/european-supercomputers-hacked-mine-cryptocurrency/
Multiple supercomputers across Europe that are working on COVID-19
research have been targeted by cryptocurrency-mining attacks over the
past week. The reports of the incursions started pouring in last
Monday, when supercomputers in the United Kingdom and Germany were
among the first victims.
Tomi Engdahl says:
Verizon Data Breach Report: DoS Skyrockets, Espionage Dips
https://threatpost.com/verizon-data-breach-report-dos-skyrockets-espionage-dips/155843/
Denial of Service (DoS), ransomware, and financially-motivated data
breaches were the winners in this years Verizon DBIR.
Tomi Engdahl says:
Emil Protalinski / VentureBeat:
Google launches Chrome 83 with updated safety and privacy settings, third-party cookies blocked in Incognito mode, DNS-over-HTTPS support, and new dev features — Google today launched Chrome 83 for Windows, Mac, Linux, Android, and iOS. Chrome 83 includes redesigned safety and privacy settings …
Chrome 83 arrives with redesigned security settings, third-party cookies blocked in Incognito
https://venturebeat.com/2020/05/19/google-chrome-83/
Tomi Engdahl says:
NXNSAttack: New DNS Vulnerability Allows Big DDoS Attacks
https://www.securityweek.com/nxnsattack-new-dns-vulnerability-allows-big-ddos-attacks
Several major providers of DNS services and software have been working to address a serious DNS vulnerability that could allow malicious actors to launch significant distributed denial-of-service (DDoS) attacks.
The vulnerability, dubbed NXNSAttack
entities that operate their own DNS resolver need to update their software as soon as possible to prevent attacks.
Various CVE identifiers have been assigned by the impacted vendors, including CVE-2020-8616 (BIND), CVE-2020-12662 (Unbound), CVE-2020-12667 (Knot) and CVE-2020-10995 (PowerDNS).
In the case of NXNSAttack, a remote attacker can amplify network traffic by sending DNS queries to a vulnerable resolver, which queries an authoritative server controller by the attacker. The attacker’s server delegates to fake server names pointing to the victim’s DNS domain, causing the resolver to generate queries towards the victim’s DNS server. The attack can result in an amplification factor of over 1,620.
Tomi Engdahl says:
Researchers Divulge Details on Five Windows Zero Days
https://www.securityweek.com/researchers-divulge-details-five-windows-zero-days
Security researchers working with Trend Micro’s Zero Day Initiative (ZDI) have published information on
five unpatched vulnerabilities in Microsoft Windows, including four considered high risk.
Tracked as CVE-2020-0916, CVE-2020-0986, and CVE-2020-0915, and featuring a CVSS score of 7.0, the first
three of these zero-day vulnerabilities could allow an attacker to escalate privileges on the affected
system.
The security flaws were identified in the user-mode printer driver host process splwow64.exe
Tomi Engdahl says:
LMAOOOOOOOO they left RCE unpatched for 15 years because “it’s probably not exploitable”
“In 2005, three vulnerabilities were discovered in qmail but were never fixed because they were believed to be unexploitable in a default installation. We recently re-discovered these vulnerabilities and were able to exploit one of them remotely in a default installation.”
https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt
Tomi Engdahl says:
Cyberattack hits internal IT systems of key player in British power market
https://www.cyberscoop.com/elexon-cyberattack-uk-electricity-market/
Elexon, a company that facilitates transactions on the British electricity market, said Thursday that a cyberattack had hit its internal computers, cutting off email access for employees.
The company grappled with the digital attack throughout Thursday, tweeting that it had identified the “root cause” of the incident.
“The attack is to our internal IT systems and Elexon’s laptops only,” the company said. It was unclear who was responsible for the cyberattack.
The attack didn’t affect the external IT systems that the company uses to track trading between producers and suppliers of electricity, Elexon said.
Tomi Engdahl says:
Thunderspy: What it is, why it’s not scary, and what to do about it
https://arstechnica.com/information-technology/2020/05/thunderspy-what-is-is-why-its-not-scary-and-what-to-do-about-it/
Evil maids can use the Thunderbolt port to access your computer; many restrictions apply.
Tomi Engdahl says:
https://threatpost.com/news-wrap-ransomware-extortion-tactics-contact-tracing-app-security/155796/
Tomi Engdahl says:
European supercomputers hacked in mysterious cyberattacks
https://www.bleepingcomputer.com/news/security/european-supercomputers-hacked-in-mysterious-cyberattacks/
Several high-performance computers (HPCs) and data centers used for research projects have been shut down this week across Europe due to security incidents.
Tomi Engdahl says:
Oklahoma University’s Virtual Graduation Ceremony Disrupted by Racist Hacker
https://time.com/5834845/oklahoma-city-university-zoom-racism-hacker/
Tomi Engdahl says:
CVE-2020-11108: How I Stumbled into a Pi-hole RCE+LPE
https://frichetten.com/blog/cve-2020-11108-pihole-rce/
Tomi Engdahl says:
Alert Regarding Vulnerabilities (CVE-2020-8616, CVE-2020-8617) in ISC
BIND 9
https://www.jpcert.or.jp/english/at/2020/at200023.html
If you are operating an affected version of ISC BIND 9, please
consider updating to a version that addresses these vulnerabilities by
referring to the information in “III. Solution”. III. ISC has released
versions of ISC BIND 9 that address these vulnerabilities.
Distributors are likely to provide their own versions that address the
vulnerabilities. Consider updating to an updated version after
thorough testing. Read also:
https://www.theregister.co.uk/2020/05/21/nxnaattack_bug_disclosed/.
And:
https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/
Tomi Engdahl says:
Vigilante hackers target ‘scammers’ with ransomware, DDoS attacks
https://www.bleepingcomputer.com/news/security/vigilante-hackers-target-scammers-with-ransomware-ddos-attacks/
A hacker has been taking justice into their own hands by targeting
“scam” companies with ransomware and denial of service attacks.
Tomi Engdahl says:
BlockFi discloses failed hack attempt after SIM swapping incident
https://www.zdnet.com/article/blockfi-discloses-failed-hack-attempt-after-sim-swapping-incident/
BlockFi says a hacker SIM swapped an employee to gain access to its
platform, but the hacker failed in their attempt to steal BlockFi
customer funds.
Tomi Engdahl says:
Crooks Tap Google Firebase in Fresh Phishing Tactic
https://threatpost.com/crooks-tap-google-firebase-in-fresh-phishing-tactic/155967/
Cybercriminals are taking advantage of the Google name and the cloud
to convince victims into handing over their login details. A series of
phishing campaigns using Google Firebase storage URLs have surfaced,
showing that cybercriminals continue to leverage the reputation of
Google’s cloud infrastructure to dupe victims. Google Firebase is a
mobile and web application development platform. Firebase Storage
meanwhile provides secure file uploads and downloads for Firebase
apps. Using the Firebase storage API, companies can store data in a
Google cloud storage bucket.
Tomi Engdahl says:
Vulnerability Spotlight: Memory corruption vulnerability in GNU Glibc
leaves smart vehicles open to attack
https://blog.talosintelligence.com/2020/05/cve-2020-6096.html
Modern automobiles are complex machines, merging both mechanical and
computer systems under one roof. As automobiles become more advanced,
additional sensors and devices are added to help the vehicle
understand its internal and external environments. These sensors
provide drivers with real-time information, connect the vehicle to the
global fleet network and, in some cases, actively use and interpret
this telemetry data to drive the vehicle. In our case, a vulnerability
in the ARMv7 implementation of memcpy() that was able to cause the
program to enter an undefined state and ultimately allow for remote
code execution. When exploited, this memcpy() vulnerability causes
program execution to continue in scenarios where a segmentation fault
or crash should have occurred. This unexpected behavior can result in
a scenario where program execution continues with corrupted runtime
state leading to exploitation opportunities. Read also:
https://blogs.cisco.com/security/talos/vulnerability-spotlight-memory-corruption-vulnerability-in-gnu-glibc-leaves-smart-vehicles-open-to-attack
Tomi Engdahl says:
Most Bluetooth Devices Vulnerable to Impersonation Attacks
https://www.darkreading.com/iot/most-bluetooth-devices-vulnerable-to-impersonation-attacks/d/d-id/1337880
Vulnerabilities in the Bluetooth authentication process give attackers
a way to insert rogue devices between two securely paired devices,
academic researchers find. Security researchers from three
universities in Europe have found multiple weaknesses in the
ubiquitous Bluetooth protocol that could allow attackers to
impersonate a paired device and establish a secure connection with a
victim. Most standard Bluetooth devices are vulnerable to the issue,
according to the researchers, who successfully tested a
proof-of-concept attack they developed against 31 Bluetooth devices
from major hardware and software vendors. Bluetooth chips from Apple,
Intel, Qualcomm, Cypress, Broadcomm, and others are all vulnerable to
the attacks. Adversaries can impersonate any Bluetooth-enabled device
from smartphones and laptops to IoT devices, the researchers say.
Tomi Engdahl says:
Thousands of Israeli sites defaced with code seeking permission to
access users’ webcams
https://www.zdnet.com/article/thousands-of-israeli-sites-defaced-with-code-seeking-permission-to-access-users-webcams/
Thousands of Israeli websites have been defaced earlier today to show
an anti-Israeli message and with malicious code seeking permission to
access visitors’ webcams. More than 2, 000 websites are believed to
have been defaced. Most of the websites were hosted on uPress, a local
Israeli WordPress hosting service.
Tomi Engdahl says:
Check Point released an open-source fix for common Linux memory
corruption security hole
https://www.zdnet.com/article/check-point-released-an-open-source-fix-for-common-linux-memory-corruption-security-hole/
For years, there’s been a security problem with how the GNU C Library
dealt with single-linked-lists. Now, Check Point has released a patch,
which will fix the problem once and for all.
Tomi Engdahl says:
AVOID SCAMS RELATED TO ECONOMIC PAYMENTS, COVID-19
https://www.cisa.gov/publication/avoid-scams-related-economic-payments-covid-19
Original release date: May 21, 2020. In March, Congress passedand the
President signedthe Coronavirus Aid, Relief, and Economic Security
(CARES) Act, a $2 trillion economic relief package intended to support
American businesses and individuals economically burdened by the
coronavirus pandemic. A provision of the law includes sending economic
impact payments to eligible Americans. CISA, U.S. Department of the
Treasury, the IRS, and the United States Secret Service (USSS) urge
all Americans to be on the lookout for criminal fraud related to these
economic impact paymentsparticularly fraud using coronavirus lures to
steal personal and financial information, as well as the economic
impact payments themselvesand for adversaries seeking to disrupt
payment efforts. Read also:
https://www.cisa.gov/sites/default/files/publications/Avoid_Scams_Related_to_Economic_Payments_COVID-19.pdf
Tomi Engdahl says:
Santahaminan upseerikerho tarjosi “solidia pilsneriä” Olutsovellus
paljasti sotilaiden liikkeet, mutta jopa sään tarkkailu voi olla
tietoturvariski
https://www.hs.fi/ulkomaat/art-2000006514953.html
Aiemmin sotilaat kärähtivät paikkatiedoista lenkkeilysovelluksessa,
nyt on vuorossa oluenmaistelusovellus. Toisinaan ei tarvita edes
yksittäistä sovellusta, niin monesta kolosta tietoa vuotaa.’
Untappd
Esimerkin etsi Untappd-sovelluksen tiedoista Helsingin Sanomat. Aikaa kului varttitunti.
Avoimiin lähteisiin erikoistunut selvitysryhmä Bellingcat tutustui Untappdiin paljon tarkemmin ja julkaisi löytönsä tiistaina. Untappdilla on noin kahdeksan miljoonaa käyttäjää. He ovat enimmäkseen Yhdysvalloista ja Euroopasta.
Käyttäjien joukosta Bellingcat onnistui tunnistamaan esimerkiksi Yhdysvaltojen armeijan lennokkilentäjän ja hänen työhönsä liittyvät sotilastukikohdat sekä Yhdysvalloissa että ulkomailla. laivastoupseerin, jolla oli asiaa sekä pahamaineiseen Guantanamon pidätyskeskukseen että Yhdysvaltojen puolustusministeriöön sekä tiedusteluvirkailijan, jolla oli yli 7 000 paikkamerkintää.
Santahaminan upseerikerholle on tehty yhteensä 60 paikkamerkintää
Military And Intelligence Personnel Can Be Tracked With The Untappd Beer App
https://www.bellingcat.com/news/2020/05/18/military-and-intelligence-personnel-can-be-tracked-with-the-untappd-beer-app/
Surprise! The beer-rating app Untappd can be used to track the location history of military personnel. The social network has over eight million mostly European and North American users, and its features allow researchers to uncover sensitive information about said users at military and intelligence locations around the world.
For people in the military, neither drinking beer nor using social media is newsworthy on its own. But Untappd users log hundreds, often thousands of time-stamped location data points.
Examples of users that can be tracked this way include a U.S. drone pilot, along with a list of both domestic and overseas military bases he has visited, a naval officer, who checked in at the beach next to Guantanamo’s bay detention center as well as several times at the Pentagon, and a senior intelligence officer with over seven thousand check-ins, domestic and abroad. Senior officials at the U.S. Department of Defense and the U.S. Air Force are included as well.
Cross-referencing these check-ins with other social media makes it easy to find these individuals’ homes. Their profiles and the pictures they post also reveal family, friends, and colleagues.
Tapping Untappd
At first glance Untappd’s data might seem useless as its location data is not strict, meaning users are free to check in to locations from up to 60 miles away. This is a problem at well-known spots in more populated areas. For example, the NSA and MI6 headquarters have many check-ins from users who were in the vicinity, but who were likely not inside these buildings.
Moreover, it can be difficult to find locations of interest, as Untappd’s search functions only list venues such as hotels, bars, and restaurants.
Given these issues, how can one still manage to find sensitive government locations as well as the individuals who actually visited them?
Here is how this works: When users drink beer, they can “check in” to Untappd by taking a picture of their beverage and logging their location as well as the date and time. Searching for a location brings up only bars, restaurants and shops. Once you begin the process of “checking in” a beer, however, Untappd allows more locations to be selected.
Locations have their own profiles, showing all users who have checked in there, along with the date and time of their check-in. These locations are drawn from Foursquare’s application programming interface (API), and are highly categorized. Searching for military locations does not bring up results. Yet by finding members of the military and piggybacking, you can find other military locations.
Beginning with a simple search in both Untappd and Google, we can easily find the landing strip at Camp Peary.
Tomi Engdahl says:
The Washington Post: Israelin tekemä kyberisku aiheutti sekasorron
iranilaisessa satamassa toukokuun alussa
https://www.hs.fi/ulkomaat/art-2000006512971.html
Lehden mukaan kyberisku oli kosto Iranille, joka oli yrittänyt iskeä
israelilaisiin vesilaitoksiin huhtikuussa.
Tomi Engdahl says:
Officials: Israel linked to a disruptive cyberattack on Iranian port
facility
https://www.washingtonpost.com/national-security/officials-israel-linked-to-a-disruptive-cyberattack-on-iranian-port-facility/2020/05/18/9d1da866-9942-11ea-89fd-28fb313d1886_story.html
On May 9, shipping traffic at Irans bustling Shahid Rajaee port
terminal came to an abrupt and inexplicable halt. Computers that
regulate the flow of vessels, trucks and goods all crashed at once,
creating massive backups on waterways and roads leading to the
facility.. After waiting a day, Iranian officials acknowledged that an
unknown foreign hacker had briefly knocked the ports computers
offline. Now, more than a week later, a more complete explanation has
come to light: The port was the victim of a substantial cyberattack
that U.S. and foreign government officials say appears to have
originated with Irans archenemy, Israel.
Tomi Engdahl says:
Victory! German Mass Surveillance Abroad is Ruled Unconstitutional
https://www.eff.org/deeplinks/2020/05/victory-german-mass-surveillance-abroad-ruled-unconstitutional
In a landmark decision, the German Constitutional Court has ruled that
mass surveillance of telecommunications outside of Germany conducted
on foreign nationals is unconstitutional. Thanks to the chief legal
counsel, Gesellschaft fr Freiheitsrechte (GFF), this a major victory
for global civil liberties, but especially those that live and work in
Europe. Many will now be protected after lackluster 2016 surveillance
reforms continued to authorize the surveillance on EU states and
institutions for the purpose of “foreign policy and security, ” and
permitted the BND to collaborate with the NSA.