This posting is here to collect cyber security news in June 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
204 Comments
Tomi Engdahl says:
Sextortion to The Next Level
https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/
The bad guys create fake accounts on dating websites pretending to be
young women looking for new contacts and probably more. It’s clear
that it does not take a while before being contacted by people looking
for extramarital relations. They initiate contact and grab interesting
information about the victim. In such a scenario, collected pieces of
evidence are totally legit: name, mobile phone, location, sexual
preferences, etc. Details are published on the forum, as well as
conversations and pictures. To be “unlisted”, they have to register on
the forum and pay some money to “help the project”.
Tomi Engdahl says:
Super secretive Russian disinfo operation discovered dating back to
2014
https://www.zdnet.com/article/super-secretive-russian-disinfo-operation-discovered-dating-back-to-2014/
Social media research group Graphika published today a 120-page report
[PDF] unmasking a new Russian information operation of which very
little has been known so far. Codenamed Secondary Infektion, the group
is different from the Internet Research Agency (IRA), the Sankt
Petersburg company (troll farm) that has interfered in the US 2016
presidential election. Graphika says this new and separate group has
been operating since 2014 and has been relying on fake news articles,
fake leaks, and forged documents to generate political scandals in
countries across Europe and North America. also:
https://secondaryinfektion.org/. also:
https://www.wired.com/story/russia-secondary-infektion-disinformation/
Tomi Engdahl says:
New Java STRRAT ships with.crimson ransomware module
https://www.gdatasoftware.com/blog/strrat-crimson
This Java based malware installs RDPWrap, steals credentials, logs
keystrokes and remote controls Windows systems. It may soon be capable
to infect without Java installed.
Tomi Engdahl says:
NY Attorney General warns Apple, Google to police COVID-19 tracing apps in their souks – or she will herself
Worry about user privacy also results in Norway pulling its virus tracker
https://www.theregister.com/2020/06/17/new_york_coronavirus_tracing/
Tomi Engdahl says:
Tens of millions of Internet-of-Things, network-connected gizmos at risk of remote hijacking? Computer, engage shocked mode
Collection of bugs, dubbed Ripple20, sink widely used TCP/IP stack
https://www.theregister.com/2020/06/17/ripple_20_disclosure/
A bunch of flaws in a commonly used TCP/IP software stack have put potentially tens of millions of Internet-of-Things devices, healthcare equipment, industrial control systems, and other network-connected gear at risk of remote attack, it is claimed.
The vulnerabilities are dubbed Ripple20 – because hey, what’s a bug reveal without a marketing push these days? – and were found and reported by infosec outfit JSOF. The team’s disclosure this week of the security holes lightly details 19 CVE-listed bugs in a TCP/IP stack developed by US outfit Treck for embedded systems.
https://www.jsof-tech.com/ripple20/
Tomi Engdahl says:
Amnesty Sounds Alarm Over Gulf, Norway Virus Apps
https://www.securityweek.com/amnesty-sounds-alarm-over-gulf-norway-virus-apps
Amnesty International warned Tuesday that contact-tracing technology developed to contain the novel coronavirus threatens users’ privacy, highlighting Bahraini, Kuwaiti and Norwegian apps as “among the most dangerous”.
Many countries have turned to smartphones to trace people’s movements and track their contacts, allowing officials to monitor coronavirus infections and spot new outbreaks.
But detailed technical analysis of 11 such apps around the world showed that Bahrain, Kuwait and Norway’s offerings were “carrying out live or near-live tracking of users’ locations”, the rights group said.
Bahraini and Kuwaiti officials told AFP Tuesday that the apps were for the “sole” purpose of combatting the spread of the COVID-19 disease.
Tomi Engdahl says:
https://www.tmonews.com/2020/06/t-mobile-neville-ray-network-outage-cause-explained/
Tomi Engdahl says:
https://www.fox29.com/news/hey-siri-im-getting-pulled-over-iphone-feature-will-record-police-interaction-send-location
Tomi Engdahl says:
Palo Alto Networks Unveils New Firewalls, IoT Security Solution
https://www.securityweek.com/palo-alto-networks-unveils-new-firewalls-iot-security-solution
Palo Alto Networks on Wednesday unveiled a new firewall powered by machine learning, a firewall for Kubernetes, and an IoT security solution.
Palo Alto Networks has announced a new next-generation firewall (NGFW) that uses machine learning (ML) to help organizations detect and block threats. These firewalls are powered by the latest version of the company’s firewall operating system, PAN-OS 10.0, which is expected to become available in mid-July.
PAN-OS 10.0 also introduces CN-Series firewalls, which are specifically designed for Kubernetes container environments.
“As the industry’s first NGFW built specifically for Kubernetes environments, CN-Series firewalls leverage deep container context to protect inbound, outbound and east-west traffic between container trust zones (i.e. between namespaces, or between PCI-infected apps and non-PCI apps), along with other components of enterprise IT environments,” explained Mukesh Gupta, VP of product management at Palo Alto Networks.
The network security company also announced IoT Security, a new IoT security solution that is offered as a subscription to customers of the new ML-powered NGFW.
Tomi Engdahl says:
Trump’s 2020 Reelection App Exposed Secrets, Keys
https://www.securityweek.com/trumps-2020-reelection-app-exposed-secrets-keys
An analysis of the “Official Trump 2020” application revealed that keys to various parts of the app were being exposed to attacks, Website Planet reports.
The application, developed for President Donald Trump’s reelection campaign, is available for download on both Android and iOS devices.
While investigating the app, Website Planet’s cybersecurity analysts Noam Rotem and Ran Locar discovered that the Android APK was exposing information such as Twitter application keys and secrets, Google apps and maps keys, and Branch.io (mobile analytics) keys.
The exposed keys, the analysts reveal, provided them with access to various parts of the application, but not to user accounts. According to them, an attacker would need two other keys, which were not being exposed, “to access any user account, including, potentially, President Trump’s.”
Tomi Engdahl says:
AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever
The previous record for the largest DDoS attack ever recorded was of 1.7 Tbps, recorded in March 2018.
https://www.zdnet.com/article/aws-said-it-mitigated-a-2-3-tbps-ddos-attack-the-largest-ever/
Tomi Engdahl says:
Exclusive: Massive spying on users of Google’s Chrome shows new security weakness
https://uk.reuters.com/article/uk-alphabet-google-chrome-exclusive-idUKKBN23P0JM
A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions.
Tomi Engdahl says:
Mozilla VPN is here
https://blog.mozilla.org/futurereleases/2020/06/18/introducing-firefox-private-network-vpns-official-product-the-mozilla-vpn/
Tomi Engdahl says:
China behind major cyber attack on Australian governments and businesses
https://www.abc.net.au/news/2020-06-19/foreign-cyber-hack-targets-australian-government-and-business/12372470
Federal Government agencies believe that China is the nation behind ongoing cyber attacks on Australian institutions, including hospitals and state-owned utilities, in recent months.
Tomi Engdahl says:
Sapiens pays $250,000 in Bitcoin to hackers who took over its computers
The Israel-based software company has not alerted the exchange authorities in the U.S. or Israel
https://m.calcalistech.com/Article.aspx?guid=3833070
Tomi Engdahl says:
NSA launches pilot program to secure defense contractors
https://fcw.com/articles/2020/06/18/williams-nsa-dns-pilot.aspx?m=1
The National Security Agency is testing a secure domain name system model to better secure companies in the defense industrial base, whose networks house critical weapons technology information.
Anne Neuberger, the NSA’s cybersecurity director, announced the agency began a pilot program, Secure DNS, during Defense One’s Tech Summit June 18. The pilot, which has been ongoing for a little more than a month, can reduce malware attacks 92% on a given network, she said.
Tomi Engdahl says:
https://www.forbes.com/sites/bobzukis/2020/06/18/ransomware-has-a-new-and-very-valuable-hostage-in-sight/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/extortionists-threaten-to-destroy-sites-in-fake-ransom-attacks/
Tomi Engdahl says:
https://thenextweb.com/insider/2020/06/12/url-bug-lets-you-skip-youtube-ads-and-paywalls-by-adding-an-extra-period/
Tomi Engdahl says:
Ransomware: Hackers took just three days to find this fake industrial network and fill it with malware
Researchers set up a tempting honeypot to monitor how cyber criminals would exploit it. Then it came under attack.
https://www.zdnet.com/article/ransomware-hackers-took-just-three-days-to-find-this-fake-industrial-network-and-fill-it-with-malware/
Tomi Engdahl says:
https://techxplore.com/news/2020-06-homeland-windows-worm.html
Tomi Engdahl says:
It was once Germany’s fintech star. Now, a missing $2 billion puts Wirecard’s future in doubt
https://www.cnbc.com/2020/06/19/wirecards-future-is-in-doubt-as-accounting-scandal-deepens.html?fbclid=IwAR1GWA0cq9uyx3Mgm5JZx3r5iNwPbPOyTMcl_5MDt07lMN7-nFueMvk0FZs
Tomi Engdahl says:
The FBI used a Philly protester’s Etsy profile, LinkedIn, and other internet history to charge her with setting police cars ablaze
https://www.inquirer.com/news/philly-protests-arrests-fbi-lore-elisabeth-blumenthal-george-floyd-20200617.html?scrolla=5eb6d68b7fedc32c19ef33b4
As demonstrators shouted, fires burned outside City Hall, and Philadelphia convulsed with outrage over the death of George Floyd, television news helicopters captured footage of a masked woman with a peace sign tattoo and wearing a light blue T-shirt setting a police SUV ablaze.
More than two weeks after that climactic May 30 moment, federal authorities say they’ve identified the arsonist as 33-year-old Philadelphia massage therapist Lore Elisabeth Blumenthal by following the intricate trail of bread crumbs she left through her social media history and online shopping patterns over the years.
Tomi Engdahl says:
Security surprise: Four zero-days spotted in attacks on researchers’
fake networks
https://www.zdnet.com/article/security-four-zero-day-attacks-spotted-in-attacks-against-honeypot-systems/
Four new zero-day attacks were discovered when hackers employed them
against fake systems set up by researchers studying hacking attempts
on industrial systems. Industrial control systems (ICS) are used to
manage a vast range of critical devices, anything from chemical
processing through to power generation or even building automation
like fire-suppression systems.
Tomi Engdahl says:
Advisory 2020-008: Copy-paste compromises – tactics, techniques and
procedures used to target multiple Australian networks
https://www.cyber.gov.au/threats/advisory-2020-008-copy-paste-compromises-tactics-techniques-and-procedures-used-target-multiple-australian-networks
The Australian Government is currently aware of, and responding to, a
sustained targeting of Australian governments and companies by a
sophisticated state-based actor. The title Copy-paste compromises is
derived from the actors heavy use of proof-of-concept exploit code,
web shells and other tools copied almost identically from open
source.. The actor has been identified leveraging a number of initial
access vectors, with the most prevalent being the exploitation of
public-facing infrastructure primarily through the use of remote code
execution vulnerability in unpatched versions of Telerik UI.. Other
vulnerabilities in public-facing infrastructure leveraged by the actor
include exploitation of a deserialisation vulnerability in Microsoft
Internet Information Services (IIS), a 2019 SharePoint vulnerability
and the 2019 Citrix vulnerability.
Australia cyber attacks: PM Morrison warns of ‘sophisticated’ state
hack
https://www.bbc.com/news/world-australia-46096768
Australia’s government and institutions are being targeted by ongoing
sophisticated state-based cyber hacks, Prime Minister Scott Morrison
says.. Mr Morrison said the cyber attacks were widespread, covering
“all levels of government” as well as essential services and
businesses. He declined to identify a specific state actor and said no
major personal data breaches had been made. The attacks have happened
over many months and are increasing, he said.. Also:
https://www.zdnet.com/article/prime-minister-says-australia-is-under-cyber-attack-from-state-based-actor/.
https://www.theregister.com/2020/06/19/australia_state_cyberattack/.
https://www.pm.gov.au/media/statement-malicious-cyber-activity-against-australian-networks.
https://yle.fi/uutiset/3-11409999
Tomi Engdahl says:
Hackers use fake Windows error logs to hide malicious payload
https://www.bleepingcomputer.com/news/security/hackers-use-fake-windows-error-logs-to-hide-malicious-payload/
Hackers have been using fake error logs to store ASCII characters
disguised as hexadecimal values that decode to a malicious payload
designed to prepare the ground for script-based attacks. The trick is
part of a longer chain with intermediary PowerShell commands that
ultimately delivers a script for reconnaissance purposes.
Tomi Engdahl says:
Microsoft Defender ATP now detects Windows 10 UEFI malware
https://www.bleepingcomputer.com/news/security/microsoft-defender-atp-now-detects-windows-10-uefi-malware/
Microsoft has announced that its Microsoft Defender Advanced Threat
Protection (ATP) enterprise endpoint security platform is now capable
of detecting and protecting customers from Unified Extensible Firmware
Interface (UEFI) malware with the help of a new UEFI scanner.
Tomi Engdahl says:
Hiding Malware, With Windows XP
https://hackaday.com/2020/05/22/hiding-malware-with-windows-xp/
Tomi Engdahl says:
Google Analytics as a data exfiltration channel
https://www.kaspersky.com/blog/web-skimming-with-ga/35986/
Web skimming, a fairly common method of getting cardholder data from
visitors of online stores, is a time-honored cybercriminal practice.
Recently, however, our experts discovered a rather dangerous
innovation involving the use of Google Analytics to exfiltrate stolen
data. Lets explore why this is dangerous and how to deal with it..
More details on the attack mechanism and indicators of compromise:
https://securelist.com/web-skimming-with-google-analytics/97414/.
Also:
https://www.bleepingcomputer.com/news/security/hackers-use-google-analytics-to-steal-credit-cards-bypass-csp/
Tomi Engdahl says:
Encrypted Phone Network Says It’s Shutting Down After Police Hack
https://www.vice.com/en_us/article/5dz9qx/encrochat-hacked-shutting-down-encrypted-phone
Someone in control of an email address long associated with Encrochat,
a company that sells custom encrypted phones often used by organized
criminals, tells Motherboard the company is shutting down after a law
enforcement hacking operation against its customers. The news comes as
law enforcement agencies have arrested multiple criminal users of
Encrochat across Europe in what appears to be a large scale,
coordinated operation against the phone network and its users.
Tomi Engdahl says:
Hijacking DLLs in Windows
https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows
DLL Hijacking is a popular technique for executing malicious payloads.
This post lists nearly 300 executables vulnerable to relative path DLL
Hijacking on Windows 10 (1909), and shows how with a few lines of
VBScript some of the DLL hijacks can be executed with elevated
privileges, bypassing UAC.
Tomi Engdahl says:
Alfred Ng / CNET:
Senate Republicans introduce bill calling for an end to “warrant-proof” encryption, citing apps like WhatsApp that use end-to-end encryption — The proposed legislation is Congress’ latest attempt to weaken encryption from tech giants. — A group of Senate Republicans are looking …
Republicans push bill requiring tech companies to help access encrypted data
https://www.cnet.com/news/republicans-push-bill-requiring-tech-companies-to-help-access-encrypted-data/
The proposed legislation is Congress’ latest attempt to weaken encryption from tech giants.
Tomi Engdahl says:
Red Hats kernel has a flaw in Authenticated Encryption with Associated Data
> (AEAD), a form of encryption technique which
> simultaneously assures the confidentiality and authenticity of data with
> below details.
>
> A buffer over-read flaw was found in crypto_authenc_extractkeys in
> crypto/authenc.c in the IPsec Cryptographic algorithm’s
> module, authenc. When a payload is longer than 4 bytes, and is not
> following 4-byte alignment boundary guidelines, it causes
> a buffer over-read threat, leading to a system crash. This flaw allows a
> local attacker with user privileges to cause a denial
> of service.
https://www.openwall.com/lists/oss-security/2020/06/23/2
The fix on github https://github.com/torvalds/linux/commit/8f9c469348487844328e162db57112f7d347c49f
Tomi Engdahl says:
Russell Brandom / The Verge:
Open Technology Fund, the US digital speech advocate that funded Signal, faces turmoil after the abrupt firing of entire leadership team and resignation of CEO
A new Trump appointee has put internet freedom projects in crisis mode
https://www.theverge.com/2020/6/23/21300424/open-technology-fund-usagm-circumvention-tools-china-censorship-michael-pack?scrolla=5eb6d68b7fedc32c19ef33b4
‘There are so many countries and individuals who need this support right now,’ says former OTF president
One of the US government’s strongest forces for internet freedom is in danger, and supporters are calling on the public for help. The Open Technology Fund (OTF), a small US organization devoted to protecting digital speech across the world, has helped support nearly all of the most prominent encryption projects at various points — including Signal, Tails, Qubes, and the Tor Project. But after the abrupt firing of the fund’s entire leadership team, current recipients say their contractually promised funding is now at risk.
“Very concretely, this would mean that we wouldn’t be able to upgrade the app’s security architecture, putting our users at risk,” Raphael Mimoun, who operates the evidence-protection app Tella, told The Verge. “Without OTF support, it’s unclear how and where technologists and activists would meet, and whether the internet freedom community would even survive.”
Tomi Engdahl says:
Catalin Cimpanu / ZDNet:
Microsoft releases the first public preview of its Defender antivirus Android app, as Microsoft Defender ATP for Linux becomes generally available for all users — UPDATE: Microsoft Defender ATP for Linux has also exited public preview and is now generally available for all users.
Microsoft releases first public preview of its Defender antivirus on Android
https://www.zdnet.com/article/microsoft-releases-first-public-preview-of-its-defender-antivirus-on-android/
UPDATE: Microsoft Defender ATP for Linux has also exited public preview and is now generally available for all users.
Tomi Engdahl says:
Microsoft Chief Says EU ‘Most Influential’ on Tech Rules
https://www.securityweek.com/microsoft-chief-says-eu-most-influential-tech-rules
Microsoft president Brad Smith on Tuesday said Europe was the global leader on setting rules for big tech, two years after the EU implemented the GDPR, its landmark data privacy law.
Smith spoke at an online debate with European Commission vice president Vera Jourova, the top EU official who was in charge of the data privacy rules when they became reality in 2018.
Brussels introduced the General Data Protection Regulation (GDPR) to give people more control over data and their privacy settings.
The rules also gave EU regulators the power to fine and punish internet actors — including Facebook, Google or Uber — who broke the rules on protecting personal data.
“I do continue to see the trends from Brussels being the most influential in the world,” Smith said during the debate hosted by the Brussels-based CERRE think tank.
“Even when you look at something like the Australian law last year … it was clearly influenced by a lot of thinking that had been taking place for a couple of years in Brussels,” he said.
Tomi Engdahl says:
COVID-19 Fuels Phishing and Scams While BEC Attacks Evolve and Increase
https://www.securityweek.com/covid-19-fuels-phishing-and-scams-while-bec-attacks-evolve-and-increase
Tomi Engdahl says:
XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
https://blog.trendmicro.com/trendlabs-security-intelligence/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers/
We have recently detected variants of two existing Linux botnet
malware types targeting exposed Docker servers; these are XORDDoS
malware (detected by Trend Micro as Backdoor.Linux.XORDDOS.AE) and
Kaiji DDoS malware (detected by Trend Micro as DDoS.Linux.KAIJI.A)..
Having Docker servers as their target is a new development for both
XORDDoS and Kaiji; XORDDoS was known for targeting Linux hosts on
cloud systems, while recently discovered Kaiji was first reported to
affect internet of things (IoT) devices.
Tomi Engdahl says:
80,000 printers are exposing their IPP port online
https://www.zdnet.com/article/80000-printers-are-exposing-their-ipp-port-online/
For years, security researchers have warned that every device left
exposed online without being protected by a firewall is an attack
surface. Hackers can deploy exploits to forcibly take control over the
device, or they can just connect to the exposed port if no
authentication is required. Devices hacked this way are often enslaved
in malware botnets, or they serve as initial footholds and backdoors
into larger corporate networks (Russian hackers already use this
technique). However, despite this being common knowledge among
cyber-security and IT experts, we still have a large number of devices
that are left exposed online unsecured.
Tomi Engdahl says:
What did it take for stubborn IBM to fix flaws in its Data Risk
Manager security software? Someone dropping zero-days
https://www.theregister.com/2020/06/23/ibm_data_risk_manager/
IBM is under fire for refusing to patch critical vulnerabilities in
its Data Risk Manager product until exploit code was publicly
disclosed. In what seems a shortsighted move, when a proactive
approach may have been better, Big Blue turned down a privately
disclosed report of flaws in its enterprise security software only to
issue fixes after details of the holes emerged online.
Tomi Engdahl says:
Firmware Flaw Allows Attackers to Evade Security on Some Home Routers
https://www.darkreading.com/vulnerabilities—threats/firmware-flaw-allows-attackers-to-evade-security-on-some-home-routers/d/d-id/1338150
Wired and wireless routers used by “millions” of home and
small-business users are vulnerable to a firmware attack that can
downgrade the devices to a less secure version that then allows the
devices to be further compromised, cybersecurity firm NanoLock
Security announced on Monday. While few details of the vulnerability
have been released by the company, NanoLock claims that the issue
affects devices sold by Japanese networking and storage firm Buffalo
and its US subsidiary Buffalo Americas, as well as “many other similar
routers.”
Tomi Engdahl says:
https://www.mediapost.com/publications/article/352845/nyt-staff-wont-return-to-office-until-2021.html
Tomi Engdahl says:
Here’s a headline we never thought we’d write 20 years ago: Microsoft readies antivirus for Linux, Android
Redmond knows a thing or two about tackling malware – amirite, Windows fans?!
https://www.theregister.com/2020/06/23/microsoft_defender_atp_linux/
Catalin Cimpanu / ZDNet:
Microsoft releases the first public preview of its Defender antivirus Android app, as Microsoft Defender ATP for Linux becomes generally available for all users — UPDATE: Microsoft Defender ATP for Linux has also exited public preview and is now generally available for all users.
Microsoft releases first public preview of its Defender antivirus on Android
https://www.zdnet.com/article/microsoft-releases-first-public-preview-of-its-defender-antivirus-on-android/
UPDATE: Microsoft Defender ATP for Linux has also exited public preview and is now generally available for all users.
Tomi Engdahl says:
The Trump 2020 app is a voter surveillance tool of extraordinary power
https://www.technologyreview.com/2020/06/21/1004228/trumps-data-hungry-invasive-app-is-a-voter-surveillance-tool-of-extraordinary-scope/
Both presidential campaigns use apps to capture data, but Trump’s asks to scoop up your identity, your location, and control of your phone’s Bluetooth function.
• The Trump campaign app uses data to sidestep online platforms
• Biden’s app accesses phone contacts to build “relational organizing”
• The Trump app’s inspiration appears to come from India’s Narendra Modi
Ahead of President Trump’s rally in Tulsa, Oklahoma, his 2020 re-election campaign manager Brad Parscale tweeted about the event. “Just passed 800,000 tickets,” he wrote. “Biggest data haul and rally signup of all time by 10x. Saturday is going to be amazing!”
Parscale’s numbers for the rally—originally scheduled for Juneteenth and still set to occur just miles from the site of one of American history’s deadliest acts of racial violence—have come in for criticism after only 6,200 people actually turned up, with sign-up numbers supposedly inflated by pranking teens and K-pop fans. But even on the surface, his claim was confusing: the venue holds only 19,000 people. So what was the campaign doing signing up so many people for tickets?
The clue lies in Parscale’s use of the phrase “data haul.”
Data collection and targeted online messaging were integral to the 2016 US presidential election, and they will be again in 2020. But there has been a shift. In the same way that candidates in the last cycle used Facebook to reach and persuade voters, ongoing research from our team at the propaganda research lab at UT Austin’s Center for Media Engagement suggests that 2020 will be defined by the use of bespoke campaign apps. Purpose-built applications distributed through the App Store and Google Play Store allow the Trump and Biden teams to speak directly to likely voters. They also allow them to collect massive amounts of user data without needing to rely on major social-media platforms or expose themselves to fact-checker oversight of particularly divisive or deceptive messaging.
Trump 2020: A data-hungry channel for disproven claims
The Official Trump 2020 app, which has been downloaded approximately 780,000 times according to the measurement service Apptopia, launched in mid-April.
Data collection—as Parscale’s comment suggested—is perhaps the most powerful thing the Trump 2020 app does. On signing up, users are required to provide a phone number for a verification code, as well as their full name, email address, and zip code. They are also highly encouraged to share the app with their existing contacts. This is part of a campaign strategy for reaching the 40 to 50 million citizens expected to vote for Trump’s reelection: to put it bluntly, the campaign says it intends to collect every single one of these voters’ cell-phone numbers.
The app has already received some criticism, not least from security researchers who found it had left information exposed that could allow hackers to access the user data. The response to this made the campaign’s priorities clear: they rapidly fixed the bug once it had been disclosed, but still maximized the data they themselves could collect.
Team Joe: Your contacts are critical
Team Joe, the app put together by Joe Biden’s campaign, has some surface similarities to the Trump app, but it is a very different proposition. It does some things that the Trump app does, including sending users notifications of upcoming campaign events or training sessions for digital activists. But where the Trump app has range of uses, from spreading tailored campaign messages to airing live streams of rallies, Team Joe is largely built for a single purpose: relational organizing. This concept is spelled out in the Team Joe Digital Tool Kit:
“Relational organizing is when volunteers leverage their existing networks and relationships in support of our candidate, Joe Biden. Friend-to-friend contact is one of the most effective methods for having meaningful conversations about our campaign, and it is an efficient way to persuade and identify supporters
Tomi Engdahl says:
Using Shell Links as zero-touch downloaders and to initiate network
connections
https://isc.sans.edu/forums/diary/Using+Shell+Links+as+zerotouch+downloaders+and+to+initiate+network+connections/26276/
Probably anyone who has used any modern version of Windows is aware of
their file-based shortcuts, also known as LNKs or Shell Link files.
Although they were intended as a simple feature to make Windows a bit
more user-friendly, over the years, a significant number[1] of
vulnerabilities were identified in handling of LNKs. Many of these
vulnerabilities lead to remote code execution and one (CVE-2010-2568)
was even used in creation of the Stuxnet worm.
Tomi Engdahl says:
New Bill Targeting Warrant-Proof Encryption Draws Ire
https://threatpost.com/new-bill-targeting-warrant-proof-encryption-draws-ire/156877/
The Lawful Access to Encrypted Data Act is being decried as an awful
idea by security experts. Privacy advocates are decrying a new bill,
which would force tech companies to unlock encrypted devices if
ordered to do so by law enforcement with a court issued warrant. The
Lawful Access to Encrypted Data Act was introduced on Tuesday by
Senate Judiciary Committee Chairman Lindsey Graham (R-SC),
Tomi Engdahl says:
Glupteba the malware that gets secret messages from the Bitcoin
blockchain
https://nakedsecurity.sophos.com/2020/06/24/glupteba-the-bot-that-gets-secret-messages-from-the-bitcoin-blockchain/
Heres a SophosLabs technical paper that should tick all your jargon
boxes!. Our experts have deconstructed a strain of malware called
Glupteba that uses just about every cybercrime trick youve heard of,
and probably several more besides. Like a lot of malware these days.
Glupteba is whats known a zombie or bot (short for software robot)
that can be controlled from afar by the crooks who wrote it.
Tomi Engdahl says:
https://www.zdnet.com/article/cryptocore-hacker-group-has-stolen-more-than-200m-from-cryptocurrency-exchanges/
CryptoCore hacker group has stolen more than $200m from cryptocurrency
exchanges. An organized hacker group believed to be operating out of
Eastern Europe has stolen around $200 million from online
cryptocurrency exchanges, cyber-security firm ClearSky said in a
report shared with ZDNet today. Or Blatt, Research Team Leader at
ClearSky, told ZDNet the group, which ClearSky has been tracking under
the name of CryptoCore, has been active since 2018.. Also:
https://www.bleepingcomputer.com/news/security/cryptocore-hackers-made-over-200m-breaching-crypto-exchanges/
Tomi Engdahl says:
Koronakriisi pani porttiskannaajat liikkeelle kohteena etenkin ssh
https://www.tivi.fi/uutiset/tv/b25327ce-f8d2-49c0-ac87-4d338d6c2169
Esineiden internetin laitteisiin kohdistuneet tietoturvauhkat ovat
kasvaneet kevään aikana voimakkaasti. Tietoturvayhtiö Cujo.AI:n
tietoturvalaboratorio havaitsi huhtikuun alkupuolella 120 miljoonaa
uhkaa viikkotasolla. Huhtitoukokuun vaihteessa uhkien määrä oli
kasvanut 83 prosenttia 212 miljoonaan uhkaan viikkotasolla.
Käytännössä uhkat viittaavat tilanteisiin, joissa hyökkääjä pyrkii
saamaan etäohjattavan järjestelmän käyttöönsä.
Tomi Engdahl says:
VMware fixes critical vulnerability in Workstation and Fusion
https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-vulnerability-in-workstation-and-fusion/
VMware released security updates to fix multiple vulnerabilities in
VMware ESXi, Workstation, and Fusion, with one of them being a
critical bug in default configurations of Workstation and Fusion
having 3D graphics enabled.. The U.S. Cybersecurity and Infrastructure
Security Agency (CISA) also issued an alert today warning that an
“attacker could exploit some of these vulnerabilities to take control
of an affected system,” and encouraging users and administrators to
update as soon as possible.
Critical vulnerability with a 9.3 CVSSv3 base score
The critical security issue tracked as CVE-2020-3962 is a use-after-free flaw in the SVGA device that could allow local attackers to execute arbitrary code on the hypervisor from a virtual machine after successful exploitation.