This posting is here to collect cyber security news in June 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
204 Comments
Tomi Engdahl says:
new users after 18 months, as part of a broader expansion of its privacy options — A compromise between privacy and ad-targeting data — On Wednesday, Google announced broad changes in its default data practices for new users …
Google will now auto-delete location and search history by default for new users
https://www.theverge.com/2020/6/24/21301718/google-auto-delete-location-search-history-default-myactivity?scrolla=5eb6d68b7fedc32c19ef33b4
A compromise between privacy and ad-targeting data
Tomi Engdahl says:
Call an exorcist or just patch your windows computers
https://threatpost.com/self-propagating-lucifer-malware-targets-windows-systems/156883/
https://www.zdnet.com/article/lucifer-devilish-malware-that-abuses-critical-vulnerabilities-on-your-windows-pc/
Tomi Engdahl says:
United States wants HTTPS for all government sites, all the time
https://nakedsecurity.sophos.com/2020/06/23/united-states-wants-https-for-all-government-sites-all-the-time/
The US government just announced its plans for HTTPS on all dot-gov sites.
HTTPS, of course, is short for for “secure HTTP”, and it’s the system that puts the padlock in your browser’s address bar.
Actually, the government is going one step further than that.
As well as saying all dot-gov sites should be available over HTTPS, the government wants to get to the point that all of its web servers are publicly committed to use HTTPS by default.
That paves the way to retiring HTTP altogether and preventing web users from making unencrypted connection to government sites at all.
Tomi Engdahl says:
Russell Brandom / The Verge:
Google says it will auto-delete location and search data by default for new users after 18 months, as part of a broader expansion of its privacy options
Google will now auto-delete location and search history by default for new users
https://www.theverge.com/2020/6/24/21301718/google-auto-delete-location-search-history-default-myactivity?scrolla=5eb6d68b7fedc32c19ef33b4
A compromise between privacy and ad-targeting data
Tomi Engdahl says:
As organizations get back to business, cyber criminals look for new
angles to exploit
https://blog.checkpoint.com/2020/06/25/as-organizations-get-back-to-business-cyber-criminals-look-for-new-angles-to-exploit/
Criminals are using COVID-19 training for employees as phishing bait.
Non coronavirus-related headline news (including Black Lives Matter)
being used in phishing scams. Weekly cyber-attacks increase 18%
compared to May average. However, Covid-19 related cyber-attacks down
24% compared to May.
Tomi Engdahl says:
Patch time! NVIDIA fixes kernel driver holes on Windows and Linux
https://nakedsecurity.sophos.com/2020/06/25/patch-time-nvidia-fixes-kernel-driver-holes-on-windows-and-linux/
The latest security patches from NVIDIA, the maker of high-end
graphics cards, are out. Both Windows and Linux are affected. NVIDIA
hasnt yet given out any real details about the bugs, but 12 different
CVE-tagged flaws have been fixed, numbered sequentially from
CVE-2020-5962 to CVE-2020-5973.. Also:
https://threatpost.com/nvidia-windows-gamers-graphics-driver-bugs/156911/.
https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-flaws-in-windows-linux-drivers/
Tomi Engdahl says:
Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and
Critical Vulnerabilities to Infect Windows Devices
https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/
On May 29, 2020, Unit 42 researchers discovered a new variant of a
hybrid cryptojacking malware from numerous incidents of CVE-2019-9081
exploitation in the wild. A closer look revealed the malware, which
weve dubbed Lucifer, is capable of conducting DDoS attacks and
well-equipped with all kinds of exploits against vulnerable Windows
hosts.
Tomi Engdahl says:
Chinese bank forced western companies to install malware-laced tax
software
https://www.zdnet.com/article/chinese-bank-forced-western-companies-to-install-malware-laced-tax-software/
A Chinese bank has forced at least two western companies to install
malware-laced tax software on their systems, cyber-security firm
Trustwave said in a report published today. The two companies are a
UK-based technology/software vendor and a major financial institution,
both of which had recently opened offices in China. “Discussions with
our client revealed that [the malware] was part of their bank’s
required tax software,” Trustwave said today.. Also:
https://www.darkreading.com/threat-intelligence/goldenspy-malware-hidden-in-tax-software-spies-on-companies-doing-business-in-china/d/d-id/1338174
Tomi Engdahl says:
Web skimmer hides within EXIF metadata, exfiltrates credit cards via
image files
https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/
They say a picture is worth a thousand words. Threat actors must have
remembered that as they devised yet another way to hide their credit
card skimmer in order to evade detection. When we first investigated
this campaign, we thought it may be another one of those favicon
tricks, which we had described in a previous blog. However, it turned
out to be different and even more devious. We found skimming code
hidden within the metadata of an image file (a form of steganography)
and surreptitiously loaded by compromised online stores.
Tomi Engdahl says:
Vulnerable Powerline Extenders Underline Lax IoT Security
https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security/
Multiple vulnerabilities have been found in Tenda PA6 Wi-Fi Powerline
extender, version 1.0.1.21. This device is part of Tendas PH5
Powerline Extender Kit and extends the wireless network through homes
existing electrical circuitry.
Tomi Engdahl says:
Ransomware crims to sell off ‘scandalous’ files swiped from Mariah
Carey, Nicki Minaj, Puff Daddy’s legal eagles
https://www.theregister.com/2020/06/24/celebrity_ransomware_blackmail/
$600k starting bid, say public extortionists, or $42m to keep schtum.
Ransomware criminals claiming to have siphoned confidential docs on
Nicki Minaj, Mariah Carey, and Lebron James from an American law firm
are threatening to auction off the info.
Tomi Engdahl says:
LG Electronics allegedly hit by Maze ransomware attack
https://www.bleepingcomputer.com/news/security/lg-electronics-allegedly-hit-by-maze-ransomware-attack/
Maze ransomware operators have claimed on their website that they
breached and locked the network of the South Korean multinational LG
Electronics. The details of the attack have not been released but the
hackers stated that they have stolen from the company proprietary
information for projects that involve big U.S. Companies.
Tomi Engdahl says:
DHS has sent hundreds of vulnerability notifications to medical sector during coronavirus pandemic
https://www.nbcnews.com/tech/security/dhs-has-sent-hundreds-vulnerability-notifications-medical-sector-during-coronavirus-n1232167
A government cybersecurity expert said the government has a secret list of research institutions to give prioritized protections.
Tomi Engdahl says:
Guy Who Reverse-Engineered TikTok Reveals The Scary Things He Learned, Advises People To Stay Away From It
https://www.boredpanda.com/tik-tok-reverse-engineered-data-information-collecting/
Facebook got itself into a sensitive data scandal when it did shady business with Cambridge Analytica, Instagram confirmed a security issue exposing user accounts and phone numbers, but these apps are basically online security havens compared to TikTok, according to one senior software engineer with about 15 years of professional experience.
Bangorlol thinks that we as a society have normalized giving away our personal information and have no expectations of privacy and security anymore, so giving TikTok our data together with our money is nothing surprising. “The general consensus among most ‘normal’ people is that they can’t/won’t be targeted, so it’s fine. Or that they have nothing to hide, so ‘why should I even care?’ I think the apathy is sourced from people just not understanding the security implications (at all levels) of handing over our data to a foreign government that doesn’t discriminate against who they target, and also doesn’t really have the best track record when it comes to human rights,” he said.
Tomi Engdahl says:
US Cybercom Virtual War Game Girds Against Increased Threats
https://www.securityweek.com/us-cybercom-virtual-war-game-girds-against-increased-threats
Foreign hackers are taking advantage of the coronavirus pandemic to undermine institutions and threaten critical infrastructure, a top U.S. military cyber official said Thursday.
The comments from Coast Guard Rear Adm. John Mauger of U.S. Cyber Command came a day after Defense Department officials briefed reporters on virtual war games that digital combatants from U.S. and allied militaries have been holding to sharpen their abilities to counter online threats with real-world impact.
“We’ve seen increased adversary activity” since the pandemic began, Mauger said on a conference call, declining to discuss the threat in more specific detail. “We’re one part of the whole of government effort to defend our democracy in this complex cyber environment.”
Tomi Engdahl says:
LG Electronics Victim of Maze Ransomware Attack, Source Code Stolen: Report
https://gadgets.ndtv.com/mobiles/news/lg-electronics-maze-ransomware-attack-python-code-locked-at-t-telecommunications-hack-2252187
LG Electronics’ Python code seems to have been stolen and the hackers claim a total of 40GB of data has been stolen.
Tomi Engdahl says:
https://nakedsecurity.sophos.com/2020/06/23/united-states-wants-https-for-all-government-sites-all-the-time/
Tomi Engdahl says:
Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room
https://thehackernews.com/2020/06/lamphone-light-bulb-spy.html
Tomi Engdahl says:
THIS GUY ACCIDENTALLY TOOK A PHOTO THAT CRASHES ANDROID SMARTPHONES
https://futurism.com/the-byte/guy-accidentally-took-photo-crashes-android-smartphones
Tomi Engdahl says:
FBI Expands Ability to Collect Cellphone Location Data, Monitor Social Media, Recent Contracts Show
https://theintercept.com/2020/06/24/fbi-surveillance-social-media-cellphone-dataminr-venntel/
The federal law enforcement agency’s records show a growing focus on harnessing the latest private sector tools for mass surveillance, including recent contracts with companies that monitor social media posts and collect cellphone location data.
Tomi Engdahl says:
Warning—Apple Suddenly Catches TikTok Secretly Spying On Millions Of iPhone Users
https://outline.com/8zv84P
Tomi Engdahl says:
Credit card skimmers are now being buried in image file metadata on e-commerce websites
https://www.zdnet.com/article/your-credit-card-information-is-now-being-stolen-through-image-files/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook
Magecart attackers are suspected of using an interesting technique to steal your financial data.
Tomi Engdahl says:
SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost
https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost/
Tomi Engdahl says:
Chinese bank requires foreign firm to install app with covert backdoor
https://arstechnica.com/information-technology/2020/06/chinese-bank-requires-foreign-firm-to-install-app-with-covert-backdoor/
A multinational tech company gets schooled in the risks of doing
business in China.
Tomi Engdahl says:
Nvidia squashes display driver code execution, information leak bugs
https://www.zdnet.com/article/nvidia-squashes-display-driver-code-execution-information-leak-bugs/
The vulnerabilities impact both Windows and Linux machines.
Tomi Engdahl says:
Almost 300 Windows 10 executables vulnerable to DLL hijacking
https://www.bleepingcomputer.com/news/security/nearly-300-windows-10-executables-vulnerable-to-dll-hijacking/
A simple VBScript may be enough to allow users to gain administrative
privileges and bypass UAC entirely on Windows 10. The vulnerability
referred to here is relative path DLL hijacking, which is when an
attacker can cause a legitimate Windows executable to load an
arbitrary DLL of the attacker’s choice, most likely with malicious
intent.
Tomi Engdahl says:
Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL
https://www.zdnet.com/article/adobe-mastercard-visa-warn-online-store-owners-of-magento-1-x-eol/#ftag=RSSbaffb68
Almost 110, 000 online stores are still running the
soon-to-be-outdated Magento 1.x CMS. Mastercard said that 77% of the
companies investigated in these incidents were not in compliance with
PCI DSS requirement 6, the rule that requires store owners to run
up-to-date systems.
Tomi Engdahl says:
Journalist’s phone hacked by new invisible’ technique: All he had to
do was visit one website. Any website
https://www.thestar.com/news/canada/2020/06/21/journalists-phone-hacked-by-new-invisible-technique-all-he-had-to-do-was-visit-one-website-any-website.html
The white iPhone with chipped paint that Moroccan journalist Omar Radi
used to stay in contact with his sources also allowed his government
to spy on him.
Tomi Engdahl says:
Microsoft quietly created a Windows 10 File Recovery tool, how to use
https://www.bleepingcomputer.com/news/microsoft/microsoft-quietly-created-a-windows-10-file-recovery-tool-how-to-use/
Microsoft has created a Windows 10 File Recovery Tool that recovers
deleted files and forgot to tell anyone.
Tomi Engdahl says:
A Popular Study Tool Accidentally Exposed Millions Of Student Records
https://www.forbes.com/sites/leemathews/2020/06/28/oneclass-accidentally-exposed-millions-of-student-records/
An improperly-secured online database has left the private information
of more than a million students exposed. Researchers at vpnMentor say
the data belonged to OneClass, a tool that lets students share class
notes and study guides.
Tomi Engdahl says:
Chinese malware used in attacks against Australian orgs
https://www.bleepingcomputer.com/news/security/chinese-malware-used-in-attacks-against-australian-orgs/
The Australian government released an advisory late last week about
increased cyber activity from a state actor against networks belonging
to its agencies and companies in the country.
Tomi Engdahl says:
Apple declined to implement 16 Web APIs in Safari due to privacy
concerns
https://www.zdnet.com/article/apple-declined-to-implement-16-web-apis-in-safari-due-to-privacy-concerns/
Apple said these 16 new Web APIs add new user fingerprinting
opportunities for online advertisers.
Tomi Engdahl says:
https://www.securityweek.com/hybrid-malware-lucifer-includes-cryptojacking-ddos-capabilities
Tomi Engdahl says:
https://www.securityweek.com/hackers-target-online-stores-web-skimmer-hidden-image-metadata
Tomi Engdahl says:
https://www.zdnet.com/article/80000-printers-are-exposing-their-ipp-port-online/
Tomi Engdahl says:
Far-right thugs exploit Black Lives Matter movement, warns UK anti-extremism chief
https://www.theguardian.com/world/2020/jun/28/far-right-thugs-exploit-black-lives-matter-movement-warns-uk-anti-extremism-chief
Home Office commissioner Sara Khan reveals surge in online hate material since death of George Floyd
Tomi Engdahl says:
Ransomware is now your biggest online security nightmare. And it’s
about to get worse
https://www.zdnet.com/article/ransomware-is-now-your-biggest-online-security-nightmare-and-its-about-to-get-worse/
Criminals understand our weaknesses and how to exploit them. That
means ransomware isn’t going away.
Tomi Engdahl says:
Ransomware: Attacks that start with phishing emails are suddenly back
in fashion again
https://www.zdnet.com/article/ransomware-attacks-that-start-with-phishing-emails-are-suddenly-back-in-fashion-again/
Email was once the mainmethod for delivering ransomware. Now familiar
and new forms of ransomware are using it again. Ransomware attacks via
email are on the rise again, with several new and familiar forms of
ransomware recently being distributed with the aid of malicious
payloads in phishing messages.
Tomi Engdahl says:
Beware “secure DNS” scam targeting website owners and bloggers
https://nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targeting-website-owners-and-bloggers/
If you run a website or a blog, you probably use a cloud provider or a
dedicated hosting company to manage your server and deliver the
content to your readers, viewers and listeners.
Tomi Engdahl says:
Palo Alto Networks patches critical vulnerability in firewall OS
https://www.bleepingcomputer.com/news/security/palo-alto-networks-patches-critical-vulnerability-in-firewall-os/
Palo Alto Networks disclosed a critical vulnerability found in the
operating system (PAN-OS) of all its next-generation firewalls that
could allow unauthenticated network-based attackers to bypass
authentication. Only affects devices where SAML authentication is
enabled
Tomi Engdahl says:
Tuesday’s Magento 1 EOL Leaves Clock Ticking on 100K Online Stores
https://threatpost.com/tuesdays-magento-1-eol-100k-online-stores/157000/
Adobe and payment-card companies are making last-minute pleas for
e-commerce sites to update to Magento 2, to avoid Magecart attacks and
more.
Tomi Engdahl says:
Apple strong-arms entire CA industry into one-year certificate
lifespans
https://www.zdnet.com/article/apple-strong-arms-entire-ca-industry-into-one-year-certificate-lifespans/
Apple, Google, and Mozilla reduce the lifespan for HTTPS certificates
to 398 days, against the wishes of Certificate Authorities.
Tomi Engdahl says:
Remote access at risk: Pandemic pulls more cyber‑crooks into the brute‑forcing game
https://www.welivesecurity.com/2020/06/29/remote-access-risk-pandemic-cybercrooks-bruteforcing-game/
Poorly secured remote access attracts mostly ransomware gangs, but can provide access to coin miners and backdoors too
ESET telemetry confirms this trend in an uptick in the number of unique clients who reported brute-force attack attempts blocked via ESET’s network attack detection technology.
Before the lockdown, most employees worked from the office and used infrastructure monitored and controlled by their IT department. But the coronavirus pandemic has brought a major shift to the status quo. Today, a huge proportion of “office” work occurs via home devices with workers accessing sensitive company systems through Windows’ Remote Desktop Protocol (RDP) – a proprietary solution created by Microsoft to allow connecting to the corporate network from remote computers.
Despite the increasing importance of RDP (as well as other remote access services), organizations often neglect its settings and protection. Employees use easy-to-guess passwords and with no additional layers of authentication or protection, there is little that can stop cybercriminals from compromising an organization’s systems.
Tomi Engdahl says:
Apple, Google, and Mozilla reduce the lifespan for HTTPS certificates to 398 days, against the wishes of Certificate Authorities.
Apple strong-arms entire CA industry into one-year certificate lifespans
https://www.zdnet.com/article/apple-strong-arms-entire-ca-industry-into-one-year-certificate-lifespans/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook
Apple, Google, and Mozilla reduce the lifespan for HTTPS certificates to 398 days, against the wishes of Certificate Authorities.
Tomi Engdahl says:
COVID-19 Breach Bubble’ Waiting to Pop?
https://krebsonsecurity.com/2020/06/covid-19-breach-bubble-waiting-to-pop/
The COVID-19 pandemic has made it harder for banks to trace the source
of payment card data stolen from smaller, hacked online merchants. On
the plus side, months of quarantine have massively decreased demand
for account information that thieves buy and use to create physical
counterfeit credit cards. But fraud experts say recent developments
suggest both trends are about to change and likely for the worse.
Tomi Engdahl says:
Stinker, emailer, trawler, spy: How an engineer stole top US chip
designs, smuggled them to China to set up a rival fab
https://www.theregister.com/2020/06/30/avago_spying_guilty/
Chinese chap swiped communications blueprints from
what-is-now-Broadcom on behalf of Beijing. An engineer-turned-spy
stole confidential blueprints of American wireless electronics on
behalf of the Chinese government to run a rival factory churning out
the components in the Middle Kingdom.
Tomi Engdahl says:
DDoS and dingoes: Australia to bolster cyber-defences with 500 hackers
amid China spat
https://www.theregister.com/2020/06/30/australia_cyber_defence_fund/
Australia will hire 500 hackers as part of a AU$1.35bn (£754m, $925m)
boost to protect the nation’s networks from a wave of cyber attacks.
Tomi Engdahl says:
AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals
https://threatpost.com/aws-facial-recognition-platform-misidentified-over-100-politicians-as-criminals/156984/
Tomi Engdahl says:
Google removes 25 Android apps caught stealing Facebook credentials
The malicious apps were downloaded more than 2.34 million times.
https://www.zdnet.com/article/google-removes-25-android-apps-caught-stealing-facebook-credentials/
According to a report from French cyber-security firm Evina shared with ZDNet today, the apps posed as step counters, image editors, video editors, wallpaper apps, flashlight applications, file managers, and mobile games.
The apps offered a legitimate functionality, but they also contained malicious code.
Tomi Engdahl says:
Apple: We’re defending your privacy by nixing 16 browser APIs. Rivals:
You mean defending your bottom line
https://www.theregister.com/2020/06/29/apple_web_developers/
iGiant accused of holding back web progress to protect its 30% app cut