This posting is here to collect cyber security news in July 2020.
I post links to security vulnerability news with short descriptions to comments section of this article.
If you are interested in cyber security trends, read my Cyber security trends 2020 posting.
You are also free to post related links to comments.
208 Comments
Tomi Engdahl says:
Microsoft warns of critical Windows DNS Server vulnerability that’s ‘wormable’ – The Verge
https://www.theverge.com/2020/7/14/21324353/microsoft-windows-dns-server-security-vulnerability-patch-critical-flaw
SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers – Check Point Research
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
Conclusion
This high-severity vulnerability was acknowledged by Microsoft and was assigned CVE-2020-1350.
We believe that the likelihood of this vulnerability being exploited is high, as we internally found all of the primitives required to exploit this bug. Due to time constraints, we did not continue to pursue the exploitation of the bug (which includes chaining together all of the exploitation primitives), but we do believe that a determined attacker will be able to exploit it. Successful exploitation of this vulnerability would have a severe impact, as you can often find unpatched Windows Domain environments, especially Domain Controllers. In addition, some Internet Service Providers (ISPs) may even have set up their public DNS servers as WinDNS.
We strongly recommend users to patch their affected Windows DNS Servers in order to prevent the
exploitation of this vulnerability.
As a temporary workaround, until the patch is applied, we suggest setting the maximum length of a DNS
message (over TCP) to 0xFF00, which should eliminate the vulnerability. You can do so by executing the following commands:
reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters” /v “TcpReceivePacketSize” /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS
Tomi Engdahl says:
4 Dangerous Brazilian Banking Trojans Now Trying to Rob Users Worldwide. A Multi-Stage Malware Deployment Process
Cybersecurity researchers on Tuesday detailed as many as four different families of Brazilian banking trojans that have targeted financial institutions in Brazil, Latin America, and Europe.
Collectively called the “Tetrade” by Kaspersky researchers, the malware families — comprising Guildma, Javali, Melcoz, and Grandoreiro — have evolved their capabilities to function as a backdoor and adopt a variety of obfuscation techniques to hide its malicious activities from security software.
“Guildma, Javali, Melcoz and Grandoreiro are examples of yet another Brazilian banking group/operation that has decided to expand its attacks abroad, targeting banks in other countries, stated in the analysis.
“They benefit from the fact that many banks operating in Brazil also have operations elsewhere in Latin America and Europe, making it easy to extend their attacks against customers of these financial institutions.”
https://securelist.com/the-tetrade-brazilian-banking-malware/97779/
Tomi Engdahl says:
Deepfake used to attack activist couple shows new disinformation frontier
https://www.reuters.com/article/us-cyber-deepfake-activist/deepfake-used-to-attack-activist-couple-shows-new-disinformation-frontier-idUSKCN24G15E
Online profiles describe him as a coffee lover and politics junkie who was raised in a traditional Jewish home. His half dozen freelance editorials and blog posts reveal an active interest in anti-Semitism and Jewish affairs, with bylines in the Jerusalem Post and the Times of Israel.
The catch? Oliver Taylor seems to be an elaborate fiction.
Six experts interviewed by Reuters say the image has the characteristics of a deepfake.
“The distortion and inconsistencies in the background are a tell-tale sign of a synthesized image, as are a few glitches around his neck and collar,”
Artist Mario Klingemann, who regularly uses deepfakes in his work, said the photo “has all the hallmarks.”
“I’m 100 percent sure,” he said.
The Taylor persona is a rare in-the-wild example of a phenomenon that has emerged as a key anxiety of the digital age: The marriage of deepfakes and disinformation.
The threat is drawing increasing concern in Washington and Silicon Valley. Last year House Intelligence Committee chairman Adam Schiff warned that computer-generated video could “turn a world leader into a ventriloquist’s dummy.”
Last week online publication The Daily Beast revealed a network of deepfake journalists – part of a larger group of bogus personas seeding propaganda online.
Deepfakes like Taylor are dangerous because they can help build “a totally untraceable identity,”
Oliver Taylor’s articles drew minimal engagement on social media, but the Times of Israel’s Herschlag said they were still dangerous – not only because they could distort the public discourse but also because they risked making people in her position less willing to take chances on unknown writers.
“Absolutely we need to screen out impostors and up our defenses,” she said. “But I don’t want to set up these barriers that prevent new voices from being heard.”
Tomi Engdahl says:
Twitter reveals that its own employee tools contributed to unprecedented hack
https://www.theverge.com/2020/7/15/21326656/twitter-hack-explanation-bitcoin-accounts-employee-tools
Twitter says hackers compromised high-profile accounts thanks to access to internal tools
Tomi Engdahl says:
The massive Twitter hack could be a global security crisis
https://www.theverge.com/interface/2020/7/15/21325708/twitter-hack-global-security-crisis-nuclear-war-bitcoin-scam
Bitcoin scammers won’t be the last people to take over verified accounts — and we should be very, very worried about who else will
Whatever Twitter eventually comes to say about the events of July 15th, 2020, when it suffered the most catastrophic security breach in company history, it must be said that the events were set in motion years ago.
That brings us to today. The story picks up with Nick Statt in The Verge:
The Twitter accounts of major companies and individuals have been compromised in one of the most widespread and confounding hacks the platform has ever seen, all in service of promoting a bitcoin scam that appears to be earning its creator quite a bit of money.
We don’t know how it’s happened or even to what extent Twitter’s own systems may have been compromised.
Barack Obama, Joe Biden, Elon Musk, Apple, and others hacked in unprecedented Twitter attack
https://www.theverge.com/2020/7/15/21326200/elon-musk-bill-gates-twitter-hack-bitcoin-scam-compromised
The scams appear to be part of a widespread hacking operation affecting multiple account
The Twitter accounts of major companies and individuals have been compromised in one of the most widespread and confounding hacks the platform has ever seen, all in service of promoting a bitcoin scam that appears to be earning its creator quite a bit of money.
following the unprecedented hacks of accounts including President Barack Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Michael Bloomberg, and Apple, Twitter has confirmed it took the drastic step of blocking new tweets from every verified user, compromised or no, as well as locking all compromised accounts.
Twitter says it won’t restore access to their owners “until we are certain we can do so securely.”
On Wednesday evening, the company revealed that its own internal employee tools were compromised and used in the hack, which may explain why even accounts that claimed to have two-factor authentication were still attempting to fool followers with the Bitcoin scam.
Tomi Engdahl says:
Twitter hack comments from
https://www.facebook.com/groups/2600net/permalink/2777488109140963/
Scammed about $120k worth of BTC.
they used the same BTC receive address for all the tweets…
The wallet address is like an EICAR string now.
that’s so crazy. It’s a public ledger.
https://www.blockchain.com/btc/address/bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh
Tomi Engdahl says:
Android Phones Might Be More Secure Than iPhones Now
What the market for zero-day exploits tells us about our phones
https://onezero.medium.com/amp/p/4a2ca6f359d3
Inall the heated debates between iOS and Android fanboys, privacy is not a war that Android often wins. Apple’s walled garden approach to apps has its problems, but Google Play has historically been flooded with unsafe apps.
Plus, less than 10% of Android users have updated to the latest version of the OS. In other words, nearly all its users run outdated software which almost certainly has bugs and security loopholes.
Apple, meanwhile, puts the spotlight on its privacy centric features at every opportunity it gets.
By studying the market for iOS and Android zero-day exploits, we can get a decent idea of the security of each platform.
Antivirus, firewall, and other security features are ineffective against them, making them powerful weapons and lucrative commodities.
“The zero-day market is based on supply and demand, a spike in supply of zero-day exploits for a specific product means that the security level of that product is decreasing and the price goes down as there are too many exploits available,”
“Obviously, we cannot draw a final conclusion about the overall security level of a system just based on its bug bounty price or the number of existing exploits, but these are very strong indicators that cannot be ignored.”
In a message to Wired, Bekrar confirmed that it is a bit of both. “Android security is improving with every new release of the OS thanks to the security teams of Google and Samsung, so it became very hard and time-consuming to develop full chains of exploits for Android and it’s even harder to develop zero-click exploits not requiring any user interaction.” But on the other hand, he writes, “During the last few months, we have observed an increase in the number of iOS exploits, mostly Safari and iMessage chains, being developed and sold by researchers from all around the world. The zero-day market is so flooded by iOS exploits that we’ve recently started refusing some of them.”
Tomi Engdahl says:
”Oikeus on selkiyttänyt nyt jo toistamiseen, että Euroopan yksityisyyslait ja Yhdysvaltain tiedustelulait ovat keskenään ristiriidassa”, Schrems sanoi uutistoimisto Reutersille tuoreeltaan päätöksen jälkeen.
https://www.hs.fi/talous/art-2000006573007.html
Tomi Engdahl says:
https://www.kauppalehti.fi/uutiset/digikonsultti-kieltaisi-whatsappin-yritysten-sisaisessa-kaytossa-naiden-riskien-takia-on-syyta-etsia-vaihtoehtoja/b3ba68ce-16d3-4e23-9f31-2b24b3e7b4bd
Tomi Engdahl says:
Microsoft warns of critical Windows DNS Server vulnerability that’s ‘wormable’
System admins need to patch servers as quickly as possible
https://www.theverge.com/2020/7/14/21324353/microsoft-windows-dns-server-security-vulnerability-patch-critical-flaw
Tomi Engdahl says:
Tuomioistuin kielsi henkilötietojen luovuttamisen EU:sta Yhdysvaltoihin – vaikutuksia myös Facebookiin
Tänään klo 19:37
Tapaus johtaa juurensa Edward Snowdenin tietovuotoihin koskien Yhdysvaltojen harjoittaman urkinnan mittakaavaa vuonna 2013.
https://www.iltalehti.fi/ulkomaat/a/158d1b60-7318-494c-93d2-c77403d82c0e
Euroopan unionin tuomioistuin mitätöi torstaina sopimuksen, joka salli yhtiöiden luovuttaa henkilötietoja unionin alueelta Yhdysvaltoihin. Asiasta kertovat muun muassa uutistoimistot Reuters ja AFP.
Privacy Shield -sopimus solmittiin EU:n ja Yhdysvaltojen välillä vuonna 2016. Sen tarkoitus oli suojata eurooppalaisten henkilötietoja, joita siirretään kaupallisessa tarkoituksessa unionin alueelta Yhdysvaltoihin.
EU-tuomioistuin kuitenkin katsoi, ettei sopimus takaa riittävää yksityisyydensuojaa EU-kansalaisille.
Tuomioistuimen päätös tarkoittaa sitä, että tiedonsiirtoa tullaan jatkossa säätelemään tiukemmin. Päätös vaikuttaa tuhansiin yrityksiin, jotka ovat toiminnassaan nojanneet kyseiseen sopimukseen.
– Yhdysvaltojen on uudistettava valvontalakejaan perustavanlaatuisesti, jos yhdysvaltalaiset yritykset haluavat säilyttää roolinsa eurooppalaisilla markkinoilla
Schremsillä oli keskeinen rooli myös Privacy Shield -sopimuksen edeltäjän, Safe Harbour -sopimuksen mitätöimisessä vuonna 2015.
Tiedonsiirtoa jatkossakin
Tuomioistuimen päätös ei pysäytä kaikkea henkilötietojen siirtoa Euroopasta Yhdysvaltoihin, sillä tuomioistuin jätti voimaan komission hyväksymät vakiolausekkeet (standard contractual clauses, SCC). Niitä käytetään henkilötietojen siirrossa talousalueen ulkopuolelle.
Samalla tuomioistuin kuitenkin painotti, että tällöinkin tietosuojaviranomaisten tulee keskeyttää tai estää henkilötietojen siirto, jos tietosuojaa ei voida taata vastaanottajamaassa. Vakiolausekkeet asettavat yrityksille myös jo valmiiksi enemmän sääntelyä kuin Yhdysvaltojen kanssa tehty sopimus.
Tomi Engdahl says:
The UK says an infamous Russian hacker crew called Cozy Bear has been targeting Covid-19 research in the West.
UK And US Spies Blame Russian Hackers For Targeting Covid-19 Vaccine Research
http://on.forbes.com/6186GnLyk
Tomi Engdahl says:
People Who Tried to Change Their Passwords After Twitter Hack Are Still Locked Out
https://www.vice.com/en_us/article/7kpw5z/people-who-tried-to-change-their-passwords-after-twitter-hack-are-still-locked-out
Twitter has not said why it specifically disabled the password reset feature, but based on Motherboard’s reporting, it seems likely that hackers were using some of these features in order to take over accounts. Twitter acknowledged the issue, but has not said how many people were affected, nor when affected people will regain access to their accounts.
“This is a widespread issue related to a security incident that we are investigating and working to fix,” a Twitter spokesperson told Motherboard in an email. “Some users may not be able to change the password or access their accounts at the moment unfortunately.”
The issue appears to be widespread, potentially affecting anyone who took precautionary measures following news of the breach.
Tomi Engdahl says:
The Twitter Hack — what actually happened and how.
The Twitter Hack — What exactly happened?
https://medium.com/@lucky225/the-twitter-hack-what-exactly-happened-d8740d33c1c
Tomi Engdahl says:
The massive Twitter hack could be a global security crisis
https://www.theverge.com/interface/2020/7/15/21325708/twitter-hack-global-security-crisis-nuclear-war-bitcoin-scam
Bitcoin scammers won’t be the last people to take over verified accounts — and we should be very, very worried about who else will
Whatever Twitter eventually comes to say about the events of July 15th, 2020, when it suffered the most catastrophic security breach in company history, it must be said that the events were set in motion years ago.
Tomi Engdahl says:
Microsoft may have made a huge jump in improving Windows 10 security
By Mike Moore
https://www.techradar.com/news/microsoft-may-have-made-a-huge-jump-in-improving-windows-10-security
Windows 10 should be secured from wider number of threats thanks to Microsoft upgrade
Introducing Kernel Data Protection, a new platform security technology for preventing data corruption
https://www.microsoft.com/security/blog/2020/07/08/introducing-kernel-data-protection-a-new-platform-security-technology-for-preventing-data-corruption/
Tomi Engdahl says:
Blueleaks: How the FBI tracks Bitcoin laundering on the dark web
https://decrypt.co/34740/blueleaks-how-the-fbi-tracks-bitcoin-laundering-on-the-dark-web
Leaked FBI intelligence report details how dark web criminals are using a Panamanian crypto-changer to launder dirty Bitcoin into privacy coin Monero.
Tomi Engdahl says:
https://www.zdnet.com/article/one-out-of-every-142-passwords-is-123456/
Tomi Engdahl says:
Iranian Spies Accidentally Leaked Videos of Themselves Hacking
https://www.wired.com/story/iran-apt35-hacking-video/
IBM’s X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accounts—and who it’s targeting
Researchers at IBM’s X-Force security team revealed today that they’ve obtained roughly five hours of video footage that appears to have been recorded directly from the screens of hackers working for a group IBM calls ITG18, and which other security firms refer to as APT35 or Charming Kitten. It’s one of the most active state-sponsored espionage teams linked to the government of Iran. The leaked videos were found among 40 gigabytes of data that the hackers had apparently stolen from victim accounts, including US and Greek military personnel.
The IBM researchers say they found the videos exposed due to a misconfiguration of security settings on a virtual private cloud server they’d observed in previous APT35 activity. The files were all uploaded to the exposed server over a few days in May, just as IBM was monitoring the machine. The videos appear to be training demonstrations the Iran-backed hackers made to show junior team members how to handle hacked accounts. They show the hackers accessing compromised Gmail and Yahoo Mail accounts to download their contents, as well as exfiltrating other Google-hosted data from victims.
This sort of data exfiltration and management of hacked accounts is hardly sophisticated hacking. It’s more the kind of labor-intensive but relatively simple work that’s necessary in a large-scale phishing operation. But the videos nonetheless represent a rare artifact, showing a first-hand view of state-sponsored cyberspying that’s almost never seen outside of an intelligence agency.
“We don’t get this kind of insight into how threat actors operate really ever,”
In one video, the hacker logs into a compromised Gmail account—a dummy account for the demonstration—by plugging in credentials from a text document, and links it to the email software Zimbra, designed to manage multiple accounts from a single interface, using Zimbra to download the account’s entire inbox to the hacker’s machine. Then the hacker quickly deletes the alert in the victim’s Gmail that says their account permissions have been changed. Next the hacker downloads the victim’s contacts and photos from their Google account too. A second video shows a similar workflow for a Yahoo account.
The Google account’s data is stolen in around four minutes. The Yahoo account takes less than three minutes. In both cases, of course, a real account populated with tens or hundreds of gigabytes of data would take far longer to download. But the clips demonstrate how quickly that download process is set up
In some clips, the researchers say they observed the hackers working through a text document full of usernames and passwords for a long list of non-email accounts, from phone carriers to bank accounts, as well as some as trivial as pizza delivery and music-streaming services. “Nothing was off-limits,” Wikoff says. The researchers note that they didn’t see any evidence that the hackers were able to bypass two-factor authentication, however. When an account was secured with any second form of authentication, the hackers simply moved on to the next one on their list.
It’s hardly unprecedented for hackers to accidentally leave behind revealing tools or documents on an unsecured server, points out former NSA staffer Emily Crose, who now works as a researcher for the security firm Dragos. But Crose says she’s not aware of any public instance of actual videos of state-sponsored hackers’ own operations being left for investigators
And given that the hacked accounts likely also contain evidence of how they were compromised, she says the leaked videos may well force the Iranian hackers to change some of their tactics. “This kind of thing is a rare win for the defenders,”
Tomi Engdahl says:
JUL 20
Who’s Behind Wednesday’s Epic Twitter Hack?
https://krebsonsecurity.com/2020/07/whos-behind-wednesdays-epic-twitter-hack/
Twitter was thrown into chaos on Wednesday after accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools. This post is an attempt to lay out some of the timeline of the attack, and point to clues about who may have been behind it.
There are strong indications that this attack was perpetrated by individuals who’ve traditionally specialized in hijacking social media accounts via “SIM swapping,” an increasingly rampant form of crime that involves bribing, hacking or coercing employees at mobile phone and social media companies into providing access to a target’s account.
People within the SIM swapping community are obsessed with hijacking so-called “OG” social media accounts. Short for “original gangster,”
In the days leading up to Wednesday’s attack on Twitter, there were signs that some actors in the SIM swapping community were selling the ability to change an email address tied to any Twitter account. In a post on OGusers — a forum dedicated to account hijacking — a user named “Chaewon” advertised they could change email address tied to any Twitter account for $250, and provide direct access to accounts for between $2,000 and $3,000 apiece.
Hours before any of the Twitter accounts for cryptocurrency platforms or public figures began blasting out bitcoin scams on Wednesday, the attackers appear to have focused their attention on hijacking a handful of OG accounts, including “@6.”
That Twitter account was formerly owned by Adrian Lamo — the now-deceased “homeless hacker” perhaps best known for breaking into the New York Times’s network and for reporting Chelsea Manning‘s theft of classified documents.
While it may sound ridiculous that anyone would be fooled into sending bitcoin in response to these tweets, an analysis of the BTC wallet promoted by many of the hacked Twitter profiles shows that over the past 24 hours the account has processed 383 transactions and received almost 13 bitcoin — or approximately USD $117,000.
Twitter issued a statement saying it detected “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”
Tomi Engdahl says:
New German law would force ISPs to allow secret service to install trojans on user devices
https://www.privateinternetaccess.com/blog/new-german-law-would-force-isps-to-allow-secret-service-to-install-trojans-on-user-devices/
A new law being proposed in Germany would see all 19 federal state intelligence agencies in Germany granted the power to spy on German citizens through the use of trojans. The new law would force internet service providers (ISPs) to install government hardware at their data centers which would reroute data to law enforcement, and then on to its intended destination so the target is blissfully unaware that their communications and even software updates are being proxied. Specifically, Netzpolitik pointed out that the law calls for
Tomi Engdahl says:
Alleged screenshots of internal Twitter tools suggest platform maintains user ‘blacklists’ despite denying practice for years
https://www.rt.com/news/494880-twitter-blacklist-leaked-images/
Leaked screenshots of Twitter’s internal systems indicate that the company keeps “blacklists” for users it deems undesirable, according to multiple reports. The leaks followed the largest hack in the platform’s history.
The images, said to be screencaps of an internal control panel on the site’s back end, appear to show that Twitter marks user accounts with tags such as “Trends Blacklist,”“Search Blacklist” and “Compromised.” The visuals were first reported by Motherboard on Wednesday evening, soon followed up by CNet, who also said it had obtained copies of the images.
Tomi Engdahl says:
Hackers Convinced Twitter Employee to Help Them Hijack Accounts
https://www.vice.com/en_us/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos
After a wave of account takeovers, screenshots of an internal Twitter user administration tool are being shared in the hacking underground.
A Twitter insider was responsible for a wave of high profile account takeovers on Wednesday, according to leaked screenshots obtained by Motherboard and two sources who took over accounts.
On Wednesday, a spike of high profile accounts including those of Joe Biden, Elon Musk, Bill Gates, Barack Obama, Uber, and Apple tweeted cryptocurrency scams in an apparent hack.
“We used a rep that literally done all the work for us,” one of the sources told Motherboard. The second source added they paid the Twitter insider.
The accounts were taken over using an internal tool at Twitter, according to the sources, as well as screenshots of the tool obtained by Motherboard. One of the screenshots shows the panel and the account of Binance; Binance is one of the accounts that hackers took over today. According to screenshots seen by Motherboard, at least some of the accounts appear to have been compromised by changing the email address associated with them using the tool.
Twitter has been deleting some screenshots of the panel and has suspended users who have tweeted them, claiming that the tweets violate its rules.
The panel is a stark example of the issue of insider data access at tech companies. Whereas in other cases hackers have bribed workers to leverage tools over individual users, in this case the access has led to takeovers of some of the biggest accounts on the social media platform and tweeted bitcoin related scams in an effort to generate income.
The screenshots show details about the target user’s account, such as whether it has been suspended, is permanently suspended, or has protected status.
Data breach monitoring and prevention service Under The Breach obtained a similar screenshot and tweeted it as the hackers hijacked several accounts. The person in control of the Under The Breach account told Motherboard Twitter then removed the tweet with the screenshot and suspended them for 12 hours. A message replacing the tweet now says it violated the Twitter rules.
After the publication of this piece, Twitter said in a tweet that “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
Other hijacked accounts include Mike Bloomberg, and cryptocurrency platforms Coinbase and Gemini.
All tech companies face the issue of malicious insiders.
Tomi Engdahl says:
“Putin Hacked Our Coronavirus Vaccine” Is The Dumbest Story Yet
https://medium.com/@caityjohnstone/putin-hacked-the-coronavirus-vaccine-is-the-dumbest-story-yet-e5277c158ce5
OMG you guys Putin hacked our coronavirus vaccine secrets!
Today mainstream media is reporting what is arguably the single dumbest Russiavape story of all time, against some very stiff competition.
“Russian hackers are targeting health care organizations in the West in an attempt to steal coronavirus vaccine research, the U.S. and Britain said,” reports The New York Times.
“Hackers backed by the Russian state are trying to steal COVID-19 vaccine and treatment research from academic and pharmaceutical institutions around the world, Britain’s National Cyber Security Centre (NCSC) said on Thursday,” Reuters reports.
I mean, there are just so many layers of stupid.
First of all, how many more completely unsubstantiated government agency allegations about Russian nefariousness are we the public going to accept from the corporate mass media? Since 2016 it’s been wall-to-wall narrative about evil things Russia is doing to the empire-like cluster of allies loosely centralized around the United States, and they all just happen to be things nobody can actually provide the public with hard verifiable evidence of.
Ever since the shady cybersecurity firm Crowdstrike admitted that it never actually saw hard proof of Russia hacking the DNC servers, the already shaky and always unsubstantiated narrative that Russian hackers interfered in the US presidential election in 2016 has been on thinner ice than ever.
“Officials have not commented on whether the attacks were successful but also have not ruled out that this is the case,” Wired reports.
Thirdly, this is a “vaccine” which does not even exist at this point in time, and the research which was supposedly hacked may never lead to one. Meanwhile, Sechenov First Moscow State Medical University reports that it has “successfully completed tests on volunteers of the world’s first vaccine against coronavirus,” in Russia.
Fourthly, and perhaps most importantly, how obnoxious and idiotic is it that coronavirus vaccine “secrets” are a even a thing??? This is a global pandemic which is hurting all of us; scientists should be free to collaborate with other scientists anywhere in the world to find a solution to this problem.
This intensely stupid story comes out at the same time British media are blaring stories about Russian interference in the 2019 election
“Amplifying”. That’s literally all there is to this story. As we learned with the ridiculous US Russiagate narrative, Russia “amplifying” something in such allegations can mean anything from RT reporting on a major news story to a Twitter account from St Petersburg sharing an article from The Washington Post. Even the foreign secretary’s claim itself explicitly admits that “there is no evidence of a broad spectrum Russian campaign against the General Election”.
“The statement is so foggy and contradictory that it is almost impossible to understand it,” responded Russia’s foreign ministry to the allegations. “If it’s inappropriate to say something then don’t say it. If you say it, produce the facts.”
All this new cold war Russia hysteria is turning people’s brains into guacamole. We’ve got to find a way to snap out of the propaganda trance so we can start creating a world that is based on truth and a desire for peace.
Tomi Engdahl says:
Federal court rules WhatsApp and Facebook’s malware exploit case against NSO Group can proceed
https://techcrunch.com/2020/07/16/federal-court-rules-whatsapp-and-facebooks-malware-exploit-case-against-nso-group-can-proceed/?tpcc=ECFB2020
Last October, WhatsApp and Facebook filed a complaint alleging that NSO Group exploited an audio-calling vulnerability in the messaging app to send malware to about 1,400 mobile devices, including ones that belonged to journalists, human rights activists, political dissidents, diplomats and senior government officials.
WhatsApp and Facebook also claim that NSO Group developed a data program called Pegasus that extracted data, including messages, browser history and contacts, from phones, and sold support services to customers including the Kingdom of Bahrain, United Arab Emirates and Mexico.
In its motion to dismiss the lawsuit, one of NSO Group’s arguments was that its business dealings with foreign governments, which it said use its technology to fight terrorism and other serious crimes, granted it immunity from lawsuits filed in U.S. courts under the Foreign Sovereign Immunity Act (FSIA). In her decision, Judge Hamilton wrote that NSO Group failed to qualify because it was not incorporated or formed in the U.S.
Tomi Engdahl says:
Väärennettyjä verkkolaitteita – uhka yritysverkoille
https://www.uusiteknologia.fi/2020/07/17/vaarennettyja-verkkolaitteita-uhka-yritysverkoille/
F-Securen väärennettyihin Ciscon verkkolaitteisiin kohdistuva tutkimustyö osoittaa, kuinka vaarallisia muokatut ja väärennetyt kopiolaitteistot voivat olla yrityksen toiminnalle. F-Securen tiimi tutki kahta Cisco Catalyst 2960-X -sarjan kytkinväärennöstä ja selvitti niiden tietoturvauhkat.
Tutkimus lähti liikkeelle, kun eräs IT alan yritys löysi väärennökset sen jälkeen, kun ohjelmistopäivitykset eivät enää toimineet. Yrityksen pyynnöstä F-Secure Consulting -yksikkö suoritti perusteellisen laiteanalyysin.
Väärennökset olivat fyysisesti ja toiminnaltaan aivan autenttisen Cisco-kytkimen kaltaisia. Yksi mahdollinen tulkinta tästä on, että väärentäjät ovat todella kyenneet investoimaan kopion tekemiseen tai sitten heillä on ollut pääsy dokumentaatioon, jonka avulla täsmällinen kopio on voitu luoda.
’’Väärennösten motiivi oli todennäköisesti vain tehdä rahaa laitteita myymällä’’,
F-Securen ohjeet organisaatioille väärennyksien välttämiseksi
Hanki kaikki laitteet valtuutetuilta jälleenmyyjiltä
Luo selkeät sisäiset prosessit, joita hankinnoissa noudatetaan
Varmista, että kaikissa laitteissa on uusin saatavilla oleva ohjelmisto
Huomioi saman tuotteen eri yksiköiden väliset fyysiset erot riippumatta siitä, kuinka hienovaraisia ne ovat
Tomi Engdahl says:
CVE-2020-1350 (SIGRed) – Windows DNS Denial of Service Vulnerability
Link: https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
Exploit: https://github.com/maxpl0it/CVE-2020-1350-DoS
Tomi Engdahl says:
Europe’s top court strikes down flagship EU-US data transfer mechanism
https://tcrn.ch/2DHa7Y0
A highly anticipated ruling by Europe’s top court has just landed — striking down a flagship EU-US data flows arrangement called Privacy Shield.
“The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield,” it wrote in a press release.
The CJEU’s finding is that “the requirements of US national security, public interest and law enforcement have primacy, thus condoning interference with the fundamental rights of persons whose data are transferred to that third country”, and that mechanisms in the EU-US Privacy Shield ostensibly intended to mitigate this interference (such as an ombudsperson role to handle EU citizens’ complaints) are not up the required legal standard of ‘essential equivalence’ with EU law.
It’s worth noting that today’s decision does not concern so called ‘necessary’ data transfers — such as being able to send an email to book a hotel room. Rather this is about the bulk outsourcing of data processing from the EU to the US (typically undertaken for cost/ease reasons). So one knock on effect of today’s ruling might be that more companies switch to regional data processing for European users.
The original case raised specific questions of legality around a European data transfer mechanism used by Facebook (and many other companies) for processing regional users’ data in the US — called Standard Contractual Clauses (SCCs). That mechanism has not been struck down by today’s ruling, though judges have made it clear that third country context around the use of SCCs is king and EU regulators must step in when they suspect data is flowing to unsafe locations outside the bloc.
“The Court of Justice declared the Privacy Shield decision invalid but also confirmed that the Standard Contractual Clauses remain a valid tool for the transfer of personal data to processors established in the third countries. This means that the transatlantic data flows can continue based on the broad toolbox for international transfers provided by the GDPR,” she said, naming “binding corporate rules” and SCCs as available options.
“In its judgement today the Court of Justice of the EU once again underlined that the right of European citizens to data protection is absolutely fundamental,” she said. “It confirms also what the Commission has said many times that what we have been working on when personal data travels abroad from Europe it must remain safe.”
https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091en.pdf
Tomi Engdahl says:
Google removed these apps from the Play Store, now you should delete them from your phone
https://www.phonearena.com/news/dangerous-android-apps-removed-delete-from-your-smartphone_id125740
Google’s Play Store is a home for millions of apps that make our phones useful in so many ways. And although Google is doing its best to make sure there aren’t any harmful apps on its app market, some inevitably slip through.
Luckily, Google isn’t the only company that’s on the lookout for mischievous apps.
Tomi Engdahl says:
Security researchers have increasingly been finding vulnerabilities in Web Assembly, some that had been known and rectified for native programs years ago. The latest discoveries by a group of German researchers show that Web Assembly, as least as it is now implemented, contains vulnerabilities that are much more subtle than just the possibility that it could be used for surreptitious cryptomining or for code obfuscation.
More Worries over the Security of Web Assembly
https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
A 2019 study conducted by researchers at the Technical University of Braunschweig in Germany investigated the top 1 million websites and found Web Assembly to be used in about 1,600 of them. More than half of those instances were for mining crytocurrency. Another shady use of Web Assembly they found, though far less prevalent, was for code obfuscation: to hide malicious actions running in the browser that would be more apparent if done using Javascript
One class of vulnerabilities stems fundamentally from how Web Assembly manages memory compared with what goes on natively. Web Assembly code runs on a virtual machine, one the browser creates. That virtual machine includes a single contiguous block of memory without any holes. That’s different from what takes place when a program runs natively, where the virtual memory provided for a program has many gaps—referred to as unmapped pages. When code is run natively, a software exploit that tries to read or write to a portion of memory that it isn’t supposed to access could end up targeting an unmapped page, causing the malicious program to halt. Not so with Web Assembly.
Although the creators of Web Assembly took pains to make it safe, it shouldn’t come as a great surprise that unwelcome applications of its power and unexpected vulnerabilities of its design have come to light. That’s been the story of networked computers from the outset, after all.
Tomi Engdahl says:
Hackers Convinced Twitter Employee to Help Them Hijack Accounts
https://www.vice.com/en_us/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos
After a wave of account takeovers, screenshots of an internal Twitter user administration tool are being shared in the hacking underground.
A Twitter insider was responsible for a wave of high profile account takeovers on Wednesday, according to leaked screenshots obtained by Motherboard and two sources who took over accounts.
On Wednesday, a spike of high profile accounts including those of Joe Biden, Elon Musk, Bill Gates, Barack Obama, Uber, and Apple tweeted cryptocurrency scams in an apparent hack.
Tomi Engdahl says:
‘Unwoke’ Jobs Site Launches, Is Brutally Trolled and Hacked Immediately
https://www.vice.com/en_us/article/n7wdyx/unwoke-hr-job-listing-platform-hacked
Unwoke.hr was a place to list job opportunities without the burden of “wokeness,” until people hacked it and filled it with fake listings.
A right-wing job recruitment site called Unwoke was immediately trolled, then defaced to display antiracist memes and images.
Unwoke.hr, a platform for listing open positions and job-seeker profiles, believes that the modern workplace “has become a hotpot for unchallenged radical thinking and left wing ideology,” and that society needs a culture of “enlightenment, beauty, truth and freedom through free market initiatives,” according to the site. The Unwoke.hr domain was first registered in late June.
“Hire courageous, free thinking and freedom loving individuals,” the site says. “Not ideologues whose only agenda is to weaponize your brand and business to further a radical cause.”
Within 30 minutes of Unwoke getting attention on Twitter, someone hacked the site to display a crossed-out swastika, and then the Big Chungus video game meme, rendering the whole platform unusable.
Tomi Engdahl says:
The Day I Trolled The Entire Internet: An Accidental Research Project on CVE-2020-1350
What do you get if you create a binary, a few bash scripts, a README and excellent timing? CVE-2020-1350
https://blog.zsec.uk/cve-2020-1350-research/
Tomi Engdahl says:
US Cyber Command says foreign hackers will attempt to exploit new PAN-OS security bug
Palo Alto Networks disclosed today a major bug that lets hackers bypass authentication on its firewall and corporate VPN products
https://www.zdnet.com/article/us-cyber-command-says-foreign-hackers-will-attempt-to-exploit-new-pan-os-security-bug/
Tomi Engdahl says:
https://www.technologyreview.com/2020/07/08/1004876/the-internet-is-changing-drastically-for-hong-kongs-citizens/?utm_medium=tr_social&utm_campaign=site_visitor.unpaid.engagement&utm_source=Facebook#Echobox=1594660713
Tomi Engdahl says:
Israel is regularly conducting military operations against countries that they are not at war with.
They’re luck they don’t get hit harder and more often.
https://www.timesofisrael.com/report-israeli-cyberattack-caused-iran-nuclear-site-fire-f35s-hit-missile-base/
Tomi Engdahl says:
Cyber attacks again hit Israel’s water system, shutting agricultural pumps
https://www.timesofisrael.com/cyber-attacks-again-hit-israels-water-system-shutting-agricultural-pumps/amp/
Incident follows more serious April attack attributed to Iran that officials said could have poisoned hundreds with chlorine
Two cyber attacks were carried out against Israeli water infrastructure in recent weeks, the Ynet news site reported late Thursday.
The Water Authority confirmed the report, but said no damage was done to Israel’s water system.
Officials did not say who carried out the attacks on the pump stations, but the attacks come amid a reportedly escalating tit-for-tat between Israel and Iran following an alleged April attack by Tehran on Israel’s drinking water.
According to reports in Israeli and Western media outlets, Iran tried to hack into Israel’s water system in April and poison the water by increasing chlorine levels in water flowing to residential areas.
Speaking to the British newspaper Financial Times, an unnamed Western intelligence official said in early June that hundreds of people would have been at risk of getting sick and that the attack had come close to succeeding.
Iran cyberattack on Israel’s water supply could have sickened hundreds – report
https://www.timesofisrael.com/iran-cyberattack-on-israels-water-supply-could-have-sickened-hundreds-report/
Western official says April hack aimed to raise chlorine to dangerous levels; Israeli official says attack began tit-for-tat on civilian targets
Tomi Engdahl says:
Legal clouds gather over US cloud services, after CJEU ruling
https://tcrn.ch/2ZFO5xA
In the wake of yesterday’s landmark ruling by Europe’s top court — striking down a flagship transatlantic data transfer framework called Privacy Shield, and cranking up the legal uncertainty around processing EU citizens’ data in the U.S. in the process — Europe’s lead data protection regulator has fired its own warning shot at the region’s data protection authorities (DPAs), essentially telling them to get on and do the job of intervening to stop people’s data flowing to third countries where it’s at risk.
Countries like the U.S.
The original complaint that led to the Court of Justice of the EU (CJEU) ruling focused on Facebook’s use of a data transfer mechanism called Standard Contractual Clauses (SCCs) to authorize moving EU users’ data to the U.S. for processing.
Complainant Max Schrems asked the Irish Data Protection Commission (DPC) to suspend Facebook’s SCC data transfers in light of U.S. government mass surveillance programs. Instead, the regulator went to court to raise wider concerns about the legality of the transfer mechanism.
That in turn led Europe’s top judges to nuke the Commission’s adequacy decision, which underpinned the EU-U.S. Privacy Shield — meaning the U.S. no longer has a special arrangement greasing the flow of personal data from the EU. Yet, at the time of writing, Facebook is still using SCCs to process EU users’ data in the U.S. Much has changed, but the data hasn’t stopped flowing — yet.
Yesterday the tech giant said it would “carefully consider” the findings and implications of the CJEU decision on Privacy Shield, adding that it looked forward to “regulatory guidance.” It certainly didn’t offer to proactively flip a kill switch and stop the processing itself.
The DPC’s statement also only went so far as to say the use of SCCs for taking data to the U.S. for processing is “questionable” — adding that case by case analysis would be key.
The regulator remains the focus of sustained criticism in Europe over its enforcement record for major cross-border data protection complaints — with still zero decisions issued more than two years after the EU’s General Data Protection Regulation (GDPR) came into force, and an ever-growing backlog of open investigations into the data processing activities of platform giants.
The painstaking pace of enforcement around Europe’s flagship data protection framework remains a problem for EU lawmakers — whose two-year review last month called for uniformly “vigorous” enforcement by regulators.
“European supervisory authorities have the duty to diligently enforce the applicable data protection legislation and, where appropriate, to suspend or prohibit transfers of data to a third country,” writes EDPS Wojciech Wiewiórowski, in a statement, which warns against further dithering or can-kicking on the intervention front.
“As the supervisory authority of the EU institutions, bodies, offices and agencies, the EDPS is carefully analysing the consequences of the judgment on the contracts concluded by EU institutions, bodies, offices and agencies. The example of the recent EDPS’ own-initiative investigation into European institutions’ use of Microsoft products and services confirms the importance of this challenge,” he adds.
Part of the complexity of enforcement of Europe’s data protection rules is the lack of a single authority; a varied patchwork of supervisory authorities responsible for investigating complaints and issuing decisions.
In the statement, Hamburg’s data commissioner, Johannes Caspar, added: “Difficult times are looming for international data traffic.”
In a press note today, Berlin’s DPA also took a tough line, warning that data transfers to third countries would only be permitted if they have a level of data protection essentially equivalent to that offered within the EU.
In the case of the U.S. — home to the largest and most used cloud services — Europe’s top judges yesterday reiterated very clearly that that is not in fact the case.
“The times when personal data could be transferred to the U.S. for convenience or cost savings are over after this judgment,” she added.
“Now is the time for Europe’s digital independence,” she added.
Short of radical changes to U.S. surveillance law, it’s tough to see how any new framework could be made to legally stick, though. Privacy Shield’s predecessor arrangement, Safe Harbour, stood for around 15 years. Its shiny “new and improved” replacement didn’t even last five.
In the wake of the CJEU ruling, data exporters and importers are required to carry out an assessment of a country’s data regime to assess adequacy with EU legal standards before using SCCs to transfer data there.
“When performing such prior assessment, the exporter (if necessary, with the assistance of the importer) shall take into consideration the content of the SCCs, the specific circumstances of the transfer, as well as the legal regime applicable in the importer’s country. The examination of the latter shall be done in light of the non-exhaustive factors set out under Art 45(2) GDPR,” Jelinek writes.
“If the result of this assessment is that the country of the importer does not provide an essentially equivalent level of protection, the exporter may have to consider putting in place additional measures to those included in the SCCs. The EDPB is looking further into what these additional measures could consist of.”
One thing is crystal clear: Any sense of legal certainty U.S. cloud services were deriving from the existence of the EU-U.S. Privacy Shield — with its flawed claim of data protection adequacy — has vanished like summer rain.
In its place, a sense of déjà vu and a lot more work for lawyers.
Tomi Engdahl says:
Cloudflare DNS goes down, taking a large piece of the internet with it
https://techcrunch.com/2020/07/17/cloudflare-dns-goes-down-taking-a-large-piece-of-the-internet-with-it/
Many major websites and services were unreachable for a period Friday afternoon due to issues at Cloudflare’s 1.1.1.1 DNS service. The outage seems to have started at about 2:15 Pacific time and lasted for about 25 minutes before connections began to be restored. Google DNS may also have been affected.
Update: Cloudflare at 2:46 says “the issue has been identified and a fix is being implemented.” CEO Matthew Prince explains that it all came down to a bad router in Atlanta
The company also issued a statement via email emphasizing that this was not an attack on the system.
Discord, Feedly, Politico, Shopify and League of Legends were all affected, giving an idea of the breadth of the issue. Not only were websites down but also some status pages meant to provide warnings and track outages. In at least one case, even the status page for the status page was down.
Tomi Engdahl says:
Pro tip: If you are going to use 3rd party DoH/DoT, aka DNS resolver, mix it. Add to /etc/resolv.conf on Linux/Unix/macOS (GUI/firewall/dhcpd etc)
nameserver 1.1.1.1
nameserver 8.8.8.8
https://www.facebook.com/126000117413375/posts/3655987171081301/
Tomi Engdahl says:
CBP does end run around warrants, simply buys license plate-reader data
How does “unreasonable search” work when any agency can buy data from anywhere?
https://arstechnica.com/tech-policy/2020/07/cbp-does-end-run-around-warrants-simply-buys-license-plate-reader-data/
US Customs and Border Protection can track everyone’s cars all over the country thanks to massive troves of automated license plate scanner data, a new report reveals—and CBP didn’t need to get a single warrant to do it. Instead, the agency did just what hundreds of other businesses and investigators do: straight-up purchase access to commercial databases.
CBP has been buying access to commercial automated license plate-reader (ALPR) databases since 2017, TechCrunch reports, and the agency says bluntly that there’s no real way for any American to avoid having their movements tracked.
CBP says it’s ‘unrealistic’ for Americans to avoid its license plate surveillance
https://techcrunch.com/2020/07/10/cbp-license-plate-surveillance/
Tomi Engdahl says:
How to make your Twitter account more secure in an age of hacks
https://www.popsci.com/story/technology/twitter-security-settings/
The recent Bitcoin hack happened from within, but now is a great time to make sure your account is locked up.
Tomi Engdahl says:
Federal agencies in the US are worried face masks may be used to evade facial recognition technology
https://mol.im/a/8535491
Tomi Engdahl says:
https://futurism.com/spacex-launching-pirate-hunting-satellites
Tomi Engdahl says:
Mitre Corp runs some of the U.S. government’s most hush-hush science and tech labs. The cloak-and-dagger R&D shop might just be the most important organization you’ve never heard of.
https://www.forbes.com/sites/thomasbrewster/2020/07/13/inside-americas-secretive-2-billion-research-hub-collecting-fingerprints-from-facebook-hacking-smartwatches-and-fighting-covid-19/?utm_source=FBPAGE&utm_medium=social&utm_content=3503813944&utm_campaign=sprinklrForbesMainFB#bb5dc5920520
Tomi Engdahl says:
Windows Updates Just Got Serious: You Have 24 Hours To Comply, Homeland Security Tells Federal Agencies
https://www.forbes.com/sites/daveywinder/2020/07/17/windows-updates-just-got-serious-you-have-24-hours-to-comply-homeland-security-tells-government-agencies-wormable-vulnerability-sigred/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Valerie/#76616c657269
The July 14 ‘Patch Tuesday’ security updates rolled out by Microsoft included one particularly gnarly critical vulnerability. CVE-2020-1350 to be formal, or SIGRed as it has already become known, scored a “perfect” 10 under the Common Vulnerability Scoring System (CVSS) for good reasons: it’s wormable, easy to exploit and likely to be exploited.
So likely to be exploited that the U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) has issued an equally rare emergency directive giving government agencies just 24 hours to update Windows Server or apply other mitigations.
Tomi Engdahl says:
Just what does “no user logs” really mean for a VPN provider? It’s a popular buzz-phrase that lures people in.
[https://betanews.com/2020/07/15/ufo-vpn-data-leak/](https://betanews.com/2020/07/15/ufo-vpn-data-leak/)
Tomi Engdahl says:
For Seattle’s cop-free protest zone, tech is both a revolutionary asset and disastrous liability
‘They picked the wrong generation to pull this shit on.’
https://techcrunch.com/2020/07/18/for-seattles-cop-free-protest-zone-tech-is-both-a-revolutionary-asset-and-disastrous-liability/?tpcc=ECFB2020
The police killings of George Floyd and Breonna Taylor were sparks that reignited smoldering fury against authorities across the globe. One of the most watched locations has been Seattle, where protestors barricaded off a cop-free zone, drawing outsize attention and, in the process, forming a new case study in the uses of technology both to advance a cause and to drown it in disinformation.
From the actual recording of Floyd’s killing and the protests and riots that followed, to documenting the police’s brutal response and sudden withdrawal, to the establishment of and widespread commentary on an improvised community, technology has played a crucial role throughout. But to center things properly, it is how people are using technology, not the technology itself, that has become more important.
Tomi Engdahl says:
BadPower attack corrupts fast chargers to melt or set your device on fire
https://www.zdnet.com/article/badpower-attack-corrupts-fast-chargers-to-melt-or-set-your-device-on-fire/
Attackers can alter the firmware of fast charger devices to deliver extra voltage and damage connected equipment.
Chinese security researchers said they can alter the firmware of fast chargers to cause damage to connected (charging) systems, such as melt components, or even set devices on fire.
The technique, named BadPower, was detailed last week in a report published by Xuanwu Lab, a research unit of Chinese tech giant Tencent.
According to researchers, BadPower works by corrupting the firmware of fast chargers
A fast charger looks like any typical charger but works using special firmware. This firmware “talks” to a connected device and negotiates a charging speed, based on the device’s capabilities.
If a fast-charging feature is not supported, the fast charger delivers the standard 5V, but if the device can handle bigger inputs, the fast charger can deliver up to 12V, 20V, or even more, for faster charging speeds.
The BadPower technique works by altering the default charging parameters to deliver more voltage than the receiving device can handle, which degrades and damages the receiver’s components, as they heat up, bend, melt, or even burn.
When the user connects their infected smartphone or laptop to the fast charger, the malicious code modifies the charger’s firmware, and going forward the fast charger will execute a power overload for any subsequently connected devices.
RESEARCHERS TESTED 35 FAST CHARGERS, FOUND 18 VULNERABLE
The Tencent team said they verified their BadPower attack in practice. Researchers said they selected 35 fast chargers from 234 models available on the market and found that 18 models from 8 vendors were vulnerable.
The good news is that “most BadPower problems can be fixed by updating the device firmware.”
Researchers said that 18 chip vendors did not ship chips with a firmware update option, meaning there was no way to update the firmware on some fast charger chips.
Suggestions to fix the BadPower problem include hardening firmware to prevent unauthorized modifications, but also deploying overload protection to charged devices.
A demo video of a BadPower attack is available at the bottom of the Tencent report
https://xlab.tencent.com/cn/2020/07/16/badpower/
Tomi Engdahl says:
Ghost Squad Hackers defaced a second European Space Agency (ESA) site in a week
July 19, 2020No Comments
https://www.themodernlogicgroup.com/2020/07/19/ghost-squad-hackers-defaced-a-second-european-space-agency-esa-site-in-a-week/
A group of hacktivists that goes online with the name Ghost Squad Hackers has defaced for the second time in a week a site of the European Space Agency
Ghost Squad Hackers told me that they have found for the second time in a few days a Server-side request forgery (SSRF) remote code execution vulnerability in the server of the agency. This time they have exploited the issue to gain access to the https://space4rail.esa.int domain and deface it.
A Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.
In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services within the organization’s infrastructure, or to external third-party systems.
“These space agencies are not safe and we will continue to prove that!”
According to the hackers, the ESA experts have yet to fix the problem, they only removed the installation of the CMS.
The hackers told me that the issue was not within the CMS/web application, but it affects service in execution on the server.
“It seems they took the vulnerable service down also, this is their attempt to prevent future cyber attacks.” the hackers said.