Cyber security news August 2021

This posting is here to collect cyber security news in August 2021.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

309 Comments

  1. Tomi Engdahl says:

    Detect: The Third Pillar of Industrial Cybersecurity
    https://www.securityweek.com/detect-third-pillar-industrial-cybersecurity

    My first article in this series covered why visibility into industrial environments is challenging yet necessary, highlighting three key questions to ask when evaluating industrial cybersecurity solutions. In my second article, I detailed the actions required to understand, prioritize, and reduce risk so you can proactively protect your industrial environment.

    These are essential components to any industry cybersecurity program, but the harsh reality is that even the most advanced protective controls and processes you implement can’t eliminate risk completely. So, being able to detect and respond to potential threats quickly and effectively when they do surface is imperative.

    Unfortunately, threat detection is significantly more difficult within industrial networks for the following reasons:

    ● Incompatibility with IT security tools: The wide range of proprietary, vendor-specific OT protocols used in industrial assets are not always compatible with traditional threat detection tools. Attempting to implement the same 15+ IT security tools within an OT environment is rarely effective and can lead to downtime and an overwhelming barrage of false positives and negatives.

    ● Size and complexity of OT environments: The intricacy of large-scale, multi-site industrial networks can make it difficult to identify deviations from an accepted baseline. If you don’t know what normal looks like, you can’t discover misconfigurations, traffic overloads, or other issues that pose risks.

    ● IT-OT convergence: As the digitization of industrial networks increasingly blurs the lines between IT and OT, adversaries can enter through the IT side and remain undetected within the OT environment for months or even years, looking for subtle ways to undermine operations and create havoc. Defenders need a holistic solution that can detect threats across these increasingly interconnected environments.

    ● Lack of industrial cybersecurity expertise: It’s difficult and costly to find and retain OT security specialists, and many security teams are trained solely to resolve IT-centric incidents. OT-specific knowledge needed to defend industrial environments is lacking.

    Reply
  2. Tomi Engdahl says:

    https://www.securityweek.com/third-party-patches-available-more-petitpotam-attack-vectors

    Reply
  3. Tomi Engdahl says:

    High-Severity DoS Vulnerability Patched in BIND DNS Software
    https://www.securityweek.com/high-severity-dos-vulnerability-patched-bind-dns-software

    The Internet Systems Consortium (ISC) this week publicly announced the availability of patches for a high-severity denial-of-service (DoS) vulnerability affecting its BIND DNS software.

    The flaw, tracked as CVE-2021-25218, affects BIND versions 9.16.19, 9.17.16, and 9.16.19-S1. Patches are included in versions ​​9.16.20, 9.17.17 and 9.16.20-S1. Workarounds are also available.

    It’s worth noting that while the existence of the vulnerability was made public on August 18, customers received a notification one week in advance.

    The vulnerability can be exploited remotely to cause the BIND name server (named) process to crash.

    “If named attempts to respond over UDP with a response that is larger than the current effective interface maximum transmission unit (MTU), and if response-rate limiting (RRL) is active, an assertion failure is triggered (resulting in termination of the named server process),” ISC said in its advisory.

    Reply
  4. Tomi Engdahl says:

    ISC Releases Security Advisory for BIND
    https://us-cert.cisa.gov/ncas/current-activity/2021/08/19/isc-releases-security-advisory-bind

    Reply
  5. Tomi Engdahl says:

    Google Discloses Details of Unpatched Windows AppContainer Flaw
    https://www.securityweek.com/google-discloses-details-unpatched-windows-appcontainer-flaw

    Google disclosed the details of a Windows AppContainer flaw after Microsoft said it would not fix it, but the software giant later reversed course and said it could address it after all.

    Google Project Zero researcher James Forshaw on Thursday published a blog post describing his research into the Windows firewall and AppContainer, which Microsoft describes as a restrictive process execution environment that prevents applications running within this environment from accessing hardware, files, registry, other apps, and network resources that they are not specifically allowed to access.

    “Applications implemented in an AppContainer cannot be hacked to allow malicious actions outside of the limited assigned resources,” Microsoft says in its documentation for AppContainer.

    However, Forshaw claims to have discovered a way to bypass these restrictions, potentially enabling an attacker to access services on the localhost and intranet resources.

    Reply
  6. Tomi Engdahl says:

    https://www.bleepingcomputer.com/news/security/razer-bug-lets-you-become-a-windows-10-admin-by-plugging-in-a-mouse/

    Reply
  7. Tomi Engdahl says:

    Suomalais­hakkeri keksi, miten Windows kaapataan vain hiiri kiinnittämällä https://www.is.fi/digitoday/tietoturva/art-2000008211360.html

    Reply
  8. Tomi Engdahl says:

    Education Sector Sees Cyber Attacks Jump, Check Point Says
    https://www.bloomberg.com/news/articles/2021-08-22/education-sector-sees-cyber-attacks-jump-check-point-says?utm_source=facebook&utm_medium=news_tab&utm_content=algorithm

    Reply
  9. Tomi Engdahl says:

    Ransomware on a Rampage; a New Wake-Up Call
    https://www.forbes.com/sites/chuckbrooks/2021/08/21/ransomware-on-a-rampage-a-new-wake-up-call/

    Ransomware is on a rampage targeting industry and organizations. It is also and creating significant cybersecurity challenges. Ransomware is a type of malware cyber-attack where key files are encrypted encryption by hackers that renders data inaccessible to the victim. It is a criminal extortion tool and after an attack has occurred, the hackers will promise to restore systems and data when ransom is paid by the victims.

    Reply
  10. Tomi Engdahl says:

    Veikkaus epäilee: satoja pelitilejä yritetty hakkeroida robotin avulla “Kannattaa arvioida oma salasana”
    https://www.kauppalehti.fi/uutiset/veikkaus-epailee-satoja-pelitileja-yritetty-hakkeroida-robotin-avulla-kannattaa-arvioida-oma-salasana/ac1559b9-a1e0-40c6-84d5-57195795f8ff
    Veikkaus on havainnut normaalista poikkeavia yrityksiä kirjautua yrityksen verkkopalveluun. Asiasta tehdyn tutkinnan perusteella epäilyttävät kirjautumisyritykset keskittyvät heinäkuun alkuun 2021.
    Hyökkääjän epäillään käyttäneen ohjelmallisia työkaluja, joiden avulla robotti pyrki kirjautumaan asiakkaiden pelitileille arvaamalla käyttäjätunnuksen ja salasanan. Veikkauksen verkkosivujen mukaan hyökkääjä on tällä tavoin saattanut päästä kirjautumaan enintään noin
    800 asiakkaan pelitilille. Yhtiö on ottanut yhteyttä mahdollisen hyökkäyksen kohteeksi joutuneisiin asiakkaisiin ja nollannut heidän vanhat salasanansa.

    Reply
  11. Tomi Engdahl says:

    Hundreds of thousands of Realtek-based devices under attack from IoT botnet https://therecord.media/hundreds-of-thousands-of-realtek-based-devices-under-attack-from-iot-botnet/
    A dangerous vulnerability in Realtek chipsets used in hundreds of thousands of smart devices from at least 65 vendors is currently under attack from a notorious DDoS botnet gang. The attacks started last week, according to a report from IoT security firm SAM, and began just three days after fellow security firm IoT Inspector published details about the vulnerability on its blog. Tracked as CVE-2021-35395, the vulnerability is part of four issues IoT Inspector researchers found in the software development kit (SDK) that ships with multiple Realtek chipsets (SoCs). According to the research team, the vulnerability, which resided in a web panel used to configure the SDK/device, allowed a remote attacker to connect to these devices via malformed URL web panel parameters, bypass authentication, and run malicious code with the highest privileges, effectively taking over the device.

    Reply
  12. Tomi Engdahl says:

    Realtek SDK Vulnerabilities Exploited in Attacks Days After Disclosure
    https://www.securityweek.com/realtek-sdk-vulnerabilities-exploited-attacks-days-after-disclosure

    Reply
  13. Tomi Engdahl says:

    JPMorgan Chase Bank Notifies Customers of Data Exposure
    https://www.securityweek.com/jpmorgan-chase-bank-notifies-customers-data-exposure

    JPMorgan Chase Bank last week sent out notification letters to inform customers that their personal information might have been inadvertently exposed to other customers.

    The New York City-based financial services provider has started informing customers that, due to a technical bug, their personal information might have been exposed to other customers. The data was viewable on chase.com or in the Chase Mobile app.

    Information that other customers might have accessed includes balances and transaction data, along with names and account numbers, the bank said in the notification letter.

    https://media.dojmt.gov/wp-content/uploads/notificationLetter-51.pdf

    Reply
  14. Tomi Engdahl says:

    CISA Warns Organizations of ProxyShell Attacks on Exchange Servers
    https://www.securityweek.com/cisa-warns-organizations-proxyshell-attacks-exchange-servers

    Reply
  15. Tomi Engdahl says:

    PetitPotam Vulnerability Exploited in Ransomware Attacks
    https://www.securityweek.com/petitpotam-vulnerability-exploited-ransomware-attacks

    Reply
  16. Tomi Engdahl says:

    https://hackaday.com/2021/08/20/this-week-in-security-breaking-apple-id-political-hacktivism-and-airtag-tracking/

    Reply
  17. Tomi Engdahl says:

    Drone Hits Plane — And This Time It’s A Real (Police) One!
    https://hackaday.com/2021/08/23/drone-hits-plane-and-this-time-its-a-real-police-one/

    Over the years we’ve brought you many stories that follow the world of aviation as it struggles with the arrival of multirotors. We’ve seen phantom drone encounters cause panics and even shut airports, but it’s been vanishingly rare for such a story to have a basis in evidence. But here we are at last with a drone-aircraft collision story that involves a real drone. This time there’s a twist though, instead of one piloted by a multirotor enthusiast that would prompt a full-on media panic, it’s a police drone that collided with a Cesna landing at Toronto’s Buttonville airport.

    This is newsworthy in itself because despite several years and significant resources being devoted to the problem of drones hitting planes, demonstrable cases remain vanishingly rare. The machine in this case being a police one will we expect result in many fewer column inches for the event than had it been flown at the hands of a private multirotor pilot, serving only to heighten the contrast with coverage of previous events such as the Gatwick closure lacking any drone evidence.

    It’s picking an easy target to lay into the Your Regional Police over this incident, but it is worth making the point that their reaction would have been disproportionately larger had the drone not been theirs.

    Reply
  18. Tomi Engdahl says:

    A new NSO zero-click attack evades Apple’s iPhone security protections, says Citizen Lab
    Bahraini human rights activists were hacked with NSO’s Pegasus spyware
    https://techcrunch.com/2021/08/24/nso-pegasus-bahrain-iphone-security/?tpcc=ECFB2021

    Reply
  19. Tomi Engdahl says:

    “I no longer feel safe here,” says London-based activist, but Bahrain denies hacking nationals in exile with NSO’s Pegasus iOS spyware.
    https://www.forbes.com/sites/thomasbrewster/2021/08/24/nso-iphone-spyware-targets-bahrain-activists-in-london-uk-report-claims/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie&sh=1158d7bb2888

    Reply
  20. Tomi Engdahl says:

    You Can Gain Admin Privileges to Any Windows Machine by Plugging in a Razer Mouse
    Is it an interesting security hack, or a PSA to keep your computer safe? (It’s both.)
    https://lifehacker.com/you-can-gain-admin-privileges-to-any-windows-machine-by-1847537634

    Reply
  21. Tomi Engdahl says:

    Bloomberg:
    Sources: Tim Cook, Satya Nadella, and Andy Jassy plan to attend a meeting with Joe Biden on Wednesday to discuss efforts to improve cybersecurity — Apple Inc. Chief Executive Officer Tim Cook and Microsoft Corp. CEO Satya Nadella plan to attend a White House meeting with President Joe Biden …

    Apple’s Tim Cook, Microsoft’s Satya Nadella Plan to Visit White House
    https://www.bloomberg.com/news/articles/2021-08-23/apple-s-cook-microsoft-s-nadella-plan-to-visit-white-house

    The chief executive officers of Apple Inc., Microsoft Corp. and Amazon.com Inc. plan to attend a White House meeting with President Joe Biden this week to discuss efforts by private companies to improve cybersecurity following a dramatic uptick in ransomware and online attacks over the past year.

    Apple’s Tim Cook, Microsoft’s Satya Nadella and Amazon’s Andy Jassy plan to attend the event scheduled for Wednesday afternoon, according to people familiar with the matter.

    The executives could discuss efforts undertaken by critical infrastructure entities, including those in the banking, energy and water utility sectors, to improve cybersecurity and collaborations with the government. The tech executives are likely to discuss how software can drive better security in the supply chain, according to a senior official familiar with the event.

    The chief executives of companies including Alphabet Inc.’s Google, International Business Machines Corp., Southern Co. and JPMorgan Chase & Co. have also been invited, the senior official said.

    Reply
  22. Tomi Engdahl says:

    Issie Lapowsky / Protocol:
    UN-backed initiative Tech Against Terrorism adds the Taliban to its list of terrorist organizations and will alert tech companies when Taliban content is posted — A key UN-backed group that advises the tech industry on dealing with terrorist groups online has added the Afghan Taliban …

    Top tech group adds the Taliban to list of terrorist organizations
    https://www.protocol.com/tech-against-terrorism-taliban

    Tech Against Terrorism, a UN-backed initiative, will compile Taliban content in its database and alert tech companies when it appears on their platforms.

    A key UN-backed group that advises the tech industry on dealing with terrorist groups online has added the Afghan Taliban to its list of terrorist organizations, sending a signal to tech companies that are grappling with how to handle the Taliban’s takeover of the Afghan government.

    Since last November, Tech Against Terrorism, a group launched by the UN Counterterrorism Executive Directorate, has been assembling a database of known terrorist content called the Terrorist Content Analytics Platform, or TCAP. The TCAP was designed in part to alert tech companies when content from its database appears on their platforms. But until now, that database has included content from only a small subset of terrorist organizations, including ISIS and Al Qaeda, as well as far-right violent extremist groups, including the Proud Boys.

    “The Taliban was one of the groups that we have considered adding to the TCAP for a long time, however in light of recent events in Afghanistan and to provide clarity for the tech companies we work with on this (admittedly challenging) content moderation issue, we have decided to accelerate inclusion of official Taliban content,” Tech Against Terrorism wrote in a statement. “This decision is supported by designation in some jurisdictions, notably the EU, Canada, and the US Treasury.”

    Reply
  23. Tomi Engdahl says:

    Lily Hay Newman / Wired:
    Researchers find 1,000+ web apps, from Ford, American Airlines, and others, mistakenly exposed 38M records stored on Microsoft’s Power Apps service

    38M Records Were Exposed Online—Including Contact-Tracing Info
    https://www.wired.com/story/microsoft-power-apps-data-exposed/

    Misconfigured Power Apps from Microsoft led to more than a thousand web apps accessible to anyone who found them.

    More than a thousand web apps mistakenly exposed 38 million records on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases. The data included a range of sensitive information, from people’s phone numbers and home addresses to social security numbers and Covid-19 vaccination status.

    The incident affected major companies and organizations, including American Airlines, Ford, the transportation and logistics company J.B. Hunt, the Maryland Department of Health, the New York City Municipal Transportation Authority, and New York City public schools. And while the data exposures have since been addressed, they show how one bad configuration setting in a popular platform can have far-reaching consequences.

    The exposed data was all stored in Microsoft’s Power Apps portal service, a development platform that makes it easy to create web or mobile apps for external use. If you need to spin up a vaccine appointment sign-up site quickly during, say, a pandemic, Power Apps portals can generate both the public-facing site and the data management backend.

    Reply
  24. Tomi Engdahl says:

    Igor Bonifacic / Engadget:
    Poly Network says it has now recovered all of $610M in cryptocurrencies it lost to a hacker, and is in the process of returning them to their rightful owners — One of the most unusual cryptocurrency heists in recent memory has come to a close. On Monday, Poly Network …

    Poly Network says it has recovered all $610 million it lost in cryptocurrency heist
    The hacker behind the incident gave the company access to a final cache of funds.
    https://www.engadget.com/poly-network-161726337.html

    One of the most unusual cryptocurrency heists in recent memory has come to a close. On Monday, Poly Network, a decentralized finance platform that saw a hacker named “Mr. White Hat” exploit a vulnerability in its code to steal $610 million in Ethereum, Shiba Inu and other cryptocurrencies, says it has recovered all the money it lost in the theft.

    “At this point, all the user assets that were transferred during the incident have been fully recovered,” the company said in a Medium post. Poly Network is now working to return control of those digital currencies to their rightful owners, a process the company says it hopes to complete as soon as possible.

    The Poly Network hack took one strange turn after another. Less than a day after stealing the digital currencies, the hacker started returning millions and sent a token indicating they were “ready to surrender.” Everything was going smoothly until they locked more than $200 million in assets in an account that required passwords from both them and Poly Network. They said they would only provide their password once everyone was “ready.” At that point, Poly Network offered the hacker a $500,000 reward.

    Reply
  25. Tomi Engdahl says:

    What’s *THAT* on my 3D printer? Cloud bug lets anyone print to everyone
    https://nakedsecurity.sophos.com/2021/08/23/whats-that-on-my-3d-printer-cloud-bug-lets-anyone-print-to-everyone/

    late last week when he made some modifications to the TSD cloud code and inadvertently opened up printers on private networks, such as a home Wi-Fi setup, to the internet at large.

    The good news is that Jiang has now fixed the problem he mistakenly created, written up a full mea culpa article to describe what happened, and thereby retained the goodwill of many, if not most, of the makerpeople that find his service useful

    Reply
  26. Tomi Engdahl says:

    Ransomware gang’s script shows exactly the files they’re after
    https://www.bleepingcomputer.com/news/security/ransomware-gangs-script-shows-exactly-the-files-theyre-after/

    A PowerShell script used by the Pysa ransomware operation gives us a sneak peek at the types of data they attempt to steal during a cyberattack.

    When ransomware gangs compromise a network, they usually start with limited access to a single device.

    They then use various tools and exploits to steal other credentials used on the Windows domain or gain elevated privileges on different devices.

    Reply
  27. Tomi Engdahl says:

    Apple’s NeuralHash Algorithm Has Been Reverse-Engineered
    https://m.slashdot.org/story/389201

    Apple’s NeuralHash algorithm (PDF) — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered.

    Turns out it was already in iOS 14.3, and someone noticed:

    Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision: two images that hash to the same value. The next step is to generate innocuous images that NeuralHash classifies as prohibited content.

    Reply
  28. Tomi Engdahl says:

    Bahraini activists targeted with new iOS zero-click exploit https://therecord.media/bahraini-activists-targeted-with-new-ios-zero-click-exploit/
    A new Citizen Lab investigation published today has revealed the existence of a new iOS zero-click exploit that has been abused since at least February this year to hack into the iPhones of several Bahraini activists and political dissidents. Citizen Lab, a political, human rights, and cybersecurity research center at the University of Toronto, said it linked the new iOS exploit to NSO Group, a well-known Israeli company specializing in the sale of offensive hacking and surveillance technologies. Named FORCEDENTRY, the exploit was one of many offensive tools that were used to infect the devices with Pegasus, a surveillance tool developed by NSO Group. Citizen Lab said FORCEDENTRY had been used in a broader hacking campaign that began in July 2021 and targeted the devices of at least nine Bahraini activists.

    Reply
  29. Tomi Engdahl says:

    Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits https://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/
    We [Citizen Lab] identified nine Bahraini activists whose iPhones were successfully hacked with NSO Group’s Pegasus spyware between June 2020 and February 2021. Some of the activists were hacked using two zero-click iMessage exploits: the 2020 KISMET exploit and a 2021 exploit that we call FORCEDENTRY.

    Reply
  30. Tomi Engdahl says:

    FBI sends its first-ever alert about a ransomware affiliate’
    https://therecord.media/fbi-sends-its-first-ever-alert-about-a-ransomware-affiliate/
    The US Federal Bureau of Investigations has published today its first-ever public advisory detailing the modus operandi of a “ransomware affiliate.”. A relatively new term, a ransomware affiliate refers to a person or group who rents access to Ransomware-as-a-Service (RaaS) platforms, orchestrates intrusions into corporate networks, encrypt files with the “rented ransomware, ” and then earn a commission from successful extortions. Going by the name of OnePercent Group, the FBI said today this threat actor has been active since at least November 2020.

    Reply
  31. Tomi Engdahl says:

    CISA Releases Five Pulse Secure-Related MARs https://us-cert.cisa.gov/ncas/current-activity/2021/08/24/cisa-releases-five-pulse-secure-related-mars
    As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed five malware samples related to exploited Pulse Secure devices. CISA encourages users and administrators to review the following five malware analysis reports (MARs) for threat actor tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs), and review CISA’s Alert, Exploitation of Pulse Connect Secure Vulnerabilities, for more information.

    Reply
  32. Tomi Engdahl says:

    38 million records exposed by misconfigured Microsoft Power Apps.
    Redmond’s advice? RTFM
    https://www.theregister.com/2021/08/23/power_shell_records/
    Forty-seven government entities and privacy companies, including Microsoft, exposed 38 million sensitive data records online by misconfiguring the Windows giant’s Power Apps, a low-code service that promises an easy way to build professional applications. Security biz UpGuard said that in May one of its analysts found that the OData API for a Power Apps portal offered anonymously accessible database records that included personal details. As Microsoft explains in its documentation, “To secure a list, you must configure Table Permissions for the table for which records are being displayed and also set the Enable Table Permissions Boolean value on the list record to true.”

    Reply
  33. Tomi Engdahl says:

    “Petos on havaittu” vatsaa vääntävä huijausyritys leviää suomalaispankin nimissä
    https://www.tivi.fi/uutiset/tv/e6677305-e2ac-4923-8a32-28ebeee94e44
    OP:n nimissä levitetään kalasteluviestejä, joiden avulla huijarit yrittävät onkia pahaa-aavistamattomien asiakkaiden pankkitietoja.
    Vastaavia huijausviestejä on saapunut myös Tivin toimituksen lähipiirille. “Petos on havaittu. Tilisi on estetty turvallisuussyistä. Siirry osoitteeseen [vakuuttavalta vaikuttava osoite] vahvistaaksesi henkilöllisyytesi ja peruuttaaksesi maksun”, viestissä kirjoitetaan. Viestissä oleva linkki vaikuttaa ensisilmäyksellä uskottavalta, mutta viestissä olevat kirjoitusvirheet herättävät onneksi huomiota, jos osaa olla riittävän valpas.

    Reply
  34. Tomi Engdahl says:

    Nokia-Owned SAC Wireless Discloses Data Breach
    https://www.securityweek.com/nokia-owned-sac-wireless-discloses-data-breach

    United States-based Nokia-owned SAC Wireless has started sending notification letters to its current and former employees to inform them of a data breach that might have impacted them.

    In a notification letter filed with the Maine Attorney General’s Officer, the company said personal information of roughly 6500 individuals was compromised during a ransomware attack that was identified in mid-June.

    An investigation launched into the incident, the company says, has revealed that the attackers first compromised SAC Wireless’ systems in April 13.

    Reply
  35. Tomi Engdahl says:

    New iOS Zero-Click Exploit Defeats Apple ‘BlastDoor’ Sandbox
    https://www.securityweek.com/new-ios-zero-click-exploit-defeats-apple-blastdoor-sandbox

    Security researchers at Citizen Lab are documenting a new Apple iOS zero-click exploit being used to hijack data from fully patched iPhones in Bahrain.

    Citizen Lab said it found technical evidence connecting the new exploit to the Pegasus high-end spyware tool sold by controversial Israeli software vendor NSO Group.

    The appearance of a new zero-click iMessage exploit comes just eight months after Apple silently added a new, tightly sandboxed “BlastDoor” service into iOS to specifically parse untrusted data in iMessages to block zero-click exploitation.

    Reply
  36. Tomi Engdahl says:

    Hackers Claim to Have Data of 70 Million AT&T Customers
    https://www.securityweek.com/hackers-claim-have-data-70-million-att-customers

    A hacking group claims to be in the possession of a database containing private information on roughly 70 million AT&T customers, but the telecoms company says its systems have not been breached.

    Going by the name of ShinyHunters, the hacking group was involved in a series of high-profile incidents last year, including some involving Microsoft, Mashable, Minted, Tokopedia, and others.

    The threat actor has listed the AT&T database on underground forums, asking for as much as $1 million for the entire set, or $200,000 for access, according to RestorePrivacy, a website focused on raising awareness on privacy and security issues.

    Reply
  37. Tomi Engdahl says:

    OpenSSL Vulnerability Can Be Exploited to Change Application Data
    https://www.securityweek.com/openssl-vulnerability-can-be-exploited-change-application-data

    The OpenSSL Project on Tuesday announced the availability of OpenSSL 1.1.1l, which patches a high-severity vulnerability that could allow an attacker to change an application’s behavior or cause the app to crash.

    The flaw, tracked as CVE-2021-3711, has been described as a buffer overflow related to SM2 decryption.

    “A malicious attacker who is able to present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated,” the OpenSSL Project said in an advisory.

    The security hole, reported by John Ouyang, affects previous 1.1.1 versions of OpenSSL.

    OpenSSL users have also been informed about CVE-2021-3712, a medium-severity vulnerability that can be exploited for denial-of-service (DoS) attacks, and possibly for the disclosure of private memory contents, such as private keys. This issue has been fixed with the release of versions 1.1.1j and 1.0.2za.

    Reply
  38. Tomi Engdahl says:

    Michael Finnegan / Los Angeles Times:
    FBI says a man phished thousands of iCloud accounts via an email scam where he impersonated customer support, stealing 620K photos and 9K videos until mid-2018 — A Los Angeles County man broke into thousands of Apple iCloud accounts and collected more than 620,000 private photos and videos …
    La Puente man steals 620,000 iCloud photos in plot to find images of nude women
    https://www.latimes.com/california/story/2021-08-23/icloud-photo-theft-nude-women

    Reply
  39. Tomi Engdahl says:

    Joseph Cox / VICE:
    Some are raising concerns about harmful uses of “netflow data”, which helps map traffic flow across networks and that some ISPs allow to be sold to 3rd parties — ISPs are quietly distributing “netflow” data that can, among other things, trace traffic through VPNs. — Joseph Cox

    How Data Brokers Sell Access to the Backbone of the Internet
    ISPs are quietly distributing “netflow” data that can, among other things, trace traffic through VPNs.
    https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru

    Reply
  40. Tomi Engdahl says:

    Eavesdropping By LED
    https://hackaday.com/2021/08/25/eavesdropping-by-led/

    a new attack called “glow worm.” In this novel attack, careful observations of a power LED on a speaker allowed an attacker to reproduce the sound playing thanks to virtually imperceptible fluctuations in the LED brightness, most likely due to the speaker’s power line sagging and recovering.

    You might think that if you could see the LED, you could just hear the output of the speaker, but a telescope through a window 100 feet away appears to be sufficient.

    Reply
  41. Tomi Engdahl says:

    All supported versions of #FreeBSD are affected by various security bugs that need to be applied ASAP. For example, a memory corruption bug exists in the bhyve hypervisor. Another overwrite the stack of ggatec and potentially execute arbitrary code. https://www.cyberciti.biz/security/freebsd-bhyve-openssl-geom-libfetch-security-fixes-released/ #Unix #security #infosec

    Reply
  42. Tomi Engdahl says:

    Cybersecurity VC funding surges to a record $11.5B in 2021
    https://techcrunch.com/2021/08/25/cybersecurity-vc-funding-surges-to-a-record-11-5b-in-2021/?tpcc=ECFB2021

    The pandemic completely upended the threat landscape as we know it. Ransomware accounted for an estimated 2.9 million attacks so far in 2021, and supply-chain attacks that targeted Kaseya and SolarWinds have increased fourfold over 2020, according to the European Union’s cybersecurity agency, ENISA, which recently warned that the more traditional cybersecurity protections are no longer effective in defending against these types of attacks.

    This has created an unprecedented need for emerging technologies, attracting both organizations and investors to look closer at newer cybersecurity technologies.

    Reply
  43. Tomi Engdahl says:

    You guys better run.. Google and Microsoft are coming to get you especially if you are supported by a Russian or Chinese defense agency.

    Google and Microsoft promise billions to help bolster US cybersecurity
    https://www.theverge.com/2021/8/25/22642054/apple-amazon-google-microsoft-cybersecurity-billions

    Apple and Amazon are also offering new security trainings and devices

    Tech companies like Apple, Google, and Microsoft promised to help bolster US cybersecurity after a meeting with President Joe Biden at the White House on Wednesday. The pledges vary by company but range from spending billions on cyber infrastructure to offering supply-chain aid and education.

    Wednesday’s high-profile meeting with tech CEOs comes on the heels of major cyberattacks against US government agencies and energy infrastructure like the Colonial Pipeline.

    “THE FEDERAL GOVERNMENT CAN’T MEET THIS CHALLENGE ALONE”
    “The reality is, most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” Biden said at Wednesday’s meeting.

    Reply
  44. Tomi Engdahl says:

    Hundreds of thousands of Realtek-based devices under attack from IoT botnet
    https://therecord.media/hundreds-of-thousands-of-realtek-based-devices-under-attack-from-iot-botnet/

    A dangerous vulnerability in Realtek chipsets used in hundreds of thousands of smart devices from at least 65 vendors is currently under attack from a notorious DDoS botnet gang.

    The attacks started last week, according to a report from IoT security firm SAM, and began just three days after fellow security firm IoT Inspector published details about the vulnerability on its blog.

    Vulnerability impacts little know but very popular Realtek SoC
    Tracked as CVE-2021-35395, the vulnerability is part of four issues IoT Inspector researchers found in the software development kit (SDK) that ships with multiple Realtek chipsets (SoCs).

    Reply
  45. Tomi Engdahl says:

    Secret FBI Watchlist Leaks Online, and Boy Do the Feds Think a Lot of People Are Terrorists
    https://gizmodo.com/secret-fbi-watchlist-leaks-online-and-boy-do-the-feds-1847500747?utm_medium=sharefromsite&utm_source=_facebook

    The watchlist, which included 1.9 million records, was left exposed online for three weeks, according to the researcher who found it.

    Reply
  46. Tomi Engdahl says:

    FBI Palantir glitch allowed unauthorized access to private data
    https://nypost.com/2021/08/25/fbi-palantir-glitch-allowed-unauthorized-access-to-private-data/

    A computer glitch in a secretive software program used by the FBI allowed some unauthorized employees to access private data for more than a year, prosecutors revealed in a new court filing.

    Data recovered from Griffith’s Facebook and Twitter accounts, which was obtained through a federal search warrant in March 2020, was accessed on Palantir for more than a year by at least four FBI employees, all of whom work outside New York and were not investigating the case, prosecutors wrote.

    “When data is loaded onto the Platform, the default setting is to permit access to the data to other FBI personnel otherwise authorized to access the Platform,” prosecutors wrote in the letter.

    Reply
  47. Tomi Engdahl says:

    LITTLE-KNOWN FEDERAL SOFTWARE CAN TRIGGER REVOCATION OF CITIZENSHIP
    Known as ATLAS, the software mines various federal databases for derogatory information. It runs autonomously on Amazon servers.
    https://theintercept.com/2021/08/25/atlas-citizenship-denaturalization-homeland-security/

    Reply
  48. Tomi Engdahl says:

    https://hackaday.com/2021/08/26/razer-mouse-grants-windows-admin-privileges/

    Reply
  49. Tomi Engdahl says:

    China’s Microsoft Hack May Have Had A Bigger Purpose Than Just Spying
    https://www.npr.org/2021/08/26/1013501080/chinas-microsoft-hack-may-have-had-a-bigger-purpose-than-just-spying

    What Adair discovered was a massive hack into Microsoft Exchange — one of the most popular email software programs in the world. For nearly three months, intruders helped themselves to everything from emails to calendars to contacts. Then they went wild and launched a second wave of attacks to sweep Exchange data from tens of thousands of unsuspecting victims. They hit mom-and-pop shops, dentist offices, school districts, local governments — all in a brazen attempt to vacuum up information.

    Both the White House and Microsoft have said unequivocally that Chinese government-backed hackers are to blame.

    NPR’s months-long examination of the attack — based on interviews with dozens of players from company officials to cyber forensics experts to U.S. intelligence officials — found that stealing emails and intellectual property may only have been the beginning. Officials believe that the breach was in the service of something bigger: China’s artificial intelligence ambitions. The Beijing leadership aims to lead the world in a technology that allows computers to perform tasks that traditionally required human intelligence — such as finding patterns and recognizing speech or faces.

    “There is a long-term project underway,”

    Reply
  50. Tomi Engdahl says:

    “A product of the National Reconnaissance Office (NRO), Sentient is (or at least aims to be) an omnivorous analysis tool, capable of devouring data of all sorts, making sense of the past and present, anticipating the future, and pointing satellites toward what it determines will be the most interesting parts of that future.”

    IT’S SENTIENT
    Meet the classified artificial brain being developed by US intelligence programs
    https://www.theverge.com/2019/7/31/20746926/sentient-national-reconnaissance-office-spy-satellites-artificial-intelligence-ai

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*