CHB Cybersecurity Briefing 19/08/19

CHB Cybersecurity Briefing 19/08/19

by Cameron Hunter Bell


Apologies for the disruption for the past two weeks. BlackHat and DefCon got in the way. Normal service will be resumed from this week.

MONDAY BRIEFING

  • More than a million fingerprints and other sensitive data have been exposed online by a biometric security firm, researchers say. Researchers working with cyber-security firm VPNMentor say they accessed data from a security tool called Biostar 2.
  • MPs in Mozambique have revised the country’s penal code to criminalise digital snooping.
  • [Africa] Anyone who now gains access to phones, computers or other gadgets belonging to someone else without permission will face up to two years in prison.
  • U.S. Cyber Command, the sister division of the National Security Agency focused on offensive hacking and security operations, has released a set of new samples of malware linked to North Korean hackers. The military unit tweeted Wednesday that it had uploaded the malware to VirusTotal, a widely used database for malware and security research.
  • A cyber-attack on the UK's biggest forensic services provider led to a backlog of 20,000 samples ... Eurofins Scientific was targeted by a "highly-sophisticated" ransomware virus in June, which led British police to suspend work with the company.
  • The US Navy is replacing touch screen controls on destroyers, after the displays were implicated in collisions.
  • Federal prosecutors say the suspect charged in a massive data breach at Capital One may have hacked more than 30 other organisations. Paige A. Thompson, a 33-year-old former Amazon employee from Seattle, was arrested last month after the FBI said she obtained personal information from more than 100 million Capital One credit applications. There is no evidence the data was sold or distributed to others.
  • In a Cosmopolitan hotel suite 16 stories above the Def Con cybersecurity conference, a team of highly vetted hackers tried to sabotage a vital flight system for a U.S. military fighter jet. And they succeeded. It was the first time outside researchers were allowed physical access to the critical F-15 system to search for weaknesses. And after two long days, the seven hackers found a mother lode of vulnerabilities that — if exploited in real life — could have completely shut down the Trusted Aircraft Information Download Station, which collects reams of data from video cameras and sensors while the jet is in flight.
  • China's largest video-streaming platform has apologised after it mistakenly said a typhoon had killed everyone in Shandong province - home to around 99 million people.
  • A teenage hacker has been ordered to hand over £400,000 and given a criminal behaviour order after targeting high profile social media accounts.
  • Middle East Eye said "This is Woke" it was created by a communications agency as part of a UK government counter-terror program.

BIGGER BITES

A look at the Windows 10 exploit Google Zero found this week

Ars Technica: A privilege escalation bug found in Windows has been lurking for more than 20 years, but finally got fixed this week. The bug, found by Google's Project Zero, could've allowed an attacker to gain system/root privileges by exploiting a flaw in Microsoft's Text Services Framework. More: Project Zero | MSRC

Hackers found serious flaws in a U.S. military fighter jet

Washington Post ($): From Def Con, several highly vetted hackers tried — and succeeded(!) — in sabotaging a U.S. military fighter jet. It's the first time hackers were allowed access to a critical F-15 system. They soon found a vulnerability that could've shut down the Trusted Aircraft Information Download Station, which collects reams of data from video cameras and sensors while the jet is in flight. The Air Force admitted that it was expecting some of the worst flaws after "decades of neglect" of cybersecurity as a key issue. More: @Joseph_Marks

U.S. spy chief asks Congress to reauthorize NSA call records program

The New York Times ($): In his last act as U.S. spy chief, Dan Coats asked Congress to reauthorize the recently-suspended NSA call records collection program after several issues of massive inadvertent over-collection. The legal authority — Section 215 of the Patriot Act — expires at the end of the year. It's the same call records program that Edward Snowden disclosed — which saw Verizon turn over daily records of its customer call logs to the NSA. Coats suggested despite the legal issues, the call records program might one day prove useful again. Background: Associated Press | Reuters

Hacker site’s incriminating database published online by rival group

Ars Technica: Hacker turf war, commence: Hackers from Raidforums recently hit the site of rival hacking forum Cracked.to, spilling 321,000 records on its members. Have I Been Pwned reported the breach. It contained private messages, along with usernames, email addresses and IP addresses of buyers. It's an example of how "blatantly" the fraud economy operates, according to cybercrime expert @ThirdEmilyMore: @haveibeenpwned

DeVos-linked adoption agency exposed children's medical data

Motherboard: Bethany Christian Services, one of the nation's largest adoption agencies, left highly sensitive medical data on dozens of children on its website without a password, according to @josephfcox. The charity is linked to the family of U.S. education secretary Betsy DeVos. More: @jason_koebler

ECB shuts down website after hack

Reuters: The European Central Bank shut down one of its websites this week after it was hacked. Its Banks' Integrated Reporting Dictionary (BIRD) website provides bankers with information on how to produce financial reports. But malware injected into the site allowed the hackers to scrape names, email addresses, and the titles of subscribers. The breach came to light during maintenance work, according to the ECB, and dated back to December 2018. More: ECB

Cybercom has posted malware linked to North Korea

TechCrunch: U.S. Cyber Command, the NSA's sister agency, has released a set of new samples of malware linked to North Korean hackers. The offensive security military unit posted the malware belonging to APT38, a group linked to but entirely separate from the Lazarus Group, which the U.S. blamed for the WannaCry attack in 2017. The malware in question, Electric Fish, allows data to be exfiltrated from a network back to a server run by the malware operator. More: @CNMF_VirusAlert | Background US-CERT

If you wish to submit a story, event, research or article to the CHB Cybersecurity Briefing, please email [email protected] The information contained within the brief is gathered from current, open source data supplied through contacts within diplomatic posts, law enforcement agencies & UK intelligence services. Credit to Dillitas International Risk and Zack Whitaker at Tech Crunch.

This information keeps you informed of current security situations and risks within the UK and internationally. Please forward this briefing to colleagues. You can follow Cameron on Twitter @CamHunterBell.


About the Author

Cameron is a UK InfoSec veteran and an experienced innovation strategist. He speaks regularly at conferences and industry events about commercial strategy, ecosystem creation and business design. In 2009, he helped found the cyber security startup Vacta Ltd, which was integrated into the ECS Group in 2012. Cameron has successfully implemented innovation programs for several multinational defence, logistics, automotive manufacturers and financial service providers. He previously established the highly successful Berlin Studio for Idean (now part of the CapGemini Invent Group), specialising in service and ecosystem design for autonomous automotive. More recently, Cameron led the team delivering LORCA, the new 13.5M London cyber innovation centre, for Plexal in association with Deloitte, CSIT Belfast and the UK Department for Culture Media and Sport. Cameron advises Casta Spes Technologies, an AI driven robotics startup tackling the challenge of physical perimeter security.


The article has been originally published at: https://www.linkedin.com/pulse/chb-cybersecurity-briefing-190819-cameron-hunter-bell/


August 19, 2019

Leave a Reply

avatar

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
Notify of

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013