Russian Cozy Bear APT 29 hackers may be impersonating State Department

Cozy Bear, or APT29, the Russian state-sponsored cyber-espionage group, appears to be active again, and it is thought to be impersonating the United States State Department in a large spear-phishing campaign.  

Neither CrowdStrike nor FireEye has directly blamed Cozy Bear, saying attribution is still in progress, but FireEye noted, “This campaign has targeted over 20 FireEye customers across: Defense, Imagery, Law Enforcement, Local Government, Media, Military, Pharmaceutical, Think Tank, Transportation, and US Public Sector industries in multiple geographic regions.”

Other cybersecurity news:

Windows 10 update creates network and security issues

Microsoft confirmed that Windows 10 October 2018 Update, aka version 1809, has caused issues that involve losing network access. The same re-released Windows 10 update has compatibility issues with some Trend Micro security products.

Some Windows Insiders were outraged after an update to the Windows 10 Mail app enabled ads for non-Office 365 subscribers. Careful not to get whiplash, as Microsoft had posted and then deleted an FAQ about the ads in Mail for Windows 10. Frank Shaw, lead communications spokesman for Microsoft, said, “This was an experimental feature that was never intended to be tested broadly and is being turned off.”

Amazon blocks public access to S3 storage buckers

Perhaps we will hear of fewer AWS S3 data storage bucket leaks now that Amazon Web Services has rolled out new security features, including an option to block public access to S3 buckets.

Trump signs bill that creates new cybersecurity agency

U.S. President Donald Trump signed a cybersecurity bill into law on Friday. The Cybersecurity and Infrastructure Security Agency Act names the Department of Homeland Security’s National Protection and Program Directorate as the head of this new cybersecurity agency.

Voxox database misconfiguration exposes over 26M text messages and more

The communications company Voxox failed to protect a server with a password, resulting in the exposure of “a massive database” that contains over 26 million text messages, as well as “password reset links, two-factor codes, shipping notifications,” and other personal information. “The ability to access two-factor codes in near real-time could have put countless number of accounts at risk of hijack,” security researcher Dylan Katz told TechCrunch.

Facebook denies trying to hide Russian interference with election

Facebook’s Sheryl Sandberg denied claims made in a New York Times report that she and Mark Zuckerberg were reluctant to come clean about the Russian interference with the 2016 election.

Federal charges against Julian Assange tied to Russian hacking

Federal prosecuters accidentally revealed that criminal charges have been filed against WikiLeaks founder Julian Assange. The charges apparently are related his ties to the Russian government and its hacking.

Vulnerabilities and cyber attacks

• Hacking ATMs is just too easy, according to a new report by Positive Technologies (pdf). Of the tested ATMs, 69 percent were vulnerable to Black Box attacks. The firm warned, “Performing the entire attack—connecting the device to the ATM, bypassing security, and collecting the cash—would take just 10 minutes on some ATM models.”
• While certainly not the first to show how easily fingerprint biometric security can be undermined, New York University researchers used a neural network to generate fake fingerprints, dubbed DeepMasterPrints, which work like a master key does to locks. They were able to imitate more than one in five prints, opening up the possibility of fingerprint-based dictionary attacks.

  Interesting research on creating synthetic fingerprints that can match a large number of real fingerprints. These would be Master Prints, just like we have Master Keys for locks. #GAN https://t.co/YzNjfHzZpB pic.twitter.com/2n39On45pP

  — Mikko Hypponen (@mikko) November 13, 2018

• Beware the “Kitten of Doom” DoS attack, which involves sending 100 emojis to a target’s Skype for Business or Lync client. SEC Consult Vulnerability Lab warned that if besieged with emojis, the instant messaging client will not be usable until the attack ends.
• Juniper Threat Labs discovered that attackers are actively scanning for misconfigured publicly exposed Docker services in the cloud in order to add their own containers and infect them with Monero miners. The infection chain spreads automatically via utilities and scripts.
• Hardware version A of D-Link DIR-850L wireless routers need updated firmware, as the devices have an authentication bypass vulnerability. Synopsys, which discovered the hole, warned, that the flaw “allows clients to communicate with the router without completing the full WPA handshake.” If successfully exploited, an attacker could “join the router’s network without the required credentials and mount further attacks against users of the network.”
• After software developer Tim Cotton disclosed a “strange” Gmail bug that could be used as a phishing vector, it led to others revealing a collection of other Gmail-related bugs.
• Imperva published a report about a patched Facebook privacy bug that could have allowed websites to extract private information about users and their contacts.
• The founder of Privacy4Cars, a mobile app for scrubbing PII from modern vehicles, warned of “CarBlues” malware, which spreads via Bluetooth to exploit infotainment systems. The hack allegedly would allow attacker to “access stored contacts, call logs, text logs, and in some cases even full text messages without the vehicle’s owner/user being aware – and without the user’s mobile device being connected to the system.”
• A group of researchers revealed seven new Meltdown and Spectre attacks.
• NBC Chicago warned that hackers can “easily drain” cash from Zelle, a popular mobile banking app for transferring money; over 100 banks use Zelle.
• A plethora of security firms are urging users to be careful about buying online Black Friday and Cyber Monday sales, as the shopping season is a peak time for scammers.