Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for January 2020

US Pressures UK on Final Huawei Decision

US Pressures UK on Final Huawei Decision

The US made a last ditch bid to convince the British government to fall into line over Huawei this week, as newly introduced legislation proposed excluding allies from intelligence sharing agreements.

Secretary of state, Mike Pompeo, was expected to press his counterpart Dominic Raab at a meeting in Washington this week over the UK’s position on its 5G networks.

A final decision is expected to be taken by Boris Johnson’s new government later this month, but a government leak last April suggested the UK is happy to keep Huawei equipment in “non-core” parts of its networks.

That puts it at odds with a Trump administration that is trying to pressure allies into its harder line opposition to the Shenzhen-based company, which it claims is a national security risk due to its ties to the Communist Party of China.

“The security and resilience of the UK’s telecoms networks is of paramount importance,” a Foreign Office spokesperson told Reuters. “The government continues to consider its position on high-risk vendors and a decision will be made in due course.”

Also this week, Republican senator Tom Cotton introduced a new bill that would prevent Washington from sharing intelligence with any countries which allow 5G technology from Huawei to operate “within their borders.”

The legislation is seen as an attempt to put more pressure on the Five Eyes intelligence sharing alliance which includes the US, Australia, New Zealand, Canada and the UK.

Donald Trump last year declared a National Emergency to prevent “foreign adversaries” from providing equipment for its critical 5G network infrastructure. An entity list prevented US firms from selling key components to Huawei and scores of other Chinese companies.

However, its efforts to convince allies around the world to do the same has been met with mixed results, especially as blacklisting Huawei would set their development of 5G back considerably, while Trump's “America First” rhetoric makes the US a less convincing ally.

Source: Information Security Magazine

Facebook Improves Political Ad Transparency but Refuses Ban

Facebook Improves Political Ad Transparency but Refuses Ban

Facebook has revealed new capabilities to improve transparency and user control over political ads, but repeated its refusal to ban such advertising outright.

In a blog post on Thursday, director of product management, Rob Leathern, said updates to the Ad Library would help users shine a light on political ads delivered via the social network.

Specifically, users will soon be able to limit the number of political and social issue ads they see on Facebook and Instagram by topic, and remove interests.

They will also be able to stop seeing ads based on advertisers’ “Custom Audiences” — lists they use to target advertising. Users can also see ads that an advertiser had chosen to exclude them from receiving.

This is important because campaigners have argued that political candidates use online advertising to target different groups of voters with often conflicting messages, with neither side aware they are being promised contradictory things.

Users will also be able to see the estimated target audience size for an ad, and Facebook has improved the search and filtering functionality in the Ad Library to help researchers and journalists.

However, Leathern doubled down on the social network’s refusal to join Twitter in banning political ads outright, or Google in limiting the targeting of these ads.

“Ultimately, we don’t think decisions about political ads should be made by private companies, which is why we are arguing for regulation that would apply across the industry. The Honest Ads Act is a good example — legislation that we endorse and many parts of which we’ve already implemented — and we are engaging with policy makers in the European Union and elsewhere to press the case for regulation too,” he continued.

“Frankly, we believe the sooner Facebook and other companies are subject to democratically accountable rules on this the better.”

Experts have warned that, left unregulated, online political advertising could slowly chip away at the legitimacy of election results, especially if ads are micro-targeted. Rights groups have argued that, although strict rules apply to regular advertisers around factual accuracy, politicians can lie on the network without repercussions.

Source: Information Security Magazine

Dixons Carphone Receives Maximum Fine for Major Breach

Dixons Carphone Receives Maximum Fine for Major Breach

A major UK high street retailer has been fined the maximum amount under the pre-GDPR data protection regime for deficiencies which led to a breach affecting 14 million customers.

Privacy regulator the Information Commissioner’s Office (ICO) fined DSG Retail £500,000 under the 1998 Data Protection Act after POS malware was installed on 5390 tills.

The incident affected Currys PC World and Dixons Travel stores between July 2017 and April 2018, allowing hackers to harvest data including customer names, postcodes, email addresses and failed credit checks from internal servers, over a nine-month period.

The “poor security arrangements” highlighted by the ICO included ineffective software patching, the absence of a local firewall, and lack of network segregation and routine security testing.

“Our investigation found systemic failures in the way DSG Retail Limited safeguarded personal data. It is very concerning that these failures related to basic, commonplace security measures, showing a complete disregard for the customers whose personal information was stolen,” said ICO director of investigations, Steve Eckersley.

“The contraventions in this case were so serious that we imposed the maximum penalty under the previous legislation, but the fine would inevitably have been much higher under the GDPR.”

Eckersley claimed that the stolen data exposed customers to significant risk of follow-on identity fraud and financial theft, with almost 3300 of them contacting the ICO by March 2019 about the breach.

However, the retailer said it is considering an appeal.

“When we found the unauthorized access to data, we promptly launched an investigation, added extra security measures and contained the incident,” said CEO Alex Baldock in a statement.

“We duly notified regulators and the police and communicated with all our customers. We have no confirmed evidence of any customers suffering fraud or financial loss as a result.”

Another business in the group, Carphone Warehouse, was fined £400,000 by the ICO in 2018 for similar security issues.

Source: Information Security Magazine

Amazon Ring Workers Fired After Watching Users' Videos

Amazon Ring Workers Fired After Watching Users' Videos

Four employees of Amazon's home security company Ring have been fired after being caught snooping at users' videos. 

The online retail giant admitted terminating individuals over unauthorized access in a letter dated January 6 that was addressed to US senators Ron Wyden, Edward Markey, Gary Peters, Chris Van Hollen, and Christopher Coons. 

In the letter, Amazon states: "Over the last four years, Ring has received four complaints or inquiries regarding a team member’s access to Ring video data. Although each of the individuals involved in these incidents was authorized to view video data, the attempted access to that data exceeded what was necessary for their job functions. 

"In each instance, once Ring was made aware of the alleged conduct, Ring promptly investigated the incident, and after determining that the individual violated company policy, terminated the individual."

Amazon's letter was written in response to an earlier letter dated November 20 that was sent to the company by the aforementioned senators. In that letter, the senators asked Amazon to answer a long list of questions regarding the data and security practices of the Ring company and the security of its camera-bearing doorbell devices, which have been purchased in the millions.

One of the questions asked was "How many employees of Amazon and Ring have access to American users' camera data?" Amazon answered that R&D teams can only access publicly available videos and videos available from Ring employees, contractors, and friends and family of employees or contractors with their express consent.

"Aside from this," wrote Amazon, "a very limited number of employees (currently three) have the ability to access stored customer videos for the purpose of maintaining Ring’s AWS infrastructure."

The company said that Ring logs and monitors all access, adding that employees and contractors are warned that improper access to, or use of, confidential information or technology could result in termination.

The news puts a fly in the ointment of Ring's attempt to make users feel more secure by launching a "privacy dashboard" at the CES 2020 conference on Monday. The newly unveiled account control panel was designed to help users manage their access settings better and block intruders from viewing their video footage.

After a stream of headlines slamming the security of its video doorbell devices, this latest revelation could potentially push the Amazon-owned company one step closer to bringing down the curtain on its beleaguered devices.

Source: Information Security Magazine

UK Banks Foiled by Travelex Ransomware Attack

UK Banks Foiled by Travelex Ransomware Attack

The New Year's Eve cyber-attack on currency exchange bureau Travelex is disrupting services for UK bank customers. 

Travelex took all its systems offline as a precautionary measure after being hit by what it initially described as a "software virus" on December 31. On January 7, the company released a statement fingering the culprit as a type of ransomware known as Sodinokibi and also commonly referred to as REvil.

Although the malware has been contained, Travelex has so far been unable to resume normal operations, though the company has said that a number of internal systems are now back up and running normally. 

The ransomware attack is not only causing misery for Travelex and its customers but has also spurned a brouhaha for British banks that rely on the travel money giant. 

RBS, Sainsbury's Bank, First Direct, Virgin Money, and Barclays are among more than a dozen banks that have said their online foreign currency services are down as a result of the incident. 

Requests for foreign currency are being handled in-branch by many of the banks affected. 

According to the BBC, threat actors behind the ransomware attack are attempting to extort $6m from Travelex by encrypting the company's data. 

Travelex said on Tuesday that it was not yet clear what data had been affected by the incident. 

"To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated," Travelex stated on January 7.

Until normal service is resumed, Travelex is doing business the old-fashioned way. The company’s chief executive, Tony D’Souza, said: "Travelex continues to offer services to its customers on a manual basis and is continuing to provide alternative customer solutions in the interim."

With all the hullaballoo it seems that reporting the incident to the authorities may have slipped Travelex’s mind. Organizations are legally obliged to inform the Information Commissioner's Office (ICO) within 72 hours of becoming aware of a data breach; however, the ICO said on Tuesday that it had not received a data breach report from Travelex.

Source: Information Security Magazine

Accenture to Acquire Symantec's Cyber Security Services Business

Accenture to Acquire Symantec's Cyber Security Services Business

Accenture Security is to acquire Symantec's Cyber Security Services business from Broadcom.

No financial terms were disclosed regarding the acquisition, which is expected to close in March 2020, subject to customary conditions.  

The impending Symantec deal is the latest in a long line of acquisitions by Accenture Security in the threat intelligence and cybersecurity fields. Already in Accenture's cyber-stable are Deja vu SecurityiDefenseMaglanRedcoreArismore, and FusionX.

With this latest acquisition, Accenture Security has signaled its intention to become one of the main players on the managed security services stage.

“Cybersecurity has become one of the most critical business imperatives for all organizations regardless of industry or geographic location,” said Accenture’s CEO, Julie Sweet.

“With the addition of Symantec’s Cyber Security Services business, Accenture Security will offer one of the most comprehensive managed services for global businesses to detect and manage cybersecurity threats aimed at their companies.”

The cybersecurity services arm of Symantec operates from six operations centers set in Australia, India, Japan, Singapore, the UK, and the US. 

Included in Symantec’s portfolio of cybersecurity services are global threat monitoring and analysis through a network of security operation centers, real-time adversary and industry-specific threat intelligence, and incident response services. 

Once the acquisition is complete, Accenture hopes to be able to offer clients a more personalized cybersecurity service.

Kelly Bissell, senior managing director of Accenture Security, said: “Companies are facing an unprecedented volume of cyber threats that are highly sophisticated and targeted to their businesses, and they can no longer rely solely on generic solutions. This acquisition is a game-changer and will help Accenture provide flexibility rather than a ‘one size fits all’ approach to managed security services. 

“With Symantec’s Cyber Security Services business, we can now bring clients our combined expertise fine-tuned to their industry with tailored global threat intelligence powered by advanced analytics, automation and machine learning.”

Symantec’s Enterprise Security business, now a division of Broadcom, is headquartered in Mountain View, California, and its Cyber Security Services business includes more than 300 employees around the world who serve top-tier organizations across a diverse range of industries, including financial services, utilities, health, government, communications, media, technology, and retail.

Source: Information Security Magazine

Interpol Reduces Cryptojacking Infections by 78%

Interpol Reduces Cryptojacking Infections by 78%

Interpol is celebrating after a region-wide operation led to a drastic reduction in the number of routers in southeast Asia infected with cryptomining malware.

Operation Goldfish Alpha began in June 2019 after intelligence identified over 20,000 compromised routers in the ASEAN region, accounting for nearly a fifth (18%) of global infections.

Over the succeeding five months of the operation, law enforcers and CERT staff from Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam worked together with private sector organizations including Trend Micro.

Their mission: to locate the infected routers, alert the victims and patch the devices.

Their efforts led to a 78% reduction in the number of infected routers, with efforts continuing to identify and patch the remaining devices, Interpol said.

The policing organization hailed the support of the Cyber Defense Institute and Trend Micro in helping with information sharing and analysis, as well as providing crucial guidelines for patching infected routers and advice on preventing future infections.

“When faced with emerging cybercrimes like cryptojacking, the importance of strong partnerships between police and the cybersecurity industry cannot be overstated,” said Interpol’s director of cybercrime, Craig Jones.

“By combining the expertise and data on cyber-threats held by the private sector with the investigative capabilities of law enforcement, we can best protect our communities from all forms of cybercrime.”

Trend Micro explained in a blog post that its guidance document detailed how to detect and remove the Coinhive JavaScript being used by hackers to mine for cryptocurrency on affected MicroTik routers.

The firm claimed cryptojacking was its most detected threat in the first half of 2019, in terms of file-based threat components.

“Unlike serious data breaches, phishing attacks, ransomware and banking Trojans, cryptojacking doesn’t have a major impact on the victim. They don’t lose sensitive personal data, there’s no risk of follow-on identity fraud and they’re not extorted for funds by being locked out of their PC,” it continued.

“However, it’s not without consequences: cryptomining malware can slow your home network to a crawl while running up serious energy bills. It may even bring your home computers to a premature end. Also, there’s always the risk with any kind of malware infection that hackers may switch tactics and use their footprint on your home machines to launch other attacks in the future.”

Source: Information Security Magazine

Police to Implement Facial Recognition at Cardiff-Swansea Football Match

Police to Implement Facial Recognition at Cardiff-Swansea Football Match

South Wales Police has announced that it will be deploying facial recognition technology at the upcoming Premier League football match between Cardiff City FC and Swansea City FC at Cardiff City Stadium this Sunday, 12 January.

In a statement, South Wales Police said: “We will be deploying our facial recognition technology at key areas ahead of the match to assist in identifying those have been issued with banning orders and may attempt to attend the game.”

This comes after the same technology was used by the police when the two teams played each other earlier in the season, a move that, despite causing some controversy regarding privacy concerns, was found to be legally justified and proportionate by the High Court back in September 2019.

Assistant chief constable Andy Valentine said: “This is only the third time in more than two-and-a-half years that the technology has been utilized at a football match and is intended to prevent disorder that has in the past affected matches involving both clubs.

“We are deploying Automated Facial Recognition to prevent offences by identifying individuals who are wanted for questioning for football-related offences or who have been convicted of football-related criminality and are now subject to football banning orders that preclude them from attending.

Football banning orders are issued by the court to those who have misbehaved at a previous football game and hence this provides us with a clear rational in our strategy to prevent any crime and disorder, he added.

“In line with our standard operating procedures, the data of all those captured by the technology on the day, but not on the watch list, will have their data instantaneously deleted.  

However, the news has once again raised privacy concerns and critical comments from the likes of Big Brother Watch, Football Supporters’ Association Wales and North Wales Police and Crime Commissioner Arfon Jones, along with security experts.

Jake Moore, cybersecurity specialist at ESET, said: “Facial recognition software is still very much in its early stages of production and there are many instances of it making mistakes or false positives.

“Something needs to be done in such large gatherings of people but until such a system is in place that can be completely trusted in terms of security and it’s function, I think it could do more harm than good.” 

In November 2019, the UK’s privacy watchdog raised “serious concerns” about police use of facial recognition technology, and called for the introduction of a statutory code of practice to govern when and how it should be deployed.

Source: Information Security Magazine

TikTok Patches Critical Account Takeover Bugs

TikTok Patches Critical Account Takeover Bugs

TikTok has been forced to patch several critical vulnerabilities which may have allowed hackers to hijack user accounts and steal personal data.

Check Point researchers discovered the flaws in the wildly popular social media platform, including one SMS link spoofing bug affecting a feature on the main TikTok site that lets users send a message to their phone to download the app.

This could allow attackers able to find out a victim’s phone number to send them a custom malicious link, enabling them to take over an account and delete videos, post content and make private videos public.

Check Point also discovered a cross-site scripting (XSS) vulnerability in an ads subdomain of the main TikTok site; specifically in a help center section. This could allow attackers to inject malicious JavaScript into the site to harvest personal user account info, the firm warned.

These bugs were amplified by the lack of anti-cross-site request forgery mechanism, it added in a blog post.

“Social media applications are highly targeted for vulnerabilities as they provide a good source for private data and offer a good attack surface,” explained Check Point head of product vulnerability research, Oded Vanunu.

“Malicious actors are spending large amounts of money and putting in great effort to penetrate into such huge applications. Yet most users are under the assumption that they are protected by the app they are using.”

TikTok patched the bugs in its latest version of the app, although security concerns about the company persist in Washington, thanks to its Chinese ownership.

Beijing-based ByteDance bought the app from US firm in 2017, but given its popularity in the States, lawmakers are becoming increasingly uneasy about the purchase.

Reports suggest that both the US Army and Navy have banned servicemen and women from using the app on government-issued devices.

In the meantime, the increasingly powerful Committee on Foreign Investment in the United States (CFIUS) has launched an inquiry into whether the user data TikTok collects represents a national security risk. 

Source: Information Security Magazine

Cyber-Attacks Hit UK Firms Once Per Minute in 2019

Cyber-Attacks Hit UK Firms Once Per Minute in 2019

UK businesses were deluged with cyber-attacks in 2019, with the average firm hit by over half a million attempts to compromise systems, according to new stats from Beaming.

The Hastings-based business Internet Service Provider (ISP) extrapolated the findings from data on its own corporate customers across the country.

It calculated the average number of attacks aimed at a single business last year was 576,575, around 152% higher than the 281,094 recorded in 2018 and the highest since the ISP began analyzing this kind of data in 2016.

That means UK businesses were forced to repel 66 attacks per hour on average in 2019.

The firm identified 1.8 million unique IP addresses responsible for the attacks last year, just under a fifth (18%) of which were located in China. However, this is more an indication of the sheer number of potentially hijacked machines based in the country rather than the origin of the attackers.

There was a fairly big drop to second placed Brazil (7%), which was followed by Taiwan (6%) and Russia (5%) in terms of originating IP addresses for attacks.

Attackers most commonly targeted network device admin tools and IoT endpoints like connected security cameras and building control systems, according to Beaming. These suffered 92,448 attacks in total last year, while 35,807 were targeted at file sharing applications.

Beaming managing director, Sonia Blizzard, described 2019 as the “worst year on record” for cyber-attacks against UK firms, claiming that most were “completely indiscriminate.”

“Most business leaders, particularly at the smaller end of the spectrum, still don't recognize the threat or incorrectly assume that their broadband router and antivirus systems will be sufficient to keep them safe,” she continued.

“With the number of companies falling victim to cybercrime increasing each year, it is clear that most need to do more to protect themselves. We advise businesses to put in place multiple layers of protection, use methods such as two-factor authentication, and to secure their data while it travels over the internet.”

Source: Information Security Magazine