WhatsApp Privacy Under Threat
- France and Germany plan to ask the European Commission to force technology companies to limit the encryption used to keep messages private.
- The rule is being proposed as a way of helping governments monitor communications between suspected terrorists.
- Allowing authorities and making it possible to read any specific message also stops all of them from being fully private.
- As well as being used in messaging apps, encryption ensures that banking transactions and other important and intimate information is kept private.
- Similar intentions have been announced by the UK government in the past; those are still up for debate.
Source: Independent, 23, August 2016
Apple Issues Critical iOS Update
- Security researchers have identified a three-headed monster that could be used to record sounds, collect passwords, read text messages, record calls and track users.
- All iOS versions 9.3.4 and below are vulnerable.
- The attack utilizes a mobile spyware product, ‘Pegasus,’ created by NSO Group, an Israeli cyber warfare company.
- Using one of three known iOS 9.3.4 security vulnerabilities – dubbed ‘Trident’ – the exploit is capable of hijacking an iPhone or iPad with a single click.
- Apple released an iOS update containing the patch (iOS 9.3.5).
- If you’re currently running iOS 9.3.4 (or older), it’s imperative to update your device immediately.
*Source: The Next Web, August 26, 2016
Private Lives Are Exposed As WikiLeaks Spills Its Secrets
- WikiLeaks' giant data dumps have rattled the National Security Agency, the U.S. Democratic
- Party, and the Saudi foreign ministry.
- Its spectacular mass-disclosures have also included the personal information of hundreds of people.
- WikiLeaks' mass publication of personal data is at odds with the site's claim to have championed privacy, drawing criticism from long-time allies.
- In a series of tweets following the publication of the AP's story, WikiLeaks dismissed the privacy concerns as "recycled news" and said they were "not even worth a headline."
- WikiLeaks' purported mission is to bring censored or restricted material "involving war, spying and corruption" into the public eye, describing the trove amassed thus far as a "giant library of the world's most persecuted documents."
- The library is growing quickly, with half a million files from the U.S. Democratic National
- Committee, Turkey's governing party and the Saudi Foreign Ministry added in the last year.
- The Saudi diplomatic cables alone hold at least 124 medical files, according to a sample analyzed by AP. Some described patients with psychiatric conditions, seriously ill children or refugees.
- Medical records are widely counted among a person's most private information and the number of people affected easily reaches into the hundreds.
- Experts say WikiLeaks’ apparent refusal to do the most minimal screening is putting even its own readers at risk.
Source: Big Story, August 23, 2016
$378,000 Malware Attack On Thai Bank
- The Government Savings Bank (GSB) of Thailand shut down nearly half of its ATMs following a
- malware attack that cost about $378,000.
- GSB shut down roughly 47 percent of its ATM network when it disabled service to approximately
- 3,300 of its 7,000 machines.
- The decision follows GSB’s discovery that five Eastern Europeans stole $378,000 from 21 of its machines in six provinces.
- The footage shows them inserting electronic cards made in Ukraine into the 21 ATMs, which had
- previously been infected with malware.
- They withdrew money directly form the bank, not from customers’ accounts.
- Investigators are currently looking for suspects, and GSB has sent infected hard disks of the affected ATMs to NCR for analysis.
- Some investigators believe the same group of thieves used ATM malware to steal over $2 million from banks in Taiwan in July.
Source: Trip Wire, August 25, 2016
Eddie Bauer Reports Intrusions Into Point Of Sale Network
- Clothing store chain Eddie Bauer has become the latest in a growing list of organizations to
- suffer a breach of its point-of-sale systems.
- The company announced that unknown intruders had broken into its network and planted malware for capturing payment card data from its POS network.
- It appears all 370 Eddie Bauer stores across the United States and Canada were impacted by the intrusion, though not all transactions between January and July 2016 were compromised.
- Eddie Bauer CEO Mike Egeck said the company is working with the FBI, cyber-security firms and the credit card associations to mitigate fallout from the intrusion.
- The string of breaches recently has heightened concerns about POS systems becoming a weak link in the US payment system chain even as credit card companies have tried to bolster security by migrating everyone to smart-cards.
Source: Dark Reading, August 19, 2016
Poor Security 'Aided' Ashley Madison Hack
- The Toronto-based firm's security systems were investigated by privacy watchdogs in Canada and
- Australia following the attack on Ashley Madison in July 2015.
- Avid Life Media, which owns Ashley Madison, has already said it will abide by the report's findings to improve the way it handles data.
- The report released this week revealed that Avid Life violated privacy laws in both countries thanks to the lax way it oversaw data that users surrendered to it when they signed up.
- Although the site billed itself as "100% discreet" it did not do enough to protect personal data because well-known security safeguards were "insufficient or absent".
- The failings found in the report included system passwords being held in plain text on easy-to-access internal servers and in emails and text files that were regularly passed around within the company.
Source: BBC, August 23, 2016
Cyber Firm Wary Of China
- While the West sees Russia as a cyber-predator, hackers in the East increasingly view it as prey.
- Cases of Chinese hacking of Russian industries including defense, nuclear, and aviation rose almost threefold to 194 in the first seven months of this year from 72 in the whole of 2015.
- The hacking is going on “despite the officially promoted friendship between Russia and China and accords on cyber security, cooperation and non-aggression.”
- Computer hacking allegations have strained relations with the U.S. after the FBI was said to have high confidence that Russian intelligence was behind attacks on Democratic Party groups; Russia has denied any involvement.
- Russia and China signed an information-security agreement pledging not to attack each other in May last year.
- Chinese malware used against Russia includes more than 50 families of Trojan viruses that attacked 35 companies and institutions this year.
Source: Bloomberg, August 26, 2016