MENTIS Ships Upgraded Enterprise Data Security Platform*:
- MENTIS, an enterprise data security provider, announced a new release of its platform, designed to improve security in critical data stores such as unstructured data, data in the cloud, and data in mainframe databases.
- The new release includes data security solutions that tackle sensitive data risks along the full information cycle.
- MENTIS founder Rajesh Parthasarathy commented, “Our segregation of duties functionalities means MENTIS 8 also allows stakeholders across the IT, business, and security and compliance groups to collaborate to achieve consistent data security.”
- In addition to a discovery solution for sensitive data, the platform also includes static and dynamic data masking, continuous monitoring, and retirement solutions for meeting security and compliance mandates.
- MENTIS’ masking includes conditional and location-aware dynamic data masking, along with tokenization and format-preserving encryption anonymization methods with customizable libraries.
*Source: DBTA, November 28, 2016
Google Accounts Hit with Malware*:
- More than a million Google accounts have been hit by malicious software called Gooligan according to security firm Check Point, with an additional 13,000 devices hit per day.
- It's malware that infects devices and steals their authentication tokens to breach data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive and other programs.
- The malware attack is said to be the biggest single theft of Google accounts on record.
- In a blog post about the attack, Google said it has found no evidence that Gooligan has accessed user data or that specific groups of people have been targeted.
- Gooligan belongs to a family of malware called Ghost Push, a Trojan horse type of attack in which the malicious software poses as legitimate apps for Android.
- Names of the malicious apps include StopWatch, Perfect Cleaner and WiFi Enhancer.
- The Gooligan apps come from third-party app stores or websites, instead of the Google Play store, where the company has more authorization over apps.
- People who are worried that their Google accounts may be compromised can consult the Check Point website.
*Source: CNET, November 30, 2016
FBI’s New Hacking Powers Take Effect This Week*:
- The FBI and other law enforcement agencies will be able to search multiple computers across the country with a single warrant thanks to a controversial rule change that takes effect.
- The legal process for government hacking has been a contentious topic, especially in light of a high profile investigation known as “Playpen” in which the FBI placed tracking software on the computers of child pornography suspects across the country.
- Civil liberties groups have warned Rule 41 represents a dangerous expansion of the government’s surveillance power, and will lead law enforcement bodies to “forum shop” – seeking warrants in districts where a judge is most likely to grant them.
- The controversy has also led a bipartisan group of lawmakers to call for a halt to the new Rule 41 powers until Congress has had time to study it.
- The Electronic Frontier Foundation, which has led opposition to the rule change, says Congress can still change or halt the bill once it goes into effect.
- Rule 41 came about as part of a regular review of criminal procedure conducted by a conference of federal judges.
- After several years weighing the rule and a public comment period, the conference then submitted the suggested rule change to the Supreme Court, which then approved it to go into effect.
*Source: Fortune, November 30, 2016
Bank Hackers Have a New Trick to Get Ransom Money*:
- Here’s one type of bank hack we don’t see often – rather than go for money directly, hackers breached a bank to steal customer data.
- They used that data to blackmail victims unless affected customers pay 10% of their deposits in Bitcoin.
- Attackers got the data from a Chinese-owned bank based in the small European country.
- Customers of Valartis Bank Liechtenstein have been contacted by hackers who demanded 10% of their life savings to avoid having their financial details set to finance authorities and the media.
- Hackers may have stolen gigabytes of account information and correspondence since October last year.
- The attackers want to be paid in Bitcoin to avoid detection, and they have set a December 7th deadline for the payments.
- The hackers claim that the bank decided not to pay them for security services, which is why they resorted to extortion practices.
*Source: BGR, November 29, 2016
Germany Planning to Massively Limit Privacy Rights*:
- Germans will no longer have the right to know what data about them is being collected.
- A draft law released by the German union for data protection (DVD) this week revealed that the interior ministry was proposing to drastically limit the powers of Germany's data protection authorities, banning them from investigating suspected breaches of people's medical and legal records.
- The bill would also shut down citizens' right to know what data is being collected about them, even by private firms, if releasing the information would seriously endanger a company’s business.
- DVD chairman Frank Spaeing described the law as a "data protection prevention law" and called on various ministries to intervene on behalf of people’s civil rights.
- Perhaps most contentiously, the draft allows the government to deny people the basic right to know what personal data is being collected if "the release of the data endangers public safety and order…”
- Other state data authorities that were contacted did not want to react publicly to the proposals until they had agreed on a joint response.
*Deutsche Welle, November 25, 2016
Tech Giants Push Back Against China’s New Cyber Security Bill*:
- Tech companies are pushing back against China’s controversial new cyber security bill that requires companies to share proprietary source code with Beijing.
- Under the new regulations, China will require software companies, network-equipment manufacturers and other technology companies to disclose their source codes in order to prove their products cannot by infiltrated by hackers.
- Tech companies are arguing that the disclosure policy does not ensure such safety, and may even heighten the risk of their code falling into the wrong hands.
- Intel, Microsoft, and IBM alongside various Chinese tech companies have come out against the new regulations.
- Intel argued that the new regulations will hinder innovation and as Fortune previously reported the broad scope of the new laws may make foreign tech companies think twice about the risks of doing business in China.
- Beijing assured foreign investors that the new cyber security bill would not hamper foreign businesses.
*Source: Fortune, December 02, 2016
Talk Talk and Post Office Routers Knocked Offline in Cyber Attack*:
- A cyber-attack has left tens of thousands of Post Office and Talk Talk broadband customers without internet this week.
- The Post Office said around 100,000 of its customers had been affected; Talk Talk did not say how many of its broadband subscribers were hit, but confirmed that a minority were affected.
- The attack also hit Hull's internet provider Kcom, and left 900,000 of Germany's Deutsche Telekom customers unable to connect to the internet earlier this week.
- It is not known who is responsible for the attack, but it is similar to a hack in October in which cyber criminals exploited vulnerabilities in internet connected cameras and video recorders to take control of them and launch a distributed denial of service attack.
- No personal data is compromised in such attacks, which affect the infrastructure of websites and computer servers.
*Source: Telegraph, December 01, 2016