Week of January 12, 2018


Week of January 12, 2018

The Looming Digital Meltdown*:

  • A new class of security vulnerability – a variety of flaws that affect almost all major microprocessor chips – was announced at the beginning of 2018.
  • The news prompted a rush of fixes, ruining the holiday vacations of system administrators worldwide.
  • We have built the digital world too rapidly; many of the early layers of construction were never meant to guard so many valuable things like personal correspondence and finance.
  • Almost all modern processors make predictive movements, with revealing traces left behind, and hackers can take advantage.
  • Since the problem is built into the hardware, fixing this class of problems may also be prohibitively expensive.
  • Modern computing security is like a flimsy house that needs to be fundamentally rebuilt.
  • In recent years, we have suffered small collapses here and there and made superficial fixes in response, but we need better ways to make systems more secure.

*Source: New York Times, January 06, 2018


Swift Institute Challenges University Teams to Tackle Data Privacy Under Open API*:

  • The academic research arm of interbank payments network Swift is calling on Australian-based students to devise new ways and means of protecting personal information in an open banking environment.
  • With the Australian government’s plans to foster competition and support a growing fintech community by introducing secure data-sharing, major lenders will have to provide more detailed information about their customers to credit agencies.
  • The Swift Institute's 2018 competition will address the issue of data privacy in an Open API environment.
  • The final presentations will be taking place on 24 October 2018 at Swift's annual international banking event – and the winning concept will receive a check for A$30,000.
  • The director of the Swift Institute commented, “The issue of how to keep personal information safe in an open environment is increasingly a question that banks are trying to tackle as open banking becomes more prevalent. This competition will challenge students to provide innovative solutions to this global industry issue.”

*Source: Finextra, January 08, 2018


Florida Phishing Attack Exposes Data for 30,000 Medicaid Recipients*:

  • Florida’s Agency for Health Care Administration has warned that a phishing attack compromised data for as many as 30,000 Medicaid recipients.
  • One of its staffers fell for a “malicious phishing email,” giving hackers access not only to identifying info like names, addresses, and Medicaid ID numbers, but also diagnoses and medical conditions.
  • The agency claimed there was "no reason to believe" the info had been abused, but that's not much consolation.
  • It's not clear who was responsible for the attack or what their motivations might be.
  • The breach illustrates how medical networks continue to be fragile: an email is all it took to directly expose the most sensitive data of thousands of users.
  • The AHCA is taking a step to resolve this by training staff on security measures, but they might not see a lasting solution until private info is further separated from the outside world.

*Source: Engadget, January 07, 2018


Cyber-Attack Could Lead to Inadvertent Nuclear Strike, Think Tank Warns*:

  • Nuclear strikes could be launched by mistake because aging or unsophisticated weapons systems are vulnerable to cyber-attacks, an international relations think tank warned Thursday.
  • A hack could lead to false information being passed to decision makers during a crisis.
  • The report said nuclear weapons systems were first developed at a time when computer capabilities were in their infancy and little consideration was given to potential malicious cyber vulnerabilities.
  • The report comes as the U.S. officials grow increasingly concerned that North Korea might use cyberattacks alongside conventional weapons.
  • Intelligence officials have long ranked the rogue regime among the world's most dangerous cyber actors trailing only Russia, China and Iran.
  • The FBI also suspects North Korea was behind a $81-million cyber-heist of the Bangladesh central bank's account at the Federal Reserve Bank of New York.
  • The US is also using cyberwarfare to disrupt North Korea’s weapons program, and was blamed for the April 2017 failure of a rocket that disintegrated seconds after being launched.
  • The report also reveals the likelihood of attempted cyberattacks on nuclear weapons systems “is relatively high and increasing.”

*Source: NBC news, January 11, 2018


To Protect Aadhaar Privacy, UIDAI Launches 16-Digit Virtual ID*:

  • The UIDAI introduced a new concept of 'Virtual ID' which Aadhaar-card holder can generate from its website and give for various purposes, including SIM verification, instead of sharing the actual 12-digit biometric ID.
  • The Virtual ID, which would be a random 16-digit number, together with biometrics of the user would give any authorized agency like a mobile company, limited details like name, address and photograph, which are enough for any verification.
  • A user can generate as many Virtual IDs as he/she wants and the older ID gets automatically cancelled once a fresh one is generated.
  • The Virtual ID will be a temporary and revocable 16 digit random number mapped to a person's Aadhaar number.
  • Agencies that do not migrate to the new system to offer this additional option to their users by the stipulated deadline will face financial disincentives.
  • The move aims to strengthen the privacy and security of Aadhaar data and comes amid heightened concerns around the collection and storage of personal and demographic data of individuals.
  • Users can go to the UIDAI website to generate their virtual ID which will be valid for a defined period of time, or till the user decides to change it.

*Source: News18, January 10, 2018


Sneaky Malware Disguises Itself as an Adobe Flash Player Installer*:

  • A state-sponsored hacking operation is targeting diplomats, using a new attack that bundles malware with a legitimate software update.
  • The attacks are targeting embassies and consulates in eastern European post-Soviet states and have been attributed to Turla, a well-known advanced persistent threat group.
  • Researchers note that some private companies have been infected, but that they're not the main targets of the campaign.
  • Security researchers are still unsure as to how the attackers are bundling their payload alongside a Flash player installer.
  • The Turla group relies on a web app hosted on Google Apps Script as a command-and-control server for JavaScript-based malware.
  • Once a user runs the software, the attackers are able to open backdoors and drop malware onto the compromised machine.
  • Some of the victims have been infected with other Turla-related malware such as ComRAT or Gazer, suggesting there's a strong link between the campaigns.

*Source: ZDnet, January 09, 2018


UIDAI Firewalls 5,000 Officials Post ‘Breach’*:

  • The Unique Identification Authority of India (UIDAI) restricted the access of all designated officials – numbering about 5,000 – to the Aadhaar portal after a report said demographic details of those enrolled in the system were available for as little as Rs 500.
  • UIDAI has overhauled its system to enable access only by entering the biometrics of the person whose details were sought to be verified.
  • The price mentioned above was enough to get an administrator-level login ID and password.
  • Under the earlier system, state governments had authorised certain officials who had “limited” access.
  • Under the new system, access needs to be authenticated by the fingerprint of the Aadhaar holder and the data available will be restricted to that person.
  • UIDAI had denied that its security protocols were faulty and has filed a police complaint in the wake of the news report.
  • In the past six months, UIDAI has been encouraging all private operators to shift their centres into the premises of government establishments.
  • While about 4,000 centres have moved into banks and post offices, another 26,000 are in the process of doing so.
  • All telecom operators who use Aadhaar authentication for their mobile subscribers have also been encouraged to use UIDAI-registered biometric devices.

*Source: Economic Times, January 09, 2018


Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

scroll top