Telegram Traces Massive Cyber Attack To China During Hong Kong Protests*:
- Telegram founder Pavel Durov said a massive cyber-attack on his messaging service originated in China, raising questions about whether Beijing tried to disrupt a protest involving hundreds of thousands that erupted on the streets of Hong Kong.
- The encrypted messaging app said it experienced a powerful distributed denial of service attack after “garbage requests” flooded its servers and disrupted legitimate communications.
- Hong Kong is in the throes of political unrest as the Beijing-backed government attempts to force through controversial legislation that would for the first time allow extraditions to China, which protesters fear could be used to squelch government opposition.
- That proposal has ignited a widespread outcry, sending hundreds of thousands of protesters into the city’s streets and triggering violent clashes when demonstrators stormed the legislative chamber Wednesday.
- Hong Kong protesters have grown increasingly concerned about legal repercussions as Beijing tightens its influence over the former British colony and the local government prosecutes demonstrators.
- They’ve relied on encrypted services to avoid detection.
- Telegram and Firechat -- a peer-to-peer messaging service that works with or without internet access -- are among the top trending apps in Hong Kong’s Apple store.
- Many protesters masked their faces to avoid facial recognition and avoided using public transit cards that can be voluntarily linked to their identities.
- An administrator of a large local Telegram group was arrested Tuesday for allegedly conspiring to commit a public nuisance, the South China Morning Post reported.
- Hong Kong’s Legislative Council suspended a review of the bill for a second day Thursday amid the continued threat of protests.
- The city’s leader, Chief Executive Carrie Lam, is seeking to pass the legislation by the end of the current legislative session in July.
*Source: Bloomberg, June 13, 2019
Better Cybersecurity Research Requires More Data Sharing*:
- Good data on attacker tactics, security incidents, and breaches is key to identifying trends in cybersecurity, but datasets — even among academic researchers — are often not made public and just as often are of poor quality, according to security researchers who presented their conclusions at the annual Workshop on the Economics of Information Security (WEIS) conference.
- In a previous sampling of some 965 papers, a group of researchers from the University of Tulsa found that only 6% created their own datasets and made them public.
- Yet the value of such data exceeds $663 million just in cost savings to subsequent research efforts, according to a paper presented at the WEIS conference by the same group.
- Data is key to a variety of initiatives in cybersecurity.
- From training machine-learning systems to detect threats to analyzing whether breach regulations actually results in better defenses, researchers and security professionals need more and better datasets.
- Yet sharing of data — even among researchers — does not happen often enough, says Sam Ransbotham, co-chairman of the WEIS 2019 conference and associate professor of the Carroll School of Management at Boston College.
- Seven years after their original research into the costs of breaches, a group of researchers from the University of Cambridge pulled together the best data on current breach costs.
- The data is very scattershot and authoritative information is still not available, but the researchers are doing the best with the information they can obtain, Ransbotham says.
- The value of the data is significant, the University of Tulsa researchers found.
- In the paper they presented at the WEIS conference, Moore and the other researchers analyzed a collection of cybersecurity datasets funded by the US Department of Homeland Security (DHS) and known as IMPACT; they found that almost 2,300 people have requested data from the system. With the average dataset valued at $291,000 in saved costs, those requests total $663 million.
- In previous research, Moore and other University of Tulsa researchers found that of a sample of 965 research papers, 55% used data in some form.
- About 44% of those papers using data did not create their own dataset, while 56% did.
- Yet only 6% of 965 papers both created their own data and publicly shared that data, according to the University of Tulsa research.
*Source: Dark Reading, June 14, 2019
La Liga Fined €250,000 For Using Its App To Catch Illegal Soccer Streams*
- Spanish soccer league La Liga has been fined for inappropriately using its app to catch illegal streaming.
- The Spanish data protection agency charged La Liga with a fine of 250 thousand euros for violating several EU laws on transparency and data privacy, and ordered the app's removal by June 30th.
- The popular app -- used by over four million in Spain for displaying game results -- was found to be tapping into the location data and microphones of users to find bars that were illegally broadcasting games.
- But the league of Real Madrid and FC Barcelona isn't taking this lying down -- La Liga will be appealing the decision.
- La Liga in a statement to El País (translated from Spanish) expressed disappointment in the decision and accused regulators of not properly understanding the technology involved.
- The soccer league argued that users were asked twice by the app for their consent to access their phone's microphone, and did not store any actual audio from its users.
- Instead, La Liga claims that the technology behind the app only captures an "audio fingerprint", meaning that human voices would not be able to be deciphered.
- Still, regulators weren't convinced that app users knew what they were signing up for.
- Despite appealing the fine, La Liga plans to remove the microphone feature from its app by the end of the month.
*Source: EnGadget, June 11, 2019
Cetera Latest To Be Hit With Data Breach Of Personal Information*
- Cetera Financial Group is the latest in a growing number of financial advice firms to be hit with a data breach, putting information for about 2,000 clients at risk.
- The firm confirmed the number of clients whose information was potentially compromised more than two months ago.
- The firm did not provide any other information about the data breach.
- A network of six broker-dealers that house close to 8,000 financial advisers and registered reps, Cetera is offering clients who might be affected a complimentary, two-year membership to an identity theft protection and credit monitoring service.
- In an email from Cetera Financial Specialists to advisers, the company noted that "your clients' information continues to be of paramount importance to all of us at Cetera Financial Specialists."
- It has become increasingly common for financial advice companies and firms across the financial services industry to fall prey to breakdowns in computer security that wind up revealing personal information about clients or advisers.
- For example, in February Voya Financial Advisors Inc. told its brokers and financial advisers that a glitch on a biography webpage for its brokers put their Social Security numbers at risk of exposure.
- BlackRock Inc. made headlines in January when it was revealed that the company accidentally exposed confidential information involving about 20,000 financial advisers.
- And last month, InvestmentNews reported that Redtail Technology may have exposed personal client information that advisers store on Redtail's client relationship management software due to a data breach.
*Source: Investment News, June 13, 2019
8.4TB In Email Metadata Exposed In University Data Leak*
- An exposed database belonging to Shanghai Jiao Tong University exposed 8.4TB in email metadata after failing to implement basic authentication demands.
- The exposed server was discovered on May 22, 2019, by Cloudflare Director of Trust & Safety Justin Paine.
- As described on the Rainbowtabl.es security blog, Paine found the ElasticSearch database through a Shodan search.
- The open database contained 9.5 billion rows of data and was active at the time of discovery, given that its size increased from 7TB on May 23 to 8.4TB only a day later.
- The database belongs to Shanghai Jiao Tong University, a large academic institution based in China.
- The university caters for over 41,000 students in undergraduate to Ph.d. capacities.
- The information contained in the database was packaged up through Zimbra, a popular open-source email solution used by over 200,000 businesses worldwide.
- It appears that the bulk email cache related to email being sent "by a specific person," according to the researcher, and also included the IP addresses and user agents of those checking their email.
- Email threads between specific users could be seen, but it is worth noting that only the metadata was involved, and neither subject lines or email body content was exposed.
- A day after the discovery, Shanghai Jiao Tong University was notified of the open server. To the institution's credit, the leak was plugged within 24 hours.
- Shodan is becoming a common factor in researchers discovering open, unsecured databases and servers.
- Earlier this month, researchers from vpnMentor found an open database which exposed 85.4GB in security audit logs belonging to major hotel chains and independent resorts via a property management company.
*Source: ZDNet, June 10, 2019