Another week goes by, and the world of cybersecurity is abuzz with a range of activity, as always. We know that keeping abreast with all these happenings can be taxing if done one at a time, and hence, we have gathered the top headlines for you, to skim through and gain insight into the progress that took place in cybersecurity throughout the past week.

Splinternet On The Cards Due To US-China Trade War

Although the U.S-China trade dispute is likely to be resolved shortly, their competition against each other is unlikely ever to end. Both countries always strive to outsmart the other, in terms of tech dominance, and this can lead to the creation of two different tech worlds, which would then impact components like the internet. A split on the internet is on the cards if this enmity persists and if that happens, then splinternet (split internet) would be governed by different regulations in different jurisdictions.

What awaits?

  • The presidents of both the nations have offered international observers reassurances that they are working on resolving their trade dispute after agreeing to a freeze on any further tariffs.
  • However, this does not ensure that the competition between them shall end too. They are still as keen on outshining the other, as they were before. And this very fact shall possibly lead to the rise of two separate tech ecosystems according to Hans-Paul Burkner.
  • The speculation of this split seems inevitable because the U.S. and China have already begun competing for support.
  • Though this split might happen someday for real, right now, it is still a distant truth as China still has a lot to do before it begins winning market share in the rest of the world. But sooner or later, Chinese tech giants like Huawei shall become global players.

 

‘Russia’s Google’ Yandex Hacked To Spy On User Accounts

Russian internet search company Yandex, which is considered the ‘Google’ of Russia, was hacked by Western intelligence agencies in late 2018, according to a report by Reuters.  They used a rare type of malware called ‘Regin’ to give shape to their ill motives of spying on user accounts. Regin is employed by the “Five Eyes” intelligence-sharing alliance of  Canada, The United States, Britain, New Zealand, and Australia, and when this attack happened, they refused to make any comment which makes everyone suspicious of their involvement in the attack.

Whether these countries are behind the attack is still not known. The data breach happened between October and November 2018. However, the good thing here is that the Yandex authorities took care of everything before any damage could be caused to them. Yandex spokesman Ilya Grabovsky claimed that their security team had informed that no user data was compromised because of the attack.

With more than 108 million monthly users in Russia alone, and a thousand others in Belarus, Kazakhstan, and Turkey, Yandex helps many gain access to information on the web. In search of technical details explaining how Yandex authenticates user accounts, attackers must have launched the attack, but luckily for Yandex, no information was leaked.

 

Facebook Removes Accounts That Were Infusing Malware

Hackers who had spread a malware campaign via Facebook messages had their accounts deleted by Facebook recently. This scheme of spreading malware through malicious links that impersonate news pieces related to the ongoing political scenario in Libya has been going on since 2014. As a means of stopping these, Facebook has shut down more than 30 accounts spreading malware. There are over tens of thousands of people who had their systems infected with trojans (RATs) as a result of this malware campaign.

How were the users targeted?

Known as “Operation Tripoli,” this malware campaign used the political situation in Libya to lure victims into clicking the links that they had attached to their Facebook messages. However, Facebook itself was not breached in this campaign.

The origins of the malicious campaign

This campaign was first spotted when researchers reached a Facebook page that pretended to be the commander of Libya’s National Army, Khalifa Haftar. Surprisingly, this fake page which was created April 2019, has more than 11,000 followers, and shares posts with political themes, proving that there are plenty of innocent people out there who are oblivious of its fraudulent nature.

 

The Merger Of Alphabet’s Cybersecurity Company Chronicle With Google’s Cloud Business

Later this year, Alphabet is all set to merge its enterprise security company Chronicle, with Google Cloud.

With origins in Alphabet’s experimental projects lab, Chronicle began functioning in January 2018 and has been one of Alphabet’s “Other Bets,” which are Google sister companies aiming to produce the next significant tech innovation. Chronicle released its first product, ‘Backstory’ in March, which assists security teams in preparing for possible threats.

The amalgamation shall happen in the weeks to come, but it’s not clear if the CEO of Chronicle – Stephen Gillett, shall continue leading Chronicle.

 

An Unattended MongoDB Database Leaks Public Data 

Data of millions of users was out on the web, for access by anybody and everybody for a long time, before it was finally brought down by concerned authorities. Information about personal life and medical insurance of many users stored on a database, that belonged to insurance marketing website MedicareSupplement.com remained exposed. This involved the records of as many as 5 million users.

U.S.-based marketing site MedicareSupplement.com facilitates easy and hassle-free access to supplemental medical insurance available in the area. Last week, researchers found a publicly-available MongoDB database that was online for many days. The exposed data was without any password or any authentication protecting it and was a part of the website’s marketing leads database.

What are the losses?

  • What’s even more distressing is that almost 239,000 records reflected the customer interests in medical insurance, auto, and supplemental insurance, etc., which certainly is information, that nobody prefers to have publicized.
  • Apart from this, the losses also include the personal data belonging to 5 million users associated with MedicareSupplement.com. This includes their names, addresses, IP addresses, email addresses, dates of birth, and gender.

What has been done?

  • After having identified the vulnerability in the database, access to the database has been completely stopped.
  • This was followed up by the installation of a property security configuration.
  • Customers whose data had been exposed have been informed to be on guard for spam and email phishing attacks.

 

phishing attack prevention

Gay Dating App “Jack’d” Penalized For Data Breach

A $240,000 fine has been imposed on LGBTQ dating app, for ignoring the privacy policy they uphold, and for leaking user data and nude pictures.

The app “Jack’d” has a user base of over thousands and has been downloaded more than 5 million times across the globe. This app that caters to the romantic needs of gay and bisexual men, however, has been ignoring a severe privacy flaw for over a year, in spite of the defect being pointed out by a researcher – Oliver Hough. Way back in February 2018, the authorities of Jack’d and its parent company “Online Buddies” had been informed that the pictures of users that are meant to appear on the private column were available for public access, but there was absolutely no action from their part until a year later when the media began featuring this news.

What are the losses?

  • As a consequence of the ignorance of the authorities, private images of almost 2,000 users remained exposed via an insecure Amazon Web Services Simple Storage Service (S3) bucket.
  • The unheeded flaw also led to loss of user profile photos, nude pictures, and user locations, in short, data that can put users at risk of arrest in certain countries.
  • Additionally, user’s device ID, operating system version, last login date, and hashed password, and the time they last used the app, were also revealed because of this breach.

 

Patches Released For Several Severe Flaws In IBM Spectrum Protect

IBM recently released patches for many of the critical and high-severity weaknesses in a range of its products, particularly in its IBM Spectrum Protect tool. These flaws have the potential to cause a remote attacker to execute arbitrary code on impacted systems.

IBM has disclosed seven CVEs among its tools which are found to be affected, that include IBM’s Planning Analytics data analysis tool, IBM Security Guardium data protection platform, and the IBM Daeja ViewONE web-based image viewer.

Here is a list of the flaws that have been detected and patched:

  • CVE-2019-4087: The flaw CVE-2019-4087 affects the servers and storage agents that are to be protected by Spectrum Protect, IBM’s data security platform that centralizes control for enterprise backup and recovery. Impacted versions include 7.1 and 8.1 versions of the platform.
  • CVE-2019-4088: The flaw CVE-2019-4088 in the IBM Spectrum Protect enables a local attacker to gain elevated privileges on impacted systems. Triggered by loading a specially crafted library via the ‘dsmqsan’ module of the platform, this flaw enables a local attacker to gain root privileges on the vulnerable system.
  • CVE-2019-4140: The flaw CVE-2019-4140 in IBM Spectrum Protect enables a local user to replace existing databases by restoring old data.
  • CVE-2019-4129: The flaw CVE-2019-4129 in IBM’s operations center enables a remote attacker to obtain sensitive information.
  • CVE-2019-4292: The flaw CVE-2019-4292 in IBM Security Guardium 10.5, enables a remote attacker to upload arbitrary files, which in turn allows the attacker to execute arbitrary code on the vulnerable web server.
  • CVE-2019-4134: The flaw CVE-2019-4134 in IBM Planning Analytics 2.0 can lead to credentials disclosure.
  • CVE-2019-4260: The two medium-severity glitch CVE-2019-4260 in IBM Daeja ViewONE Virtual 5.0 – 5.0.5 is an information disclosure glitch.

All users who have the affected versions are requested to update to version 8.1.8 or 7.1.9.300 by going to their official website.

 

Tiktok Next In The Line Of Apps Penalized On The Grounds Of A Security Breach

Chinese video-sharing app Tiktok, which was formerly known as Musical.ly, is very popular among adolescents and pre-teens. With such a young user base, specific special security measures ought to be adopted by the company for the safety of its naïve users. The U.K.’s Information Commissioner’s Office is investigating into the matter, and in February, it penalized the Chinese video sharing app with a fine of $5.7 million, for illegally collecting children’s personal information.

Investigation continues to find out whether TikTok had violated the EU’s data privacy law called GDPR (General Data Protection Regulation), which says that companies must provide specific protections related to children’s data.

What is a privacy flaw?

The U.S. Federal Trade Commission (FTC) informed that TikTok doesn’t notify parents that it has gathered and used the personal data of users under the age of 13, in addition to saying that strangers could easily send messages to users with private accounts.

TikTok had over 500 million monthly active users in February 2019 and ranked third in the list of most downloaded apps, both in Apple’s App Store and Google Play.

 

Alexa Voice Recordings Remain In The System, Even After Users Delete Them

Amazon admitted that Alexa voice recordings remain saved in its systems, long after a user manually deletes them. This puts Amazon’s voice assistant privacy policies in a questionable position.

Amazon announced via a letter that consumers have the option to delete their recordings – but this doesn’t mean that the company or third-party developers may not still be able to access the customers’ interactions with Alexa. Though Amazon claims that it stores data to improve their services, it still doesn’t help customers feel at ease, knowing that somebody out there can access their search history, long after they have deleted it.

What is Amazon’s line of defense?

In its defense, the company said that they delete the transcripts associated with the customer’s account of both of the customer’s request and Alexa’s response when a customer removes a voice recording. They further added that efforts are being made to ensure that those transcripts do not remain in any of Alexa’s other storage systems. But the company reiterates its point that they may still need to retain other records of customers’ Alexa interactions, including records of actions Alexa took in response to the customer’s request.

 

China Allegedly Installs Malware On Tourists’ Phones To Extract Data

The Chinese government once again has been alleged for creating a malware that is much ahead of its time and deletes itself once the goal is achieved. It is said that the malware BXAQ is installed by Chinese border agents at various checkpoints, by forcing foreigners trying to enter the Xinjiang region, to install it on their smartphones. This malware extracts text messages, calendar entries, phone contacts, and call log details of tourists. The primary objective behind this dictatorial cybercrime is to use the collected information to confiscate propaganda material on Islamic extremism.

What is the Modus Operandi?

Research at many security firms, such as Citizen Lab of the University of Toronto, and the Ruhr University of Bochum, has revealed that the malware BXAQ is composed of tools such as CellHunter and MobileHunter. BXAQ tries to collect as much information as possible, and once it is done, it sends all the information to a server, controlled by the Chinese authorities. The malware is designed in such a way that it gets auto-removed from the device once its mission is accomplished.