Portland passes bans on facial recognition technology

The move comes from a unanimous vote by the Portland, Oregon City Council on two facial recognition tech bans. The first would ban the public use of the technology by city bureaus, including the police. The second ban effects the use of facial recognition in all private use in places of “public accommodation.” The first ban goes into effect immediately, while the second becomes effective January 1, 2021. Portland public schools are exempted from the bans. The bans allow for individuals to sue for violations, and establishes a new chapter of city code constraining the use of facial recognition by private entities.

(Venture Beat)

Bluetooth SIG publishes details on Blurtooth vulnerability

The vulnerability was published in a new security note, and impacts the Bluetooth standard Cross-Transport Key Derivation, or CTKD. The CTKD component is responsible for negotiating authentication keys during device pairing. Blurtooth attacks can either completely overwrite these authentication keys or downgrade them to use weak encryption, with all devices using Bluetooth 4 through Bluetooth 5.0 vulnerable to the exploit. Once overwritten on significantly weakened, this opens up affected Bluetooth devices to potential man in the middle attacks. No patch is available, with the Bluetooth SIG recommending users control the environment in which devices are paired as the best mitigation currently. Bluetooth 5.1 is not vulnerable to the attack. 

(ZDNet)

Microsoft detects attempted cyberattacks against US presidential campaigns

Microsoft announced its findings in a blog post, noting that attempted attacks against campaigns for both Donald Trump and Joe Biden were unsuccessful, and Microsoft notified both campaigns directly. Microsoft identified three specific groups in the post. Strontium, operating out of Russia, who focused on harvesting user credentials and logins from over 200 organizations tied to the US election. Zirconium operates out of China, and apparently targeted people and organizations tied to the campaign of Joe Biden and the larger international affair community using web beacons sent to targeted accounts. Finally the Iran-based Phosphorus group attempted to access the personal or work accounts of individuals working on Donald Trump’s campaign from May through June. 

(Microsoft)

Are cyberattacks the new snow days?

With remote learning becoming commonplace in light of COVID-19, calling off school due to inclement weather might be a thing of the past. But two school districts this week already had to delay the start of the school year by a day, with recent cyberattacks impacting school districts in Hartford, Conn. and Clark County, Nev. In the case of the Hartford attack, a ransomware attack took out critical systems, including a real-time bussing route backend, while the Clark County attack leaked personal information about school staff. According to research from Recorded Future, there have been nine recorded cyberattacks against school districts since July, in addition to four attacks against universities. Security researchers find that schools are often easy targets as they lack dedicated security teams. 

(Threat Post)

Thanks to our sponsor, Remediant

Remediant is a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management and one Fortune 100 company calls them “the world’s best protection against major incidents.” Remediant uniquely deploys & inventories thousands of privileged accounts in hours, locks down lateral movement & ransomware spread by removing standing privilege with a single action, and administers privileges just-in-time with MFA.

A new study finds Linux-based malware on the rise

The investigation comes from  Kaspersky Labs, which found that APT groups are increasingly targeting Linux-based devices and developing Linux-focused tools. Over the last eight years, Kaspersky saw over a dozen APT actors using Linux-based malware including the use of webshells, backdoors, rootkits and even custom-made exploits. This study comes the same day that security researchers at ESET published details on CDRThief, malware that targets VoIP softswitches running on standard Linux servers. This malware can exfiltrate call logs, IP address of call recipients, and length of the call. 

(InfoSecurity Magazine)

COVID-19 is accelerating zero trust security adoption

This finding comes from a new poll by Deloitte, which found that out of roughly 600 respondents, 37.4% were increasing the speed of adoption of zero trust security postures, with 35% not changing their rate of change, and 18% decreasing. Adopting strict access controls and not trusting users within a network perimeter is not without its challenges, the poll found the most common challenges with zero trust being a lack of skilled personnel and inadequate budget. 

(Security Magazine)

Raccoon Attacks could break TLS encryption

A group of security researchers published a paper outlining a new timing vulnerability in the TLS protocol that could technically allow attackers to break encryption. This Raccoon attack is possible because TLS allows for non-constant-time processing of  Diffie-Hellman secret keys. If a server reuses ephemeral keys, this side channel attack would allow for recovery of the premaster secret by handshaking with the same server and measuring the time it takes for the server to respond to the operations involved in deriving the shared key. The researchers note that while possible, this attack would require precise timing. F5, Microsoft, Mozilla, and OpenSSL have issued patches to mitigate the attack. 

(Hacker News)

Chinese embassy asks Twitter to investigate a potential account hack

This comes after China’s UK ambassador Liu Xiaoming’s official Twitter account liked adult content, posts criticizing the Chinese government, and pictures of detailed Uighurs Muslims. The likes were subsequently withdrawn, and Twitter has yet to comment.  

(BBC)