Cyber Security Headlines – September 8, 2020

Visa discovers new skimming malware

The company’s Payment Fraud Disruption unit discovered the Baka skimmer back in February, ultimately finding seven severs distributing the malware. Baka’s attack vector is similar to other skimming malware, with data exfiltration using image requests and configurable target form fields.But the skimmer loads dynamically, removing itself from memory when data is successfully exfiltrated or if it detects the possibility of dynamic analysis that could detect it. Visa recommends scanning for C2 communications, vetting third-party code and CDNs, and patching of shopping carts.

(Info Security Magazine)

The US issues a space policy directive on cybersecurity

The directive is the fifth space policy directive released by the Trump administration, and is designed to encourage the government and the private sector to create new space vehicles with cybersecurity part of the  design, build, and operation planning. This includes using encrypted communications and trusted supply chains, as well as protecting systems against jamming and spoofing. Sources speaking on background to The Verge wouldn’t comment on specific threats the directive is responding to, but said that security incidents do regularly occur in the industry. 

(The Verge)

Netwalker ransomware hits Argentina’s immigration systems

This attack was revealed in a criminal complaint from Argentina’s national cybercrime agency. The complaint disclosed that at 7am on August 27th, the country’s Directorate of Technology and Communications began receiving technical support calls from immigration checkpoints. Initial reports show that the ransomware began hitting Microsoft office files, with officials shutting down servers to stop the spread. This partially incapacitated the country’s Comprehensive Migration Capture System, causing a suspension of all border crossings for four hours. The attackers initially asked for a $2 million ransom, which the government said it refused to pay. 

(Bleeping Computer)

Apple clarifies how it handles user data requests from Hong Kong

When Hong Kong’s new data security law went into effect, several tech companies, including Microsoft, Twitter and Google, announced they would stop processing user data requests from Hong Kong over concerns about how the data would be used. In contrast, Apple said it was “assessing” the law. In response to questions by TechCrunch, Apple clarified that it doesn’t receive user data requests directly from Hong Kong, rather these are passed on by the US government after review as part of a mutual legal assistance treaty. All Hong Kong user data is stored in the US, so any requests for data must be approved by the Justice Department, with a warrant issued by a US federal judge before being handed over. Apple also said it received a limited number of non-content requests from Hong Kong, related to fraud and stolen devices, which will be included in its next transparency report.  


Thanks to our sponsor, Remediant

Remediant is a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management and one Fortune 100 company calls them “the world’s best protection against major incidents.” Remediant uniquely deploys & inventories thousands of privileged accounts in hours, locks down lateral movement & ransomware spread by removing standing privilege with a single action, and administers privileges just-in-time with MFA.

The US considers adding SMIC to the Entity list

The news comes from the US Defense Department, which said it is working with other agencies to determine if actions by the Semiconductor Manufacturing International Corp, merit requiring a government license in order for US companies to sell technology to it. SMIC is the fifth largest semiconductor maker in the world. According to sources speaking to the Washington Post, the Defence Department has warned of SMIC supplying chips and technology that benefit the People’s Liberation Army in the past. 

(The Washington Post)

Apple delays changes to device ID collection

Apple told the Information it has pushed back the change until 2021 to give developers more time to adapt. Apple announced at WWDC that in iOS 14 it would start requiring users to opt in to sharing their device ID for tracking purposes like advertising. Facebook recently told its ad customers it might have to stop operating its Audience Network product on iOS as a result of the change. 


A new study looks at the state of biometric regulation

MIT Technology Review highlighted a new report by the AI Now Institute, which looks at 8 case studies of biometric regulation across the world, spanning city, state, and national efforts, as well as non-profits. The report highlights large centralized biometric databases found in India and Australia, which have increasingly been found to encroach into law enforcement applications despite existing data protection laws. The report also found that user consent as a legal tool for biometric data usage was largely broken. Instead the study found approaches that forbid biometric data collected for one use from being used in other contexts to be much more effective. Another finding was that the International Committee of the Red Cross found a way to leverage biometric information without creating a large database that might be used by governments. The organization created cards that hold a user’s biometric data for humanitarian welfare, but aren’t linked back to a centralized database.

(MIT Technology Review)

Prison phone service leaks personal data online

The communication service Telmate left an unsecured database containing tens of millions of call logs, private messages, and personal information about inmates and their contacts online. The database was discovered by security researcher Bob Diachenko on August 13, 2020, who notified Telmate’s owner Global Tel Link. The company took the database offline within three hours of the disclosure. The database was indexed by the search engine BinaryEdge on August 13th, but it’s unclear how long it was online. Payment information was not included in the database. 


Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.