this week in security — march 22 edition
|MC_PREVIEW_TEXT|
~this week in security~ a cybersecurity newsletter by @zackwhittaker (https://twitter.com/zackwhittaker)
volume 3, issue 12
View this email in your browser (|ARCHIVE|)
~ ~ It’s a lighter than usual newsletter this week. Turns out when you’re in the throes of a pandemic, everything else slows down to a near-absolute standstill. That said, this newsletter will keep going every Sunday, bringing you as much cybersecurity news as there is from the week. ~ ~
** THIS WEEK, TL;DR
Israel enables emergency surveillance powers to prevent coronavirus spread (https://www.bbc.com/news/technology-51930681) BBC News: To say this is disconcerting is a wild understatement. Israel has approved new measures that will allow the nation’s spy agencies, including Shin Bet, to track phone data of those suspected of being infected with coronavirus to inform others who may have come into contact with the virus. Naturally, Israel’s Association of Civil Rights said it was a “dangerous precedent.” It really is. Imagine if the NSA knew who you’d been in contact with… (oh wait.) The New York Times also has a pretty good, detailed write-up (https://www.nytimes.com/2020/03/16/world/middleeast/israel-coronavirus-cellphone-tracking.html) . More: New York Times ($) (https://www.nytimes.com/2020/03/16/world/middleeast/israel-coronavirus-cellphone-tracking.html) | TechCrunch (https://techcrunch.com/2020/03/18/israel-passes-emergency-law-to-use-mobile-data-for-covid-19-contact-tracing/)
Password found to rescue victims of malicious Android coronavirus tracker app (https://www.scmagazine.com/home/security-news/news-archive/coronavirus/password-found-to-rescue-victims-of-malicious-covid-19-tracker-app/) SC Magazine: A new kind of Android ransomware, known as CovidLock, has been cracked. The disguised coronavirus map locks a user’s phone and demands a ransom payment to get the data back. But the master password to unlock the ransomware was found and published, so anyone affected can get their devices and data back. More: DomainTools (https://www.domaintools.com/resources/blog/covidlock-update-coronavirus-ransomware) HHS sees an uptick in network scanning, not a DDoS (https://www.cyberscoop.com/hhs-cyberattack-coronavirus-ddos/) Cyberscoop: Thank your friendly neighborhood cyber reporters for getting this right. News broke this week that U.S. Health and Human Services was under a DDoS attack. Turns out that wasn’t the case. Actually what happened was an uptick in benign network scanning (https://twitter.com/gregotto/status/1239570685040697349) in the midst of the coronavirus outbreak. HHS said there was no breach, and that everything was basically fine. Just a reminder that scanning or pinging a network doesn’t count as an intrusion… but you knew that. More: @gregotto tweets (https://twitter.com/gregotto/status/1239570685040697349) | ABC News (https://abcnews.go.com/Health/facing-coronavirus-pandemic-us-confronts-cyber-attacks/story?id=69653329)
How coronavirus is impacting U.S. intelligence networks across the world (https://time.com/5806522/coronavirus-intelligence-networks/) Time: Here’s an interesting read on spies working from home. Obviously human-sourced intelligence will take a blow, but how spies work on other things — while maintaining protections for classified material — is interesting, given classified networks under the level of “secret” can’t be used from home. In other words, it’s going to slow things down and the spy world isn’t nearly equipped to handle a crisis that relies on people working from home. More: Reuters (https://www.reuters.com/article/us-health-coronavirus-cia/no-spying-from-home-in-cias-coronavirus-plan-idUSKBN21339Z) ~ ~ SUPPORT THIS NEWSLETTER
Thanks to everyone who reads this newsletter! Subscribers are going up, as are the monthly costs. If you can spare $1/month (or more for exclusive perks (https://www.patreon.com/posts/mugs-are-on-way-32666051) ), it helps to maintain the upkeep of this newsletter. You can contribute to the Patreon (https://www.patreon.com/thisweekinsecurity) here. ~ ~
** THE STUFF YOU MIGHT’VE MISSED
Shadowserver, a critical internet safeguard, is running out of time (https://www.wired.com/story/shadowserver-cisco-internet-cybersecurity/) Wired ($): Shadowserver has been keeping the internet safe for some 15 years through its invaluable work of taking down command and control servers used by malware operators. Wired’s story explains just how important Shadowserver is for keeping the internet as safe as it is. (In other words, it could be a lot, lot worse.) But the non-profit’s funding is drying up after Cisco pulled the plug on its contributions. The group needs some $1.7 million to make it through 2020. (You can donate here (https://www.shadowserver.org/sponsor/) .) You can also read more from Shadowserver here (https://www.shadowserver.org/news/saving-shadowserver-and-securing-the-internet-why-you-should-care-how-you-can-help/) .
To fight coronavirus, New Orleans wants 911 callers to agree to self surveillance (https://www.forbes.com/sites/denizcam/2020/03/17/to-fight-coronavirus-new-orleans-is-using-a-911-app-backed-by-peter-thiels-founders-fund/#4d08eee8b065) Forbes ($): New Orleans’ 911 emergency call center is busier than ever. But now 911 responders are using a tool built by Israeli surveillance tool, Carbyne. Callers are asked if they want to be subject to self-surveillance, which, if they accept, lets 911 operators access their precise real-time location. This, the surveillance tool’s makers, say will help combat the spread of coronavirus in the city. Good idea, but potentially ripe for abuse. This is well worth the read.
Google’s Advanced Protection Program for high-risk users now includes malware protection (https://techcrunch.com/2020/03/18/googles-advanced-protection-program-for-high-risk-users-now-includes-malware-protection/) TechCrunch: Google’s most advanced suite of security tools, designed for high-risk users like journalists and politicians, now includes malware protection for Android users. The so-called Advanced Protection program will have Google Play Protect enabled by default, and unable to be switched off. That means it’ll also limit use of third-party, non-approved apps on the device, which are often the cause of malware infections on Android devices. ~ ~
** OTHER NEWSY NUGGETS
U.S. waives potential health privacy penalties during coronavirus crisis (https://www.cnet.com/news/us-waives-potential-health-privacy-penalties-during-coronavirus-outbreak/) The U.S. health law that also helps protect medical and health information, HIPAA, will be temporarily relaxed, allowing the waiving of fines for potential violations of the law. Practically, that means doctors and patients can now use non-HIPAA approved technologies for telemedicine amid the ongoing pandemic, such as Facebook Messenger and FaceTime, to discuss health related matters, according to a statement (https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/notification-enforcement-discretion-telehealth/index.html) by U.S. Health and Human Services.
How Huntress Labs’ Kyle Hanslovan on how his team tricked a hacker into being arrested (https://www.cyberscoop.com/video/kyle-hanslovan-huntress-labs-2020-rsa-conference/) We don’t feature videos here very often, but this is a corker to watch. Kyle Hanslovan, who heads up Huntress Labs, and his team, found a hacker breaking into a managed service provider. But Hanslovan and his team tricked the hacker into turning over information about the breach that led to their arrest.
Security breach disrupts fintech firm Finastra (https://krebsonsecurity.com/2020/03/security-breach-disrupts-fintech-firm-finastra/) Finastra, a technology provider to banks worldwide, shut down systems after a ransomware attack. The company said it did “not have any evidence that customer or employee data was accessed or exfiltrated, nor do we believe our clients’ networks were impacted,” suggesting it wasn’t a newer kind of data-stealing ransomware, like Maze. Thousands of employees were sent home following the attack, @briankrebs (https://twitter.com/briankrebs) reported.
Locked-down lawyers warned Amazon Echo can hear confidential calls (https://www.bloomberg.com/news/articles/2020-03-20/locked-down-lawyers-warned-alexa-is-hearing-confidential-calls?sref=eTJxxXf2) Mishcon de Reya LLP, a well-known U.K. law firm, is advising its lawyers and staff, who are forced to work from home due to pandemic-related restrictions, to be careful with Amazon Echo and similar devices in their homes over fears that they can overhear privileged and confidential conversations by mistake. “Perhaps we’re being slightly paranoid but we need to have a lot of trust in these organizations and these devices,” said partner Joe Hancock. “We’d rather not take those risks.” ~ ~
** THE HAPPY CORNER
Granted, there’s not much happy news these days. But, here are a few things worth smiling about.
Let’s face it, we’re all going to be teleworking for the time being. Bruce Schneier has a post on his blog (https://www.schneier.com/blog/archives/2020/03/work-from-home_.html) about how to stay secure while working from home. Malwarebytes also has a bunch of advice (https://blog.malwarebytes.com/how-tos-2/2020/03/security-tips-for-working-from-home-wfh/) on staying secure while at home. These seem like simple tips but are really important to take note of.
On that note, the Freedom of the Press Foundation also had a similar secure work from home guide (https://freedom.press/training/blog/wfh-securely/) for reporters. And, @Scott_Helme (https://twitter.com/Scott_Helme) also has a blog post (https://scotthelme.co.uk/securing-your-home-network-for-wfh/) on how to make your home Wi-Fi secure — which is important, seeing as it’s basically the heart and soul of keeping your work from home setup secure.
In other news: you may not have seen this week but @doctorow (https://twitter.com/doctorow/) was briefly suspended on Twitter. Why? According to TechDirt (https://www.techdirt.com/articles/20200317/13585344119/twitter-suspended-cory-doctorow-putting-trolls-list-called-colossal-assholes.shtml) , it’s because he made a list of trolls called “colossal assholes.” He was told to delete it so he could get his account back. Weirdly, he noted, that its companion list, “toe-faced shitweasels,” did not violate Twitter’s terms. Good to know!
And finally. A major thank you to @hacks4pancakes (https://twitter.com/hacks4pancakes) for setting up an impromptu, remote, quarantine-focused security con, the appropriately called PancakesCon 2020 (https://tisiphone.net/2020/03/15/pancakescon-2020-quarantine-edition/) . It’s happening today — March 22 — so you may be a bit late. Videos will be recorded where possible. If you want to nominate some good news from the week, feel free to reach out (mailto:this@weekinsecurity.com?subject=Good%20news%20for%20your%20newsletter) . ~ ~
** THIS WEEK’S CYBER CAT
This week’s cyber cat is Tyson, who like his human has to work from home for the time being. At least Tyson still gets to snooze on the job. A big thanks to @frstntr (https://twitter.com/frstntr) for the submission! Please keep sending in your cybercats! You can send them here (mailto:this@weekinsecurity.com?subject=Cyber%20Cat%20submission&body=Please%20include%20a%20JPG%20of%20your%20cyber%20cat%2C%20their%20name%2C%20and%20also%20your%20name%20and%20Twitter%20handle%20if%20you%20want%20credit.) . ~ ~
** SUGGESTION BOX
That’s all for this week. Thank you for reading this newsletter and subscribing. As always, you can always drop feedback in the suggestion box (https://docs.google.com/forms/d/e/1FAIpQLSebkpf8z8TvMJoixuSzmrR-CTLcOv_ufF7voso1HZBI_f5zrw/viewform) . On another note, I hope you’re all doing well and staying safe. Please follow government advice. Keep washing your hands and stay at home.
Be well and take care. See you next Sunday.
============================================================ |IFNOT:ARCHIVE_PAGE| |LIST:DESCRIPTION|
Our mailing address is: |LIST_ADDRESS| |END:IF| You can update your preferences (|UPDATE_PROFILE|) or unsubscribe from this list (|UNSUB|) .