MENTIS

Week of April 06, 2018

MENTIS
news

Week of April 06, 2018

Chrome Is Scanning Files on Your Computer, and People Are Freaking Out*:

  • The browser we likely use to read this article scans practically all files on your Windows computer and we probably had no idea until you read this.
  • Google announced some upgrades to Chrome, by far the world’s most used browser and the one security pros often recommend.
  • Tensions around the issue of digital privacy are understandably high following Facebook's Cambridge Analytica scandal.
  • Chrome on Windows looks through your computer in search of malware that targets the Chrome browser itself using ESET’s antivirus engine.
  • The goal of Chrome Cleanup Tool is to make sure malware doesn’t mess up with Chrome on your computer by installing dangerous extensions, or putting ads where they’re not supposed to be.
  • Chrome Cleanup Tool is less invasive than a regular “cloud” antivirus that scans your whole computer and uploads some data to the antivirus company’s servers.
  • A section in Chrome’s Privacy Whitepaper explains that “Chrome periodically scans your device to detect potentially unwanted software.

*Source: Motherboard, March April 02, 2018

https://motherboard.vice.com/en_us/article/wj7x9w/google-chrome-scans-files-on-your-windows-computer-chrome-cleanup-tool


Aadhaar access ban is the new heartburn for Fintech*:

  • Several private financial services companies that relied on authentication agencies to verify customer antecedents on the Aadhaar database are being denied access to the service amidst rising concern over data privacy.
  • Fintech startups across the insurance, lending and broking sectors told ET that although there is no written directive to the authentication agencies from the UIDAI.
  • The UIDAI has not processed all their applications for registration, thereby forcing them, to use the services of the existing agencies.
  • Industry experts are of the view that if financial services companies are unable to utilise the Aadhaar route for customer verification.
  • Others such as online stock brokers, who onboard clients through eKYC and online insurance agents, could also be affected.
  • A number of industry executives formed a coalition to reach out to the Supreme Court to ensure that Aadhaar authentication for service providers do not get stopped.
  • As per data shared by UIDAI, the number of eKYC transactions that have happened till now stands at 504 crore, being done through 254 authentication agencies.
  • The introduction of new security features like virtual IDs will take away the fear of unregulated private companies storing the Aadhaar numbers of customers.

*Source: Economic Times, April 05, 2018

https://economictimes.indiatimes.com/small-biz/startups/newsbuzz/aadhaar-access-ban-is-the-new-heartburn-for-fintech/articleshow/63621844.cms


Under Armour App Breach Exposes 150 Million Records*:

  • Tracking your fitness goals is good for you. It can be worrying, though, if the information from your fitness tracker is exposed to criminals.
  • The company has said that they have seen no evidence that any accounts have been logged into by an unauthorized user or that any illicit login attempts have been made[M1] .
  • In an email to those affected they suggest that all MyFitnessPal users immediately change their passwords, a step that will ultimately be required for all users.
  • Under Armour stated that no Social Security numbers were seen because they don't collect them, and no credit card numbers were stolen because that information is stored in a different system.
  • That they do not know the hacker's identity, though they are continuing to work with law enforcement agencies on the investigation.

*Source: Dark Reading, March 30, 2018

https://ubm.io/2EzBZIx


UK businesses financially unprepared for cyber-attacks*:

  • Only a third of British businesses have a financial plan in place in case of a cyber-attack, according to a survey at Lloyds Bank.
  • Other results from the survey show that 65 per cent of companies thought it would take them six months or more to recover from a disruptive cyber-attack.
  • Meanwhile, eight out of 10 business leaders said they were concerned or very concerned about the financial implications of a cyber-attack.
  • A report from Lloyds last year found that a wide-scale, international cyber-attack could cost as much as £41bn in economic losses.
  • Until recently cyber has been seen as a problem for the IT department to manage but when the worst happens, the whole business suffers.

*Source: CITYA.M., April 03, 2018

http://www.cityam.com/283230/uk-businesses-financially-unprepared-cyber-attacks


Memcached DDoS Attacks: 95,000 Servers Vulnerable to Abuse*:

  • More than 95,000 servers could still be vulnerable to being abused to launch massive distributed denial-of-service attacks.
  • The web page caching utility was never designed to be internet-accessible and requires no authentication to access.
  • Attackers have begun demonstrating how badly servers with misconfigured Memcached can be abused.
  • Popular code-sharing website GitHub reported that, it was hit by a massive DDoS attack that left its site unavailable or intermittently unreachable, but only for 10 minutes.
  • Blocking all traffic from port 11211 should be possible, as all modern operating systems tend to use a source port higher than that for client connections.
  • The U.S. Computer Emergency Readiness Team has updated its alert on UDP-based amplification attacks, originally released in 2014, to include Memcached-based reflection DDoS attacks via UDP/TCP port 11211.
  • DDoS defense firm Corero Network Security warned that servers with open Memcached ports could potentially be abused by attackers to "reveal the 'keys' to your data" by using debug commands.
  • More than 10,000 of those servers appear to be run or hosted by China's Hangzhou Alibaba Advertising, an advertising technology unit of e-commerce giant Alibaba.
  • Service providers, including telecommunications giant NTT Communications, have also been responding, an internet architect at NTT.

*Source: Bank Info Security, March 08, 2018

https://www.bankinfosecurity.com/memcached-ddos-attacks-95000-servers-vulnerable-to-abuse-a-10705


Energy Transfer Says ‘Cyber Attack’ Shut Pipeline Data System *:

  • A cyber-attack that hobbled the electronic communication system used by a major U.S. pipeline network has been overcome.
  • Energy Transfer Partners LP was confident that, files could safely be exchanged through the EDI platform provided by third-party Energy Services Group LLC, the pipeline company said in a notice.
  • The EDI system conducts business through a computer-to-computer exchange of documents with customers.
  • Boardwalk Pipeline Partners LP also had an EDI outage, though it didn’t provide the cause.
  • The company’s wide network of pipeline units includes Panhandle Eastern Pipe Line Co., Transwestern Pipeline Co. and Rover Pipeline LLC.
  • The Panhandle natural gas pipeline network includes four large-diameter pipelines stretching from the Anadarko Basin of Texas and Oklahoma into several midwestern states.
  • Shares of Energy Transfer fell as much as 2.5 percent in New York before paring losses and closing 0.4 percent lower at $16.15.
  • The Rover pipeline, also controlled by Energy Transfer, is designed to transport gas from West Virginia and Ohio to markets in the Midwest and Canada.

*Source: Bloomberg, April 02, 2018

https://www.bloomberg.com/news/articles/2018-04-02/energy-transfer-says-cyber-attack-shut-pipeline-data-system


Can Europe Lead on Privacy? *:

  • It is nice to see Facebook taking some responsibility for the exploitation of the personal information of 50 million of its users in the service of a political campaign.
  • The Federal Trade Commission merely requires internet companies to have a privacy policy available for consumers to see.
  • Its General Data Protection Regulation will go into effect in its 28-member nations and the regulation is powerful in its simplicity.
  • The rules also give consumers the right to see what information about them is being held, and the ability to have that information erased.
  • The same coalition of corporate interests succeeded in discouraging California from passing a state privacy law similar to the 2016 F.C.C. requirements.
  • In an interconnected world where digital code doesn’t respect the geographical or national borders, this will surely have a positive global impact.
  • The internet economy has made our personal data a corporate commodity and the United States government must return control of that information to its owners.

*Source: NewYork Times, April 01, 2018

https://www.nytimes.com/2018/04/01/opinion/europe-privacy-protections.html

Get in Touch With Us!

Are you interested in receiving more information about our products? Do you have questions about sensitive data security? Would you like a demo? Complete the details below and one of our specialists will get in touch with you.

We love to help our customers solve their data security problems. Please tell us about what you are trying to accomplish, details about your environment, and any other information that will help us understand your needs better.

Image CAPTCHA
scroll top