Security News > 2020

The U.S. Cyber Command has uploaded new malware samples to VirusTotal, all of which the Command has attributed to the North Korea-linked threat group Lazarus. The samples were added to the scanning engine as part of a project that USCYBERCOM's Cyber National Mission Force that kicked off in November 2018.

IBM has pulled out of annual security shindig RSA Conference, due to be held in San Francisco at the end of this month, to avoid its staff catching the novel coronavirus that's spreading worldwide. "The health of IBMers continues to be our primary concern as we monitor upcoming events and travel relative to Novel Coronavirus," Big Blue told The Register in a statement in the past hour.

The NSA/CIA have got away with it with other telco switches around the world for quite some time now but the manufacturers of those switches are not subject to "Oversight" in the way Huawei have voluntarily done with the UK's GCHQ. Thus as the "Greek Olympic tragedy" made a glaring security hole obvious Huawei will have taken steps to close it, much to the anoyance of the US NSA and CIA, because Huawei switches have measures in place that make the loading of illicit software onto their switches very much more difficult, not impossible but "Implausible" and almost certainly discovered and reported automatically to the switch operators as it would be flagged up in several ways. Because Huawei are putting their international reputation on the line with alowing GCHQ to look at their code, they are going to be way more carefull than other Telco equipment supliers not subject to oversight will be.

Google has removed more than 500 Chrome extensions in response to a report from a security researcher, who found the browser plugins distributed through the Chrome Web Store facilitated ad fraud and data theft. Using a free extension forensic analysis tool called CRXcavator, released last year by Cisco's Duo Security, independent infosec bod Jamila Kaya spotted a set of similarly coded Chrome extensions "That infected users and exfiltrated data through malvertising while attempting to evade fraud detection on the Google Chrome Web Store," said Kaya, and Jacob Rickerd, a security engineer at Duo, in a blog post this week.

Information Security Media Group, a premier media partner at the annual RSA Conference, will conduct over 200 video interviews at this year's event with cybersecurity thought leaders, executives, CISOs and sponsors. ISMG's editorial team uses the RSA conference to set the tone for the company's coverage for the coming year.

Officials are trying to make the case that the U.S. and its allies should ban Huawei from supplying infrastructure for 5G networks going forward, due to what they say is the possibility of widespread, Beijing-backed espionage. A senior Huawei official told the paper: "The use of the lawful interception interface is strictly regulated and can only be accessed by certified personnel of the network operators. No Huawei employee is allowed to access the network without an explicit approval from the network operator," the official said.

After researchers first identified 71 malicious extensions and reported their findings to Google, the tech giant then identified 430 additional extensions that were also linked to the malvertising campaign, they said. The extensions had almost no ratings on Google's Chrome Web Store, and the source code of the extensions are all nearly identical.

"The makers of the blockchain voting platform Voatz have had to go on the offensive to address assertions from MIT researchers that their app is insecure and can be easily hacked into. MIT researchers released a lengthy paper on Thursday that said hackers could change votes through the app, which has already been used in Oregon, West Virginia, Washington, and Utah since 2018."Their security analysis of the application, called Voatz, pinpoints a number of weaknesses, including the opportunity for hackers to alter, stop, or expose how an individual user has voted," MIT said in a news release. Michael Specter, a graduate student in MIT's Department of Electrical Engineering and Computer Science and a member of MIT's Internet Policy Research Initiative, and James Koppel, also a graduate student in EECS, described what went wrong with Voatz and how they discovered the vulnerabilities in their paper, "The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S Federal Elections."

The Department of Health and Human Services Office of Inspector General on Friday released findings of an audit it conducted at the request of the Centers of Medicare and Medicaid Services that looked into how a mail order pharmacy and other healthcare providers were misusing a type of electronic transaction meant to verify Medicare beneficiaries' eligibility for certain coverage benefits. HHS OIG confirmed to Information Security Media Group that the findings from that smaller scale audit prompted the launch of a more expansive nationwide investigation into whether Medicare beneficiary information is being inappropriately obtained through these electronic Eligibility Verification Transactions, also known as or E1 transactions, violating patients' privacy.

In a conference call on Thursday, Voatz responded to MIT researchers' critique of its voting app. Voatz combines a smartphone app, biometric verification, and Hyperledger blockchain to make voting easy for people who can't physically make it to the ballot box.