Security News

Rabobank's Australian outpost has messed up its Android app, leaving an unknown number of users unable to access their bank accounts on mobile devices. Customers brought The Register's attention to the pile of woeful reviews for the bank's app, many featuring a complaint that it produces the error "Unable to connect please check your internet connection".

In a memorandum [PDF] first spotted by The Guardian, the British government is asking that five more public authorities be added to the list of bodies that can access data scooped up under the nation's mass-surveillance laws: the Civil Nuclear Constabulary, the Environment Agency, the Insolvency Service, the UK National Authority for Counter Eavesdropping, and the Pensions Regulator. The Environment Agency investigates "Over 40,000 suspected offences each year," the memo stated.

A case of alleged low-orbit internet banking fraud has taken another twist, with the US Attorney's Office for the Southern District of Texas filing an indictment in which it claimed the complainant in the case had lied. The case came to our attention in August 2019 when we chronicled how astronaut Lt Col Anne McClain denied a claim that she'd improperly accessed a bank account belonging to ex-wife Summer Worden while aboard the International Space Station.

The agency that oversees online addresses on Tuesday called for those issuing website addresses to vigilantly thwart cyber scams exploiting coronavirus fears. The Internet Corporation for Assigned Names and Numbers took the unusual step of firing off a letter to "Registrars" entrusted with the business of issuing website names around the world.

A huge BGP hijack by Russian state telecommunications provider Rostelecom diverted the traffic from more than 200 networks - including Google, Amazon, Facebook and Cloudflare - to Russian servers on April 1. Internet traffic routes are managed by the Border Gateway Protocol, which controls the way in which internet traffic moves from one autonomous system network to the next on its way to its destination.

Inti De Ceukelaire of bug-bounty platform Intigriti claimed earlier this month hundreds of corporate service portals have been exposed to the internet, a 12 per cent increase since he scanned the internet for them last summer - an increase the COVID-19 crisis may have contributed to. As a proof of concept, De Ceukelaire targeted a set of corporate Atlassian service desk portals he found facing the internet.

Trend Micro's security researchers discovered roughly 8,000 unsecured Redis instances that were exposed to anyone with an Internet connection. Several years ago, the FairWare ransomware targeted over 18,000 unsecured Redis instances.

MANRS over the past six years has worked to build up a team of 300 network operators, internet exchange points and other companies to provide "Crucial fixes to reduce the most common routing threats." The internet routing process is complex; exchanged traffic for instance runs on Border Gateway Protocol, a protocol that joins different networks together to build a "Roadmap" of the internet.

The Mutually Agreed Norms for Routing Security initiative, supported by the Internet Society, announced the Content Delivery Network and Cloud Program to help secure large hubs of the internet from common routing problems. "The MANRS community can leverage the new participants' unique roles in the Internet routing system, in particular their vast peering value, for the benefit of a more secure Internet," says Andrei Robachevsky, the Internet Society's Senior Director for Technology Programs.

Failure in internet routing security leads to major outages, stolen data, hijacking, lost revenue and more, with more than 12,000 routing outages in 2018 alone. The cascading nature of internet routing means not only that major network players like Cloudflare, Akamai, Facebook and Netflix are committed to secure routing, they are also committed to encouraging adoption by all of the many thousands of networks that peer with them.