Inside | Real news, curated by real humans
Inside Security

Inside Security (Jul 22nd, 2019)

1. SyTech, a contractor to the Russia state intelligence agency FSB, was breached last week. The 7.5 TB of data stolen includes details on how to scrape social media accounts and also de-anonymize Tor traffic. Hackers who go by the name 0v1ru$ posted screenshots on Twitter and eventually sent some data to various journalists. They also defaced the company’s home page, and SyTech took down its website. -- ZDNET

  • Email gray
  • Permalink gray

2. Android apps don’t need permission to access your phone’s speakers.
It is easier to see how it works with the flowchart diagram here. Researchers have created a proof of concept app to demonstrate this vulnerability, what they call Spearphone, and published a paper. Their app leverages the accelerometer and can be used to eavesdrop on your phone calls. -- ACADEMIC PRE-PRINT

  • Email gray
  • Permalink gray

3. Equifax has settled with the U.S. government and will pay at least $575 million, and possibly as much as $700 million. Some of the funds will go towards an account that can provide consumers with free credit monitoring services, and reimburse those who paid for these services after the 2017 breach. Every American will receive up to six annual free credit reports for seven years beginning next January. -- FTC

  • Email gray
  • Permalink gray

4. The endpoint security product Cylance can easily be fooled by appending a snippet of valid code on random malware. The software will ignore this code and falsely mark the malware as harmless. The issue has to do with how its machine learning-based detection engine has been trained, and the company is working to correct the problem. -- VICE

  • Email gray
  • Permalink gray

5. A backdoor from the Chinese the Ke3chang group (also known as APT15) named Okrum has been newly discovered by researchers. The malware has been targeting diplomats in various countries. This report reviews the timeline of the group’s activities -- which extend back several years -- and what it does. It isn’t clear yet how it is distributed. -- WE LIVE SECURITY (ESET)

  • Email gray
  • Permalink gray

6. Researchers describe how to manipulate Hibernate Query Language commands to perform SQL injections. Hibernate is an open-source object-relational mapping framework project that is used for persistent queries in many Java-based apps. Apparently, there is extensive Russian research on this subject but nothing written in English until now. -- TRUSTWAVE BLOG

  • Email gray
  • Permalink gray

7. Brute-force NTLM attacks are fairly common. They are used for password spraying, account lockout exploits, and other authentication-based attacks. This post shows you how to investigate your various log files and audit your default domain policies and authentication activities to first better detect them and second to prevent them from happening. -- VARONIS BLOG

  • Email gray
  • Permalink gray

8. By the numbers: IRS security defects still loom large.

A new audit by the GAO shows that the IRS still has a way to go to secure its computing infrastructure. A total of 127 recommendations remain unimplemented, with 20 new ones discovered by the audit and 47 existing issues have been resolved. The agency found issues of user authentication, appropriate access permissions and data encryption. PDF copies of tax documents aren’t using digital signatures and it still isn’t universally using MFA to protect some of its logins. One of the biggest problems: its entire email infrastructure is supervised by a single IT staffer. -- BLEEPING COMPUTER

  • Email gray
  • Permalink gray

9. This post explains the implications of the California Consumer Privacy Act. It compares its rules with those of GDPR and how to stay compliant. All companies with California-based revenues of either more than $25 million or that have personal data on more than 50,000 Californians are subject to its regulations. - CSOONLINE

  • Email gray
  • Permalink gray

10. Funding news of the week.

  • BigID received a $50 million C funding round from nine private investors. The NYC-based firm can discover PII across both structured and unstructured data. Dimitri Sirota is its CEO. 
  • DefenseStorm raised a $15 million A funding round from Georgian Partners. The firm is based in the Atlanta area and Harold Brewer is its CEO. It does cybersecurity and cybercompliance management for community financial institutions.
  • Dust Identity raised a $10 million A funding round led by Kleiner Perkins. The Boston-area firm is led by Ophir Gaathoin.
  • Email gray
  • Permalink gray

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site. Finally, we note our editing team: Kim Lyons (Pittsburgh-based journalist and managing editor at Inside), David Stegon (senior editor at Inside, whose reporting experience includes cryptocurrency and technology), and Bobby Cherry (senior editor at Inside, who’s always on social media).

  • Email gray
  • Permalink gray

Subscribe to Inside Security