Inside Security - December 4th, 2019

Inside Security (Dec 4th, 2019)

Subscribe | View in browser

1. The Federal Bureau of Investigation (FBI) said it considers FaceApp, a mobile app that enables users to transform faces in photographs, and other Russian-made apps a possible espionage threat. Responding to an earlier letter from Sen. Chuck Schumer (D-NY) raising concerns about FaceApp, the FBI said that it "considers any mobile application or similar product developed by Russia, such as FaceApp, to be a potential counterintelligence threat," adding that the Russian intelligence service "can remotely access all communications and servers on Russian networks without making a request to ISPs." St. Petersburg-based Wireless Lab has said it does not permanently store data and only collects photos uploaded by users. -- BBC

2. Twitter is moving user accounts located in Ireland to its San Francisco-based headquarters in an effort to centralize data and comply with European Union (EU) and California data privacy laws, Reuters reports. In addition, Twitter is setting up a new website to inform the public about its privacy rules and policies, any data security incidents, and links to pages on the EU's General Data Protection Regulation, California Consumer Privacy Act, and Global Data Processing Addendum. Twitter also updated its privacy policy to comply with the new California privacy law, including information about information advertisers may get from users' engaging with an ad on Twitter. -- TECHCRUNCH

3. IBM X-Force has uncovered new malware called ZeroCleare that targets the industrial and energy sectors in the Middle East and appears to come out of Iran. ZeroCleare is destructive, disk-wiping malware designed to causes disruption to industrial and energy infrastructure. X-Force Incident Response and Intelligence Services discovered that ZeroCleare has similarities to Shamoon, malware used by the Iranian hacking group APT33 in critical infrastructure attacks dating back to 2012. ZeroCleare overwrites the master boot record and disk partitions on Windows-based devices, causing disruption to targeted facilities. -- SECURITY INTELLIGENCE

4. New Zealand's gun buyback program has suffered a data breach caused by the government's IT platform vendor SAP. Following a SAP update, confidential information on a website set up for gun owners to register and give up their guns was accessible by unauthorized people. The exposed information included names, addresses, dates of birth, gun license numbers, and bank account information. SAP said the breach was due to "human error" at the company. Once the New Zealand government was informed about the breach, it shut down the website and switched to manual registration methods. -- ZDNET

5. Around 43 percent of 300 enterprises surveyed by security firm Synack said that they used third-party vendors for compliance and security testing in the last two years, but 27 percent said they were dissatisfied with the vendors' performance. Some of the tasks these vendors performed included identifying vulnerabilities, code releases, and meeting regular testing requirements. Two in five organizations are only spending eight hours or less per test, "which can only provide a cursory evaluation of the security posture of the target and will no doubt leave security vulnerabilities undiscovered," according to the Synack report summarizing the survey results. -- SYNACK

6. The group behind the "KurdishCoder" cyberattack campaign appears to be using obfuscation tools found in the Capesand exploit kit, which targets vulnerabilities in Adobe Flash and Microsoft Internet Explorer. Trend Micro researchers detected more than 300 samples using these obfuscation tools -- the .NET protectors ConfuserEx and Cassandra (CyaX) -- as part of what they consider a campaign carried out by one group. The attackers appear to be deploying njRAT, keyloggers, and other malware on victim’s machines. -- TREND MICRO

7. Security firm FireEye and the U.S. Cyber Command are continuing to see hackers modify computer registry keys to undermine a Microsoft patch intended to fix a security flaw in Outlook. By subverting the patch, attackers are able to modify victims' Outlook client home pages for remote code execution and persistence, warned FireEye researchers. These attacks are being carried out by Iranian hacker groups APT33 and APT34 to conduct espionage and infrastructure disruption. FireEye proposes a solution that locks down the registry keys using Group Policy Object enforcement. -- FIREEYE

8. Presbyterian Healthcare Services in New Mexico has revised upward the number of patients impacted by a data breach that occurred earlier this year. The healthcare provider originally reported that 180,000 patients had been affected by a breach resulting from a successful phishing attack against an employee. The data that was exposed included names, dates of birth, social security numbers, and other sensitive data. But now the provider is admitting that 276,000 patients could have been affected by the breach. At the same time, Presbyterian Healthcare Services said it does not believe the exposed data was misused. -- SANTA FE NEW MEXICAN

9. The UK's Information Commissioner's Office (ICO) said that the Poole Magistrates' Court has prosecuted Michelle Shipsey, a former social services support officer at Dorsey County Council, for accessing social care records without authorization. Shipsey admitted to one count of unlawfully obtaining personal data. She was sentenced to six months conditional discharged and required to pay £700 and a victim surcharge of £20. -- ICO

10. Artificial intelligence (AI) will be increasingly employed to improve privacy protections in the coming year, predicted security firm Avast in its annual Threat Landscape Report. At the same time, Avast expects cybercriminals to develop more innovative ways to harness malicious emails, such as remote desktop protocol tools. Also, the report predicts that criminals will launch more mobile subscription scams and step up attacks targeting Internet of Things data. -- AVAST

Fred Donovan is a professional writer, editor, and content specialist with decades of experience, most recently in the areas of information technology and cybersecurity. He has written for such publications as, FierceITSecurity, InfoSecurity Magazine, Report on Patient Privacy, TechGenix, and NetDefense. Fred has a B.A. from Harvard University in government and an M.S. in national security from Georgetown University.

Edited by Inside Dev editor Sheena Vasani.

Copyright © 2020, All rights reserved.

Our mailing address is:
767 Bryant St. #203
San Francisco, CA 94107

Did someone forward this email to you? Head over to to get your very own free subscription!

You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.

Subscribe to Inside Security