Friday Five: 1/25 Edition
The EU and Japan agree to free data flows, mac malware hiding in ads, and the latest on a data theft case - catch up with the week's infosec news with this week's Friday Five.
1. Google's Proposed Changes to Chrome Could Weaken Ad Blockers by Klint Finley
Recent proposed changes to Chromium, Google's open source browser, could make it more difficult for ad blockers, like Adblock Plus and Ghostery, to function. The purported changes would cut off the ability of extensions to access browsing history, something that adblockers say would prevent them from being able to "block types of privacy-invading content, such as web trackers," according to Wired's Klint Finley, who reported on the news this week. Google has apparently heard users' concerns. The company said this week that it wants to “make sure all fundamental use cases are still possible with these changes and are working with extension developers to make sure their extensions continue to work while optimizing the extensions platform and better protecting our users."
2. Georgia official seeks to replace criticized voting machines by Ben Nadler
There could be some movement when it comes to replacing Georgia's woefully out of date (and vulnerable) voting machines. The state's new elections chief, Brad Raffensperger, asked lawmakers for $150M to replace the machines, ideally in some municipalities by this November but statewide by next November. One of the next challenges? Rewriting election law to specify requirements for the new machines.
3. All data-roads lead to Tokyo after EU’s thumbs up by Jamie Davies
The European Commission adopted an adequacy decision on Japan this week, something that effectively paves the way for data to flow freely, under high privacy standards, between the EU and the Asian country. For those curious that means that data transferred from the EU to Japan will be protected by the following:
- A set of supplementary rules to bridge the difference between EU and Japanese standards on various issues, including sensitive data, the exercise of individual rights and onward transfer of EU data to third countries;
- Safeguards concerning Japanese public authorities’ access to EU personal data for criminal law enforcement and national security purposes; and
- A complaint-handling mechanism, administered and supervised by the Japanese Personal Information Protection Commission, to investigate and resolve complaints from Europeans regarding access to their data by Japanese public authorities.
The decision essentially saves organizations from having to worry about complex export arrangements and mechanisms that slowed down data transfers.
4. Mac malware attack found to hide payload in advertising graphics by Malcolm Owen
Attackers continue to chip away at macOS and the latest strain of malware to surface is an ingenious one. The malware was disguised as an ad, which when viewed by victims, displayed the age old "Your Adobe Flash Player needs to be updated" scam. Technically this type of malware is referred to as a “malvertisement.” The whole process is actually a bit outdated but the spin on this malware was that the graphic had code embedded within it, a la steganography - the concealment of information within computer files - to hide the malicious payload. The researchers who uncovered the malicious ad didn't say how many people may have actually been affected but that as many as five million Macs may have seen it between January 11 and January 13. The more interesting number is the amount of money the malware may have cost advertisers and ad exchanges, potentially $1.2M.
5. Ex-UBS Worker Guilty of Money Laundering in Data Theft Case by Mara Bernath and Hugo Miller
An interesting follow-up article here via Bloomberg on a story we covered here on the blog two weeks ago. In case you missed that story, it revolved around a former UBS Group AG employee who stole and sold client data to German tax authorities. The suspect, known only as Rene S., was believed to be a fugitive after he reportedly fled Switzerland before his trial earlier this month. Turns out he indeed fled the country - to Germany - where it's unlikely he'll face extradition. While he was cleared of one of the more serious charges: Breaking the country's bank secrecy rules, he'll still receive three and a half years in jail if he ever finds himself in the country again.