Friday Five: 7/13 Edition
A study on how how few companies knew where their sensitive data is kept, a major cryptocurrency theft, and more - catch up on the week's infosec news with this roundup!
1. As Facial Recognition Use Grows, So Do Privacy Fears by Rob Lever
Facial recognition is widely known to be able to unlock your new iPhone or tag people in photos on Facebook. What people may not know is that about half of American adults are in facial recognition databases. This information currently has little restrictions or regulations on how it is being used. Law enforcement has been utilizing facial recognition more to help in the detection of suspects that cannot be identified any other way. This has been proven to help in a several cases, yet many people are still unsure of how much access police and other law enforcement agencies should have to facial recognition databases. Mixed feelings about facial recognition software will continue to arise as it becomes a more integrated with technology and devices.
2. Hacker Steals $13.5 Million From Bancor Cryptocurrency Exchange by Catalin Cimpanu
The Israeli-based security cryptocurrency exchange Bancor released a statement on Tuesday indicating that a hacker was able to steal around $13.5 million in cryptocurrency from the exchange. The hacker gained access to one of the company wallets and begin withdrawing ETH and NPXS coins. The unknown person also withdrew Bancor tokens (BNT) but the company was able to use a security feature to freeze that transaction, saving the company $10 million. In the statement, the company said that only the Bancor reserves were affected and no user wallets had been compromised.
3. Businesses Collect More Data Than They Can Handle, Only Half Know Where Sensitive Data Is Stored by Help Net Security
With many regulations and restrictions on user data and specifically sensitive data, companies are finding it very hard if not impossible to maintain and analyze all the data they are collecting. A Global study by Gemalto, which interviewed IT decision makers and consumers, revealed many daunting figures including that only 54 percent of companies know where their sensitive data is stored. Other than just the whereabouts of sensitive data, many of these decision makers believe their companies are failing to be fully compliant with data protection laws. Out of all IT decision makers interviewed, 65% stated they are unable to analyze and categorize all data that they are collecting. Consumers said that protecting their data is a top priority for companies and full compliance is what they should be moving toward.
4. Hacker Steals Military Docs Because Someone Didn’t Change a Default FTP Password by Catalin Cimpanu
Someone was about to hack into a military router and gain access to sensitive information about US aircrafts and drones. Recorded Future was able to contact the hacker online where he stated that he accessed the information from a Netgear router using a known default password. Although the information is highly sensitive the person was only asking for $150 to $200 online. Netgear routers have been known to have a default FTP password since 2016 and this incident could have been more easily avoided if the device password had been changed. Netgear has information on how to reset the default passwords on their routers.
5. Ex- Apple Employee Stole Secrets for Chinese Firm, U.S. Says by By Joel Rosenblatt and Mark Gurman
A former engineer of Apple was accused of stealing secrets for self-driving cars and attempting to bring them to China. Zhang Xiaolang admitted to downloading the files to his wife’s laptop to have continued access. He had alerted Apple after taking paternity leave that he planned on leaving the company and moving back to China to work for the electric vehicle company Xmotors. At this point there is no confirmation that Zhang was able to communicate any sensitive information to Xmotors. Apple began this self-driving car project back in 2015 when they hired 1000 engineers to work on the project. Since then it has scaled back on the project but the information and technology that the engineers are working continues to be highly classified.