Friday Five: 2/22 Edition
The DHS plots a move to the cloud, China embraces data protection, and ATM hacking - catch up with the week's top infosec stories with this roundup!
1. DHS needs your input on its department wide cloud migration by Carten Cordell
Like everyone else these days, the Department of Homeland Security is looking to make a move to the cloud, they just want some advice on how to go about doing it. In a request for information, posted to FedBizOpps.gov on Tuesday, the DHS' Office of the Chief Procurement Officer said the department was seeking insight on compute and storage modernization, cloud migration, and data center optimization. As FedScoop points out, the DHS is looking for a relatively quick turnaround here as one of its data center contracts will run out in June next year and it doesn't want to interrupt services. The DHS is hoping to get input from experts by March 20.
2. Microsoft shaking up how Windows feature updates are rolled out—again by Peter Bright
This is admittedly some serious insider baseball but if you follow Microsoft news or oversee a sea of Windows machines, it may be worth paying attention to. When version 1903 of the operating system arrives in April, users will have to use a fixed deferral time a/k/a a set number of days after the branch readiness level-based date before an update is offered to a device. This runs counter to what Microsoft used to do for Windows Update for Business customers: Release two Semi-Annual Channel (SAC) releases a year. The ability to choose one or the other - SAC-T or SAC – will disappear from Windows system settings, according to John Wilcox, a Microsoft employee on the Microsoft Tech Community, last week. Wilcox’s blog, for interested parties, can be found here.
3. A Movement for Personal Data Protection From Tech Giants Rises in China by Samm Sacks
We highlighted this story on our Twitter account (as we do from time to time with infosec stories that catch our attention) but it’s worth re-sharing here. An interesting look at what China is doing to become a dark horse in Asia when it comes to data privacy, including the formation of a new data protection regulatory system to ensure that tech companies aren't abusing their users' personal information. The gears have been churning around this longer than you think. Some excellent further insight on that via the Center for Strategic & International Studies think tank here: https://www.csis.org/analysis/what-facebook-scandal-means-land-without-… In the grand scheme of things it shouldn't be a huge surprise. Countries worldwide have adopted data protection programs and outfits in wake of GDPR last year and Facebook's Cambridge Analytica scandal. What makes this a little surprising, naturally, is the juxtaposition of the news with China's assumed guise as a surveillance state. It's, as Pacific Standard puts it, a split identity, one that will see China grapple with building trust while affording the government the ability to maintain control.
4. ATM Hacking Has Gotten So Easy, the Malware's a Game by Brian Barrett
As Wired notes this week, ATM hacking has never really gone away but it has become almost glorified as of late by a relatively new strain of malware, WinPot, the magazine says. The malware, described by a Kaspersky Lab researcher over at Securelist this week, essentially allows criminals to automate the jackpotting - or money dispensing - process. “Expect ATM hacking to only get more popular—and more farcical. At this point, it's literally fun and games,” Brian Barrett wrote Wednesday.
5. China Uses DNA to Track Its People, With the Help of American Expertise by Sui-Lee Wee
One of the wildest stories of the week in our opinion might be the New York Times story on China tracking more than a million of its citizens that broke Thursday. The nation apparently used equipment from the U.S. and insight from a Yale geneticist to carry out the plan. According to the Grey Lady, China collected the DNA belonging to the Muslim minority Uighur population to keep them subservient to the Communist Party. In this age of more and more elaborate surveillance, stories about genetic surveillance can be even more chilling than stories about face recognition technology. The Uyghur people - and activists groups that support them - have been in the crosshairs of cyberattacks for years. Attackers have used phishing emails, social engineering, and drive-by downloads (.PDF) to trick users into letting attackers monitor them or reveal their physical location.