Friday Five: 2/10 Edition
It's Friday! Catch up on the latest infosec headlines with our weekly news roundup.
With the Trump travel ban in legal limbo, it seems government officials are looking at other ways to make travel rules to the US more stringent. John Kelly, head of the Department of Homeland Security, proposed demanding that in order to vet foreign travelers, some might have to hand over passwords to social media accounts. This is a step up from a new policy that began in December, asking visa applicants to provide social media account IDs as an optional request. Privacy and free-speech advocates have voiced concerns over this policy. There is confusion over what exactly U.S. border agents would be looking for and how they would interpret it. For more info, read the full article.
On Monday, the U.S. House of Representatives approved the Email Privacy Act, which requires law enforcement to get court-ordered warrants to search email and other third-party stored data for longer than six months. This new law updates the 31-year-old Electronic Communcations Privacy Act, which Congress has been pushed to update for years now. The ECPA only requires a subpoena if demanding data for longer than 6 months, which many viewed as a glaring loophole. Get the rest of the story on Network World.
An unnamed university was attacked by 5000 campus devices from vending machines to light sensors. An attacker entered through the admin network, changed the default credentials on the devices and gave them new passwords, which locked the university out of those devices. The devices started making hundreds of strange DNS lookups every 15 minutes, causing internet access to slow or even halt. Had the attack not been caught in time, the University could’ve lost access to everything. Since Mirai, we’ve seen a rise in IoT attacks. Lesson learned: make sure you keep separate network zones for IOT systems from other critical networks. Read the full article on SC Magazine.
Networks belonging to at least 140 banks in 40 different countries have been infected by in-memory malware, normally used by nation-sponsored hackers. Because in-memory malware is fileless, it’s much harder to detect and so the actual number of infections is likely much higher. The targets are computers running automatic teller machines which ends up pushing money out of the banks from within the banks, as one security researcher puts it. The five most affected nations are the US, France, Ecuador, Kenya and the UK. For more info, head to Ars Technica.
Thousands of “Dark Web” websites were knocked offline last week and early this week by a cyberattack which hit Freedom Hosting II, a web-hosting provider used by many Dark Web sites. The attackers knocked about a fifth of the Dark Web online and published a series of databases containing private messages discussing child pornography, codes from command and control services, and other info. While users are anonymous on the message boards, these private messages could contain a gold mine of identifiable information useful to law enforcement agents. Whoever operates Freedom Hosting II remains anonymous with no publicly available info on how to contact them. Read the full article on the Wall Street Journal.