CyberSecurity Pulse 2016-05-05

CyberSecurity Pulse 2016-05-05

“In general, men judge more by the eyes than by intelligence, as everyone can see, but few understand what they see.”
Niccolò Machiavelli

Analyst Insight

Update on Laws Regarding to Email and Cloud-based Data Access in the US

The United States House of Representatives on April 27, 2016, unanimously sanctions a bill which demands that US authorities must obtain a court warrant before they could obtain e-mail records and data stored in cloud-based platforms. By this move, the Email Privacy Act effectively relaxes a subsisting law during the presidency of President Ronald Reagan that permits authorities to access e-mail records and data from service providers without a search warrant as long as the message or data is 180 days old at least.

CyberSecurity Pulse 2016-05-05In the same way in which warrants are needed for physical papers and properties, the draft also states that warrants are also needed to collect all type of online documents as well as other private electronic files. Nevertheless, National Security Letters, which have been issued in hundreds of thousands so far, are exempted in the Bill passed by the House.

In the corporative world, several positions can be found. On the one hand, Google and many other corporations are already demanding the clarification of the reasons that justify whether a warrant is required or not. On the other hand, corporations such as Amazon and Yahoo supported the measure despite it not achieving all of the reforms they anticipated. A clear establishment of the circumstances in which one right prevails over another is an imperative need so as to guarantee an appropriate protection of basic rights. Escaping from ambiguity would help to clarify the positions of all the actors in either direction in a debate in which lots of pages are still to be written.

» More information at Security Affairs

Top Stories

DHS Seeks Better Private-public Sharing of Cyber Threat Information

CyberSecurity Pulse 2016-05-05The Department of Homeland Security wants private-sector companies to get under the agency's information-sharing umbrella in order to manage and mitigate cyber risks to critical infrastructure in a better way. Suzanne Spaulding, the Under Secretary of DHS' National Protection and Programs Directorate, told audiences at Wednesday's MetricStream GRC Summit that they are trying to create a system capable of sending everybody the information regarding an attack to block the adversary as soon as any node on this network detects the malicious activity.

» More information at

Man Charged in Alleged Theft of Frequent Flyer Miles

CyberSecurity Pulse 2016-05-05Fraud in the airline industry is growing constantly. A computer programmer has been charged with stealing the frequent flier accounts of American Airlines customers. According to the Miami Herald, he managed to get profit from products worth more than $260,000 linked to global travel and car rentals. Sales prices ranged from 20% to 50% of the ticket, depending on the reliability and vendor purchase method. The most common methods of payment are usually cash or even bitcoins.

» More information at SC Magazine

Rest of the Week´s News

Personal Information Is Also Useful for Google's AI

DeepMind, the Artificial Intelligence developed by Google, has found a new application area in assisting nurses and doctors in recognizing kidney injuries earlier than normal. To achieve this goal, researchers have requested data that goes beyond the way in which the renal system of more than 1.6 million patients work, something that has lead to some significative criticism regarding the abusive usage of personal information.

» More information at The Register

ImageMagick Vulnerable to Remote Code Execution

A serious 0-day vulnerability has been discovered in ImageMagick, a widely popular software tool used by a large number of websites to process user's photos, which could allow hackers to execute malicious code remotely on servers. This tool is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images.

» More information at The Hacker News

Commercial Solutions Do Not Patch the Vulnerabilities Found in Open Source Components

The proliferation of open source projects and its inclusion in commercial software fasten the deployment times and allows the development of new features. However, an study conducted by Black Duck Software has recently highlighted that up to 67% open source components used in commercial software may have unpatched vulnerabilities that would not have been corrected by the product providers.

» More information at SC Magazine

Further Reading

Pentagon Bug Bounty Program Attracts Strong Hacker Interest

» More information at eWEEK

Security Analysis of Emerging Smart Home Applications

» More information at University of Michigan

Hack a Car in Michigan, Go to Prison If New Bill Becomes Law

» More information at Computerworld