CyberSecurity Pulse 2016-06-30

CyberSecurity Pulse 2016-06-30

“As soon as you stop wanting something, you get it.”
Andy Warhol

Analyst Insight

Welcome to the United States. May We Ask You about Your Twitter Handle, Please?

Your Twitter handle may soon be part of the US Visa process as an optional new field in which foreign visitors will be able to declare part of their online presence. This new proposal submitted by the US Department of Homeland Security (DHS) to the Federal Register on Thursday would update the required entry forms with a question that will ask travelers the following: "Please enter information associated with your online presence — Provider/Platform — Social media identifier".

CyberSecurity Pulse 2016-06-30According to DHS, the social media snooping would add a new level of security to potential foreign visitors, who are already photographed, fingerprinted, and in-person interviewed, alongside numerous database checks which sometimes reveal curious misunderstandings due to false positives. "Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyse and investigate the case", says the proposal.

From a technical point of view, these kind of tools already exist as free software tools that are capable of identifying a username on a bunch of different platforms in the internet. However, problems arise for investigaror when they have to disambiguate the results to determine whether a profile is linked to a citizen or not, a harder task to accomplish when the results collected share similar ncknames or very common first names and last names. Anyway, whenever these kind of measures come to light to control those entering the country we are leaving aside other local threats that have also lead to real threats. In this sense and taking into account that the goal is to identify potential terrorist actors, to what extent is it necessary to massively collect this data taking into account the existence of suspects which are already living in the United States?

» Más información en Federal Register

Top Stories

Russia Approves Bill Requiring Decryption Backdoors

CyberSecurity Pulse 2016-06-30The surveillance laws would enlist messaging apps, social networks, and other services in providing the Federal Security Service (FSB), the successor to the KGB, with access to all communications within Russia upon request. The legislation requires Russia's telecom operators to store phone call and text message metadata for three years, and also requires phone call and text message records storage for six months. Existing Russian law supports an exhaustive surveillance system which was in fact condemned last year by the European Court of Human Rights. The court ruled that Russia's mobile communications surveillance system violates the European Convention on Human Rights.

» More information at SC Magazine UK

China Orders Apple to Monitor App Store Users and Track Their Identities

CyberSecurity Pulse 2016-06-30China has long been known for its strict control programs which make it difficult for foreign technology companies to do business in the most populous country in the world which widely surpassed the 1.35 billion people. The new law issued by the Chinese government will expand its already strict Internet monitoring efforts in the area of mobile apps, targeting operators including Apple but not Google, as it currently does not operate its app store in China. In this way, the Cyberspace Administration of China (CAC) has imposed new regulation on distributors of mobile apps that requires both app stores and app developers to keep a close eye on users and maintain a record of their activities for, at least, 60 days.

» More information at The Hacker News

Rest of the Week´s News

Variants of Cerber Ransomware Target Microsoft Office 365 Users

Variants of Cerber Ransomware are now targetting MS Office 365 email users with a massive zero-day attack that has the ability to bypass Office 365's built-in security tools. According to a report published by cloud security provider Avanan, the massive zero-day ransomware attack targeted Microsoft Office 365 users by means of spam or phishing emails carrying malicious file attachments that compromised the users' files.

» More information at Avanan

Chrome DRM Bug Makes It Easy to Download Streaming Video

Security researchers have discovered a vulnerability in the Google Chrome browser that could allow users to bypass its copy protection system and download content from streaming video services like Netflix and Amazon Prime Video. According to Wired, Google was alerted to the problem on May 24, but has not issued a patch yet.

» More information at WIRED

High-severity Bugs in Symantec Products Imperils Millions of Users

Much of the product line from Symantec contains a raft of vulnerabilities that expose millions of consumers to self-replicating attacks that can take complete control of their computers. Tavis Ormandy, a researcher in Google's Project Zero, warned about this on Tuesday: "They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible".

» More information at Symantec

Further Reading

Botnet with 25,000 Internet-connected Closed Circuit TV Devices

» More information at Ars Technica UK

Stolen Patient Records Offered for Sale on Internet

» More information at Computerworld

SWIFT Hackers Steal $10 Million From Ukrainian Bank

» More information at The Hacker News