WebProNews

Category: CybersecurityUpdate

CybersecurityUpdate

  • Shipping Scams Up 440% Amid Record Online Shopping

    Shipping Scams Up 440% Amid Record Online Shopping

    Shipping scams are up a whopping 440% as online shopping hits new records amid the pandemic.

    The coronavirus pandemic has changed how people are doing their holiday shopping, with many opting for online outlets rather than in-person options. Never too far behind any trend, scammers are seeing a potential gold mine.

    According to Check Point Software Technologies, a firm specializing in cybersecurity, scammers are trying to trick shoppers into divulging sensitive information. The scammers are impersonating shipping companies, such as Amazon, DHL and Fedex, to get people to lower their guard.

    Unlike classic phishing emails that are designed to lure people into giving personal details, credit card info or bank account credentials, these emails are specifically impersonating shipping vendors with different versions of fake messages reporting a “delivery issue” or “Track your shipment” details.

    All are trying to lure the recipients to submitting details and stealing credentials or financial data. We believe hackers have specifically chosen this vector in November, as they know that large numbers of online shoppers are waiting for their packages to arrive and are more attentive to shipping-related emails while they may be more aware of more traditional e-commerce related fraud and phishing attempts.

    Check Point recommends basic security precautions, such as never giving credentials over email, verifying that any links include the correct domain and not a lookalike, being suspicious of an email that seems overly pushy, as well as any that contain spelling and grammatical errors.

  • NSA Warning of On-Premise to Cloud Attacks

    NSA Warning of On-Premise to Cloud Attacks

    The National Security Agency is warning of attacks that target the local network and ultimately compromise organizations’ cloud resources.

    As companies migrate to the cloud, improved security is one of the top selling points. While that is generally true, many security processes need to be reworked to account for cloud computing. This is especially true as many cloud systems and platforms are designed to interoperate with each other.

    One security measure that has become popular is federated single sign-on (SSO). SSO is a way for an individual to use a single set of credentials to log into any number of authorized applications and services. Federated SSO advances that concept to allow a user to log into services across networks and platforms with the same trusted credentials.

    Unfortunately, hackers appear to be using federated SSOs to escalate attacks from compromised local networks to cloud resources.

    The NSA has documented two such type of attacks:

    In the first TTP, the actors compromise on-premises components of a federated SSO infrastructure and steal the credential or private key that is used to sign Security Assertion Markup Language (SAML) tokens (TA00061, T1552, T1552.004). Using the private keys, the actors then forge trusted authentication tokens to access cloud resources. A recent NSA Cybersecurity Advisory warned of actors exploiting a vulnerability in VMware Access®2 and VMware Identity Manager®3 that allowed them to perform this TTP and abuse federated SSO infrastructure. While that example of this TTP may have previously been attributed to nation-state actors, a wealth of actors could be leveraging this TTP for their objectives. This SAML forgery technique has been known and used by cyber actors since at least 2017.

    In a variation of the first TTP, if the malicious cyber actors are unable to obtain an on-premises signing key, they would attempt to gain sufficient administrative privileges within the cloud tenant to add a malicious certificate trust relationship for forging SAML tokens.

    In the second TTP, the actors leverage a compromised global administrator account to assign credentials to cloud application service principals (identities for cloud applications that allow the applications to be invoked to access other cloud resources). The actors then invoke the application’s credentials for automated access to cloud resources (often email in particular) that would otherwise be difficult for the actors to access or would more easily be noticed as suspicious (T1114, T1114.002).

    The NSA’s document contains migration techniques and should be read immediately by all systems admins.

  • TikTok Sending Job Applicant Personal Data to China

    TikTok Sending Job Applicant Personal Data to China

    TikTok has experienced another embarrassing privacy issue, with the revelation it is sending the personal data of job applicants to China.

    TikTok was on the receiving end of ire from the US over its privacy practices and the perception it represents a threat to national security. The company even faced a lawsuit by an individual claiming the platform was sending photos and videos to Chinese servers without her permission, even without her signing up for an account.


    The company has gone to great lengths to distance itself from those accusations, and tried to prove its independence from its owner, Chinese company ByteDance.

    According to Business Insider, however, the company was routing personal information from job applications through servers in China. What’s worse, the data was “potentially highly sensitive, with the firm’s own policies stating that it collects medical data; sex and race data; marital status; geolocation data, among many other categories.” Adding to the issue, TikTok did not inform applicant’s their data would be routed through China.

    After Business Insider approached TikTok, the company said it will end the practice. Nonetheless, this is an embarrassing lapse for company that seems to go from one embarrassing privacy and security incident to another.

  • Signal Adds Encrypted Group Calls

    Signal Adds Encrypted Group Calls

    Signal has added a major new feature, giving users the ability to engage in encrypted groups calls.

    Signal is the most secure messaging app on the planet, offering end-to-end encryption and a level of security other platforms can’t match. As a result, Signal is the preferred communication platform of choice for the EU Commission, the US Senate and some military units.

    In spite of its security features, Signal has lagged behind competitors in convenience options and raw features, something the company has been working to rapidly address.

    The latest feature is a big step in that direction, adding group calling abilities. While the feature is currently limited to 5 participants, once a group call is started, members of the group can come and go at will.

    “Now when you open a group chat in Signal, you’ll see a video call button at the top. When you start a call, the group will receive a notification letting them know a call has started,” the company wrote in a blog post.

    “When you start or join a group call, Signal will display the participants in a grid view. You can also swipe up to switch to a view that automatically focuses the screen on who is speaking, and it will update in real time as the active speaker changes.”

    The company emphasizes that “group calls are free, private, and end-to-end encrypted.”

    Group calls are an important feature that helps Signal on par with competing products, like Apple iMessage and WhatsApp. The fact that Signal has added this feature while providing the same high degree of security is a big win for consumers.

  • Organizations Compromised in SolarWind Supply Chain Attack

    Organizations Compromised in SolarWind Supply Chain Attack

    FireEye has uncovered a sophisticated intrusion campaign against government and corporate organizations, using a supply chain attack.

    Supply chain attacks are one of the most sophisticated types of hacks in existence. While many hacks rely on convincing a target to download malicious software, a supply chain attack involves inserting malicious code in legitimate software before it’s distributed to customers, hence attacking the software supply chain.

    The attack in question uses a compromised update to SolarWind’s Orion IT monitoring and management software, with FireEye calling the compromised version “SUNBURST.” The trojanized version is incredibly sophisticated, using various methods to avoid detection, all the while communicating with third-party servers.

    “After an initial dormant period of up to two weeks, it retrieves and executes commands, called “Jobs”, that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services,” writes FireEye’s team. “The malware masquerades its network traffic as the Orion Improvement Program (OIP) protocol and stores reconnaissance results within legitimate plugin configuration files allowing it to blend in with legitimate SolarWinds activity. The backdoor uses multiple obfuscated blocklists to identify forensic and anti-virus tools running as processes, services, and drivers.”

    The trojan has enabled hackers to monitor email communications at the US Treasury and Commerce departments, according to Reuters. FireEye says victims have also “included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East.” Since the attack is actively in progress, FireEye suspects there will be additional victims as well.

    To mitigate the attack, “SolarWinds recommends all customers immediately upgrade to Orion Platform release 2020.2.1 HF 1, which is currently available via the SolarWinds Customer Portal. In addition, SolarWinds has released additional mitigation and hardening instructions here.”

    If an organization is not able to update, FireEye has outlined additional mitigation steps that should be taken.

  • Security Firm FireEye Details Hack, State-Sponsored Attack

    Security Firm FireEye Details Hack, State-Sponsored Attack

    Security firm FireEye is the latest victim of a cyberattack, and likely the victim of a state-sponsored attack.

    FireEye is one of the leading cybersecurity firms, providing consulting, services, software and hardware to customers. The company has been involved in detecting and fighting multiple high-profile attacks. Its history and expertise make the news it was attacked all the more concerning.

    CEO Kevin Mandia outlined the attack in a blog post:

    Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities. This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.

    Mandia says the attackers used some of the company’s Red Team tools that FireEye uses to test its customers’ security. As a result, FireEye is releasing the necessary information for customers to mitigate the threat those tools now pose.

    We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools.

    FireEye is working with the FBI and Microsoft to investigate the incident. Nonetheless, the fact that the attackers are using methods the company has never seen before is not very encouraging for the cybersecurity industry.

  • Cloudflare, Apple and Fastly Create Improved, Private DNS

    Cloudflare, Apple and Fastly Create Improved, Private DNS

    Engineers from Cloudflare, Apple and Fastly have worked together to create an improved DNS protocol that protects user privacy.

    DNS is the backbone of the internet, responsible for mapping domain names (such as WebProNews.com) to the IP addresses where the site and its content resides. Unfortunately, because the internet was conceived and designed at a time when security was not a big concern, DNS queries are sent in clear text. This means it is relatively easy to intercept DNS traffic and see what site a person is trying to reach, as well as the IP address of the device they’re using.

    There have been attempts to address this security issue, including DNS over HTTPS (DoH) and DNS over TLS (DoT). Both of these upgrades, however, rely on an ISP, or similar company, responsible for resolving the DNS queries. As a result, there is still a potential trust issue, as the DNS resolving entity can still see the DNS queries.

    This is where Cloudflare, Apple and Fastly’s work comes into play. The three companies have announced the creation a new protocol: Oblivious DNS over HTTPS (ODoH). This new protocol is designed to separate the client from the DNS resolver, providing total privacy and anonymity.

    “ODoH is a revolutionary new concept designed to keep users’ privacy at the center of everything,” says Michael Glynn, Vice President, Digital Automated Innovation, PCCW Global. “Our ODoH partnership with Cloudflare positions us well in the privacy and ‘Infrastructure of the Internet’ space. As well as the enhanced security and performance of the underlying PCCW Global network, which can be accessed on-demand via Console Connect, the performance of the proxies on our network are now improved by Cloudflare’s 1.1.1.1 resolvers. This model for the first time completely decouples client proxy from the resolvers. This partnership strengthens our existing focus on privacy as the world moves to a more remote model and privacy becomes an even more critical feature.”

    ODoH is an important step forward in privacy and security, and will hopefully see fast and widespread adoption.

  • TikTok Gains Reprieve Judge As Judge Blocks Ban

    TikTok Gains Reprieve Judge As Judge Blocks Ban

    The deadline for ByteDance to complete the sale of TikTok has come and gone, but a judge has blocked the ban, giving the company more time.

    The Trump administration labeled TikTok a security and privacy threat, threatening to ban it unless ByteDance sold its US operations to an American company. A date was set for the ban, although Oracle—partnered with Walmart—quickly emerged as the buyer.

    The deal almost immediately ran into issues, however, as Oracle was only buying a 20% stake in the company, not the full ownership Trump had wanted. At the same time, China changed its export rules to block selling what it deemed sensitive technology, including the algorithm that forms the backbone of the social media platform.

    To make matters worse, TikTok accused the government of not communicating with it, despite repeated attempts to meet the administration’s demands. This led the Commerce Department to signal it would not move to enforce the ban immediately.

    Now a judge has stepped in to ensure TikTok’s ban won’t go into effect. According to CNET, District Judge Carl Nichols said the government had “likely overstepped” its authority in its attempts to ban TikTok.

    While the Commerce Department said it will cooperate with the judge’s order, it is now saying it will “vigorously defend” the ban.

  • Huawei Willing to Meet Any Demand From Swedish Government

    Huawei Willing to Meet Any Demand From Swedish Government

    Huawei has signaled it is willing to meet any demand the Swedish government may impose to avoid being banned from the country’s 5G networks.

    Huawei is under increased pressure globally as multiple countries implement bans and restrictions on the Chinese telecoms firm. While the US originally spearheaded the campaign to isolate and restrict Huawei, claiming the company poses a national security threat, other countries have arrived at the same conclusion.

    Australia, New Zealand, Japan and Romania have banned Huawei from their networks, while the UK implemented a ban under pressure from the US. Sweden implemented a ban of their own, on both Huawei and ZTE, over the same kind of concerns the US has cited. Huawei challenged the ban in court and won a temporary reprieve, as the courts ordered the Swedish Post and Telecom Authority to delay its spectrum auction to allow more time for the matter to be resolved.

    Huawei is determined to get back in Sweden’s good graces, and is willing to do whatever it takes according to Reuters.

    “We are even willing to meet extraordinary requirements, such as setting up test facilities for our equipment in Sweden, for example, if they want to,” Kenneth Fredriksen, Huawei’s Executive Vice President, Central East Europe and Nordic Region, told Reuters.

    “We are now in the middle of the court process, but we are willing to have pragmatic discussions.”

    It remains to be seen if Huawei’s overtures will be successful, especially since Sweden’s ban was based on analysis by the country’s military and security experts.

  • Trump Administration May Restrict Global Cloud Computing Companies

    Trump Administration May Restrict Global Cloud Computing Companies

    The White House is considering an executive order that would limit how cloud computing companies can operate internationally.

    Cloud computing has experienced meteoric growth since the coronavirus pandemic, as companies have migrated workflows to the cloud in order to support a remote workforce. With the rise in popularity, however, security risks have become more of a factor.

    There is additional cause for concern when domestic cloud providers partner with providers in a foreign country—especially providers in countries such as China, that have a reputation for state-sponsored hacking.

    As a result, according to POLITICO , the White House is preparing an executive order that would give the Commerce Department the authority to “prohibit U.S. cloud providers from partnering with foreign cloud companies that offer safe haven to hackers and give the Commerce secretary the ability to ban those foreign providers from operating in the U.S.”

    Should the White House move forward with the executive order, it will no doubt ratchet up the trade war with China, and may result in further retaliation.

  • Twitter Updates Two-Factor Authentication to Secure Accounts

    Twitter Updates Two-Factor Authentication to Secure Accounts

    Twitter has updated its two-factor authentication, making it easier for users to secure accounts.

    Twitter has suffered a number of embarrassing security issues, including hackers who have targeted celebrity and high-profile accounts. Twitter’s latest security features and upgrade to two-factor authentication are designed to help shore up security.

    Once two-factor authentication is enabled, users will be able to use a temporary password to log in via their mobile devices or third-party applications.

    After you enable two-factor authentication for your account via twitter.com, you’ll need to use a temporary password to log in to Twitter on other devices or applications that require you to enter your Twitter password; you will not be able to log in using your usual username and password combination. If we detect you will need a temporary password to log in, we will send one via SMS text message to your phone. Alternatively, you can generate your own temporary password.

    While adding a layer of complexity, the new security features should go a long way toward protecting accounts.

  • UK Bans Huawei Equipment Installation Starting September

    UK Bans Huawei Equipment Installation Starting September

    UK has announced carriers must stop installing Huawei equipment by September 2021, as it ramps up its ban.

    Despite US pressure, the UK initially resisted calls to ban Chinese firm Huawei from its 5G networks. Eventually, however, the UK government reversed course, ruling that all Huawei equipment must be removed from the country’s 5G networks by the end of 2027. Companies had been prohibited from purchasing new equipment after the end of 2020, however. Despite that, lawmakers were concerned companies would stockpile equipment before the purchasing deadline, allowing them to continue using it until the ban went into full effect at the end of 2027.

    To help prevent that from happening, the UK government has now said telecom carriers may not install any new Huawei equipment after September 2021.

    “Today I am setting out a clear path for the complete removal of high risk vendors from our 5G networks,” said Digital Secretary Oliver Dowden. “This will be done through new and unprecedented powers to identify and ban telecoms equipment which poses a threat to our national security.”

    Secretary Dowden also emphasized the importance of no longer being dependent on just a few vendors.

    “We are also publishing a new strategy to make sure we are never again dependent on a handful of telecoms vendors for the smooth and secure running of our networks. Our plans will spark a wave of innovation in the design of our future mobile networks.”

  • Sophos Suffers Data Exposure Incident

    Sophos Suffers Data Exposure Incident

    Security firm Sophos has informed customers it suffered a data breach as a result of a misconfigured database.

    According to ZDNet, customers’ personal information was exposed, including names, emails and phone numbers. The company informed impacted customers via email, which ZDNet got a copy of.

    On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support.

    The company confirmed the breach to ZDNet, saying that only a “small subset” of its customers were impacted. Nonetheless, this is the second major security issue this year for Sophos, a major source of embarrassment for a company in the business of providing computer security to its customers.

    The company tried to assure customers it was doing everything it could to address the issue.

    At Sophos, customer privacy and security are always our top priority. We are contacting all affected customers,” the company said. “Additionally, we are implementing additional measures to ensure access permission settings are continuously secure.

  • FCC Upholds ZTE’s ‘National Security Threat’ Status

    FCC Upholds ZTE’s ‘National Security Threat’ Status

    The Federal Communications Commission has denied ZTE’s request to reconsider the decision to label it a national security threat.

    ZTE, along with Huawei, has been labeled a threat to national security over security and espionage concerns. ZTE and Huawei are believed to open the door for Beijing’s spying efforts, through their telecom equipment.

    “We cannot treat Huawei and ZTE as anything less than a threat to our collective security,” FCC Commissioner Brendan Carr stated when the FCC initially labeled the two companies. As a result of the decision, companies are unable to use federal funds to buy, maintain or support equipment from ZTE or Huawei, providing a major incentive to use equipment from other companies.

    There appears to be no relief in sight for ZTE, as the FCC has upheld its initial decision after the its Public Safety and Homeland Security Bureau found no sound basis to reconsider.

    “With today’s order, we are taking another important step in our ongoing efforts to protect U.S. communications networks from security risks,” said FCC Chairman Ajit Pai. “At the next Open Meeting on December 10, the Commission will vote on rules to implement the Secure and Trusted Communications Networks Reimbursement program to help carriers remove and replace untrusted equipment from their networks, months before the statutory deadline. Now it is more vital than ever that Congress appropriate funds so that our communications networks are protected from vendors that threaten our national security.”

  • AWS Network Firewall Unveiled to Help Protect VPCs

    AWS Network Firewall Unveiled to Help Protect VPCs

    AWS has unveiled the AWS Network Firewall in an effort to help customers protect their cloud-based virtual networks.

    AWS is currently the top cloud platform, with 31% of the cloud computing market. One of AWS’ biggest strengths is the breadth and depth of services the platform offers.

    The company is building on that with its latest announcement, AWS Network Firewall, “a high availability, managed network firewall service” for virtual private clouds (VPC). The new service complements the other firewall capabilities AWS currently provides, such as “Security Groups to protect Amazon Elastic Compute Cloud (EC2) instances, Network ACLs to protect Amazon Virtual Private Cloud (VPC) subnets, AWS Web Application Firewall (WAF) to protect web applications running on Amazon CloudFront, Application Load Balancer (ALB) or Amazon API Gateway, and AWS Shield to protect against Distributed Denial of Service (DDoS) attacks.”

    The AWS Network Firewall can be setup with just a few clicks, and the company touts its ability to scale as needed, eliminating the need to manage additional infrastructure.

    “With AWS Network Firewall, you can implement customized rules to prevent your VPCs from accessing unauthorized domains, to block thousands of known-bad IP addresses, or identify malicious activity using signature-based detection,” writes Channy Yun is a Principal Developer Advocate for AWS. “AWS Network Firewall makes firewall activity visible in real-time via CloudWatch metrics and offers increased visibility of network traffic by sending logs to S3, CloudWatch and Kinesis Firehose. Network Firewall is integrated with AWS Firewall Manager, giving customers who use AWS Organizations a single place to enable and monitor firewall activity across all your VPCs and AWS accounts. Network Firewall is interoperable with your existing security ecosystem, including AWS partners such as CrowdStrike, Palo Alto Networks, and Splunk. You can also import existing rules from community maintained Suricata rulesets.”

    The news is a welcome addition to AWS’ cybersecurity services and will help customers keep their VPCs even safer.

  • GoDaddy In Hot Water After Employees Help Hackers

    GoDaddy In Hot Water After Employees Help Hackers

    GoDaddy is once again in the news for all the wrong reasons after employees were tricked into helping hackers take over domains.

    This latest attack targeted a number of cryptocurrency services, and relied on “social engineering” to convince GoDaddy employees to hand over control of the target companies’ domain names. Mike Kayamori, CEO of Liquid, described the attack:

    On the 13th of November 2020, a domain hosting provider “GoDaddy” that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.

    Kayamori said the company believes all client funds and digital wallets are secure, although personal information was compromised, including names, emails and encrypted passwords.

    Although there does not appear to be any statement on GoDaddy’s website acknowledging the breach, the company issued a statement to Engadget, confirming that a “limited number” of its employees had fallen for “social engineering” tactics resulting in unauthorized changes to customers accounts and domains.

    This is a huge embarrassment for GoDaddy, especially since the company was victim of a similar attack that impacted Escrow.com back in March.

  • Twitter Hires Famed Hacker ‘Mudge’ to Oversee Security

    Twitter Hires Famed Hacker ‘Mudge’ to Oversee Security

    As it continues to deal with security issues and misinformation, Twitter has hired Peiter Zatko, known as Mudge, as head of security.

    Twitter has dealt with a number of embarrassing security breaches and issues over the last few years. In addition, the platform has struggled to deal with the type of misinformation that has plagued social media platforms.

    To help address these challenges, the company has hired famed hacker Peiter Zatko to fill the new role of head of security. Zatko was one of the leaders of famous hacking group Cult of the Dead Cow. He also worked on some of Google’s special projects and served as a program manager at DARPA.

    According to CNBC, Zatko will report to CEO Jack Dorsey and will examine “information security, site integrity, physical security, platform integrity — which starts to touch on abuse and manipulation of the platform — and engineering.”

    Zatko confirmed the news in a Twitter (appropriately) post:

    While Twitter continues to face significant challenges moving forward, some experts are already praising Zatko’s hiring.

    “I don’t know if anyone can fix Twitter’s security, but he’d be at the top of my list,” said Dan Kaufman, who supervised Zatko at DARPA, via CNBC.

  • Companies Estimate Five Days to Recover From Unpaid Ransomware

    Companies Estimate Five Days to Recover From Unpaid Ransomware

    Some 66% of companies believe it would take them at least five days to recover from an unpaid ransomware attack, according to a new survey.

    Ransomware has become one of the most popular and lucrative types of cyber attacks in recent years, with companies of all types and sizes falling victim. Government, non-profits and healthcare organizations have increasingly been in the crosshairs as well. In fact, the first confirmed ransomware death occurred when a hospital in Germany was hit in September.

    One of the biggest challenges many organizations face is the whether to pay or try to recover on their own from an attack. According to data firm Veritas’ 2020 Ransomware Resiliency Report, 66% of companies estimate it would take at least five days to recover from an attack if they chose not to pay the ransom.

    As ransomware attackers continue to deploy more effective and potentially devastating means of holding companies’ data and workloads ransom, the time for enterprises to act is now. They need to immediately assess their resiliency approach and make their backup and disaster recovery processes more robust, no matter where their data and applications are hosted, so they can more confidently pursue their hybrid multicloud strategy.

    The full report is worth a read, and illustrates the need for companies to continue to improve their ransomware resiliency.

  • Microsoft Unveils Pluton: A New Security Chip For Windows PCs

    Microsoft Unveils Pluton: A New Security Chip For Windows PCs

    Microsoft has unveiled Pluton, a new security chip designed to improve the security of Windows PCs.

    As threats from hackers and bad actors increase, and as more companies rely on remote work and cloud-based technologies, companies are working harder than ever to secure devices and systems. Microsoft’s latest announcement is a big step in that direction.

    The company has announced its new security chip, Pluton, that applies lessons from Xbox and Azure Sphere, bringing them to the Windows PC. The new chip was designed in cooperation with AMD, Intel and Qualcomm.

    This chip-to-cloud security technology, pioneered in Xbox and Azure Sphere, will bring even more security advancements to future Windows PCs and signals the beginning of a journey with ecosystem and OEM partners.

    The new chip is a substantial improvement over the existing Trusted Platform Module (TPM). Because the TPM is a separate hardware component, hackers have been targeting communication between the TPM and the CPU. Pluton addresses that by being integrated directly into the CPU.

    The Pluton design removes the potential for that communication channel to be attacked by building security directly into the CPU. Windows PCs using the Pluton architecture will first emulate a TPM that works with the existing TPM specifications and APIs, which will allow customers to immediately benefit from enhanced security for Windows features that rely on TPMs like BitLocker and System Guard. Windows devices with Pluton will use the Pluton security processor to protect credentials, user identities, encryption keys, and personal data. None of this information can be removed from Pluton even if an attacker has installed malware or has complete physical possession of the PC.

    Pluton promises to be a substantial step toward increased security for Windows PCs, and will hopefully see rapid deployment.

  • Huawei Throws In the Towel, Decides to Sell Smartphone Business

    Huawei Throws In the Towel, Decides to Sell Smartphone Business

    Huawei is selling its Honor line of smartphones in the midst of crippling sanctions by the US government.

    The US has been waging a campaign to isolate Huawei, painting the company as a threat to national security. While all Chinese companies are required to cooperate with the Chinese government, Huawei is believed to have stronger ties with military and intelligence officials than many companies. As a result, US officials have accused the company of being part of Beijing’s spying apparatus, a claim Huawei has vehemently denied.

    Despite the denials, the US has banned Huawei and pressured its allies to do the same. The UK, Australia and New Zealand have instituted similar bans, as have a number of other countries around the world. The US also used the Entity List and Foreign Direct Product Rule to cut Huawei from its suppliers, specifically TSMC, which manufactured Huawei’s line of smartphone chips. The company was forced to work out a deal with Qualcomm, with the latter receiving an exception to sell 4G chips to Huawei.

    It appears those measures were not enough to stave off disaster, as Huawei is selling Honor to salvage the smartphone unit. According to The Houston Chronicle, the buyers are a group of 40 Chinese companies, including a number of retailers that carry Honor. The deal is reportedly worth as much as $15 billion and will leave Huawei with no ownership stake in the smartphone line.

    It remains to be seen if this will result in sanctions being lifted.

  • Vertafore Data Breach Exposed 28 Million Texas Driver’s License Records

    Vertafore Data Breach Exposed 28 Million Texas Driver’s License Records

    Vertafore has acknowledge a data breach that has exposed the driver’s license records of some 28 million Texans, thanks to unsecured files.

    Vertafore is a company that serves the insurance industry, helping companies keep up with technology and the changing demands of the market. One of Vertafore’s key features is its ability to help agencies “unlock the power of data to drive growth.”

    Unfortunately for 28 million Texas drivers, Vertafore didn’t do enough to protect the data it had access to. According to the company’s announcement, three data files were left unsecured on an external storage service and accessed by unauthorized parties.

    The information contained pre-February 2019 driver information, including “Texas driver license numbers, as well as names, dates of birth, addresses and vehicle registration histories.” The data files did not contain Social Security numbers or financial information.

    Vertafore has since secured the files, launched an investigation, hired an experienced consulting firm and is working with law enforcement. Despite their efforts at damage control, this is just the latest incident that demonstrates the challenges inherent with a data-driven society.