Cybersecurity news headlines (April 15 – April 30)
We are back with April 15-30 cybersecurity news headlines. It seems the Facebook Analytica scandal has somewhat died down, or at least no major revelation has been made, but the social media giant will still be in hot waters for a while. Other stories have made headlines however, with a potential customer information theft in a bank, Twitter banning Kaspersky from advertising on the platform, Yahoo being fined for a 4 year old data breach, and companies promising to not help in government sponsored cyberattack. And in what is perhaps the most unsurprising news of all, Amazon Echo was made into a listening device. Without further ado, here are the April 15 – April 30 cybersecurity news headlines.
1.5 million customer data potentially stolen from SunTrust bank
US-based SunTrust bank has revealed that a former employee may have stolen information of approximately 1.5 million clients. The news release addressing this issue states that information such as names, addresses, phone numbers and account balances could have been exposed. However, social security numbers, account numbers, PINs, User IDs, passwords and driver’s license information was not accessed.
Law enforcement agencies have been contacted, and customers were notified as soon as it became apparent that private information has been printed for outside use.
SunTrust chairman and CEO Bill Rogers apologized for the incident, and the bank is now offering free Identity Protection for current and new customers.
“We apologize to clients who may have been affected by this. We have heightened our monitoring of accounts and increased other security measures. While we have not identified significant fraudulent activity, we will reinforce our promise to clients that they will not be held responsible for any loss on their accounts as a result,” the CEO said.
Kaspersky banned from advertising on Twitter
In an open letter to Twitter’s CEO Jack Dorsey, Kaspersky’s founder and CEO Eugene Kaspersky revealed that the cybersecurity firm has been banned from advertising on the social media platform. All major social media networks, including Twitter, Instagram and Facebook, have had a problem with Russian trolls, and the companies are being pressured by both lawmakers and the public to deal with them. Twitter has banned the said Russian trolling accounts but their efforts to better the situation do not end there. The social media giant is also employing stricter advertising rules for Russian-based organizations. Kaspersky has found itself affected by the rules as well, with Twitter citing that “Kaspersky Lab operates using a business model that inherently conflicts with acceptable Twitter Ads business practices”,thus they will not be allowed to advertise on the platform. The company may remain as an organic user.
Kaspersky Lab has been accused of having ties with the Russian intelligence agencies, which resulted in Department of Homeland Security banning all Kaspersky products on computers used by the Department of Defense. BleepingComputer reports that when a reporter contacted Twitter to inquire what the official statement regarding the ban on advertising actually meant, Twitter’s spokesperson directed them to the Department of Homeland Security directive, making it clear that Kaspersky Lab was banned from advertising due to its alleged ties with Russian intelligence agencies.
Kaspersky also promises to not advertise on Twitter in 2018, even if the ban was lifted. Instead, the year’s budged will be donated to the Electronic Frontier Foundation (EFF).
Amazon Echo turned into an eavesdropping device
In what is probably not shocking news at all, a team of researchers from cybersecurity firm Checkmarx have made it possible for Alexa to spy on users of Amazon Echo, the smart, voice activated speaker.
Generally, the speaker is in sleep mode until the user says “Alexa”, and after the user stops talking to it, it returns to sleep mode. However, by using the options available in Alexa’s software development kit (SDK), the researchers were able to make Alexa remain active after it should have returned to sleep, eavesdrop, transcribe the surrounding conversations and send them to ‘hackers’. In the demo, it was pretty obvious that Alexa was still listening after a session was supposed to end, indicated by the blue light, but it would not be that surprising if someone missed it.
As the researchers explain, they used Alexa’s SDK to create a calculator app that makes Alexa remain active after it provides an answer to a user’s question. The researchers informed Amazon of this, and the company released an Alexa update that should prevent actual hackers from doing this.
World’s largest DDoS-for-Hire service shutdown by Europol
Europol’s “Operation Power Off” has taken down WebStresser, the largest DDoS-for-hire website, which had more than 136,000 users. According to Europol, the site was responsible for over 4 million DDoS attacks carried out in the recent years. Users who had a monthly plan staring as low as €15 were able to launch a DDoS attack by using the rented stressers and booters. Users trying to access the website would now see the “This site has been seized” announcement.
The investigation was initiated by the Dutch National High Tech Crime Unit and the UK National Crime Agency, with Europol’s EC3 (European Cybercrime Centre) and the Joint Cybercrime Action Tasforce (J-CAT) as support.
In addition to shutting down the website, law enforcement said that the site administrators were arrested in United Kingdom, Croatia, Canada and Serbia. Europol also states that “further measures were taken against the top users of this marketplace in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong”.
Altaba fined $35 million for the 2014 Yahoo data breach
Unless you’ve been living under a rock, you will remember that Yahoo suffered a major breach back in 2014, with hackers taking off with the data of 500 million Yahoo users. For two years, it did not disclose the breach and did not inform the affected users that their data is in the hands of cyber criminals. In addition, the company failed to investigate the incident properly and did not inform investors of the situation. The incident was only disclosed when Yahoo was closing an acquisition deal with Verizon.
The company, now known as Altaba, has agreed to pay the $35 million fine given by US Securities and Exchange Commission (SEC) for not informing the investors of the breach. According to SEC, Yahoo’s decisions were “so lacking” that a fine was necessary.
Altaba is not fined for its dubious security practices or not informing the affected users, however. SEC has issued the company a fine because investors were not made aware of what happened until two years later.
Tech firms, including Microsoft, Facebook, sign accord pledging to not assist in government cyber attacks
In response to the recent cyber attacks, particularly the WannaCry and NotPetya, 34 tech firms have signed an accord, vowing to not help governments perform cyberattacks. The Cybersecurity Tech Accord pledges to protect all customers regardless of nationality, geography or attack motivation. The accord was signed on April 17, 2018, and includes big companies such as Cisco, Facebook, Microsoft, Nokia, Oracle, Trend Micro, Symantec and HPE among the 34.
The companies which signed the accord made commitments in four areas:
Stronger defense – the companies pledge to protect customers globally regardless of the motivation for the attack.
No offense – the companies will not participate in government launched cyber attacks against innocent citizens and enterprises. They will also ensure that their products and services cannot be exploited.
Capacity building – the companies will help empower developers, as well as the people and businesses using their products, assisting them in improving their capacity for protecting themselves.
Collective action – the companies will build on existing partnerships and create new formal and informal partnerships with industry, civil society and security researchers in order to improve technical collaboration, coordinate vulnerability disclosures, share threats and minimize the possibility of malicious code being introduced into the cyberspace.
“The companies will not help governments launch cyberattacks against innocent citizens and enterprises, and will protect against tampering or exploitation of their products and services through every stage of technology development, design and distribution,” the accord says.
It should be noted that some major players, particularly Apple, Amazon, Twitter and Google, are absent from the list of signed companies.
WiperSoft.com is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.
The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.