Cybersecurity news headlines for August 1-31, 2020

Cybersecurity news headlines for August 1-31, 2020

Cybersecurity news headlines for August 1-31 2020

US President Trump has signed an executive order banning viral app TikTok; Microsoft, Walmart and Oracle are trying to buy TikTok’s US operations; and TikTok has sued the US government in response to the ban. Former Uber CSO is being charged for covering up Uber’s 2016 data breach incident. And a hacking group attempted to carry out an attack on Tesla by trying to recruit an employee. Read about this in our August edition of cybersecurity news headlines.

In no particular order, here’s what made the biggest headlines in cybersecurity in August.

US President Trump signs executive order to ban TikTok; TikTok sues US government; Microsoft, Walmart and Oracle aiming to purchase TikTok’s US operations

Barely two months after India banned TikTok, the Chinese video sharing app is again facing losing tens of millions of subscribers, this time in the US. Earlier this month, US President Donald Trump signed an executive order which bans any transactions with TikTok’s owner ByteDance. The order was signed on August 6 2020 and will go into effect 45 days after. A second order banning any relations with WeChat, another Chinese-owned app, was also signed.

Owned by Chinese company ByteDance, TikTok has gained immense popularity and has been downloaded more than 1 billion times in the four years since its release. Just in the US, TikTok has been downloaded over 175 million times. But since it has gone viral, its data collection practices and the fact that it is owned by a Chinese company has attracted a lot of negative attention from privacy enthusiasts as well as governments.

The app is facing constant accusations that it’s sharing user data with the Chinese government, despite repeatedly denying this. TikTok also claims to not have received any requests by China to share data, and says it would not comply even if it was asked. Furthermore, according to TikTok, all of its data centers are located outside China, with US user data stored in the US.

This has done little to reassure government officials that their citizen data is safe. However, TikTok is not the only one facing serious backlash. Other popular Chinese apps like WeChat are also facing a similar fate, as the Trump administration is becoming increasingly more aggressive about banning apps that belong to Chinese companies.

Tech giant Microsoft has emerged as a potential buyer of TikTok’s US operations, along with software company Oracle. However, Trump’s executive order put pressure on the proceedings, as the parties have limited time to come up with an agreement. Microsoft’s CEO Satya Nadella has met with President Donald Trump to discuss the potential acquisition earlier this month, after which the company confirmed publicly that it was considering purchasing TikTok’s US operations. Discussions between Microsoft and TikTok’s parent company ByteDance should be completed no later than by September 15, 2020.

If Microsoft was successful in purchasing TikTok’s US operations, it promised to add “world-class security, privacy and digital safety protections”, as well as delete TikTok US user data stored outside the US. The company would ensure that all TikTok US user data would be transferred and stored in the US.

Software giant Oracle is also reportedly aiming for TikTok’s US operations, as is America’s biggest retail corporation Walmart, which has teamed up with Microsoft. US President Trump has spoken in favor of Oracle purchasing the US operations, saying Oracle would be “somebody that could handle it”.

With Trump’s deadline set as September 15, the outcome should be made clear in the next couple of weeks. However, TikTok has sued the US government, which may change the situation. According to TikTok, the company has tried to engage with the US government to come up with a solution for the past year but has met resistance. The US government was reportedly not receptive to facts and has tried to insert itself into the negotiations between private businesses.

“To ensure that the rule of law is not discarded and that our company and users are treated fairly, we have no choice but to challenge the executive order through the judicial system,” TikTok has said.

Former Uber CSO charged for covering up 2016 hack

Uber’s former CSO Joe Sullivan has been charged for covering up the company’s security breach back in 2016, in which hackers were able to steal personal information of 57 million Uber customers and 600,000 Uber drivers. Sullivan, who served as chief security officer from April 2015 to November 2017, deliberately concealed a serious security breach from authorities, which the Department of Justice believes helped the hackers breach other companies.

The same hackers went on to perform successful attacks on other companies as well. In a press conference, US Attorney David Anderson said that had Uber’s security breach been reported in time, it may have helped prevent attacks on other companies.

The two hackers, now identified as Brandon Glover and Vasile Mereacre, were able to get access to Uber’s backend infrastructure and download personal data of millions of Uber users and drivers. They then contacted Sullivan via email with a sample of the stolen data and a request to pay $100,000 to essentially keep the breach quiet. Sullivan agreed to pay the requested sum after confirming that the data was indeed stolen. The payout was disguised as a reward for reporting a bug and was paid in December 2016. Uber’s then CEO Travis Kalanick gave the go-ahead for the payout.

In August 2017, Dara Khosrowshahi took over as CEO of Uber and disclosed the security breach to the public, which was followed by an investigation by the FBI. The two hackers were later arrested. The investigation also exposed Sullivan’s involvement in the cover-up.

Sullivan has been charged with obstruction of justice and misprision of a felony, and is now facing sentences of five and three years respectively.

Russian hacker’s attempt to hack Tesla fails as recruited Tesla employee reports the potential attack

A Russian national was arrested earlier this month by US authorities after attempting to recruit an employee of a US company to install malware on the company’s network. The targeted company was not initially named but was speculated to be electric car manufacturer Tesla. Tesla’s CEO Elon Musk later confirmed in a tweet that Tesla was indeed the target.

The 27-year old Russian hacker, now identified as Egor Igorevich Kriuchkov, reached out to a Tesla employee who he had met four years previously and offered money to plant malware on Tesla’s network. In addition to planting the malware, the Tesla employee was also asked to provide information about the company’s network.

During their multiple meetings, Kriuchkov disclosed to the Tesla employee that he was part of a Russia-based hacker group, which has developed malware capable of stealing data from Tesla’s network. According to Kriuchkov, the malware, which cost $250,000 to develop, would steal sensitive data and upload it to a remote server controlled by the group. The whole plan was to blackmail Tesla into paying money to not publish the data. The Tesla employee would receive $1 million. Kriuchkov also revealed that the group had performed similar attacks in the past and identified the companies affected, which all had an inside person working for the hacking group.

But unlike the employees at other companies, the Tesla employee who Kriuchkov tried to recruit notified both Tesla and the FBI after their first meeting. All proceeding meetings were recorded by law enforcement. Reportedly, because the group had carried out an attack on a different target at that time, they postponed the Tesla attack to the fall.

According to the Egor Igorevich Kriuchkov criminal complaint, a DDoS (Distributed Denial of Service) attack would have been executed as a distraction from the second attack which would have stolen the data from Tesla’s network.

Kriuchkov was arrested while trying to leave the US. He now faces up to five years in prison and a $250,000 fine.

References

Site Disclaimer

WiperSoft.com is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.

The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.

Leave a comment

Your email address will not be published.