Cybersecurity news headlines May 1-15, 2019
Cybersecurity news headlines May 1-15, 2019
In our first May edition of cybersecurity news headlines, there are three stories to report on. We discuss President Putin signing a law to disconnect Russia from the rest of the web; a Twitter bug exposing iOS users’ locations; and a WhatsApp vulnerability that allows attackers to infect devices with spyware by simply calling them.
Putin signs law to disconnect Russia from the web
According to Russian media, President Vladimir Putin has signed the legislation allowing the country’s internet to be disconnected from the wider web. The law will come into effect in November, and will aim to protect Russian internet and its services in case foreign aggressors try to cut off the country’s internet from the rest of the web. According to reports, a test of such a scenario has been carried out in the past. However, the likelihood of such an attack actually happening is slim.
In the event that Russia is disconnected from the web by foreign aggressors, Russia’s ISP will have to rely on Russia’s alternative domain system (DNS). Specialized equipment will need to be installed by ISP, and it will direct internet traffic via exchange points in Russia only. The required equipment is estimated to cost around 20.8 billion Russian rubles ($318 million), all of which will be covered by the state.
In addition to keeping Russian internet traffic in Russia, the new law will also allow Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media) to censor content much easier. While it had to have internet providers comply with its regulations in the past, Roskomnadzor would now be in charge of blocking banned content itself. In fact, some activist allege that easier censorship was the main goal. The Kremlin has denied such claims.
Twitter discloses bug that shared some iOS users’ location data
Social media giant Twitter has disclosed yet another bug, and this time it affects iOS app users. The company has admitted that they had been inadvertently collecting and sharing iOS location data with a third-party in certain circumstances.
According to Twitter, if users had used more than one account on Twitter for iOS, and one of the accounts had the precise location feature enabled, Twitter collected location data when users were using any of the other accounts, whether or not they had the feature enabled or not. The location information Twitter had accidentally collected had also been sent to Twitter’s partner “during an advertising process known as real-time bidding”. However, Twitter does note that the location data was no more precise than zip code or city (5km squared), so determining the exact location would not be possible.
The social media company claims that the third-party did not retain the information, and it has since been deleted. The bug has also been fixed, and affected users are being informed about the situation. Twitter also encourages its users to check that they are only sharing the data they want with them.
WhatsApp encourages users to update after alarming vulnerability discovery
An alarming WhatsApp vulnerability allowing attackers to inject spyware on iPhone and Android devices by simply calling them was discovered earlier this month. According to the Financial Times, an Israeli firm NSO Group, known for selling its spyware to governments, is responsible for the spyware.
Using the vulnerability in WhatsApp, attackers were able to transmit malicious code to the target’s device by simply calling it and infecting the call. The target did not need to answer the call for the spyware to be delivered, and any traces of the call would be deleted from the logs. If users did not notice the call when it was happening, the spyware could avoid detection for a while.
Because of the way it works, users could not have done anything to avoid the attack. It should be mentioned that while it’s unlikely that regular users have been affected by this, those who work in sensitive industries should be cautious. Reportedly, this method of attack was used on an attorney who is involved in a lawsuit against NSO.
An update was released soon after the vulnerability became known, and users are encouraged to install it if they have not already done so. They are also advised to update not only their apps but also devices as well.
WiperSoft.com is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.
The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.