November 22, 2016

Cloud Security Weekly #41

This week: Troubling news for privacy advocates as UK govt gets new powers, Symantec gets into the identity space, Android phones with hidden backdoors, and Michigan State University has their database breached. Registrations are also open for RSA 2017, being held in San Francisco this coming February.

UK govt. close to getting powerful surveillance power

After more than 12 months of debate, jostling and a healthy dose of criticism, the United Kingdom's new surveillance regime is set to become law. Both the House of Lords and House of Commons have now passed the Investigatory Powers Bill – the biggest overhaul of surveillance powers for more than a decade. It is likely to be given Royal Assent by the end of 2016. The bill forces internet companies to keep records on their users for up to a year, and allows the Government to force companies to hack into or break things they’ve sold so they can be spied on. It has been fought against by privacy campaigners and technology companies including Apple and Twitter, with Tim Berners-Lee tweeting "Dark, dark days". In this piece Wired UK explains how the laws will affect people - whether they're from the UK or not. In another bill officially announced today, the UK government also plans to force ISPs to block the vague category of "adult" websites who fail to take appropriate age verification measures.
wired.co.uk

Symantec buys anti-ID fraud firm LifeLock for $2.3 billion

Symantec plans to buy LifeLock, an identity-theft protection service, for $2.3 billion, and the deal is expected to close in the first quarter of 2017 pending regulatory approval. LifeLock says it provides "proactive identity theft protection services for consumers and consumer risk management services for enterprises." Among other things, it apparently alerts users to unauthorised identity access by monitoring new account openings and credit applications, while it also trains police, government, merchants, and NGOs in identity protection techniques. Symantec is taking on $750 million in new debt to finance the purchase, which follows its acquisition in August of cloud access security broker Blue Coat for $4.65 billion.
arstechnica.com

Slack's syscall auditing at scale

If you're a technical person, you may want to check out the Linux monitoring tool Slack's security team have just open sourced. Ryan Huber explains: "We saw a lot of potential uses for the data we could get from auditd, but needed a way to run this at scale. We developed the project go-audit as a replacement for the userspace part of auditd". Its goal is to be fast, safe, and non-blocking. Slack monitor thousands of hosts with this setup, and pump the output to their ElasticSearch cluster. Interesting stuff!
slack.engineering

Second Chinese firm found hiding backdoor in firmware of Android devices

Security researchers have discovered that third-party firmware included with over 2.8 million low-end Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the target's phone with root privileges. The backdoor hides itself from the OS, runs as root, and isn't encrypted so attackers can be on the local network or remote. Researchers say they discovered the issue after one of their researchers bought a BLU Studio G smartphone from Best Buy. This is the second issue of its kind that came to light this week after researchers discovered a similar secret backdoor in another Chinese firm's devices.
bleepingcomputer.com

Michigan State University has 400,000 student and staff records breached

Michigan State University has announced on Friday that a university server and a database containing information on some 400,000 faculty, staff and students has been accessed by a unauthorised third party. The database contains names, social security numbers, IDs, and in some cases, date of birth of faculty, staff and students who were employed by MSU between 1970 and Nov. 13, 2016, and students who attended MSU between 1991 and 2016. MSU has stated that only 449 records were accessed.
helpnetsecurity.com

In Brief

That's all for this week. Feel free to send through any feedback or links, and forward this to your friends and colleagues!

Cheers,
Nick

If you want to get this news delivered weekly to you inbox sign up here:
Sign Up For Cloud Security Weekly
YOU MAY ALSO BE INTERESTED IN

The future of authentication

Today I’m excited to announce a deal that we have been working on for the past few months and how that will impact the future of contextual ...

Introducing custom security rules

For the past few years we’ve been working hard to create a plug and play adaptive risk engine. We designed our core service using a mix of b ...