Deepfakes and the 2020 United States election: missing in action?

If you believe reports in the news, impending deepfake disaster is headed our way in time for the 2020 United States election. Political intrigue, dubious clips, mischief and mayhem were all promised. We’ll need to be careful around clips of the President issuing statements about being at war, or politicians making defamatory statements. Everything is up for grabs, and in play, or at stake. Then, all of a sudden…it wasn’t.

BrandPost: Episode 13: Serving up a risk management culture at McDonald’s

In addition to being the largest fast food restaurant in the world, McDonald’s is also one of the world’s largest employers, real estate companies, and toy companies, thanks to the Happy Meal. It has also been transitioning into a tech company over the past several years, introducing a mobile app, kiosk systems, and digital menu boards, and investing in a data analytics company, a mobile tech company, and a voice analytics company. For CISO Tim Youngblood that means driving a framework for understanding and managing risk, and building a risk-aware culture at the fast food giant. Tune in to learn how he approaches risk management and how he believes the pandemic changed the security landscape.

Qualys Policy Compliance Plugin for Jenkins Now Available

Various factors may introduce vulnerabilities in a product during its lifecycle, resulting in a drift from the required compliance status. Hence, it is of utmost importance that security is baked into the product at every stage of development and possibilities of security gaps are ruled out. CI/CD integration in the product lifecycle establishes a consistent and automated way to build, package, and test applications; thereby, ensuring that the security parameters are a part of each delivery.

Thwarting Malware Attacks with Bitglass

As more and more data is stored in the cloud and companies enable BYOD and remote work, comprehensive threat protection against known and zero-day malware becomes a critical need. Unfortunately, even some of the largest organizations have fallen victim to today’s threats. From operation-disrupting ransomware to viruses that steal sensitive information, there is much that can go wrong. Fortunately, through modern security measures designed for transforming IT ecosystems, organizations can prevent malware attacks and their ramifications that consume time, money, and end up destroying brand reputation. 

GravityRAT: The spy returns

In 2018, researchers at Cisco Talos published a post on the spyware GravityRAT, used to target the Indian armed forces. The Indian Computer Emergency Response Team (CERT-IN) first discovered the Trojan in 2017. Its creators are believed to be Pakistani hacker groups. According to our information, the campaign has been active since at least 2015, and previously targeted Windows machines. However, it underwent changes in 2018, with Android devices being added to the list of targets.

Privacy Advocates Alarmed By Singapore’s World-First Face-Scanning Plans

“Singapore will become the world’s first country to use facial verification in its national ID scheme, but privacy advocates are alarmed by what they say is an intrusive system vulnerable to abuse,” reports AFP: Face scanning technology remains controversial despite its growing use and critics have raised ethical concerns about it in some countries — for instance, law enforcement agencies scanning crowds at large events to look for troublemakers. Singapore authorities are frequently accused of targeting government critics and taking a hard line on dissent, and activists are concerned about how the face scanning tech will be used. “There are no clear and explicit restraints on government power when it comes to things like surveillance and data gathering,” said Kirsten Han, a freelance journalist from the city. “Will we one day discover that this data is in the hands of the police or in the hands of some other agency that we didn’t specifically give consent for?”

Those behind the Singapore scheme stress facial verification is different to recognition as it requires user consent, but privacy advocates remain sceptical. “The technology is still far from benign,” Privacy International research officer Tom Fisher told AFP. He said systems like the one planned for Singapore left “opportunities for exploitation”, such as use of data to track and profile people.

Infosec Teams Must Act And Think Differently To Combat Adversaries

The growth in widespread, sophisticated attacks

I have been following, with interest, the attacks on the Australian Government which have led to quite a bit of publicity and debate around who the culprits are behind the cyberattacks. Australian Prime Minister, Scott Morrison, confirmed the attacks were widespread across “all levels of government” including in essential services and businesses. In July, he announced that $1.35 billion in existing defence funding would be spent over the next decade to boost the cybersecurity capabilities of the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC). Additionally, the Federal Government wants to create more than 500 new jobs in its highly secretive cyber intelligence agency as part of what its calling Australia’s largest-ever investment in cybersecurity. Organisations and governments are under incredible pressure during the outbreak of COVID-19, and many nation-state actors have seen this as a perfect crisis to exploit.

Experts Reacted On News: British Airways Fined £20m For Data Breach

British Airways has been fined £20m for failing to protect the personal and financial details of more than 400,000 customers, according to Business Live. This follows an investigation by the Information Commissioner’s Office (IC)) after the airline was the subject to a cyber-attack, which it did not detect for more than two months, in 2018. The attacker is believed to have potentially accessed the personal data of approximately 429,612 customers and staff, including names, addresses, payment card numbers, and CVV numbers of 244,000 BA customers. ICO investigators found that BA did not detect the attack on 22 June 2018 themselves but were alerted by a third party more than two months afterward on 5 September. Once they became aware BA acted promptly and notified the ICO. Although this fine is the biggest issued by the ICO to date, it is still just a fraction of the £183 million fine the organisation originally said it intended to issue in 2019.

Three npm Packages Opened Remote-Access Shells on Linux and Windows Systems

“Three JavaScript packages have been removed from the npm portal on Thursday for containing malicious code,” reports ZDNet.

“According to advisories from the npm security team, the three JavaScript libraries opened shells on the computers of developers who imported the packages into their projects.” The shells, a technical term used by cyber-security researchers, allowed threat actors to connect remotely to the infected computer and execute malicious operations. The npm security team said the shells could work on both Windows and *nix operating systems, such as Linux, FreeBSD, OpenBSD, and others.

Twitter Breaches, MFAs, and the Need for Identity Proofing

National Cybersecurity Awareness Month (NCAM) was initially launched in October of 2003 through a collaboration between the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA).  Together, they have been reaching out to consumers, SMBs, and corporations to ensure that individuals remain vigilant, and to take responsibility of their online security practices.  Unfortunately for everyone, and every organization, there are always individuals and bad actors with malicious intents. As widely reported, there have been numerous incidents where national security information has been breached by employees and third parties which left the United States vulnerable because confidential information had been handed to its adversaries.  However, while it may seem less consequential, breaches of social media accounts of policy makers, former or current world leaders, or business leaders can also have wide-reaching implications if not caught in time, as illustrated by the July 2020 Twitter breach.