Security summary – May 2019

Our short monthly review summarises important news and blog posts, which focus on IT security, cloud computing and privacy protection.

1. SnapChat employees repeatedly misused tools to spy on users

Employees of the company Snap, which is behind the popular message tool SnapChat may have had access to personal user data. Four former employees and one person still employed at Snap have stepped forward alleging that a tool called SnapLion was repeatedly misused to access such user data as location, images and videos, telephone numbers and email addresses.

Source in English: threatpost.com
Source: heise.de

2. Companies invest in AI-protected cyber security

According to research company CyberEgde’s “Cyberthreat Defense Report 2019” the biggest current challenge in IT security is the handling of too much security data. In response, many companies state their intention to invest in IT security tools based on artificial intelligence in the coming 12 months.

Source: security-insider.de

3. US real estate service provider leaked 885 million records online

IT security specialist Brian Krebs reports that a US real estate services company has openly posted hundreds of millions of contract records with confidential information on its website. The records were accessible via an URL without password protection. The website has since been taken offline.

Source: heise.de

4. Germany may ban end-to-end encryption for message tools

The German minister for Internal Affairs, Horst Seehofer (CSU), intents to force all message apps such as WhatsApp and Telegram to provide access to user data in plain text if a court order demands it. Services that do not comply are to be closed down in the German market. If the legislation becomes a reality, it illegalizes a strong end-to-end encryption for any message app used in Germany.

Source: spiegel.de

5. Million-dollar malware laptop in art auction

A Windows computer infected with six high-profile pieces of Malware has been put to auction as a piece of art starting at more than a million dollars. The six pieces of malware on the computer are estimated to have caused damage for more than 95 billion dollars. The piece itself is titled: “The Persistance of Chaos”.

Source: threatpost.com

6. Google stored G Suite users' passwords in plain-text for 14 years

Google has revealed to have accidentally stored unhashed passwords of a number of its enterprise users on internal servers for 14 years due to a bug in their password recovery setup. The affected users are all G Suite customers and Google reports to have fixed the problem and reset all accounts that have not done so themselves.

Source: thehackernews.com

7. Contact information of 49 million Instagram users possibly made public

According to the online magazine “TechCrunch”, a database including more than 49 million Instagram users was made partially public online. Amongst the affected accounts were several prominent influencers, some of which were assigned a current market value. The security researches Anurag Sen discovered the data on a Amazon Web Services server.

Source: heise.de

8. German doctors fail IT security checkup

25 medical practices were checked by the Association of the German Insurance Industry (Gesamtverband der Deutschen Versicherungswirtschaft). The result showed that nine out of ten doctors use weak passwords that can easily be guessed and thus hacked. Furthermore, approximately half of the employees in the medical practices opened a malware-infected email that was designed to test their security awareness.

Source: egovernment-computing.de

9. 2016 TeamViewer breach confirmed

TeamViewer, a tool that allows users to permit others to remotely access their desktop, may have been compromised in 2016. The attack, as reported by Der Spiegel, was launched by China-based hackers employing the so-called Winnti trojan malware. This malware has previously been linked to the Chinese state intelligence.

Source: thehackernews.com

10. MI5 confesses surveillance data breach

In a parliamentary statement, Home Secretary Sajid Javid admits that MI5 spies allowed more people than legally sanctioned to access their database on British citizens. The breach was characterized as "serious" and requiring "immediate mitigation" by Lord Justice Fulford, the Investigatory Powers Commissioner and head of audit agency IPCO.

Source: theregister.co.uk

11. San Francisco forbids face recognition

The city council of San Francisco recently voted for a very strict approach to public surveillance aiming to slow the widespread practice. Amongst others, it will become much harder obtain a permission to use surveillance for all institutions of the city, including the police. Furthermore, a general ban of face recognition is put into place.

Source: heise.de

12. Airbnb guest finds hidden camera inside Wi-Fi router

A Chinese Airbnb host has been arrested after a guest discovered a camera hidden inside an internet router placed in the bedroom. Airbnb’s official policy is that hidden cameras are not allowed. However, they do not carry out regular audits of listed properties.

Source: theregister.co.uk

13. Phishing attacks of companies on the rise

In their Spam and Phishing report of 2018, the security experts from Kaspersky Lab registered more than 120 million emails targeted at companies with malware. The attacks are delivered in the form of emails, which are reportedly getting ever more sophisticated in their execution including real logos, names and seemingly unsuspicious file types.

Source: security-insider.de