Here’s your Reg roundup of security news beyond all the bits and bytes we’ve already covered.
FBI refreshes voting security push
Last year, the FBI kicked off Protected Voices, a campaign to improve voting security at the state and local level. The effort was just expanded for the coming year with new resources and materials, including tutorials for securing polling places.
“It is not the general practice of the FBI’s Counterintelligence Division to go to the public with information,” said Nikki Floris, deputy assistant director. “But this is a threat that not only concerns every American, it involves every American. These attacks on our elections and these efforts by foreign adversaries to influence our opinions and sow divisions within this country touch us all.”
US senators ‘demand’ intelligence probe of video-sharing app Tik Tok
Having solved all of America’s other political and intelligence concerns, the US Senate now wants to take a good long look at teen micro-vid sensation Tik Tok.
Sens. Chuck Schumer (D-NY) and Tom Cotton (R-AR) sent Director of National Intelligence Joseph Maguire a letter asking for an investigation as to whether the Chinese-owned Tik Tok app could be a potential espionage threat.
“TikTok’s terms of service and privacy policies describe how it collects data from its users and their devices, including user content and communications, IP address, location-related data, device identifiers, cookies, metadata, and other sensitive personal information,” the write.
“While the company has stated that TikTok does not operate in China and stores US user data in the US, ByteDance is still required to adhere to the laws of China.”
Tik Tok claims it doesn’t censor posts on the orders of Beijing, though…
This is laughable. This is not how censorship works in China. The government won’t tell platforms what content to remove, platforms just do self censorship. They’ll come and talk to you if you’re not doing it. pic.twitter.com/cYfzxsT1lm
— Hua Sirui 华思睿 (@siruihua) October 24, 2019
12 years in the clink for LA court hacker
The Texas man found guilty for hacking the Los Angeles Superior Court’s network in America has been given a dozen years in the cooler.
Oriyomi Sadiq Aloba was one of a group who used phishing emails to steal the credentials of court employees in 2017. It was found that the group then used those stolen email accounts to spray out phishing emails to the public, an estimated 2 million in total.
“His conduct diverted substantial resources from the critical tasks LASC personnel undertake daily, resulting in over $45,000 in losses to the LASC,” prosecutors said.
“And perhaps most importantly, he compromised the integrity of the LASC, which is a court system that thousands of people rely on to administer justice.”
Kaspersky opens door of its threat monitoring to outside researchers
Security giant Kaspersky says it will be allowing more people to plug into its Threat Intelligence Portal soon. A new “general access” mode will let the public gain a look into a real-time intel portal that had previously only been open to a group of enterprise customers.
VMware issues new patches
Those running and administering VMware-powered servers and clients will want to get new patches for vCenter Server (an information disclosure bug) and ESXi/Fusion/Workstation (denial of service flaw).
ISPs lobbying against DNS-over-HTTPS
A Motherboard report citing leaked documents claims that American cable giant Comcast and other ISPs are using their lobbying might to push back against DNS-over-HTTPS (DoH) programs planned by Google and others.
The worry is that DoH would impact security tools and parental controls, as well as make it harder for law enforcement to catch criminals. The advantage of the shift, on the other hand, is to significantly improve online security and prevent eavesdropping and surveillance.
D-Link security warning expanded
A previously issued security alert by D-Link warned of a group of four out-of-support routers that were subject to a remote command execution vulnerability and would need to be replaced.
Now, the list has been expanded with additional entries, bringing the list of vulnerable, out-of-support models to ten in all. Again, D-Link no longer issues patches for this gear, so you should consider a new router if yours is vulnerable.
Kaspersky outlines anti-drone toolkit
Weary of the threat posed by quadcopter drones flying into unwanted areas, developers with Kaspersky says it is working on a software platform that, when paired with antennas and other hardware (you have to provide your own, Kaspersky isn’t making any), could be used to ground any stray aircraft that fly in the area. ®
Serverless Computing London – 6-8 Nov 2019