Weekly security news

Security news in nutshell – Week 12, 2018

Without any doubt talk of the week is the huge amount of compromised personal data on Facebook, where analytical company Cambridge Analytica was involved. This was used in US presidential elections to support Donal Trump. Another important event is approval ot TLS 1.3 protocol, which should improve and speed up the HTTPS connections. We also would like to mention another data breach with about 880,000 stolen payment card details from travel booking site Orbitz.

Facebook data breach scandal & Cambridge Analytica

The Russian-linked Cambridge Analytica scammed 50 million US Facebook users for their data. This company then used this information to create their psychological profile and target them with personalized ads supporting Donald Trump in presidential elections. All the data was collected via research app. Users answers in the app were irrelevant, the target of this app were access rights to users and his friends’ personal information. It was said that Cambridge Analytica was involved in many other elections all around the world.

IETF approves TLS 1.3

After four years and 28 drafts a much needed update to the internet security has finally passed at the Internet Engineering Task Force (IETF). The updated TLS 1.3 protocol was approved despite a wave of last-minute concerns that it could cause networking nightmares. The new protocol aims to comprehensively thwart any attempts by the NSA and other eavesdroppers to decrypt intercepted HTTPS connections and other encrypted network packets. TLS 1.3 should also speed up secure communications thanks to its streamlined approach. TLS 1.3 is also much more secure because it ditches many of the older encryption algorithms that TLS 1.2 supports that over the years people have managed to find holes in.

Telegram ordered to hand over encryption keys to Russian authorities

Russia’s top court ruled that the Telegram messaging service, with 9.5 million active Russian users, must hand over encryption keys to authorities. The Britain-based messaging app company, with 100 million global users, now has 15 days to provide communications regulators in Russia with the encryption keys to decode Telegram messages to be compliant with an anti-terrorism rule signed into a 2018 law that requires messaging services to provide authorities a means to decrypt a user’s correspondence. The company plans to appeal the ruling, which could drag the process for few more months.

Hackers steal payment card data on 880K from Orbitz

The travel booking website Orbitz, owned by Expedia, has been hacked. According to the statement, the company found attack evidence that happened between October and December last year. The hacker accessed customer data from the previous two years, which included names, birth dates, postal and email addresses, gender, and payment card information. Orbitz said that about 880,000 payment cards are affected by the hack. To date there is no evidence that this personal information was downloaded from the platform.

AMD acknowledges chip flaws, patches available in coming weeks

AMD acknowledged several vulnerabilities that has been reported in its Ryzen and EPYC chips, and said it would roll out firmware patches in the coming weeks. The company stressed that all vulnerabilities are very difficult to exploit because attacker would first need admin rights to the system. With such access attacker would have much easier ways of attacks than the identified exploits. AMD didn’t expect any performance impact after releasing its patches.

Leave a Reply

Your email address will not be published. Required fields are marked *