Azure goes quiet, Huawei Canada ban urged, US Senators are after Google, and more
Roundup This week we caught wind of another Facebook blunder, a dodgy Patch Tuesday bundle, and more China trouble.
Here’s the rest of what went down.
Fake Flash, fake money, real malware
Stop us if you’d heard this one before: but unsolicited Flash download pages on random sites can be a bit dodgy.
Palo Alto Networks says it has found one variant of the old fake Flash attack utilizing a new trick to turn a quick buck: crypto mining. Palo Alto says that this new trick actually includes a real copy of Flash, but also covertly installs a small mining script that utilizes the victim’s PC to make some funbux from Monero.
It’s telling that, despite the payloads becoming more stealthy and sophisticated, the old techniques for duping people into installing malware are just as effective nearly two decades on.
Azure Confidential promises not to tell anyone about those files
Microsoft has launched a new flavor of Azure aimed at those who want their data encrypted at every turn.
Azure Confidential will look to offer subscriber’s VMs that run on encrypted hardware, as well as encrypted storage and data transmissions. The hardware is what’s new here, as Microsoft is plugging the new boxes into the US East Coast and Europe West datacenters.
“Years of work with our silicon vendors have allowed us to bring application isolation technology to hardware in our datacenters to support this new VM family,” Microsoft says of the new hardware.
“While these virtual machines may ‘look and feel’ like standard VM sizes from the control plane, they are backed by hardware-based Trusted Execution Environments (TEEs), specifically the latest generation of Intel Xeon Processors with Intel SGX technology.”
Senators give Google the dreaded ‘sternly worded letter’
In what we are sure is an entirely legitimate concern for privacy and information security, and not just a partisan hack job on the current popular political boogeyman, Republican Senators are quite anxious for Google to explain its vulnerability disclosure policies.
Sens John Thune (R-SD), Jerry Moran (R-KS), and Roger Wicker (R-MS) want Google CEO Sundar Pichai to answer a series of questions they have around the non-disclosure of the security bug found in Google+ and Google’s subsequent decision to finally board up the social networking ghost town.
Among their questions: when did Google know about the issue? Does it have any evidence of misuse or plans to respond if misuse is found? Did Google disclose the issue to its independent assessor? Would Google discern between paying and non-paying customers when deciding who to notify about data loss?
‘Oh Canada, should Huawei gear be banned?’
The US government has made no secret of its distrust for for Huawei and fears that the Chinese telco was just a bit too close with the government in its home country. Now, US lawmakers want their neighbor to the North to follow suit.
In a letter to Canadian PM Justin Trudeau, Senators Mark Warner (D-VA) and Marco Rubio (R-FL) urged Canada to ban all Huawei networking gear from its planned 5G networks.
The worry, say the duo, is that the Chinese government will convince Huawei to put backdoors and monitoring gear into the hardware, then use those points to intercept and spy on communications both within Canada and those going into the US.
It remains to be seen whether Trudeau will take the advice to heart.
Google puts Outline online
Google’s open source branch says it has released Outline, a tool that will allow companies to set up and maintain their own VPNs. The VPN is delivered as a Docker image that can be opened up to run on the DigitalOcean cloud.
The aim, said Google, was to give journalists and those worried about surveillance a reliable, secure connection.
“Censorship and surveillance are challenges that many journalists around the world face on a daily basis,” Google said.
“Some of them use a virtual private network (VPN) to provide safer access to the open internet, but not all VPNs are equally reliable and trustworthy, and even fewer are open source.”
Army ups offers for infosec specialists
Believe it or not, but the US Army hasn’t always been seen as the coolest of organizations in the hacking community.
Now, looking to bolster the ranks of its tech-savy units, the Army says it will be commissioning officers into is cyber security programs with the rank of colonel.
The big reason for this is pay grade; FCW notes that a colonel makes $78,000-$100,000 base pay a year, compared to $43,000-$60,000 for lieutenants. By upping the pay grade, the Army is going to be better able to keep pace with what the private sector is offering when it comes to getting (and keeping) talent.
And finally
Please make sure you’ve patched, or binned, your MikroTik routers – hundreds of thousands of them have been hijacked to mine crypto-coins. ®
Sponsored: Following Bottomline’s journey to the Hybrid Cloud
READ MORE HERE