In the headlines: FireEye and Kaspersky vulnerabilities, Windows 10 ‘Keylogger’ and more

Windows 10 ‘Keylogger’ and how to switch it off

When the first Windows 10 preview was released, there were reports of it containing a keylogger. It now appears that this feature did indeed make it into the released version, via the Windows helper Cortana. As Microsoft themselves state “When you interact with your Windows device by speaking, [handwriting], or typing, Microsoft collects speech, inking, and typing information – including information about your Calendar and People [contacts]…”

Fortunately, for anyone concerned, it is possible to switch this feature off:

• Open the Start Menu, then Settings.
• Open Privacy settings on the last row
• From the Privacy menu, open General
• Find ‘Send Microsoft info about how I write to help use improve typing and writing in the future‘ – Switch this to ‘off’.
• Now go to the ‘Speech, Inking and Typing’ menu and select ‘Stop getting to know me.’ Speech tracking is now switched off.

Troy Hunt’s analysis of the Ashley Madison hack

As the founder of “Have I Been Pwned” cybersecurity expert Troy Hunt knows more than most of us about the contents of the Ashley Madison dump. In less than 24 hours he had downloaded, processed and made the data available to search for thousands of concerned users and partners. A little more than 24 hours later, he had seen a 58,000% increase in visitors to the site, with more than 4 thousand at any one time. While much of his following blog post focuses on the performance and analytics of his site, he also spared an entire blog post to examine the impact on individuals affected by the breach. Receiving hundreds of emails per day, he arranged an FAQ for those affected, but in examining the emails noted the following:

• Users were not much concerned with the potential loss of their financial data
• Many users had little understanding of the technology involved
• Some users were falling victim to malware in attempting to download the dump
• Many users were curious about exactly what data was available
• Some other sources of the data did not include the full dump, potentially giving users a false sense of security
• Many users claimed to have joined the site by mistake, some having never even heard of the site

The blog also explores the consequences of this breach; the broken relationships, the impact on personal and professional lives, the remorseful and the desperate. This might be the first large data breach where we can truly see the human consequences. These are not statistics, not financial concerns, but users lives which have been deeply affected. One has to wonder what those responsible might be feeling now the full impact of this breach has come to light.

Australia commits to fighting cybercrime

The Australian Securities and Investments Commission has released its corporate plan for the next four years, highlighting technology as one of the five main factors which will shape its future strategies.

Putting an increased risk of online attacks down to the rapid evolutions of technology, the Commission has recognised that one of their key roles is to tighten up on cyber security. It aims to identify potential online attacks through real-time market monitoring and also to promote online resilience. In sharing their new corporate plan ASIC said ‘Cyber attacks are considered a systemic risk to the financial system, especially attacks on essential or critical services like banking and payments services, or financial market infrastructure,” and give examples of new measures including data matching and analytics used to identify anomalous trading patterns.

They also voiced their intention to assist Fintech startups through their innovation hub, recognising that such digital disruption presents a requirement for modern software which might be better equipped to handle the latest wave of cybercrime.

80% of healthcare executives admit to compromised data

A KPMG report published last week revealed that 4 out of 5 health company executives said their data had been compromised by cyber attacks. Following breaches such as the Anthem one a few months back this might not come as a huge surprise; this was just one of the larger breaches in a string of health company leaks reported in the last few months.

KPMG Cyber Healthcare specialist Michael Ebert states that this latest information is a result of the lack of investment in cybersecurity. More than 80% of healthcare providers claim to have invested heavily in cybersecurity in the last twelve months, however only 53% of these consider themselves prepared for an attack. Ebert goes on to state that the number of endpoints and the nature of technology used in the medical sector make it extremely difficult to remain up to date and keep on top of cybersecurity.

Acknowledging the sector is far behind many others, Ebert says he is confident the medical field will catch up. Unfortunately for many providers, they’re likely to be shutting the gate after that horse has bolted. No doubt we can expect to see more healthcare breaches in the near future.

FireEye and Kaspersky vulnerabilities found

Not even security applications are immune to vulnerabilities, as demonstrated by the disclosure of zero day vulnerabilities found in both Kaspersky and FireEye products this week. Researcher Tavis Ormandy disclosed a remote SYSTEM vulnerability to Kaspersky, who rolled out a patch within 24 hours.

Around the same time, another security researcher Kristian Erik Hermansen revealed that FireEye were unfortunately less on the ball. The security company received a tongue lashing from Hermansen for having no external security researcher reporting process and for failing to have fixed the vulnerabilities (yes, not one, but three!) for 18 months. The vulnerabilities disclosed are an authenticated user command injection zero-day flaw, an unauthenticated remote root command injection and a login bypass zero-day vulnerability, which Hermansen is publicly disclosing following FireEye’s failure to address these issues. While releasing a formal statement, we are yet to hear of a patch for the FireEye vulnerabilities.