ICYMI: UAE VPN ban; Malvertising; Voice recognition, US drops SMS; Bitcoins stolen
The latest In Case You Missed It (ICYMI) looks at UAE's VPN ban; Hidden malvertising; Bank voice recognition; US drops SMS -2F; Bitcoins stolen.
The United Arab Emirates (UAE) has announced a ban on Virtual Private Networks (VPNs). A royal edict directly from the President of the UAE has announced that for the crime of using a VPN or proxy server, one could face temporary imprisonment and a fine of up to two million dirhams (£412,240).
Federal Law No. 9/2012, altered by the royal edict, states that, “Whoever uses a fraudulent computer network protocol address (IP address) by using a false address or a third-party address by any other means for the purpose of committing a crime or preventing its discovery, shall be punished by temporary imprisonment and a fine of no less than Dh500,000 and not exceeding Dh2,000,000, or either of these two penalties.” More
By encoding malware in innocuous-looking images and only decoding it once the victim has been found to be "safe", creators of AdGholas managed to hide their malvertising campaign for over a year. A massive malvertising campaign has been discovered running since last summer, infecting thousands of users' computers. The investigation was a collaborative effort between Proofpoint and Trend Micro.
Security researchers from Proofpoint stumbled upon the campaign last October while investigation other attacks codenamed GooNky and VirtualDonna. The present campaign has been dubbed AdGholas and uses techniques such as steganography and sophisticated filtering to avoid detection and spread as widely as possible. More
Barclays bank is to begin identifying customers by voice recognition, removing the need for customers to answer a set of security questions to access their accounts while banking over the phone.
The bank is said to be favouring those who regularly use phone banking, rather than banking in-branch or over the website/app as users of the scheme. The move represents the latest step in the industry to abolish passwords.More
US government service providers will be required to phase out the use of SMS-based two-factor authentication (2FA) as the result of new guidelines from the National Institute of Standards and Technology (NIST).
The federal technology agency, which provides government and private industries with standards reference materials, issued on Wednesday its draft Special Publication 800-63B Digital Authentication Guideline. It concludes that because of the possibility that the one-time code itself could be intercepted or redirected, SMS-based two-factor authentication should no longer be used. More
£49 million worth of Bitcoins have been stolen from Hong Kong-based bitcoin exchange causing the price of Bitcoins to drop, casting doubt on the government's decision to use blockchain technology for its Crown Commercial Service.