Cyber Security News Update 3/23/2019

FEMA has had a major security incident that has left the private data of several million people exposed, which includes their personal addresses and financial information. The breach affects some 2.6 million people who used FEMA’s Transitional Sheltering Assistance program, and while how far back the data stretches we do know that individuals from the 2017 wildfires in California had their data exposed. The breach appears to have occurred due to FEMA sharing its data with contractors that provide assistance, but whether this means that the contractor suffered the breach or FEMA did is unclear. Currently, FEMA has been instructed to create better controls that will allow it to ensure that any data that leaves FEMA to a contractor can be destroyed and that proof of its destruction is obtainable. FEMA has stated that since it discovered the breach in December of 2018 that it has installed an automatic filtering system that prevents personal data from accidentally leaving the FEMA systems and has inspected its premises, systems, and methods twice with outside experts. Source: FEMA ‘major privacy incident’ reveals data from 2.5 million disaster survivors

A spyware vendor has left their servers completely exposed and unencrypted, which means that anyone who can find the servers can see everything that’s stored on them. While this would normally be a concern from alarm and a rapid fix, the contents of these servers are particularly personal as they come from stalkerware. Stalkerware, or spyware, are programs designed to allow someone else to view what a device is doing and collect information from it such as its location, state, and other identifying data. These apps are sold for people who suspect their children or loved ones of doing something, and are massive invasions of privacy. These apps are often marketed under the auspice that they can be used to find a lost device since they can be used to ping the device’s location. The developer of a certain family of stalkerware has left their servers completely open, and there are several gigabytes of photos and audio floating around somewhere on the web. Currently security researches have declined to name the company, and rightly so, because the moment they publicly name the company those servers are going to be swarmed by people looking to steal the data. The researchers who found the exposed servers have reached out several times to the owner of the servers as well as the host, without results.
Source: This Spyware Data Leak Is So Bad We Can’t Even Tell You About It

The NSA released its reverse engineering tool, named “Ghidra” to the public a few weeks ago and already a vulnerability has been found in it. Ghidra is designed to allow users to see how a virus works, without providing them with a completed version of the code. The bug allows for users to upload infected code and reproduce the malware that caused the damage, without having to do much work themselves. This would allow anyone the ability to clone dangerous malware such as NotPetya or EternalBlue.
Source: NSA’s Ghidra already found to be plagued by a security vulnerability