Cyber Security News Update 4/13/2019

Julian Assange was released from the embassy he’s been sequestered away in for the last several years, and he was immediately arrested by the London police. Assange is facing extradition to the United States in regards to his assistance of Chelsea Manning in distributing classified documents. Not all are happy with how the United States is pressing its charges against Assange, with some claiming that using a 35-year-old law to press charges for a cybercrime doesn’t make sense. Assange is currently being charged with helping Manning crack a password that got Manning more access into military databases, which allowed for more secrets to be stolen. Those who oppose the charge are claiming that this isn’t a crime in and of itself, which doesn’t make much sense because “aiding and abetting” a criminal is a crime and assisting in breaking into a classified database is also a crime. Additionally, they claim that US prosecutors couldn’t charge Assange with the real crime of distributing classified documents without also undermining the First Amendment, but again Assange is not a US citizen nor was he on US soil when helped Manning commit these acts and therefore wouldn’t appear to be under the aegis of the Constitution. Additionally, Assange has assisted another wanted fugitive, Edward Snowden, in his escape of US authorities which would also be a crime. It would seem that Assange has committed several crimes either by directly aiding wanted criminals, distributing classified materials or by aiding others in criminal acts. Some of those opposed to the charges have been quick to point out that they have no sympathy for Assange, but rather feel that the regulation being used, the Computer Fraud and Abuse Act, has language so vague that it can be used to fit a variety of purposes. They feel that more tightly-worded regulations would better serve the judiciary system.
Source: The Cybersecurity 202: Security experts irked U.S. prosecutors used anti-hacking law to nab Julian Assange

Cisco and Palo Alto Networks have found themselves vulnerable to a weakness in the VPN their products use. The security flaw allows someone who exploits it to “replay” the session that VPN’d session, which would allow them to gain access to all information transmitted and received by the VPN user. While not a hack that creates an ongoing opening that would allow for a man-in-the-middle style attack, it does make the user vulnerable to identity theft as soon as their session ends. The information provided would allow whoever has access to it to easily impersonate their victim. Palo Alto has found that its programs create insecure memory storage that would allow for data to be accessed when it would normally be safely stored or removed. These sort of vulnerabilities again allow a malicious actor to gain access to sensitive information that would all the victim to be identified or impersonated.
Source: Cisco, Palo Alto Networks Among Those Impacted By VPN App Flaw: Researchers