When looking back at the top stories of the past year, it may seem that many of the trends and themes remained the same. However there are a number of lessons learned from 2019 that will serve us well for security and privacy reasons going forward.
As the year draws to a close, here is is our list of the top ten things Infosecurity learned in 2019.
GDPR’s First Fines
This was the year that we marked the first anniversary of the GDPR compliance deadline, but it took a few more weeks until the first “intention to fine” was declared by the Information Commissioner’s Office on Marriott and British Airways. This proved that compliance was still a popular topic, and that the fines were to be taken seriously.
Source - The Guardian
Not Just Another AWS Breach
While there were more breaches than we can care to remember in 2019, one that persisted in the headlines was suffered by Capital One, where we saw another breach of AWS by a rogue insider which led to staff departures.
Source - Wall Street Journal
Vendor in Cahoots with Project Raven?
Security vendor Darkmatter found itself in all sorts of hot water when it was accused of being part of Project Raven, a confidential initiative to help the UAE surveil other governments, militants, and human rights activists, and trying to be approved by Mozilla as a trusted CA in the Firefox web browser.
Source - Reuters
Deepfake Detection
Deepfakes have been an emerging trend in 2019, with claims that their use could have political impact. At the Black Hat conference in Las Vegas in August, security vendor ZeroFOX disclosed research on deepfakes, and how to improve detection.
Source - Financial Times
NSA’s Open Source Tool
At this year’s RSA Conference in San Francisco, the NSA's cybersecurity director Rob Joyce announced that its reverse engineering tool Ghidra was being released as an open source option. A software reverse engineering framework, it helps analyze malicious code and malware, and can give users a better understanding of potential vulnerabilities in their networks and systems.
Source - Wired
Election Security on the TV
With a UK general election called for the end of the year, and the US Presidential election set to take place in 2020, the subject of election security has remained at the front of minds for many security and government officials. As well as political types visiting security conferences for more education on issues, the satirical HBO show “Last Week Tonight with John Oliver” also took an extended look at election technology security.
Source - Last Week Tonight
Bluekeep Continues to Persist
We have seen software bugs cause major problems in the past, but most seem to have persisted as long as CVE-2019-0708, better known as Bluekeep, which had horror stories running throughout 2019 on how many users could be vulnerable, and how it is another disaster waiting to happen.
Source - Naked Security
Spyware in WhatsApp
Since acquired by Facebook in 2014, WhatsApp had the security microscope placed more firmly upon it. In the early part of 2019, a vulnerability allowed spyware to be injected on a device simply by making a WhatsApp call. The spyware, known as Pegasus, was created by the NSO Group and gives attackers access to a substantial amount of data on an infected device, as well as control of the camera and microphone.
Source - Wandera
Was Faceapp a Facial Recognition Database?
A craze swept social media in the summer, when users were able to use “Faceapp” to see how they would look as a senior citizen. However metadata was reportedly being collected from photos by the app’s parent company Yandex, with some privacy concerns about a major facial recognition database being built by the company. The FBI later deemed that all mobile apps developed by Russian entities may be counterintelligence threats to the United States.
Source - The Verge
Assange out of the Embassy
After almost seven years in the Knightsbridge Ecuadorian Embassy, Wikileaks founder and editor Julian Assange was removed in April. He was arrested soon after on a bail charge, and has been held at HMP Belmarsh in London since. However. he still has supporters keen to promote his ideologies on whistleblowing and privacy.
Source - BBC News