Published on

TikTok Bans, Top 10 Bug Bounties, & BlueLeaks - SWN #45

Introduction

We’re back! After a brief hiatus – we weren’t even gone for legal reasons, but simply due to a lack of shows last week – we return with your trusted source for security news. So, welcome to the Security Weekly News for the week of June 28, 2020.


In the News

  1. TikTok Bans in India: Following a recent border clash with China, India has banned over 59 Chinese apps, including popular platforms like TikTok and WeChat. This move, perceived as a political response instead of a security one, has substantial implications for Chinese companies operating in India, where TikTok has over 120 million users.

  2. Australia Increases Cyber Security Budget: Australia has announced an additional investment of $ 1 billion in cyber security, raising the budget by approximately 10%. This increase comes in response to state-sponsored cyberattacks targeting various governmental and educational institutions.

  3. U.S. Senate's Anti-Encryption Bill: The Senate has introduced the Lawful Access to Encrypted Data Act, which would empower the Attorney General to mandate manufacturers of encrypted devices to decrypt data upon request. This bill raises concerns regarding privacy and the potential misuse of power.

  4. Top 10 Bug Bounties: HackerOne announced its top bounties, highlighting organizations incentivizing vulnerability reporting. The list includes:

    • Verizon: Paid $ 9.4 million (top bounty: $ 70,000)
    • PayPal: $ 2.79 million (top bounty: $ 30,000)
    • Uber: $ 2.4 million (top bounty: $ 50,000)
    • Intel: $ 1.9 million
    • Twitter: $ 1.29 million (top bounty: $ 20,160)

    Among others, including Airbnb, Valve, and GitHub.

  5. Birkhoff Sentenced: Alekseyevich Birkhoff, a notorious hacker convicted of running the carding site "Card Planet,” was sentenced to nine years in federal prison after being extradited from Israel.

  6. BlueLeaks Data Breach: The Distributed Denial of Secrets group leaked 270 GB of data from various U.S. police departments, collected over a decade. This breach stemmed from a compromised vendor account and results in significant concerns about data security within law enforcement.

  7. Segway Production Suspension: In a sad turn of events, Segway has announced the suspension of production for its PT models, which once promised a futuristic transportation method that never quite became mainstream.


Keyword

  • TikTok
  • India
  • Cybersecurity
  • Anti-Encryption
  • Bug Bounties
  • HackerOne
  • Verizon
  • Birkhoff
  • BlueLeaks
  • Segway

FAQ

Q1: Why did India ban TikTok?
A1: India banned TikTok and several other Chinese apps as a political response following border tensions with China.

Q2: How much did Australia increase its cybersecurity budget?
A2: Australia increased its cybersecurity budget by an additional $ 1 billion, approximately 10%.

Q3: What is the Lawful Access to Encrypted Data Act?
A3: This is a proposed U.S. Senate bill that would allow the Attorney General to compel manufacturers to decrypt data upon request.

Q4: Which organization topped the list of bug bounties?
A4: Verizon topped the list, paying out $ 9.4 million in total bug bounties.

Q5: Who is Alekseyevich Birkhoff?
A5: He was convicted for running the carding site Card Planet and sentenced to nine years in federal prison after being extradited to the U.S.

Q6: What was BlueLeaks?
A6: BlueLeaks was a data breach that resulted in the release of 270 GB of sensitive information from various U.S. police departments.

Q7: Why did Segway suspend its PT production?
A7: Segway’s PT models constituted less than 1.5% of their sales, prompting a shift in focus to more pedestrian-friendly transportation solutions.