Get subscribed to our newsletter
Get interesting updates to your email inbox.
The US Federal Bureau of Investigation (FBI) has issued a security alert saying threat actors have stolen source code from government agencies and private firms and are abusing it to gain access to critical information.
The FBI alert warned the owners of SonarQube, a web-based application that companies integrate into their software build chains to test source code and discover security flaws before rolling outcode and applications into production environments.
The actors exploit known configuration vulnerabilities, allowing them to gain access to proprietary code, exfiltrate it, and post the data publicly. The FBI has identified multiple potential computer intrusions that correlate to leaks associated with SonarQube configuration vulnerabilities.
“In August 2020, unknown threat actors leaked internal data from two organizations through a public lifecycle repository tool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations’ networks,” the FBI said in the alert.
This activity is similar toa previous data leak in July 2020, in which an identified cyber actor exfiltrated proprietary source code from enterprises through poorly secured SonarQube instances and published the exfiltrated source code on a self-hosted public repository.
“Place SonarQube instances behind a login screen, and check if unauthorized users have accessed the instance and revoke access to any application programming interface keys or other credentials that were exposed in a SonarQube instance, if feasible,” the agency suggested. (IANS)
US Senator Calls on FBI, FTC to Conduct National Security, Privacy Investigation into Russia’s FaceApp
U.S. Senate minority leader Chuck Schumer called on the FBI and the Federal Trade Commission to conduct a national security and privacy investigation into FaceApp, a face-editing photo app developed in Russia, in a letter sent on Wednesday.
The viral smartphone application, which has seen a new surge of popularity due to a filter that ages photos of users’ faces, requires “full and irrevocable access to their personal photos and data,” which could pose “national security and privacy risks for millions of U.S. citizens,” Schumer said in his letter to FBI Director Christopher Wray and FTC Chairman Joe Simons.
The Democratic National Committee also sent out an alert to the party’s 2020 presidential candidates on Wednesday warning them against using the app, pointing to its Russian provenance.
In the email, seen by Reuters and first reported by CNN, DNC security chief Bob Lord also urged Democratic presidential campaigns to delete the app immediately if they or their staff had already used it. There is no evidence that FaceApp provides user data to the Russian government.
Democrats have invested heavily in bolstering party cyber defenses after U.S. intelligence agencies determined that Russia used hacking as part of an effort to boost support for President Donald Trump’s 2016 election campaign. Russia has repeatedly denied those claims.
FaceApp, which was developed by Wireless Lab, a company based in St. Petersburg, says on its website that it has over 80 million active users. Its CEO, Yaroslav Goncharov, used to be an executive at Yandex, widely known as “Russia’s Google.”
The app, which was launched in 2017, made headlines in 2018 when it removed its ‘ethnicity filters’ after users condemned them as racist. More recently, it has faced scrutiny from the public over issues such as not clearly communicating that the app uploads images to the cloud rather than processing them locally on a user’s device.
It is not clear how the artificial intelligence application retains the data of users or how users may ensure the deletion of their data after usage, Schumer said in the letter. Schumer said the photo editing app’s location in Russia raises questions about how FaceApp lets third parties, including foreign governments, have access to the data of American citizens.
In a statement cited by media outlets, FaceApp has denied selling or sharing user data with third parties. “99% of users don’t log in; therefore, we don’t have access to any data that could identify a person,” the company said in a statement cited by TechCrunch, adding that most images are deleted from its servers within 48 hours of the upload date.
While the company’s research and development team is located in Russia, the user data is not transferred to Russia, according to the statement. (VOA)
The Federal Bureau of Investigation (FBI) had opened an inquiry in 2017 into whether US President Donald Trump was secretly working on behalf of Russia after he fired the agency’s Director James Comey, the media reported.
The New York Times, citing unnamed sources familiar with the investigation, reported on Friday that counterintelligence officials weighed whether Trump’s actions were undermining national security and whether he was knowingly working for Russia or had “unwittingly fallen under Moscow’s influence”.
Trump has repeatedly denied that he colluded with Russia and called special counsel Robert Mueller’s investigation a “witch hunt”.
Reacting to the report, White House Press Secretary Sarah Sanders said: “This is absurd. James Comey was fired because he’s a disgraced partisan hack, and his Deputy Andrew McCabe, who was in charge at the time, is a known liar fired by the FBI.
“Unlike President (Barack) Obama, who let Russia and other foreign adversaries push America around, President Donald Trump has actually been tough on Russia.”
In 2016, US intelligence agencies concluded that Russia had launched cyberattacks and planted fake news stories on the social media in a bid to boost Trump and damage his rival Hillary Clinton’s chances for the presidency.
The investigation the FBI opened into Donald Trump also had a criminal aspect that whether his firing of Comey constituted obstruction of justice, the report said.
The FBI investigation was later folded into Mueller’s inquiry into Russian interference in the 2016 election and possible collusion between Trump’s campaign and Moscow, the paper said, adding that it was unclear if the counterintelligence aspect was still being pursued.
The Times said that the FBI had been suspicious of Trump’s ties to Russia during the 2016 campaign. But it held off on opening an investigation till the President sacked Comey, who refused to swear his allegiance and roll back the Russia investigation.
Trump’s lawyer Rudy Giuliani told the daily that he had no knowledge of the inquiry but said that since it was opened a year and a half ago and they hadn’t heard anything, apparently “they found nothing”.
Nonetheless, the inquiry put some of the President’s closest associates in the dock. His former personal lawyer Michael Cohen was sentenced to three years in prison for campaign finance and fraud crimes, while his campaign chief Paul Manafort was convicted of financial fraud.
Trump’s former National Security Adviser Michael Flynn had pleaded guilty to lying to investigators about his Moscow ties. (IANS)
The New York Times is reporting that FBI officials were so alarmed by President Donald Trump’s behavior after he fired former FBI Director James Comey that they started investigating whether he was working against American interests.
The Times cited anonymous former law enforcement officials and others familiar with the investigation Friday who said counterintelligence investigators looked into whether “Trump was knowingly working for Russia or had unwittingly fallen under Moscow’s influence.”
The officials told the newspaper that after Comey was fired in May 2107, they become concerned when Trump tied the firing of Comey to the Russia investigation.
Trump actions questioned
Law enforcement officials have previously confirmed that after the firing the FBI opened an investigation into whether the action constituted obstruction of justice. However, what has not been made public is that law enforcement officials also sought to determine whether the president’s own actions constituted a possible threat to national security, according to the Times.
The entire investigation was taken over several days later when special counsel Robert Mueller was appointed to investigate Russia’s attempts to influence the 2016 election as well as possible ties between Russia and the Trump campaign.
Trump reacted to the New York Times report in a post on Twitter early Saturday: “Wow, just learned in the Failing New York Times that the corrupt former leaders of the FBI, almost all fired or forced to leave the agency for some very bad reasons, opened up an investigation on me, for no reason & with no proof, after I fired Lyin’ James Comey, a total sleaze!”
There has been no public evidence that Trump was in contact with Russia during the election campaign and Trump has long denied any illicit connection. Russia has also denied the allegations.
Giuliani: Nothing found
A lawyer for Trump, Rudolph Giuliani, told the Times that if FBI officials had concluded Trump was working against American interests, the public would have heard about it.
“The fact that it goes back a year and a half and nothing came of it that showed a breach of national security means they found nothing,” Giuliani told the paper.
Two days after Trump dismissed Comey in May 2017, he told NBC News anchor Lester Holt that he was going to fire Comey regardless, “knowing there was no good time to do it,” but was thinking of the Russia investigation when he decided to dismiss him.
“When I did this, now I said to myself, ‘You know, this Russia thing with Trump and Russia is a made-up story. It’s an excuse by Democrats for having lost an election that they should have won,’” Trump said.
Comey’s firing, rather than ending the Russia investigation, led directly to the appointment, over Trump’s objections, of Mueller, another former FBI director, to take over the Russia probe. Trump has repeatedly called the Russia probe a “witch hunt.” (VOA)