Singapore is turning to the eye and face as the main features to identify travellers at its immigration checkpoints. This is a move away from an individual’s fingerprint, previously tapped as the main biometric identifier, which has presented challenges due to ageing, scarring, and dryness. 
The Immigration & Checkpoints Authority (ICA) said it had begun rolling out iris and facial scanners since July at all automated and manual immigration points located at the passenger halls of Singapore’s land, sea, and air checkpoints. These included Changi Airport Terminal 4, Tanah Merah Ferry Terminal, and at the Tuas and Woodlands checkpoints that border Northern neighbour Malaysia. 
Deployed in collaboration with the Home Team Science & Technology Agency, the newly equipped systems meant travellers’ iris and facial data would replace fingerprints as the primary biometric identifiers for immigration clearance. 

Used as the main identifier since 2006, when enhanced-Immigration Automated Clearance System was introduced, fingerprints now would be used as a secondary option for those unsuccessful in their iris and facial scans. 
The move was necessary as deterioration of fingerprints, for example, due to ageing, scarring, or dryness had created issues with verification using this biometric data. Iris patterns also had a higher degree of variation and uniqueness compared to fingerprints and, hence, provided more reliable use for identification, said ICA, noting that an iris scan provided nearly 250 feature points for matching. In comparison, a fingerprint had just 100 feature points. 
Furthermore, specialised equipment was necessary to perform an iris scan, making it less susceptible to misuse, the government agency said, noting that it had begun registering iris images of Singapore citizens and permanent residents since January 2017
Singapore is targeting to fully implement the use of iris and facial scans, as part of its New Clearance Concept, at all checkpoints by 2022. Both biometrics identifiers would be used concurrently. 
The New Clearance Concept aimed to enable Singapore residents to clear immigration without the need to present their passport as well as to enable the majority of foreign visitors, including first-time visitors, to clear immigration without the need to first enrol their biometrics. Details on how these would be achieved would be announced at a later date, according to ICA. 
Apart from Singapore citizens and permanent residents, long-term pass holders and international travellers on Singapore’s Frequent Traveller Programme would be able to register their iris and facial biometrics and use these for immigration clearance. Children below the age of six would not be able to use either option because their physical features and associated biometrics still were developing and would not be reliable means of authentication. 
Singapore last month inked a deal with British vendor iProov to provide face verification technology used in the Asian country’s national digital identity system. Already launched as a pilot earlier this year, the feature allows SingPass users to access e-government services via a biometric, bypassing the need for passwords. 
iProov’s Genuine Presence Assurance technology is touted to have the ability to determine if an individual’s face is an actual person, and not a photograph, mask or digital spoof, and authenticate that it is not a deepfake or injected video. Its agreement with the Singapore government also is the first time the vendor’s cloud facial verification technology is used to secure a country’s national digital identity.  More

[embedded content] On the same day that I saw Apple introduce Face ID at the Steve Jobs Theater in 2017, I headed north to a wireless trade show, where a vendor was showing off a competitive version of the technology for licensing. Today, a few Android vendors have implemented Face ID-style recognition, and Google applied […] More

The University of Hertfordshire has avoided an investigation by the ICO into its data-sharing practices after exposing student information. The security incident took place in November 2019, in which a bulk email promoting an art lecture also included an attachment containing the names and email addresses of approximately 2,000 students.  Once the university realized its […] More

Microsoft said on Monday that Iranian state-sponsored hackers are currently exploiting the Zerologon vulnerability in real-world hacking campaigns.
Successful attacks would allow hackers to take over servers known as domain controllers (DC) that are the centerpieces of most enterprise networks and enable intruders to gain full control over their targets.
The Iranian attacks were detected by Microsoft’s Threat Intelligence Center (MSTIC) and have been going on for at least two weeks, the company said today in a short tweet.

MSTIC has observed activity by the nation-state actor MERCURY using the CVE-2020-1472 exploit (ZeroLogon) in active campaigns over the last 2 weeks. We strongly recommend patching. Microsoft 365 Defender customers can also refer to these detections: https://t.co/ieBj2dox78
— Microsoft Security Intelligence (@MsftSecIntel) October 5, 2020

MSTIC linked the attacks to a group of Iranian hackers that the company tracks as MERCURY, but who are more widely known under their monicker of MuddyWatter.
The group is believed to be a contractor for the Iranian government working under orders from the Islamic Revolutionary Guard Corps, Iran’s primary intelligence and military service.
According to Microsoft’s Digital Defense Report, this group has historically targeted NGOs, intergovernmental organizations, government humanitarian aid, and human rights organizations.
Nonetheless, Microsoft says that Mercury’s most recent targets included “a high number of targets involved in work with refugees” and “network technology providers in the Middle East.”
Attacks began after public Zerologon PoC
Zerologon was described by many as the most dangerous bug disclosed this year. The bug is a vulnerability in Netlogon, the protocol used by Windows systems to authenticate against a Windows Server running as a domain controller.
Exploiting the Zerologon bug can allow hackers to take over an unpatched domain controller, and inherently a company’s internal network.
Attacks usually need to be carried out from internal networks, but if the domain controller is exposed online, they can also be carried out remotely over the internet.
Microsoft issued patches for Zerologon (CVE-2020-1472) in August, but the first detailed write-up about this bug was published in September, delaying most of the attacks.
But while security researchers delayed publishing details to give system administrators more time to patch, weaponized proof-of-concept code for Zerologon was published almost on the same day as the detailed write-up, spurring a wave of attacks within days.
Following the bug’s disclosure, DHS gave federal agencies three days to patch domain controllers or disconnect them from federal networks in order to prevent attacks, which the agency was expecting to come — and they did, days later.

Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks.
— Microsoft Security Intelligence (@MsftSecIntel) September 24, 2020

The MERCURY attacks appear to have begun around one week after this proof-of-concept code was published, and around the same time, Microsoft began detecting the first Zerologon exploitation attempts. More

Hackers have leaked the information they stole about the COVID-19 vaccines as part of a cyberattack targeting the European Union’s medical agency, the organisation has admitted.
The attack against the European Medicines Agency (EMA) was first disclosed last month and now it has been determined that those behind the hack gained access to information about coronavirus medicines.
“The ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet. Necessary action is being taken by the law enforcement authorities,” the EMA said in a statement.

More on privacy

“The agency continues to fully support the criminal investigation into the data breach and to notify any additional entities and individuals whose documents and personal data may have been subject to unauthorised access,” the EMA added.
SEE: Network security policy (TechRepublic Premium)
The EMA’s work and the European medicines regulatory network  are unaffected by the breach and the approval and distribution of COVID-19 vaccines hasn’t been disrupted.
A previous update revealed that hackers gained access to the information by breaching one undisclosed IT application – and that the attackers were specifically targeting data related to COVID-19 medicines and vaccines. The investigation into the attack is currently still ongoing.

It isn’t the first time pharmaceuticals firms and other organisations involved in COVID-19 vaccine development and distribution have been targeted by hackers. The UK’s National Cyber Security Centre (NCSC) has previously warned that universities and scientific facilities are being targeted by state-sponsored hacking groups attempting to gain access to research data.
Microsoft has also issued a warning that state-sponsored hacking operations have been targeting coronavirus vaccine producers, while the World Health Organisation has also issued warnings over an increase in cyberattacks targetting health.

MORE ON CYBERSECURITY More