Apple dropped plan for encrypting backups after the FBI complained
Reuters: After what feels like the longest week ever, it's hard to believe this story broke on Monday. Reuters said Apple dropped plans to encrypt backups uploaded to iCloud after the FBI complained that the encryption would make it more difficult to access criminals' data. Despite six sources familiar, Reuters conceded that it wasn't 100% sure why Apple dropped the plan. Buried in the story was a nugget that Google pushed ahead with its plans to encrypt cloud-stored backups. Crucially, Google "gave no advance notice to governments, and picked a time to announce it when encryption was not in the news." Well that's one way to do it.
More: @ericgeller | @alexstamos tweets
U.N. experts demand inquiry into Bezos-Saudi hacking claims
The Guardian: U.N. human rights experts said they want the U.S. to probe hacking claims of Amazon founder Jeff Bezos' phone by the Saudi government. The comments come after a report into the hack was leaked and published by Motherboard, which didn't conclusively say that malware was used but said a deeper forensic analysis had to be done. Turns out the forensic team didn't jailbreak Bezos' phone, which likely would've revealed a lot more information about the alleged massive exfiltration of data from Bezos' phone. Saudi officials called the claims "absurd."
More: Motherboard | Reuters
Clearview said its software stopped a terrorist. Cops say otherwise
BuzzFeed News: Following on the bombshell reporting last week by The New York Times into Clearview, a facial recognition software maker. BuzzFeed found that the company made claims that were not true. Chief among them was that its software helped to capture a terrorism suspect in the New York subway. Police said that isn't true. In fact, later in the week, New Jersey's attorney general banned police in the state from using Clearview, and sent the company a cease-and-desist for using the attorney general's photo to promote its products.
More: @rmac18 tweets | New York Times ($)
|
|
Even supporters say facial recognition won't stop school shootings
CNET: The facial recognition industry has made millions by promoting its technologies to schools under the guise of preventing shootings. But even the companies who make the technologies are seeing the flaws in their argument, @alfredwkng reports. "If schools don't know who a likely shooter is, the company says, its software doesn't know who to find," he wrote.
More: @alfredwkng tweets | Background: Washington Post ($)
StockX was hacked last year, why are customers still paying for it?
Input: A debut entry from new tech and culture news site Input. StockX, the site for trading and buying sneakers and other apparel, was hacked last year. The company said it was a maintenance issue, but it lied and tried to cover up the breach. A year on, many are still struggling with credit card fraud and other purchase issues. This story looks at the year that followed and the disenfranchisement of its customers after the breach.
More: @abcdedgar
Citrix accelerates patch rollout for critical security flaw
Threatpost: After weeks of dragging its feet, Citrix has finally released patches for the devastating "Shitrix" RCE bug that was plaguing systems across the world. The bug, CVE-2019-19781 allowed remote exploitation with relatively little difficulty. FireEye said last week that hackers were already taking advantage of the bug. Patch today, if you haven't already.
More: Citrix | ZDNet
|
|
THE STUFF YOU MIGHT'VE MISSED
|
|
Mac users are getting bombarded by laughably unsophisticated malware
Ars Technica: A new malware pushing a fake Flash update (which has barely been used in years), dubbed Shlayer, remains a common threat for Mac users — even though it's been described as laughably unsophisticated. One of the reasons why it's so "popular" is that victims are bombarded with fake update pages. @dangoodin001 makes a good point: "For malware using such a crude and outdated infection method, Shlayer remains surprisingly prolific."
U.K. hacking laws are out of date and need urgent reform, says report
The Guardian: A criminal law reform group has called for urgent revisions to the U.K. computer hacking laws, the Computer Misuse Act, which was first signed into law in 1990 before the modern internet came to be. The group said that the law (which some say is more restrictive than the U.S. counterpart, the Computer Fraud and Abuse Act, or CFAA) has legal obstructions that expose the U.K.'s economy and critical infrastructure to "harm by cybercriminals and hostile nation states." The report said changes need to be made to make it easier for ethically motivated cyber defenders and security researchers to pursue their work without having to face legal threats.
Top secret documents reveal Cyber Command's struggles fighting Islamic State
Cyberscoop: A really good story by @shanvav on top secret documents released this week on the U.S. Cyber Command's battle in fighting the so-called Islamic State. The NSA sister agency found issues like data storage and the (lack of) speed from other agencies made it more difficult than it had to be for the unit to disrupt the computer networks of the terror group.
250 million Microsoft customer service records exposed
Bob Diachenko: @MayhemDayOne found an exposed database containing 250 million records from Microsoft's customer service and support. Microsoft accepted responsibility for the exposure, which included customer email addresses, IP addresses, locations and more.
|
|
SUPPORT THIS NEWSLETTER
Thanks to everyone who reads and supports this newsletter. Subscribers are going up, as are the costs. If you can spare $1/month (or more for exclusive perks) it would help to maintain the upkeep of this newsletter. Please contribute to the Patreon!
|
|
|
Fines for European privacy breaches reach 114 million euros
Looks like Europe's tougher GDPR rules are having an effect after all. Research shows European regulators have imposed 114 million euros (about $126 million) in fines against companies operating in Europe for data breaches that occurred since the law was introduced in mid-2018. Under GDPR, companies can face fines of up to 4 percent of their annual global turnover.
Consumer Reports says period trackers are sharing data with third-parties
Apps like Flo, BabyCenter, Clue and more are sharing user health data with third-party trackers, Consumer Reports said. Through its testing, the publication found that the apps had privacy "shortcomings" in how they handle and share sensitive user data with advertisers. Also, none of the apps had any meaningful security measures that would protect the user's health data, such as multi-factor authentication.
Tampa Bay Times reports on its own ransomware attack
The Tampa Bay Times, one of Florida's biggest newspapers, was hit by the Ryuk ransomware, a common type of file-encrypting malware that's hit many large businesses in recent weeks. The Times didn't respond to the attackers, nor did it pay the ransom that was demanded. But thanks to backups, its systems are largely back up and running. The first known victim of Ryuk was Tribune Publishing last year, which includes several major newspapers — including the Chicago Tribune and the Los Angeles Times.
|
|
|
There wasn't much good news this week. But I did want to highlight one quick thing: @IanColdwater helped save our sanity by finding and publishing Twitter "mute" words that'll cut down on the amount of Twitter-generated notifications. The mute list can be found here. Just plug them into your Twitter's mute list and you're done.
|
|
|
If you want to nominate some good news from the week, feel free to reach out.
|
|
|
This is Marci, this week's cybercat. According to her human (who wanted to stay anonymous), Marci loves to "help" write important emails — but you have to pay her in chin scritches.
|
|
|
Please keep sending in your cybercats! You can send them here.
|
|
|
And that's it for this week. Thanks for reading! Apologies this went out a little later than usual — and sorry for any typos. I wrote this on the train. If you have any other feedback, please drop me a note in the suggestion box. I'll see you next Sunday. Have a good week, and take care.
|
|
|
|
