Skip to content Skip to navigation

Friday Cyber News, August 17 2018

Cyber technology-related news and links from around the web, for the week of 8/11 - 8/17:

1. Facebook hasn't been doing enough to take down anti-Rohingya and anti-Muslim posts coming out of Myanmar, perhaps because they lack sufficient Burmese speakers to evaluate content. The perception that social media companies aren't doing enough to safeguard their users--in terms of their physical security, as in Myanmar, or their data privacy--have led businesspeople and researchers to become privacy advocates where they see a lack of oversight. State governments also have the opportunity to step into the federal policy vacuum around data security and privacy. [Reuters; NYT Magazine; The Century Foundation]

2. The reuse of code between two CIA communications systems allowed Chinese intelligence to intercept messages in 2010-2012 and identify CIA assets, leading to the execution of dozens of suspected spies. [Foreign Policy]

3. AT&T is being sued for $224M over lax account-recovery methods that facilitate SIM-swapping attacks that led to the theft of $24M cryptocurrency from the litigant. [The Hill]

4. This week in vulnerabilities: Foreshadow is a new speculative execution vulnerability that affects memory protected by Intel's SGX secure enclave. Man-in-the-disk is a new intrusion attack on Android apps that allows the silent installation of malware. [Wired; Cyberscoop]

5. A presentation at the Usenix security conference this week indicates that a 1% increase in power demand could take down the electric grid in a market like California--and that this bump could come from a botnet of a few thousand hacked water heaters and air conditioners. [Wired]

6.​ The California Cybersecurity Information Center is automatically analyzing social media data to identify potential threats, and is doing well enough at it that they were able to alert firefighters about a wildfire that had been reported on Twitter before it was phoned in. Another Californian story: Dr Hans Keirstad, Democratic opponent of Representative Dana Rohrbacher, was the target of attacks against his email, website, hosting service, and Twitter account. [RouteFifty; Rolling Stone]

7. A presentation at Defcon demonstrated that four brands of police webcam can be remotely tracked and accessed, and their recordings can be manipulated and reuploaded, or deleted, without any indication that the original recordings were tampered with. [Wired]

8. Academics' interest in blockchain research is increasing, including at Stanford's Center for Blockchain Research, where research topics include verifiable delay functions and information compression for more efficient storage. [Inside Higher Ed]

9. Brazil has a new data protection rule that requires companies to inform users when their information is being collected, and to delete it when the business relationship concludes or the user requests to not be contacted again. [ZDnet]

10. "One agency plans to lock employees in a room until they learn cyber hygiene." Guess which one! No, not the NSA, it's the National Geospace-Intelligence Agency, which will be using two weeklong cyber escape room games as training tools. [Nextgov]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)