Skip to content Skip to navigation

Friday Cyber News, July 28 2017

Cyber technology-related news and links from around the web, for the week of 7/22 - 7/28:

1. Sweden suffered a large data breach after IBM Sweden, contracted to manage civic data and sensitive identity information, was found to have used an insufficiently secure database that exposed this information publicly. While Sweden is not alone in having suffered a breach, Swedish Parliament's reaction has been harsher than most. Sweden's Prime Minister was only informed of the breach nearly a year after it was identified by the Defense Minister Hultqvist, leading some in parliament to express serious concerns of confidence in their leadership. Swedish Prime Minister Lofven announced the resignations of the Ministers of Interior and Infrastructure, but has retained Hultqvist; a motion of no confidence in Hultqvist is threatened for September. The exposed data does not appear to have been exploited, but as the data includes personal information from driving registration, as well as identities of undercover agents, there is the possibility for malicious use, and Swedish phishing. [NY Times; Reuters]

2. The SEC decided this week that the DAO, a crowdfunded Ethereum-based investment project, was a security, and subject to regulations. Initial coin offerings that don't strictly match the profile of the DAO--e.g., in which coins don't confer voting rights or profit-sharing--remain in a grey area. [SEC.gov; Ars Technica]

3. A cyber workforce bill introduced in the US House of Representatives this week, the New Collar Jobs Act, would increase funding for cyber scholarships, introduce student debt relief for graduates entering the cybersecurity workforce, and introduce tax breaks for companies providing cybersecurity training. [The Hill]

4. North Korea's cyber army has split into two or more teams and is now solely focused on financial gain, as opposed to network disruption, according to new analysis of the Lazarus group and its spin-offs by Kaspersky Lab and the Korean Financial Security Institute. [WSJ] 

5. Roomba is considering selling the data it gathers from users' homes (floor plans, design choices? Tendency to clean baseboards?) but privacy advocates are concerned by the change in data use after customers have already bought the device. [Buzzfeed]

6.​ Russia has bears and now Iran has kittens; an Iranian-linked cyber espionage team called CopyKittens has targeted Israel, Saudi Arabia, Turkey, the US, Jordan, Germany, and the UN. [Infosecurity]

7. Facebook CISO Stamos gave a keynote at the Black Hat conference this week, encouraging cybersecurity to diversify its workforce and empathize more with users, who often fall prey to less sophisticated attacks than, for example, some of my favorite air-gapped attacks using the lights of scanners and power indicator LEDs. [Technology Review; DBLP]

8. A threatened hard fork of Bitcoin is expected on August 1st, as a group of miners have indicated they will begin running software to mine Bitcoin Cash, a change in the rules that will increase the block size but not implement Segwit, the subject of a previous agreement between developers and miners. [NY Times]

9. Wells Fargo has asked judges to order the return of data inadvertently sent to the wrong party in a lawsuit, raising the question of what "returning" data would even mean. [Infosecurity]

10. Flying in the face of privacy researchers' assumptions about human behavior, at least 50 employees of a Wisconsin company have signed up to be microchipped for easier access to doors, snacks, and the copier. [The Verge]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)