Skip to content Skip to navigation

Friday Cyber News, June 29 2018

Cyber technology-related news and links from around the web, for the week of 6/23 - 6/29:

1. California's new privacy law gives consumers more information about what data companies are collecting on them, what they're using the data for, and with whom they're sharing, as well as the ability to tell companies to delete, refrain from sharing, or refrain from selling their data. The law has an exception for deidentified data, and a 30-day grace period to allow companies to fix identified privacy violations. [NYT] 

2. Ukraine warns that Russia has undertaken a broad campaign of malware insertion into the networks of banks and energy companies, and may be planning a widespread attack. "No, that is not true" said a Kremlin spokesperson, convincingly. [Reuters]

3. Despite the passage of the Cybersecurity Act of 2015, only six companies are sharing threat intelligence information with the government, rather than the hundreds of hoped-for participants. [Nextgov]

4. New research from the Norwegian Consumer Council describes how Facebook, Microsoft, and Google make design choices that nudge users toward more privacy-intrusive options. [Helpnet Security] 

5. Venezuela has blocked access to Tor from the country's state-owned ISP. [Vice News]

6.​ Taking heist tips from Johnny Cash songs, hackers targeting the financial services industry are exfiltrating data in chunks small enough to hide in normal encrypted traffic. [WSJ]

7. Smartphone battery power flows can be correlated to keystrokes, revealing phone activity and browsing behaviors. [The Register] 

8. We didn't even need Equifax anyway: your browsing behavior and device choices are a better predictor of your creditworthiness than your credit score. Speaking of Equifax, they reached an agreement with banking regulators from eight states to improve their security, rather than pay any fines for their massive breach. They were going to improve their security anyway! The lack of a financial penalty is insulting, and the President of the Foundation for Taxpayer and Consumer Rights agrees. In related news, the marketing company Exactis had a database of personal information on 230 million customers, and you probably never would have known about it if they had secured it properly, but it was breached this week. [SSRN; Reuters; Wired]

9. Concurring with Mad-Eye Moody, in a recent memo Mad-Dog Mattis counsels constant vigilance as the best cyber defense. [Federal Times] 

10. I don't often get to talk about my hometown basketball team in this newsletter, but now the Sacramento Kings are mining cryptocurrency in their arena. I'm surprised the Maloofs didn't think to do this when they still owned the Kings; they were always looking for quick ways to profit off of the team. [Deadspin]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)