Skip to content Skip to navigation

Friday Cyber News, March 29 2019

Cyber technology-related news and links from around the web, for the week of 3/23 - 3/29:

1. The FTC is investigating whether ISPs sell users' web browsing history and device location data despite promises not to, after reports indicated that the ISPs did and do. [Ars Technica]

2. Organizations in Saudi Arabia and the US have been targeted by APT33, or Elfin, an espionage group using known WinRAR vulnerabilities to spread malware. Yearly numbers of state-sponsored cyber attacks on banks are also increasing, and insurers plan to band together to evaluate which cybersecurity software and services are actually effective at protecting their clients. [Symantec; Reuters; WSJ]

3. Beginning next week, Facebook will categorize white nationalism and white separatism under its hate speech ban, bringing the platform in line with civil rights groups and historians, who criticized Facebook last year for drawing a distinction between white supremacy and white nationalism. [Motherboard]

4. Ensuring election security means securing the digital infrastructure that spreads political information, counts votes, and enables doxing and strategic leaking. The US Census has already asked tech giants for help removing misinformation about the 2020 census. [Khanna.gov; Reuters]

5. Shadowhammer malware hijacked the ASUS update utility to infect tens of thousands of computers with the goal of reaching a handful of targeted users. [Axios]

6. Tasked with investigating Huawei's cybersecurity posture, a UK oversight body found serious engineering deficiencies and a lack of architectural controls that would limit the access that security vulnerabilities provide. [Techcrunch]  

7. Signals Directorate operators in Australia hacked ISIS communications to disrupt an attack in real time, a cyber warfare first. [The Australian]

8. DHS warns that Medtronic's implantable cardiac defibrillators can be monitored and commandeered remotely by hackers. [Duo]

9. From last week, as all data breaches are now announced on Friday afternoons: "The U.S. Federal Emergency Management Agency exposed personally identifiable data about more than 2 million disaster survivors in violation of a federal privacy law, an inspector general’s investigation has found." [Cyberscoop]

10. I guess you can put your marriage certificate on the blockchain, but of course you'd want to use two-party ring signatures, so that outside observers can't tell who proposed to whom. [Breaker]

Thanks for reading,

Allison
Stanford Cyber Initiative
fsi.stanford.edu/cyber

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)