Skip to content Skip to navigation

Friday Cyber News, March 8 2019

Cyber technology-related news and links from around the web, for the week of 3/2 - 3/8:

1. Believe it when it gets rolled out, but Mark Zuckerberg has outlined a future for Facebook that involves focusing on privacy, encrypted communications, and, perhaps most notably for a company developing its own blockchain-based digital token, secure payments. It makes sense for Facebook to have its own currency; it has a global user base that sees Facebook as a method of identification and authentication, and its image has recently been tarnished by indiscriminate data sharing, suggesting that users want Facebook to be a secure tool for exchanging information one-to-one. [Facebook]

2. In a recent study of Twitter and Facebook users' current events knowledge, a researcher found that "more frequent usage of Twitter positively affects the acquisition of current affairs knowledge. The opposite is found for Facebook: More frequent Facebook usage causes a decline in knowledge acquisition. This negative effect of Facebook usage occurred particularly for citizens with less political interest, thereby, amplifying the existing knowledge gap between politically interested and uninterested citizens." [Journal of Information Technology and Politics] 

3. Emerging details about Chinese and North Korean hacking groups show that neither are slowing down (despite the Hanoi summit, and a US-China agreement to halt cyber espionage). Chinese hackers were found to have targeted several universities connected to the Woods Hole Oceanographic Institute and conducting research on maritime engineering problems relevant to military projects, while another Chinese group, APT27, has been successfully mixing and matching pieces of old digital tools to target Mongolian data centers and "networks of political, humanitarian, technology and manufacturing organizations". A McAfee team has shown evidence of robust North Korean hacker activity, targeting more than 100 companies worldwide, a majority of which are in the United States. [WSJ; Cyberscoop; NY Times]

4. No path forward for Facebook in China, says an unnamed "senior source inside the company", rendering Zuckerberg's smoggy jog in Tiananmen Square for naught. [Buzzfeed News]

5. Verification via two-factor authentication (2FA) on Facebook used to keep users' provided phone numbers private, but not anymore; Facebook has recently changed its settings to force phone numbers provided for 2FA purposes to be searchable by friends, friends of friends, or everyone (the default). Failing to keep the numbers private may discourage users from turning on 2FA if they don't want their phone numbers to be discoverable. [Motherboard]

6. Even though "the world's most murderous malware" is a hyperbolic designation for code that hasn't actually killed anyone, Triton, a piece of malware that specifically targets the safety systems of oil refineries, is worth paying attention to in the process of securing critical infrastructure. [Technology Review]

7. New reports by Microsoft, FireEye, and Symantec link Iranian hackers to attacks targeting hundreds of companies, including many in the oil and gas sector, and causing hundreds of millions of dollars in lost productivity costs over the past two years. [WSJ]

8. Under a new Vermont law, data brokers are required to register with the US Secretary of State, and Fast Company has compiled a list of 121 of them. As an example, in 2018 one data broker was able to provide information on 2.5B individuals across 10,000 attributes. [Fast Company]

9. Establishing some goodwill with security researchers, the NSA's move to publicly release its malware reverse-engineering and decompiling tool, Ghidra, has been met with primarily positive reviews of the tool, including its support for collaborative work. [Motherboard]

10. Despite an NHTSA report last year finding that Uber had disabled automatic braking systems to address complaints of less-than-smooth rides, prosecutors in Arizona do not plan to change Uber with any crimes in last year's self-driving car accident that killed a pedestrian. [NY Times]

Thanks for reading,

Allison
Stanford Cyber Initiative
fsi.stanford.edu/cyber

(To suggest an item for this list, please email aberke@stanford.edu. This email contains links that may not work if HTML is not supported in your mailbox. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)