Note that for reasons of time management I may have to start spacing these out more.
Updates to Anti-Social Media
(1) Reuters: Exclusive: Facebook to put 1.5 billion users out of reach of new EU privacy law – “The previously unreported move, which Facebook confirmed to Reuters on Tuesday, shows the world’s largest online social network is keen to reduce its exposure to GDPR, which allows European regulators to fine companies for collecting or using personal data without users’ consent.” (HT to Artem Baranov)
(2) Steven Englehardt et al: No boundaries for Facebook data: third-party trackers abuse Facebook Login – “Today we report yet another type of surreptitious data collection by third-party scripts that we discovered: the exfiltration of personal identifiers from websites through “login with Facebook” and other such social login APIs. Specifically, we found two types of vulnerabilities:
- seven third parties abuse websites’ access to Facebook user data
- one third party uses its own Facebook “application” to track users around the web.”
Commentary from The Register: Facebook’s login-to-other-sites service lets scum slurp your stuff – “A security researcher has claimed it’s possible to extract user information from Facebook’s Login service, the tool that lets you sign into third-party sites with a Facebook ID.”
(3) Help Net: Researchers develop algorithm to detect fake users on social networks – “Ben-Gurion University of the Negev and University of Washington researchers have developed a new generic method to detect fake accounts on most types of social networks, including Facebook and Twitter.”
Paper is here: Generic anomalous vertices detection utilizing alink prediction algorithm
Commentary from The Register: Gang way! Compsci geeks coming through! AI engine can finger fakes on social networks – “Take note Twitter, Facebook et al, it’s really not that hard to weed out bots”
(4) Graham Cluley: Facebook pushes ahead with controversial facial recognition feature in Europe “Facebook uses facial recognition software to automatically match people in photos your friends upload with the other billions of images on Facebook’s servers in which you might appear.”
(5) Help Net: LocalBlox found leaking info on tens of millions of individuals – “The discovery was made by UpGuard researcher Chris Vickery, who stumbled upon the unsecured Amazon Web Services S3 bucket holding the data, bundled in a single, compressed file. When decompressed, it revealed 48 million records in a format that’s easy for anyone to peruse.”
Here’s the Upguard blog post.
And commentary from Graham Cluley for Hot for security: 48 million people put at risk after firm that scraped info from social networks left it exposed for anyone to download
(6) Sophos: Facebook: 3 reasons we’re tracking non-users – more light cast into the shadows by the House Energy and Commerce Committee’s questions to Mark Zuckerberg.
(7) The Guardian: Far More Than 87 Million Facebook Users Had Data Compromised by Cambridge Analytica
(8) Sophos: Google in hot water over privacy of Android apps for kids
(9) Tech Crunch: A flaw-by-flaw guide to Facebook’s new GDPR privacy changes
“Just click accept, ignore those settings”
(10) Brian Krebs: Is Facebook’s Anti-Abuse System Broken?
Updates to Cryptocurrency/Crypto-mining News and Resources
(1|) Help Net: Cryptominers displace ransomware as the number one threat. Summarizes a report from Comodo and also observes: “Another surprising finding: Altcoin Monero became the leading target for cryptominers’ malware, replacing Bitcoin.” Maybe not that surprising: see Cameron Camp’s article for ESET – Monero cryptocurrency: Malware’s rising star
(2) The Next Web: Crypto YouTuber hacked out of $2 million during a livestream. That’s going to undermine his influence on casual investors…
(3) Trend Micro: Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner
Updates to Meltdown/Spectre and other chip-related resources
The Verge: Intel is offloading virus scanning to its GPUs to improve performance and battery life
Updates to Internet of (not necessarily necessary) Things
Catalin Cimpanu for Bleeping Computer: FDA Wants Medical Devices to Have Mandatory Built-In Update Mechanisms. Refers to the FDA’s Medical Device Safety Action Plan document.
David Tomaschik, System Overload: The IoT Hacker’s Toolkit
Sophos: Russia’s Grizzly Steppe gunning for vulnerable routers
Updates to: Ransomware Resources
Help Net: Cryptominers displace ransomware as the number one threat. Summarizes a report from Comodo and also observes: “Another surprising finding: Altcoin Monero became the leading target for cryptominers’ malware, replacing Bitcoin.” Maybe not that surprising: see Cameron Camp’s article for ESET – Monero cryptocurrency: Malware’s rising star
Updates to Specific Ransomware Families and Types
Trend Micro: Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner and XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
Bleeping Computer: RansSIRIA Ransomware Takes Advantage of the Syrian Refugee Crisis: “A new ransomware called RansSIRIA has been discovered by MalwareHunterTeam that encrypts your files and then states it will donate your ransom payments to Syrian refugees. This ransomware is a variant of the WannaPeace ransomware and is targeting Brazilian victims.”
Updates to Mac Virus – Miscellaneous mobile malfeasance
Updates to Chain Mail Check – UK ID Theft, IWF report on child abuse, Gold Galleon BEC