Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

News This Week


NEWS WRAP-UP: Ukrainian hacker with tied to DNC hack surrenders; Uber agrees to improve privacy; Scottish government hacked

By Byron V. Acohido

Week ending Aug. 18. A Ukrainian hacker called “Profexer” who built one of the tools used to penetrate the Democratic National Committee servers last year has turned himself in to authorities. The man, who first contacted Ukrainian police earlier this year, claims he wrote a piece of software called the PAS Web shell, which the Department of Homeland Security has identified as malware used in the hack. The hacker maintains that he wasn’t behind the attack, which resulted in the release of thousands of emails sent by DNC staffers during the presidential campaign. Because there is no evidence that he used the tool to carry out the attack, he wasn’t arrested. Profexer is in touch with the FBI and is able to identify users involved in the DNC hack by their online handles. Also emerging from Ukraine is a sharper picture of what the U.S. government believes is a Russian government hacking group known as Fancy Bear. American intelligence believes it is operated by Russian military intelligence. Sources: Technology Review, The New York Times

Neo-Nazi site claims it was hacked; Anonymous says maybe not

Members of the Anonymous hacktivist collective claim that neo-Nazi website the Daily Stormer may have faked a claim that it had been taken over by hackers. Web-hosting service GoDaddy removed the Daily Stormer after it published an article viciously insulting the activist killed after a car hit her at a white nationalist rally in Charlottesville, Virginia.  Later, a message posted on the site claimed to be from Anonymous hacktivists who had taken over the site. Source: Newsweek

Tech companies ask high court to protect customers’ privacy

More than a dozen technology and wireless companies called on the Supreme Court to make it harder for government officials to access individuals’ sensitive cellphone data. The case involves a high-profile dispute over whether police should have to get a warrant before obtaining data that could reveal a cell … more

NEWS WRAP-UP: Walmart tracks customers’ facial expressions; teachers hacked; Asians seek cyber insurance

By Byron V. Acohido

Week ending Aug. 11. Walmart has filed a patent for video technology to track customers’ facial expressions as they shop, potentially allowing employees to address customer needs before they have to ask. The system would use video to scan for customers who are frustrated or unhappy if they can’t find a product or figure out pricing. The system also could see when a display or product pleases shoppers. According to the patent filing, Walmart says it’s easier to retain existing customers than acquire new ones. Walmart also will use the technology to analyze trends in shoppers’ purchase behavior over time, according to the patent filing. The system links customers’ facial expressions to their transaction data—meaning how much they’re spending and what they’re buying. Using biometric data collected from customers’ facial expressions, the retailer would link changes in mood to changes in spending. Walmart says this will help stores detect changes in a customer’s purchase habits due to dissatisfaction. If a sharp drop in spending is recorded after a customer is seen with a negative facial expression, the company would be able to better deal with the pain points that are driving away shoppers. Sources: TheStreet.com; USA Today; Business Insider; PSFK.com

Teachers get a hard lesson in data protection

Hundreds of current and former teachers in the St. Louis area, members of the Public School and Education Employee Retirement Systems of Missouri, were victims of an identity theft. Hackers obtained access to names, dates of birth, Social Security numbers and addresses, and attempted to use the information to access retirement funds and have them transferred. Some victims’ mailing addresses were changed. Source: Fox2Now, St. Louis

More Asian residents, companies might buy cyber insurance

Demand for cyber insurance from firms in China and elsewhere in Asia could soar, based on inquiries received after the WannaCry ransomware attack earlier this year, executives at American International Group said. The insurer saw … more

NEWS WRAP-UP: Anthem exposes medicare patients’ records; hackers easily break into voting machines; white supremisist hacks billboards

By Byron V. Acohido

Week ending Aug 5. It turns out the HBO hack may have been far worse than the initial leaks of a few unaired TV show episodes suggested. A security company hired by HBO to scrub search results for the hacked files from search engines says hackers stole “thousands of Home Box Office internal company documents.” The disclosure came as part of a takedown notice sent to Google to force the search engine to take down links to the leaked files. The notice also detailed that the hackers did away with “masses of copyrighted items including documents, images, videos and sound.” Hackers approached media outlets with the news that they had broken into HBO’s networks and released episodes of “Ballers,” “Insecure” and “Room 104” as well as the script for an upcoming episode of “Game of Thrones.” Also released by the hackers: Two episodes of “Barry,” the hit-man comedy starring Bill Hader that is not scheduled to air until 2018 on the network. The hackers leaked personal information of a senior HBO executive, containing access information to dozens of online accounts, including online banking, and personal health services. Source: Variety

Amazon halts sales of Blu phone on reports data being sent to China

Amazon has stopped selling Blu smartphones amid concerns that user data is being sent to third-party servers in China. Cybersecurity firm Kryptowire says many Blu smartphone models have been sending full text messages, phone numbers of contacts, and other private information. Blu said a “small fraction” of its devices were behaving in such a way last year, but the phones have been fixed. Source: Tech Radar

Some Anthem Medicare patients’ data may have been exposed

A data breach may have exposed personal health information of more than 18,000 Anthem Medicare enrollees, after one of the insurer’s health care consulting firms discovered that one of its employees had been involved in identity theft. Members’ Social Security and Medicare identification … more

NEWS WRAP-UP: Apple patches iOS vulnerabilities; Roomba’s plan to map homes raises concerns; tax breaks for cybersecurity training proposed

Week ending July 29. A company is offering to microchip employees, enabling them to open doors, log onto computers and purchase snacks with a swipe of the hand. Three Square Market, also known as 32M, said more than 50 employees are voluntarily getting implants Aug. 1 at what the company is calling a “chip party.” The chips are the size of a grain of rice and are inserted underneath the skin between the thumb and forefinger using a syringe. The procedure takes a couple of seconds. Company leaders hope the $300 microchips eventually can be used on air travel, public transit and for storing medical information. The company is partnering with Sweden’s BioHax International, where employees have been using the implants. Three Square Market is paying for the employees’ microchips. The technology has raised privacy concerns because of the potential to track a person’s whereabouts and purchases. Officials at 32M said the data in the microchip is encrypted and does not use GPS. But Michael Zimmer, who teaches internet ethics and privacy at the  University of Wisconsin-Milwaukee said he worries about the potential for “function creep,” where the stated purpose of a technology ends up spilling over into other uses, including surveillance. Source: The Associated Press via WestVirginia.com

Apple patches devices to prevent possible Wi-Fi hacks

Apple issued a critical security patch for all iOS devices to protect against a potential hack that attacks devices remotely via Wi-Fi. The tech company has urged users to install the operating system update to avoid a “potentially serious” cyber attack that could wipe out iPhones. Android devices also are threatened by the hack, but Google issued its own update earlier this month. Source: The Wall Street Journal

Bill would require Homeland Security to disclose more about cyber issues

A House panel advanced legislation requiring the Department of Homeland Security to give lawmakers more information on how it discloses cyber vulnerabilities to the private … more

NEWS WRAP-UP: Google resists Europe’s privacy rules; Ashley Madison pays $11 million to settle privacy breach suit; hacker grabs control of Segway scooter

By Byron V. Acohido

Week ending July 22. Europe’s “right to be forgotten” ruling, which allows private citizens in the region to make requests that search engines delist incorrect, irrelevant or out of date information returned by an online search for their full name, is set to return to the region’s top court to settle an ongoing dispute between Google and the French data protection agency, CNIL. The latter has pushed for Google to make these delistings apply globally, across all web domains, rather than geo-limiting delistings to the person’s home territory (as Google prefers to)—arguing that for Google not to do this offers a trivial workaround to a rule that’s intended to preserve European’s privacy rights. Google filed an appeal against the CNIL’s order for global delisting in May last year, following a fine of €100,000 ($115,000) handed to it by the regulator for noncompliance. Source: Tech Crunch

Atlanta clinic discovers data breach while looking into ransomware case

Peachtree Neurological Clinic in Atlanta discovered a 15-month breach in the process of investigating a recent ransomware incident. Its electronic health record system was encrypted by the virus. Instead of paying the ransomware, officials were able to restore the files and functionality from backup records. Source: Healthcare IT News

Ashley Madison parent to pay $11.2 million to settle suits in U.S.

The owner of the Ashley Madison website will pay $11.2 million to settle U.S. litigation brought on behalf of roughly 37 million users whose personal details were exposed in a July 2015 data breach. Ruby Corp, formerly known as Avid Life Media, denied wrongdoing in agreeing to the preliminary class-action settlement, which requires approval by a federal judge. Source: CNBC

U.S. cybersecurity coordination office could soon close

Secretary of State Rex Tillerson plans to close an office that coordinates with other countries on cybersecurity and fold it into a bureau focused on economic issues. The move would shutter the Office of the Coordinator for … more

NEWS THIS WEEK: Face scan may be required to travel abroad; Trump hotels violate privacy; Verizon exposes data

By Byron V. Acohido

In the news this week, U.S. citizens boarding international flights might have to submit to a face scan. The Department of Homeland Security says it’s the only way to successfully expand a program that tracks nonimmigrant foreigners. They have been required by law since 2004 to submit to biometric identity scans—but to date have only had their fingerprints and photos collected prior to entry. Now, DHS says it’s ready to implement face scans on departure—aimed mainly at better tracking visa overstays but also at tightening security. But, the agency says, U.S. citizens also must be scanned for the program to work. Privacy advocates say that oversteps Congress’ mandate. “Congress authorized scans of foreign nationals. DHS heard that and decided to scan everyone. That’s not how a democracy is supposed to work,” said Alvaro Bedoya, executive director of the Center on Privacy and Technology at Georgetown University. Trials are underway at six U.S. airports—Boston, Chicago, Houston, Atlanta, Kennedy Airport in New York City and Dulles in the Washington, D.C., area. DHS aims to have high-volume U.S. international airports engaged beginning next year. During the trials, passengers will be able to opt out. But a DHS assessment of the privacy impact indicates that won’t always be the case. Source: ABC News

Amazon, WhatsApp chided for poor privacy practices

Privacy group the Electronic Frontier Foundation scolded Amazon and WhatsApp over their “disappointing” privacy practices. The Who Has Your Back privacy report analyzed the policies and public actions of 26 companies, rating them on industry best practices, privacy policies and their dealing with governments—including “promises not to sell out users” and “stands up to National Security Letter gag orders”. Nine companies earned top ratings, including Adobe, Dropbox, Lyft and Uber. Amazon and WhatsApp were singled out for low scores. Source: The Guardian

Trump hotel guests’ personal information exposed

Guests at 14 Trump properties, including hotels in Washington, New York and … more

NEWS THIS WEEK: Privacy group sues Trump administration; Pennsylvania county loses childrens’ records; Window 10 needs privacy update

By Byron V. Acohido

In the news this week, a privacy watchdog group is suing the Trump administration’s commission investigating alleged election fraud, saying the requested information violates voters’ privacy. The Electronic Privacy Information Center, a nonprofit research organization, filed for a temporary restraining order to block the Presidential Advisory Commission on Election Integrity from gathering voter records from state election officials. The commission has requested election officials provide voters’ birth date, party affiliation, partial Social Security numbers, voter history, felony convictions and military service status. “The publication of voters’ personal information violates the constitutional right to informational privacy,” EPIC’s lawsuit says. “The Supreme Court has long recognized that individuals have a constitutionally protected interest in ‘avoiding disclosure of personal matters.'” The White House didn’t immediately respond to a request for comment. Source: CNet

Some Google employees’ information may have been revealed

Google told staffers that a hack on travel and hospitality firm Sabre Hospitality Solutions may have exposed their personal information, and advised them to complain to the Federal Trade Commission and to check their financial statements. Sabre, which operates the SynXis Central Reservations system, discovered unauthorized access to an account. Google is giving those affected two years of credit monitoring and protection. Source: The Inquirer

EU advised to drop Privacy Shield deal because U.S. can’t protect data

The Center for Digital Democracy told the European Union it should pull its Privacy Shield agreement with the United States. CDD cited a lack of privacy enforcement or oversight by the FCC and Federal Trade Commission. “There is no effective legal framework to protect consumer privacy in the U.S., with inadequate enforcement of the weak policies in place and an overall failure to address the dramatic growth of data practices,” CDD said. The group cited the nullification of FCC broadband privacy rules as a reason the U.S. can’t protect data privacy. Source: Multichannel News

Judge dismisses privacy case against Facebook

A … more