Raymond Tec News for February 3, 2019

Raymond Tec News Podcast Cover Art
Raymond Tec News
Raymond Tec News for February 3, 2019


Welcome to the February 3rd, 2019 episode of the Raymond Tec News podcast. Each week, I scour the web and curate the articles, tweets, and backchannel sources to provide you, the non-nerd, a concise tech news summary where I answer the question, “Why does this matter to me?”

I start off each episode with the stuff to keep you up at night; data breaches, privacy concerns, and security threats. But I like to instill a bit of joy around technology so I end with a series of stories that will restore your faith in our technological future, and, hopefully, humanity.

Let’s dive in.

Data Breaches

Unfortunately, there’s lots to talk about in this week’s Data Breaches and Exposures. First up, Discover has issued new cards to some of its members, due to a data breach at one of its merchants from August of 2018.

Airbus has announced a cyberattack has breached its commercial aircraft business and exposed employee information to attackers.

France-based video-sharing site Dailymotion has reset passwords of an unknown number of users after a large-scale credential stuffing attack. Credential stuffing means taking many usernames and passwords from breached sites and trying to see if they work different sites. This often proves effective because many users recycle passwords.

Minnesota’s Department of Human Services started sending letters on Wednesday about a data breach resulting from an employee falling for a phishing email on September 28 of last year. There aren’t any details about how many records were affected, but the employee had access personally identifiable information of both employees and clients.

Two successful phishing attacks against Verity Health System and Verity Medical foundation have resulted in data breaches. One breach occurred in November, the other in Mid-January, the full scope isn’t yet known, but they are certain both PII and PHI were compromised in the attacks.

Singapore’s Ministry of Health reported that it doesn’t know who, it doesn’t know how, but someone got hold of personal health records for about 14,000 HIV positive people. 5,400 locals and 8,800 foreigners who were diagnosed with HIV were exposed in this breach. These records were published online and have since been removed, but since Singapore doesn’t know who did it, they can’t delete all copies of the records.

Colorado-based Critical Care, Pulmonary & Sleep Associates notified 23,000 patients that their data may have been breached during a phishing attack this week.

Integrity House, a New Jersey-based addictions recovery provider, was physically broken into and had devices stolen containing protected health information of its clients. Approximately 7,000 patients were impacted.

Ontario, Canada-based Belleville General Hospital fired a nurse for accessing hundreds of patient records without permission. The nurse accessed names, dates of birth, and health information for an unspecified period.

A ransomware attack on a Florida-based OB-GYN specialist has resulted in some protected health information being lost. Fortunately, this data wasn’t lost due to exposure, but because the clinic refused to pay the ransom. Most of the data was restored from back up after the infected servers were cleaned.

This week also brings with it another breach of smart home devices. This time a self-described “smart home aficionado” heard a deep male voice talking to his child through his Nest baby monitor. In addition, the attacker had also turned the home’s Nest thermostat up to 90 degrees. The home owner had been using a recycled password.

While we’re on the topic of recycled passwords, last week’s Collection 1 data dump of hundreds of millions of user names and passwords has now been followed up by Collections 2-5. Supposedly totaling more than 2 billion passwords, these collections aren’t just one website breach but hundreds or even thousands of breaches all stockpiled into larger collections. Keep your eyes on Have I been Pwned dot com. That’s Owned with a P replacing the O.

Of course, you’re not still recycling passwords and ignoring two-factor authentication in 2019, are you? If you are, it’s time to protect yourself online with LastPass. LastPass works on your computers, phones, and tablets and is more than just a secure password vault, it also creates random passwords for you. No more having to remember which variation of your mother’s maiden name and your dog’s birthday you used for a password.

Better than that, LastPass also includes a simple, easy to use, two-factor authentication app. Enable two-factor authentication on your accounts for that extra layer of security and know that it’s safe and secure. Start your free trial today using my affiliate link raytec.co slash LastPass, that’s r-a-y-t-e-c- dot c-o slash L-a-s-t-P-a-s-s. More about affiliate links at raytec.co slash affiliate.

Thankfully, that’s it for Data Breaches and Exposures. Moving on to Privacy News.

Security News

An international group of law enforcement agencies have successfully taken down a large online underground marketplace where criminals could buy, sell, or rent out various illegal products and services.

Microsoft has been attempting to make the world more secure by trying to rid the world of Internet Explorer 10, giving large enterprises one year to upgrade to IE11.

Netflix is again warning its customers of a phishing scam where attackers send fake “payment declined” emails to customers trying to get them to click on a link and give up their credentials. The link in the show notes gives some tips about what to look out for when deciding whether an email is a scam.

An article from ZDNet extols the virtues of open source software on implantable medical devices like pacemakers and insulin pumps. Open source software tends to have vulnerabilities found and repaired much more quickly. Unfortunately, all implantable medical devices are currently proprietary software. Almost on cue, the Department of Homeland Security released an advisory about vulnerabilities in Stryker and Becton, Dickinson medical devices.

In an announcement from LiFX, vulnerabilities in their lighting products can expose your Wi-Fi password to attackers. I’ve linked to the original article in the show notes, but it’s mostly fear-mongering. It requires physical access to the light bulb and destroys the bulb in the process. But, LiFX has released a firmware update, so make sure you update your light bulbs.

That’s it for security news, now we move on to all the news that didn’t fit in other categories.

Privacy News

Facebook’s record on privacy continues to be tarnished despite its best efforts. Just after the launch of its new Privacy and Data Use Business Hub, which will help company’s to better understand how user data is used and stored Snopes has announced it will not be renewing its contract with Facebook for fact checking. Reportedly, Snopes exited the partnership because of a lack of engagement from Facebook, citing no guidance about what should be fact-checked or how the fact-checking was making a difference.

But Facebook’s biggest privacy news was its violation of Apple’s terms of use by peddling an app that paid people as young as 13 to follow their every move online. The app, pitched as a research app, would monitor, log, and send all the collected data to Facebook’s researchers. There is a similar app for Android, which is still on the Google Play store.

Speaking of Google, they also made strides this week towards improving privacy for users. The Chrome browser will soon display a warning about fraudulent lookalike sites. But just so Google didn’t feel left out, Apple also pulled their certificate which powered their “Screenwise” app. This app was largely the same as Facebook’s, collecting and sending a huge amount of user data back to Google for tracking and analysis.

The week wasn’t all good news for Apple’s privacy record. Apple’s FaceTime became infamous after a viral video showed how to listen to anyone even if they don’t answer the FaceTime call. This bug will be fixed in a software update this week. Sadly, this wasn’t the only negative news for Apple; it appears they have also neglected to report a data leak. A bug in their iCloud software appears to leak data when users are syncing with the cloud, exposing small pieces of information to potential attackers.

Of course, it’s not just tech giants scamming users on social media, the usual creepers are their too.

An article from ZDNet details how YouTube imposters are getting people to give up personal details by promising to send them free gifts.

The Sophos Naked Security blog reported that Instagram fraudsters are stealing pictures and videos of a sick child and setting up fraudulent fund raisers. Instagram was slow to respond and has had difficulty keeping the scammers from opening more accounts as the old ones were shut down.

The Trend Micro Security Intelligence Blog has reported that several Beauty Camera apps on the Google Play store are malicious, sending people to phishing websites, displaying pornographic advertisements, and collecting pictures taken with the app. There’s lots of details in the link in the show notes.

FamilyTreeDNA, a popular at-home DNA test, released a statement this week announcing that it is working with the FBI. The results can be used to help identify human remains but have also been used to identify suspects.

New York City’s Taxi and Limousine Commission has just demanded that Uber and Lyft begin providing more details of its rides to the city for data aggregation. This data is already being collected by the city’s credit card equipped taxicabs and has enabled the city to adjust traffic patterns and light timing to improve traffic flow. The data is also being used to keep a safety honor roll of drivers who haven’t been in accidents in four or more years. The real issue is the privacy implications. Even anonymized data can be tracked back to individuals without a whole lot of difficulty.

That’s it for this week’s Privacy News. Let’s move on to Security news.

‘Other’ News

In Super Bowl news this week, I’ve included a guide for finding the Super Bowl, Kitten Bowl, and Puppy Bowl online. Uber has announced that it will give free rides in the city that loses the Super Bowl. Of course, if the super bowl’s not your thing Wired has other suggestions to fill your Sunday evening time slot.

Streaming music giant Spotify is in talks with podcasting giant Gimlet Media for a potential 200-million-dollar buyout. If you’d rather listen to music than podcasts, Pandora’s music algorithms will be powering SiriusXM soon, now that Sirius has closed its 3.5-billion-dollar acquisition.

Netflix has announced this week that it will finally be cancelling Fuller House, the nostalgic reboot of 90’s hit Full House, now in its fifth season. I also wanted to this opportunity to recommend two Netflix originals: Sex Education and Russian Doll. Sex Education is about a sex therapist, played by Gillian Anderson and her son and their misadventures. Russian Doll stars Natasha Lyonne and at first appears to be a Groundhog Day rip-off with a lady lead but turns into mind bending romp across what-if timelines. Neither are appropriate for younger audiences.

The Australian Senate has recommended that state governments work together to bring the Formula-E electric vehicle championship to the country to raise awareness and enthusiasm around electric vehicles.

According to Caller ID app, Hiya, consumers received 26.3 billion robocalls in 2018 which was up 46 percent from 2017. Currently, AT&T, Verizon, and T-Mobile are offering free robocall blockers, I recommend you sign up for them.

Finally, we can move into the light of the good news.

The Good News

Australian analytics company Max Kelsen is combining Artificial Intelligence and whole-genome sequencing to reduce cost and increase the effectiveness of cancer treatments. With 12,000 new cases of lung cancer every year, the company started there. Kelsen researchers feeds genome data, which can amount to 300 gigabytes worth of data per person, and potential treatments into TensorFlow machine learning technology. While it costs about $1,000 to sequence a human genome, the average immunotherapy treatment costs about $100,000.

Artificial intelligence is now fighting colony collapse disorder alongside beekeepers. One of the causes of the ecosystem destroying disorder is the Varroa mite, a tiny parasite that infests hives and sucks blood from bees and their young. The simplest way to find these mites is by putting a flat surface beneath a hive and pulling it out every few days. Of course, the Varroa mites are less than a millimeter across and easy to miss, so this is where machine learning comes in.

Beekeepers take a photo with a regular smart phone and upload it to a server in Switzerland where a team of students have developed a program that can identify the mite bodies. Now, beekeepers can know for certain whether an infestation is getting better or worse.

It’s amazing how far we’ve come in such a short time.

That’s it for this week in tech news that matters to you. If you’ve enjoyed the podcast, please subscribe, rate, and review on iTunes, Google Play, Spotify, Stitcher Radio, or TuneIn. The more buttons you press on those sites, the easier it is for other people to find me. Also, be sure to follow me on Facebook and Twitter at Raymond Tec IT for tech news updates that matter to you.

Don’t forgot to check the show notes, there are bonus links for further reading, including articles about a light-powered 3D printer, Twitter’s removal of thousands of fake news accounts, how a playboy centerfold shaped how we see images online, and the super fun Unscience a Space Thing movement. To get to the show notes, just go to raytec.co slash listen, that’s r-a-y-t-e-c dot c-o slash listen. There’s also links to each of the podcast apps I listed there as well as links to our social media.

Thanks for listening and have a great week!