Weekly Tech News for April 14, 2019
Intro
Welcome to the April 14th, 2019 episode of the Raymond Tec News podcast. Each week I curate the articles, tweets, and backchannel sources to provide a 15 to 20-minute summary of tech news. But this week will be a little shorter than usual since I didn’t have an opportunity to write a feature story.
Otherwise, I’ll start off like I always do with the headlines to keep you up at night; data breaches, privacy concerns, and security threats. Then I’ll balance out the negative with a series of stories to restore your faith in technology, and, maybe, humanity.
The cold open today was from Naked Security Live, a video series available on YouTube, discussing the fallout from another security camera found in the private living space of an Airbnb that I reported on last week. There’s a link in the show notes to the YouTube video. YouTube
Let’s dive in to data breaches.
Table of Contents
Intro
Data Breaches
AeroGrow International, makers of the AeroGarden smart countertop gardens, have begun notifying customers of a MageCart style attack which stole customer’s credit card data during the check out process. SecurityWeek
Microsoft announced a breach this week which revealed cybercriminals compromised one of its customer support representatives, giving the attackers access to personal information and credentials shared with the rep by customers. ZDNet
A just released study has announced that the healthcare sector is the number one target for major data breaches, being fully a quarter of all data breaches last year. Data Breach Today
Yahoo has finally reached a deal in US federal court to remedy the largest data breach in history. Yahoo will have to pay a 117.5 million-dollar settlement. Reuters | Bloomberg Law
Two Romanians were convicted on a variety of fraud and hacking charges this week. Court documents revealed the pair infected and controlled more than 400,000 computers, mostly in the US to steal identities, mine cryptocurrency, and commit other acts of fraud. DarkReading
That’s it for data breaches, let’s move on to privacy headlines.
Privacy Headlines
IBM X-Force researchers have released an alert about TrickBot, which is Tax-Themed malware hidden within Microsoft Excel spreadsheets. The malware is being distributed via spam email. Security Intelligence
To continue developing its marketing push to be the most secure mobile platform, Apple has added another confirmation step before you subscribe to apps on its app store. TechCrunch
Russia has fined Facebook 3,000 Rubles, or $47, for not complying with its laws that require online companies to store Russian user data on Russia-based servers. Mark Zuckerberg is, reportedly, still laughing. The Hacker News
Apple is in hot water with the US Congress and human rights advocates after it removed several Hong Kong artists from its Apple Music China platform. Critics say it missed a chance to ‘be a stronger voice for freedom around the globe.’ The Verge
Bloomberg released a report this week on the teams Amazon has listening to conversations from its Alexa smart speakers. Most of the news sources I saw blew this one out of proportion, leaving out details about how minimal personal data is included with recorded conversations. The primary jobs of the teams are to improve Alexa’s understanding of user’s commands and reduce the likelihood that Alexa is woken by accident. One thing that wasn’t mentioned in the original report was whether this was an opt-in program or whether every Alexa user is immediately enrolled. Bloomberg
That’s a wrap for important privacy news. Let’s move on to security headlines.
Security Headlines
This week at the Kaspersky Security Analyst Summit, security researchers revealed a new state-sponsored hacking group and their previously unknown spyware multi-tool that featured more than 80 distinct components capable of unique cyberespionage tricks. Wired | Wired
An IBM Security Researcher has discovered a vulnerability in TP-Link brand home internet routers that will allow remote attackers to take complete control of this critical device in your home. Security Intelligence
Mobile security firm, Lookout, announced that Exodus spyware was available on iOS as well as Android this week. The iOS version of Exodus poses as a legitimate mobile carrier support app and steals as much data as possible from victims. Wired
To help eliminate reliance on passwords, Google has rolled out a new feature for Android phones running version 7 or higher. The feature turns the phone into a security key, wirelessly communicating with PCs and other devices to add an additional layer of security. The Verge
WPA3, or Wi-Fi Protected Access third generation, was finalized for roll out about 15 months ago and was hailed as the answer to flaws in the current WPA2 standard. Unfortunately, a slew of new vulnerabilities have been found. ARS Technica
A popular Firefox web browser extension called NoScript has been made available for Google Chrome users. NoScript helps users block tracking attempts and dangerous cross-site scripting attacks. It’s a great extension, but in my experience it can break some websites. ZDNet
The US Department of Homeland Security has published an alert for users of enterprise VPNs from Cisco, Palo Alto Networks, Pulse Secure, and F5 Networks that their secure networking protocols are vulnerable to attack. TechCrunch
The United Kingdom has declared an end to self-regulation for social media and online sharing platforms by creating laws to fine platforms that allow harmful content to be posted. This is a direct result of the Christchurch, New Zealand shootings. 9 to 5 Mac
We’re all done with security headlines. Let’s move on to all the news that doesn’t fit one of our other categories.
Other Headlines
Disney’s new Disney plus streaming service will be launching on November 12th with subscriptions costing $6.99 per month. TechCrunch
You may recall a few weeks ago when MySpace admitted to losing more than 50 million songs as they were moving servers. Apparently, someone has found a backup of almost half a million of them, and the Internet Archive has published them. Sophos Naked Security
Oculus, manufacturer of virtual reality hardware, announced that it accidently left hidden messages inside its controllers. These messages were inside jokes the company hid in prototype versions of the devices and said things like “This Space for Rent” and “Big Brother is Watching.” The company wanted to dispel any rumors about tampered equipment. The Verge
Snapchat has developed what’s calling Snap Kit, to stop companies like Facebook from copying its business model. Snap kit now allows developers to integrate Snapchat’s filters and stories functions into their own websites and apps. TechCrunch
Sony is proactively attempting to stop hate speech by replacing offensive users names on its PlayStation network with temporary usernames. The Verge
Juul Labs, manufacturers of popular vaping devices, have begun a Track and Trace program in cooperation with law enforcement to figure out how their devices are winding up in the hands of minors. TechCrunch
Microsoft is changing the way it pushes out updates. Rather than forcing users to install updates that may break their system, users will be able to choose if and when updates happen. Sophos Naked Security | ZDNet
Uber has filed its documents with the SEC to go public next month, revealing many previously unknown details, including it’s almost half-a-billion-dollar investment on autonomous vehicles. TechCrunch
California’s DMV announced on Friday that it will soon be allowing testing of autonomous light duty pickup trucks and utility vans on public roadways. The Verge
The week’s biggest tech-related news, was, of course, Julian Assange’s arrest by the London Metropolitan Police after the Ecuadorean government withdrew their political asylum. He was physically and forcefully removed from the embassy on charges of hacking by the US, and sexual misconduct by Sweden. Wired
Thomas White, also known as Dread Pirate Roberts 2, has made an astonishing news comeback this week. Most people will remember when Ross Ulbricht, or Dread Pirate Roberts, was arrested, bringing an end to the dark web marketplace the Silk Road. Almost as soon as his arrest was announced the Silk Road 2 popped up, run by Dread Pirate Roberts 2. Some tech news outlets listed him as a cybercriminal who got away. It turns out that Thomas White was actually arrested in November 2014 and has been quietly held in England. He has been sentenced to 5 years and 4 months in prison for his role as a dark web drug lord. Motherboard
Now it’s time for this week’s Good News.
Good News
New York City’s IT infrastructure is enormous. 330,000 employees, 8.6 million residents, hundreds of web applications for things like street plowing, and the popular NYC dot gov site provide an ample attack surface for cybercriminals. In response, the city government has created the New York City Cyber Command. The NYC3 has built a secure data pipeline for cybersecurity experts that allows for alerts, visualization, and analysis. Using open source tools that are built to be blisteringly fast, the pipeline enables analysts to easily and quickly make decisions about the safety of its infrastructure and, more importantly, it’s millions of residents and visitors. ZDNet
NASA has completed a new study that indicates interplanetary travel should not negatively affect the human body. Dubbed, the Twins Study, NASA sent astronaut Scott Kelly into space to live aboard the International Space Station for 340 days while keeping his twin brother Mark on Earth as a control subject. NASA compared the twins on a molecular level to come to these conclusions and believes that it is physically possible for humans to safely make trips to and from Mars, which could take up to three years. Most of the DNA measurements taken of the two brothers returned to normal when Scott returned to Earth. Scientists will continue studying the effects of space on the human body, but did note that specific portions of Scott Kelly’s DNA, related to immune response and DNA repair, did not return to normal. TechCrunch | NASA
Unless you live in a blackhole, you’ve probably seen the news about the first ever picture of a super massive blackhole. Supercomputers, eight telescopes on five continents, hundreds of researchers, and 5 petabytes of data across more than half a ton of hard drives. But how did we get this image from 55 million light years away? Community. Experts worked for years to photograph and compile the data from all those different telescopes. As you can imagine, storing all that picture data was a monumental task. 5 petabytes is 1,000 terabytes. You can fit about 300 high definition movies into 1 petabyte. That means all that data that makes up the blackhole picture fit in the same space as 1,500 HD feature-length movies. Now we have a group of data storage experts managing and safely storing that data. Then we need programmers to piece the data together from all those telescopes and all that data. Thanks to all these talented and wonderful people working together we can see what a blackhole looks like to better understand the universe we live in. How cool is that? The Verge
That’s it for this week in tech news that matters to you. If you’ve enjoyed the podcast, please share what you found interesting in a post on your social media by linking to Raytec dot co slash listen. That’s r-a-y-t-e-c dot c-o slash listen. That will always link directly to the current episode’s show notes along with a podcast player. I really appreciate anyone who’s willing to share my podcast.
Links to source articles and other noteworthy news are in the show notes. Articles in this week’s extracurricular reading include an article from Wired about how to build algorithms to support rather than exploiting children online, how the Weather Channel is using mixed reality to show the damage climate change can cause, how to detect hidden cameras in hotel rooms, and so much more. The show notes have links to each of the podcast apps I’m listed on and links to my social media. If you have any information, updates, or constructive criticism, feel free to reach out via social media.
Thanks for listening and have a great week!
-
Spy on your Smart Home with this Open Source Research Tool
Delete Those Useless Apps from Your Phonel
Optimize Algorithms to Support Kids Online, Not Exploit Them
Online Trolls are Harassing a Scientist who Helped Take the First Picture of a Black Hole
The Weather Channel Flooded Charleston to Make You Give a Damn
How to Make Your Amazon Echo and Google Home as Private as Possible
How Android Fought an Epic Botnet – and Won
Twitch’s First-Ever Video Game is a Free Karaoke Title Built for Live Streaming
Can you Detect Hidden Cameras in Hotel Rooms?
ADHA Seeking Feedback for National Health Interoperability Roadmap
The Julian Assange I Met in 2010 Doesn’t Exist Anymore | Four Theories About Julian Assange’s Cat
Tesla’s Original Plan for the $35,000 Model 3 is Dead | Tesla is Raising the Price of its Full Self-Driving Option
Foxconn is Confusing the Hell out of Wisconsin | Foxconn Says Empty Buildings in Wisconsin are Not Empty
-
Article featured image by NASA via Unsplash.
Cold open provided courtesy Sophos Naked Security via YouTube
The theme song for the Raymond Tec news podcast was created by me, with samples of modems from the following generous individuals: guitarguy1985, tt_runscript, and 1tmsounds.
Other sounds or music may have been provided by: RossBell (Shuffling Papers), InspectorJ (Segment Swoosh), Klaudux, levelclearer, Teacoma, Julian Matthey, Doctor_Dreamchip, Greek555, and eardeer.
All samples, sounds, and music are from FreeSound.org.