Weekly Tech News for March 3, 2019

Raymond Tec News Podcast Cover Art
Raymond Tec News
Weekly Tech News for March 3, 2019
Loading
/

Intro

Welcome to the March 3rd, 2019 episode of the Raymond Tec News podcast. Each week I curate the tech news from the articles, tweets, and backchannel sources to provide a 15 to 20-minute summary of this unescapable part of our lives.

Each episode starts with the stuff to keep you up at night; data breaches, privacy concerns, and security threats. To balance out the negative I end each episode with a series of stories designed to restore your faith in technology, and, maybe, humanity.

Let’s dive in to data breaches.

Table of Contents

Intro

Data Breaches

Privacy News

Security News

Other News

Good News

Data Breaches

Up first, Kentucky Counseling Center has disclosed a breach where an employee emailed personal health information of over 16,000 patients, violating HIPAA.

UConn Health has announced a breach this week resulting in 326,000 records being leaked. The breach was a result of a limited number of employees falling for a phishing scam.

Roper St. Francis Healthcare, based in Charleston, South Carolina had their email servers attacked resulting in a breach affecting over 35,000 people.

Minnesota-based Reproductive Medicine and Infertility Associates reported a malware attack. The digital forensics team was able to remove the malware, but weren’t able to determine how the breach occurred or how many, if any, patient’s records were affected.

Researchers from Morphisec have uncovered an ongoing campaign against retail point-of-sale systems called Cobalt Strike. Cobalt Strike can allow attackers to hijack systems, execute code, and harvest employee and customer data.

A database containing details of 2.4 million people has been exposed by Dow Jones. This database is their watchlist of high-risk clients who may be committing fraud or otherwise breaking the law. The watchlist includes current and former politicians, individuals or companies under sanctions or convicted of high-profile financials crimes, and individuals with links to terrorist organizations. It’s not known whether the database was accessed maliciously.

A hacker hijacked the mayor of Tampa’s Twitter account this week and tweeted out a missile warning, among other racist, sexist, or offensive tweets. City hall regained control of the account for the mayor Thursday morning.

I received an email this week from ShareThis, a social bookmarking tool, to announce they were breached. They were among 16 other companies that were breached by a single hacker to sell login information on the black market.

Hackers have accessed tax return information from TurboTax’s servers using stolen passwords from other websites. This is known as credential stuffing. Hackers can purchase already compromised passwords on the black market, then use the usernames and passwords on other sites to attempt to gain access. This is particularly effective when people reuse passwords across multiple sites.

Of course, you don’t have to worry because you don’t recycle your passwords, do you? Well, if you do, I’d recommend you break that habit by using a password manager. I use LastPass.

The LastPass password manager works on your computers, phones, and tablets. It randomly generates passwords for you each time you create an account, plus for many sites, it will automatically change passwords for you during installation.

It’s simple and makes your online life more secure. Learn more about LastPass by visiting my affiliate link at Raytec dot co slash LastPass. That’s r-a-y-t-e-c dot c-o slash l-a-s-t-p-a-s-s. If you purchase a subscription using my affiliate link, I will receive compensation for it. But, if I didn’t use it, I wouldn’t recommend it.

Moving on to privacy news.

Privacy News

First up in privacy news, is a report from TechCrunch on a paper by a group of security researchers that have identified flaws in both 4G and the upcoming 5G standard which could allow hackers to send alerts, track a phone’s location, and eavesdrop on calls. In addition to providing details on how to carry out the attacks, which all US carriers are vulnerable, they’ve also been talking to industry groups with a fix.

An article in New Scientist magazine suggests that some ethicists believe your Alexa or Google Home should record everything it hears, then use artificial intelligence to decide whether to alert the authorities. The professors in the article debate the merits of a home assistant with a moral compass. Eric Blair is turning over in his grave.

A judge in Washington state has struck down a 2004 cyberstalking law as unconstitutional because it violated the first amendment. The writing was vague and would have made it possible to criminalize speaking out against public figures.

Senator Catherine Cortez Masto of Nevada has been busy. She’s introduced two new federal bills. The first would require companies that aren’t technically medical companies to get explicit consent from individuals before gathering or sharing health and genetic data. The second bill she proposed would prohibit companies like Google and Facebook from targeting ads to individuals by their race, sexual orientation, and gender.

United Kingdom-based National Society for the Prevention of Cruelty to Children have begun warning parents about livestreaming apps like TikTok, because they are prime hunting grounds for abusers. This announcement comes on the heels of a record fine for TikTok from the US Federal Trade Commission for failing to properly protect children’s privacy online.

Congress has spent the better part of this week arguing about how to best protect our data privacy. Members of the house debated whether the existing state-level laws were adequate protection. Meanwhile, the FTC was granted new powers to oversee and regulate tech monopolies. Critics say the newly formed antitrust task force is just a re-arranging of existing personnel and won’t actually prevent tech giants from abusing their power.

A collective of companies and civil liberties groups are pushing back against Australia’s Assistance and Access law. They warn of the dangers of creating backdoors in encryption that would allow authorities to spy on communications, because there’s no guarantee the backdoor could be locked against hackers.

Absher, an app built for the Saudi Arabian market, has brought Apple and Google under fire. Absher allows male family members to track the location of female family members. Apple and Google allowing this app to be found on their respective stores makes them accomplices in the oppression of women in Arab nation.

Possibly as a reaction to recent data breaches, Singapore has begun working on a data portability and protection law to give its citizens more control over health data and easing the transfer of information between medical providers.

Facebook takes one step forward and two steps back this week. A class-action lawsuit settled in 2016 has resurfaced and is being brought before the Federal Trade Commission to determine whether Facebook tricked children into spending money on games on the platform. Internal Facebook emails have surfaced revealing that Facebook intended to spy on Android phone users’ locations and read their private messages to target them with ads. Facebook announced this week that it’s promised Clear History privacy tool will launch later this year, despite the fact it will harm its ability to target users with ads. Wah.

Let’s move on to security news.

Security News

Millions of utilities customers are at risk of having their data stolen. SEDC an Atlanta-based firm that builds bill pay websites and provides cybersecurity for public utilities like power companies, has been storing customer passwords in plain text. This was discovered by a security researcher when they clicked the forgot password link on the login screen. When alerted SEDC put their lawyer in touch with the researcher. Thus far, SEDC has only acknowledged that the forgotten password link issue has been fixed. Unfortunately, this doesn’t mean that they’re properly obfuscating the stored passwords. What this means is, any hacker who gets the credentials database can immediately access every account on the system, no matter how secure your password is.

A phishing website has been discovered by Anomali Labs that mimics federal project bidding websites to scam contractors out of their login credentials. No information about how many people have potentially been scammed.

Apple is being called to task for not enforcing its own guidelines on duplicate apps. TechCrunch reported this week on several voice over IP apps that are released by the same publishers and are effectively clones of each other, in direct violation of Apple’s terms of use.

Security researchers have discovered two high-severity vulnerabilities in the SHAREit Android App which could allow attackers to steal files directly from your phone. The app has more than 1.5 billion users worldwide. The issues have already been fixed, so please check your phones and make sure you have the latest version of the app.

Agari cybersecurity firm has released a report indicating that a notorious Nigerian scammer group has refocused on schools and nonprofits. If you get an email from your boss asking you to get apple or google gift cards and email them the codes, it’s probably a scam.

A group of German researchers have broken the digital signatures on many of the most popular PDF document signing applications. This could have far-reaching consequences because digital signatures are used for banking and court records.

EdgeSpot security researchers have found a new malware affecting Google’s Chrome browser. The malware is activated when a user opens an infected PDF document in their web browser. The malware can send your personal data back to the attackers. Be mindful of the source of the files you’re opening in your browser.

For the third week in a row, Adobe has updated its software to prevent against potential security issues. ColdFusion, its software development platform, is the culprit this week.

MarioNet, a clever re-spelling of marionette, is a new type of malware that can run in your browser even after tabs from infected websites are closed. The malware is used to create a botnet for a variety of malicious acts including cryptomining and distributed denial of service attacks. If your machine is running slowly, close your browser completely and reboot the machine to avoid being infected. Reportedly, Firefox is unaffected by this bug.

Lime, the scooter rental company, has issued a warning to riders about a sudden excessive braking issue. A bug in their software has been locking the wheels and throwing riders off.

In bizarre security news, Nike’s new $350 “Back to the Future” self-lacing sneakers have been having serious issues with the Android app that controls the lacing features. Several users have complained about sneakers not working right out of the box. I put it in security news, because I’m sure someone will hack the app sooner rather than later.

I’ve got five articles that are positive to round out security news. The ETSI, or European Telecommunications Standards Institute, has published a new cybersecurity standard for Internet of Things, or IoT, devices to get us on the road to more secure smart homes. ARM, the company who makes most IoT processors has also created a three-tier certification process for improved security. Malware used by cyber-criminal gangs has been exploited by researchers to expose the servers that the gangs are using. Android has been certified for secure, password-less access to logins; think logging into banking and social media apps with your fingerprint. Finally, the US Cyber Command announced that, during the 2018 midterm election, they launched a successful attack on Russia’s Internet Research Agency, the troll farm that interfered in the 2016 presidential campaign.

Let’s move on to other news.

Other News

Here are some quick headlines that I thought it was important to share. If I gloss over something you’d like to know more about, links to the original articles are in the show notes.

OneWeb has launched its first six internet satellites to bring space internet to the masses.

FedEx has launched final mile delivery robots that may be partnering with Walmart, Target, Pizza Hut, and local grocery store chains to deliver to your door.

Uber has pitched a trial run of its flying taxi service to the Australian government. Demos may be available as soon as next year.

Uber’s competitor Lyft has made it’s Initial Public Offering public and revealed that it brought in 2.2 billion dollars last year, but it had net losses of nearly 1 billion dollars.

The browser wars are continuing to improve internet experiences for average people as Google and Mozilla borrow speed improving technologies from each other.

In the wake of the child privacy scandals on YouTube, trolls are submitting false reports to get competing channels shut down. Notable members of this misguided movement are fans of YouTube star, PewDiePie. Fortunately for his competitors, that’s not how YouTube moderation works.

Google Voice users are seeing delays of several hours when receiving texts from Verizon senders. This is an issue with Google’s platform, not Verizon’s.

Forget clock radios, your Android devices can now wake you with YouTube Music or Pandora.

Google’s Duo video chat app is now available on the web for desktop users to use.

Google has announced that it’s AI-powered Google Assistant will be added to its Android Messages app adding things like suggestions for places and web results into your chat messages. I didn’t see any mention of whether this information will be sent to Google and further used to track you by the search and advertising giant.

MIT has shown off videos of its Mini Cheetah robot which they’ve now trained to do backflips. Check the link in the show notes for that, you’ll definitely want to watch it.

Watching the success of online streaming, Samsung, the leader in Blu-Ray player manufacturing, has announced it’s discontinuing production of all its Blu-Ray and 4K Blu-Ray players.

Sony has officially stopped selling the PS Vita and Microsoft has announced that it’s pulling out of the fitness band market, even offering some band customers refunds.

Microsoft is rolling out a new feature for Excel for iOS and Android that will allow you to take a picture and import it as a spreadsheet.

In other Microsoft news, the Redmond-based tech giant is teaming up with Albertson’s, America’s second largest grocery store chain, to combat Amazon’s push into the grocery industry.

Web hosting provider, RackSpace, and coop working giant, WeWork, have announced layoffs of 3% of their staff; approximately 200 and 300 people, respectively.

The $35,000 Tesla Model 3 is finally out, but because of the many issues with production Tesla will be closing most of its retail brick and mortars and go with an online only sales platform.

California-based Zero Motorcycles revealed its newest electric motorcycle last Monday. With 110 horsepower and 200 miles of range, the bike appears to be a serious contender for commuter motorcyclists.

Amazon is looking to expand its reach in the grocery market. Leveraging existing relationships in the industry built through its merger with Whole Foods in 2017, Amazon is now looking to open a lower priced grocery store chain nationwide, which may include buying smaller, regional chains.

Target has announced the launch of Target+, a curated marketplace to compete with Walmart and Amazon. Target+ will sell items from third-party sellers but be overseen closely by Target to prevent against knock-offs.

California is trying to get tech companies to pay you a data dividend. The state sees it as a way for tech companies to pay users back for the data they collect, use, and make profits on.

Visa will be starting a pilot program in Rio de Janeiro in late April to bring tap-to-pay options to mass transit.

India has drafted a new law to keep user data close to home, which could have a big impact on Amazon, Walmart, and other companies that currently do business in the country but keep the data outside its borders.

Sweden is moving forward on a test of their e-krona digital currency that will allow Sweden to become a cashless society.

A thirty-million-page backup of humanity’s knowledge, named “The Lunar Library” by its creator, has been sent to the moon by an Israeli company.

China has instituted some unique, and in some cases, scary policies on its citizens. But, while they may be a nightmare of a security state, China’s push into Africa and their sheer population mean they will likely be home to the next Silicon Valley. I’ve linked to an episode of Intelligence Squared, where five foreign policy experts talk about the US-China debacle.

That’s it for other news. We can finally move onto the stuff to reduce your anxiety.

Good News

First up, a purely geeky bit of good news: USB 3.2 will be rolling out this year bring transfer speeds of up to 20 Gbps.

The US FCC announced on Monday that it has pledged an additional 67 million dollars in annual support to expand broadband in rural portions of the United States. This means that rural communities will be at a smaller speed disadvantage over urban areas.

London-based Urban Innovation Company has installed 30 of its Pulse Smart Hubs in Belfast. These hubs, while providing income for the company through advertising, offer a variety of services to citizens including public service announcements, maps, phone calls, and defibrillators.

Ubiquitilink, a startup that is reimaging the physical side of wireless communications, has successfully utilized a standard cellphone with modified satellite communicators to turn just about every smart phone built in the last ten years into a satellite phone. This would allow for a global roaming network that is no longer subject to earth bound interference and bring cellular connectivity to parts of the world that never had it before.

Verily, a subsidiary of Google’s parent company Alphabet, has revealed its research into an algorithm to provide early warning for health issues has successfully been diagnosing eye disease. By using a lower-power microscope attached to a camera, doctors can take pictures of patient’s retinas, send them to the algorithm and learn very quickly whether a patient is at risk for several types of eye diseases associated with diabetes.

As you heard at the top of the show, proprioception is a fancy word that refers to our ability to move through space without being able to see our bodies. A next-generation bionic hand was unveiled this week which will allow its users to regain not just movement and grasping abilities, but the native abilities of touch and sense of where their limbs are in space. By stimulating nerves in what remains of the amputee’s limb, researchers at a Swiss university have solved the issue. Two patients who used the technology were able to determine the size and shape of objects using the touch of the prosthetic hand with 75% accuracy.

That’s it for this week in tech news that matters to you. If you’ve enjoyed the podcast, please subscribe, rate, and review on iTunes, Google Play, Spotify, Stitcher Radio, or TuneIn. The more buttons you press on those sites, the easier it is for people to find me. If you’ve found any of this episode’s information helpful, please share what you found interesting in a post on your social media by linking to Raytec dot co slash listen. That’s r-a-y-t-e-c dot c-o slash listen. I really appreciate anyone who’s willing to share my podcast.

As always, there are bonus links in the show notes. Articles in this week’s extracurricular reading include: background on the Momo Challenge, a smart phone developed by Energizer that has an 18,000mAH battery, stories about a 3D printed ultrasound that allowed a blind mother to see her unborn baby, and much more. The show notes also have links to each of the podcast apps I listed as well as links to my social media. If you have any information, updates, or constructive criticism, feel free to reach out via social media.

Thanks for listening and have a great week!