Saturday, April 25, 2020


Now that’s how the pros do it!
New Report Reveals Chinese APT Groups May Have Been Entrenched in Some Servers for Nearly a Decade Using Little-Known Linux Exploits
The state-backed Chinese advanced persistent threat (APT) groups are among the world’s oldest, most skilled and most active agents of cyber espionage. As respected as these groups already are as threats, a new report from BlackBerry indicates that their reach and capability may be even greater than previously thought.
The report outlines a coordinated campaign by five of these groups that dates back at least eight years. The groups have been exploiting underlooked remote access vulnerabilities in Linux servers, using these as a launch point for malware attacks against Windows systems and Android devices. In some cases, the groups have been exploiting a general lack of interest in Linux security to quietly exfiltrate data from targets for years at a time.
The report, entitled “Decade of the RATs”, shows that five particular groups of civilian contractor hackers in China have been coordinating their efforts and sharing information in a wide-ranging cyber espionage campaign directed at industries and government agencies all over the world. The common link among targets is the ability to exploit underlooked Linux servers as a doorway to the network.




This could be amusing, but probably will never make it to open court.
Facebook: Here’s Proof Israeli WhatsApp Hackers Ran Cyberweapons In America
Facebook lawyers have come out fighting in its lawsuit against Israeli spyware provider NSO Group by revealing details on how the latter’s iPhone hacking tools were being operated in America. It’s the first time the NSO attack infrastructure has been revealed and comes in spite of NSO’s repeated claims its tools don’t work in the U.S. And it raises more questions about how many Americans have been snooped on by NSO’s spy tools.
Back in 2019, as many as 1,400 WhatsApp users were hit with spyware that took control of their iPhone. The targets included human rights lawyers and journalists, according to WhatsApp’s analysis. The Facebook-owned messenger subsequently launched a lawsuit in October against NSO, claiming its tools were behind the attacks.
Since then, NSO has tried to have the case dismissed. One of the company’s key claims is that the jurisdiction was incorrect, as NSO wasn’t based in California and its government customers were based outside the U.S. The company had also previously told Forbes its tools had a killswitch that meant as soon as its Android and iPhone spyware launched on a U.S. device, it would not run.




Lots of countries with privacy laws…
Consumer Empowerment, Market Innovation, and Privacy Law
In Sep 2019, CEOs representing 51 companies from the Business Roundtable, including Amazon, IBM and Salesforce, signed a letter to congressional leaders pushing for a federal consumer data privacy law. In their words, a comprehensive policy that would ensure “strong, consistent protections for American consumers” and ensure “American companies continue to lead a globally competitive market.”
Currently, there are over 80 countries with national privacy laws, providing insights and lessons for the U.S. to draw upon as we create a model that fits the unique attributes of the world’s technology leader.




Covid panic vs Privacy.
Aryan Babele reports on public health surveillance in India and the lengths some areas have gone to:
In India local authorities of several states such as Rajasthan, Punjab and Delhi, have published the lists of personal details, in online media and platforms, of those suspected or infected of COVID-19. The Karnataka government has taken this to an inordinate level by mandating all quarantined persons to send a selfie with geo-tags through an official app named ‘CoronaWatch’ every hour, except during sleeping time 10 PM to 7 AM. Now, the Ministry of Electronics and Information Technology (MeitY) has also launched an app- ‘Aarogya Setu, which uses Bluetooth and GPS of user’s device to alert an individual if they come within six feet of a Covid-19 infected person.
Read his entire article on The Leaflet.




Closer to self-driving.
Tesla Achieved The Accuracy Of Lidar With Its Advanced Computer Vision Tech
Tesla’s camera-based approach is much cheaper and easier to implement on the hardware side, but requires an insanely complex computer system to translate raw camera inputs and vehicle telematics into intelligence. At a foundational level, the computer can identify lane markings, signs, and other vehicles from a series of sequential static images, also known as a video.




Perspective.
E-Commerce Stocks Soar With Pandemic Gains Seen as Long-Lasting
E-commerce companies have emerged as a favorite play on Wall Street during the coronavirus pandemic, amid a growing consensus that upcoming results will reveal a potentially permanent shift in consumer behavior toward online shopping.
While online sales have long been growing their market share as a percentage of overall retail spending, the trend has been accelerated as shutdowns force closures at brick-and-mortar rivals. Analysts have said that the higher demand is likely to outlast the pandemic, especially in categories like groceries, which previously had less traction online.
Amazon.com Inc. has been perhaps the most high-profile winner of the current environment, with the company hiring tens of thousands of workers to meet demand. As a result of that higher demand, Wall Street has been growing steadily more optimistic about its prospects.




Do the opposite – enjoy the lazy!
Boost Your Productivity With This FREE Ebook Worth $10!
If you want to discover how to get more done with less stress, this free copy of Productivity: Get Motivated, Get Organised and Get Things Done, from Wiley, is for you.
Interested? Simply click here to download this free ebook (worth $10) from TradePub. You will have to complete a short form to access the ebook, but it’s well worth it!
Note: This free offer expires 1 May 2020



Friday, April 24, 2020


It’s for your own good! In fact, it’s so good we might just keep it forever.
Global Surveillance in the Wake of COVID-19
OneZero is tracking thirty countries around the world who are implementing surveillance programs in the wake of COVID-19:
The most common form of surveillance implemented to battle the pandemic is the use of smartphone location data, which can track population-level movement down to enforcing individual quarantines. Some governments are making apps that offer coronavirus health information, while also sharing location information with authorities for a period of time. For instance, in early March, the Iranian government released an app that it pitched as a self-diagnostic tool. While the tool's efficacy was likely low, given reports of asymptomatic carriers of the virus, the app saved location data of millions of Iranians, according to a Vice report.
One of the most alarming measures being implemented is in Argentina, where those who are caught breaking quarantine are being forced to download an app that tracks their location. In Hong Kong, those arriving in the airport are given electronic tracking bracelets that must be synced to their home location through their smartphone's GPS signal.


(Related)
Coronavirus: Israel halts police phone tracking over privacy concerns
The government had approved the use of such data for a limited time, to make sure those ordered to self-isolate were doing so.
But now an oversight group in Israel's parliament blocked an attempt to extend the emergency measures past this week.
A committee member said the harm done to privacy outweighed the benefits.
Police told the committee 203 people, some identified through phone location information, had been arrested for violating quarantine.




About time.
Google will make all advertisers prove their identities, so people can see who they are and which country they’re in
Google will soon require all advertisers to verify their identity, the company said in a blog post on Thursday. It’s making the change to prevent advertisers from misrepresenting themselves and says it should allow consumers to see who’s running ads and which country they’re located in.
Consumers have seen a proliferation of ads for products from dubious advertisers, like fake vaccines, in recent months. Fake businesses have also been an issue.




Keep learning.
Now Available — AdTech and Privacy: Managing Risk in a Complex and Evolving Digital Economy (Webinar Materials)
On Wednesday April 15, Hogan Lovells and Ankura hosted a webinar about the impact of the GDPR and CCPA on cookies and similar AdTech tracking technologies. James Denvil from Hogan Lovells’ Privacy and Cybersecurity practice by was joined senior directors from Ankura to share best practices and perspectives. We have made the webinar available on demand here and the slides can be downloaded here.




Home school tools?
24 ways young people can learn digital skills at home
Berkman Klein Center – Skills for a Digital World:If you or a young person you know is isolated in their digital world, why not use this time to understand it better? Want to take action effectively on COVID-19 safety or other societal issues? Want to get credit for the photos, music, or creative art you share? Unsure of how to best share your data with others? Need to create a resume for a job in the fall? Explore the 24 new activities the Youth and Media team created for young people! The 24 activities have already been grouped in four collections so young people can engage as deeply as they like: (1) Building and Protecting Your Online Presence, (2) Crafting a Successful Resume, (3) Sharing Your Work Online — What License to Use?, and (4) Creating the Change You Want. While we encourage young people to engage with a collection, activities can also be done individually. In addition to youth, we especially invite parents/caregivers and educators to explore them!…”



Thursday, April 23, 2020


A Security perspective.
Ransomware is now the biggest online menace you need to worry about - here's why
Ransomware attacks have become more commonplace than payment card theft incidents for the first time, as cyber criminals alter how they go about their malicious operations in an effort to gain the biggest financial reward for the least amount of effort.
Analysis of more than a trillion security events over the past year and hundreds of breach investigations by researchers at cybersecurity company Trustwave found that ransomware attacks have become the most common security incident.




Are Zoom juries the future?
THE JURY IS STILL OUT ON ZOOM TRIALS
As cities across the United States continue shelter-in-place orders due to the COVID-19 pandemic, almost every court system in the country has suspended or reduced in-person proceedings. Some cases have simply been postponed; others are now taking place over Zoom. It’s an unprecedented moment for the justice system, which is typically slow to adapt to new technology.
Critics worry the change has made it more difficult for the public to access court proceedings. Court watchers — volunteers who monitor hearings to hold judges and prosecutors accountable — say their access has evaporated during the pandemic. There’s also concern that remote hearings can unfairly advantage fancy law firms that can pay for good lighting and stable internet connections.




To be or not to be bored.
To Be or Not to Be Hamlet
Shakespeare was born (and died) in April. To celebrate, we dipped into the Folger Shakespeare Library’s collection on JSTOR, dug up some photos of actors who’ve played Hamlet, and paired them with articles on JSTOR about the actors’ performance. There we found stories of actor rivalry, rave amateur reviews, dissmissive digs, and a healthy dose of high drama. Alas, if that’s not enough Hamlet, you can explore the play line by line using the Understanding Shakespeare tool developed by JSTOR Labs.




There must be something there I can use.
Celebrate the Library’s 220th Birthday with LOC Collections App
To celebrate the 220th anniversary of its founding, the Library of Congress today announced the release of the LOC Collections app, the premiere mobile app that puts the national library’s digital collections in the hands of users everywhere. In addition to providing an easy, accessible way to search and explore the Library’s growing digital collections, LOC Collections allows users to curate personal galleries of items in the Library’s collections for their own reference and for sharing with others. Items currently featured on the app include audio recordings, books, videos, manuscripts, maps, newspapers, notated music, periodicals, photos, prints, and drawings…”




Calm down!
Yosemite Webcams
The park is closed but the regularly updated webcams offer you a virtual visit, peace, quiet and the splendors of nature – the falls, the mountains and the meadows, with no humans around.



Wednesday, April 22, 2020


It is never easy to rush new systems into use. (Probably not too serious.)
Nearly 8,000 small businesses seeking relief loans may have had personal data shared with other applicants
The SBA notified nearly 8,000 business owners of the potential inadvertent disclosure of information, which included names, Social Security numbers, tax identification numbers, addresses, dates of birth, email, phone numbers, marital and citizenship status, household size, income, disclosure inquiry and financial and insurance information, according to a letter sent to business owners, which CNBC obtained.
If the user attempted to hit the page back button, he or she may have seen information that belonged to another business owner, not their own.




Better tools.
Browser maker Vivaldi now has a built-in tracker blocker that uses DuckDuckGo tech
Vivaldi is launching the 3.0 version of its browser, and it includes an integrated tracker blocker made in partnership with DuckDuckGo. The company’s Android version of its browser is also leaving beta.
The new tracker blocker in Vivaldi uses the same blocklist as DuckDuckGo’s Privacy Essentials browser extension. Announced in March, that blocklist is based on data from DuckDuckGo’s Tracker Radar, which regularly crawls the web to identify new trackers to block.
Vivaldi is also adding a built-in ad-blocker in version 3.0, but it will be disabled by default. The browser already let you block ads that were misleading or contained malware by flipping on a setting in Vivaldi.




Another perspective.
What to Expect From Brazil’s General Data Protection Law?
The European General Data Protection Regulation (GDPR) has set in motion a wave of privacy policies all around the world. One of the biggest laws was the California Consumer Protection Act (CCPA) that went into effect on the 1st of January, 2020. This law has affected 500,000 organizations worldwide. If that wasn’t enough, Brazil is right behind the U.S in introducing its own Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais – LGPD) in early August, 2020. In this article we will look into the impact of the LGPD law, its differences and similarities with the GDPR and how it is set to further change the paradigm of digital data privacy on a global scale.
Unlike the CCPA and GDPR, the LGPD does not take into account the size or revenue of a company; instead, it focuses on the information a company holds. Under article 3 of the LGPD, any organization that performs the following tasks are liable to comply with the LGPD:
  • Processing data within the territory of Brazil,
  • Processing data of individuals who are within the territory of Brazil, regardless of where in the world the data processor is located,
  • Processing data which is collected within the territory of Brazil.




How dare you allow our citizens to complain!
Exclusive: Facebook agreed to censor posts after Vietnam slowed traffic - sources
Facebook’s local servers in Vietnam were taken offline early this year, slowing local traffic to a crawl until it agreed to significantly increase the censorship of “anti-state” posts for local users, two sources at the company told Reuters on Tuesday.




To their credit...
Mastercard To Launch Online Course On Digital Ethics, Privacy And AI
A partnership between The University of Oxford, Saïd Business School and Mastercard will launch an online education program to teach business leaders about the strengths and perils of the modern day internet.
Called the Oxford Cyber Future Program, the six-week class will cover artificial intelligence, cybersecurity, threat analytics, data privacy and digital ethics, a press release states.




Perspective.
Who will be the winners in a post-pandemic economy?
COVID-19 is putting the global economy into a tailspin. Many countries are heading for very sudden and unprecedented recession. This crisis will catalyze some huge changes. Few industries will avoid being either reformed, restructured or removed. Agility, scalability and automation will be the watchwords for this new era of business, and those that have these capabilities now will be the winners.
Thanks to government stimulus packages, liquidity is coming back to the market. It will keep enough of the economy afloat so that it can climb out of recession rapidly once the various lockdowns are lifted. But the way much of it is structured means that it will likely benefit already better capitalized larger businesses, over the smaller operators who may struggle.
As president of a global technology firm, what intrigues me is where there will be paradigm shifts, as opposed to just existing trends either accelerating or decelerating.
For instance, the shift from cash to digital payments is clearly accelerating.
In the UK, ATM usage was already falling between 6% and 14% a year, but has now plummeted by more than half.
In the workplace we’re already seeing a super-charging of the nascent bring your own device (BYOD) trend in business technology. As people scramble to work and socialize remotely, previously niche tools such as Zoom, Slack, Microsoft’s Teams, and even the Houseparty app, are suddenly supporting millions of personal and corporate interactions every minute.
To create long-term resilience we will likely see further robotic automation and artificial intelligence (AI) within our supply chains. These technologies reduce manual intervention and hand-offs, cutting transmission risks, and reducing the reliance on humans to work face-to-face. They can also enable production to scale and shrink in response to sudden demand.


(Related)
All the things COVID-19 will change forever, according to 30 top experts
Tech exec, VCs, and analysts—from WhatsApp’s Will Cathcart to AOL cofounder Steve Case—on the pandemic’s lasting impact on how we live, work, and think.




Write what I mean, not what I say? (Student papers I can read?)
Microsoft Word’s AI wants to rewrite your crappy sentences
Microsoft has released a handy new tool for writers struggling to turn their ingenious ideas into words.
The feature is a new addition to Rewrite Suggestions, an AI-powered editor for Word that was first unveiled at the 2019 Microsoft Build conference.
The tool initially only offered ideas on different ways to express a phrase, but the update adds suggestions for entire sentences.
The feature is currently only available for users of Word on the web with a Microsoft 365 or Office 365 subscription, but Microsoft plans to extend it to desktop and mobile versions in the future.




Stuff to do while in quarantine.
The 7 Best Virtual Museums You Can Tour Without Leaving Home



Tuesday, April 21, 2020


Damn the security, full speed ahead!
German government might have lost tens of millions of euros in COVID-19 phishing attack
The government of North Rhine-Westphalia, a province in western Germany, is believed to have lost tens of millions of euros after it failed to build a secure website for distributing coronavirus emergency aid funding.
The funds were lost following a classic phishing operation.
Cybercriminals created copies of an official website that the NRW Ministry of Economic Affairs had set up to distribute COVID-19 financial aid.
Crooks distributed links to their sites using email campaigns, lured users on the sites, and collected details from locals. They then filed requests for government aid on behalf of the real users but they replaced the bank account where funds were to be wired.




They are coming for your data. Are you ready?
46% of SMBs have been targeted by ransomware, 73% have paid the ransom
Yet, more than a quarter of the total SMB survey group said they lack a plan to mitigate a ransomware attack. And nearly a fifth of the total group said they feel their organization is unprepared for a ransomware attack.




This is how to do it wrong...
IoT Update: FTC Settles with Smart Lock Manufacturer and Provides Guidance for IoT Companies
On April 6, 2020, Tapplock, Inc., a Canadian maker of internet-connected smart locks, entered into a settlement with the Federal Trade Commission (“FTC”) to resolve allegations that the company deceived consumers by falsely claiming that it had implemented reasonable steps to secure user data and that its locks were “unbreakable.” The FTC alleged that these representations amounted to deceptive conduct under Section 5 of the FTC Act. In its press release accompanying the settlement, the FTC provided guidance for IoT companies regarding the design and implementation of privacy and security measures for “smart” devices, as discussed further below in this post.




Antitrust
How Instagram managed to survive antitrust scrutiny when it was acquired by Facebook
Antitrust law was not written for modern acquisitions like Instagram. A traditional monopoly was a company with such a hold on its industry that it harmed others by fixing prices or controlling a supply chain. Facebook and Instagram presented no obvious consumer harm because their products were free to use, as long as people were willing to give up their data to the network. Facebook’s advertising business was relatively new, especially on mobile phones; Instagram didn’t have a business model at all. [??? Bob] Something was a monopoly if it undermined its rivals; Instagram had many rivals. Instagram wasn’t even the first company to make a mobile photo app with filters.
So the Federal Trade Commission started its investigation with a simpler question. Were Facebook and Instagram competing with each other? If they were, it would reduce competition in the marketplace if they were allowed to merge.




Does he have a successor?
US monitoring intelligence that North Korean leader is in grave danger after surgery
The US is monitoring intelligence that suggests North Korea's leader, Kim Jong Un, is in grave danger after undergoing a previous surgery, according to a US official with direct knowledge.
A second source familiar with the intelligence told CNN that the US has been closely monitoring reports on Kim's health.
Kim recently missed the celebration of his grandfather's birthday on April 15, which raised speculation about his well-being. He had been seen four days before that at a government meeting.
Another US official told CNN Monday that the concerns about Kim's health are credible but the severity is hard to assess.




For your Karaoke evenings?
The Top 8 Sites to Find Song Lyrics Online



Monday, April 20, 2020


Targeting those of us who regularly get email from the White House?
White House Phishing Scam Impersonates President Trump, Vice President Pence
A recent report from security firm Inky highlights new phishing scams making the rounds that appear to come from the White House. In other times, these scams might be something of a clumsy sideshow. But in these strange times, there appears to be enough suspension of scrutiny for them to be finding targets.
In addition to appearing sufficiently authoritative to take in a significant number of victims, these new phishing scams are also noteworthy in that Inky attributes them to Russian hackers.
The email is full of grammatical red flags right from the start, with a title proclaiming “The White House Instruction for coronavirus.” It also opens by announcing that “the quarantine will be prolonged until August 2020”; there is no Federal quarantine order, only recommendations that states and localities opt to follow as they see fit. The email also errantly claims that the Federal tax filing deadline has been extended to August 15, when the real extension is only to July 15.
The grammar, structure and factual errors are enough to indicate that this is a likely phishing scam. However, it all might appear plausible enough to those who trust in the legitimacy of the return address and skim the email contents to get straight to the link.




Remember.
Now More Than Ever You Need to Cover Phone And Laptop Cameras, Says Security Expert
Most of us have a camera built into our phone, tablet, laptop, or a desktop webcam we use for work, study or virtual socialising.
Unfortunately, this privilege can leave us vulnerable to an online attack known as camfecting. This is when hackers take control of your webcam remotely. They do this by disabling the "on" light which usually indicates the camera is active – so victims are none the wiser.
When your laptop is turned off its webcam can't be activated. However, many of us keep our laptops in hibernation or sleep mode (which are different ). In this case, the device can be woken by a cybercriminal, and the camera turned on. Even Mark Zuckerberg has admitted he covers his webcam and masks his microphone.




Only exams? What about homework?
Students, university clash over forced installation of remote exam monitoring software on home PCs
Students are protesting plans by the Australian National University (ANU) to enforce the use of remote monitoring software on their home systems for exams during the COVID-19 pandemic.
Proctorio is at the heart of the controversy. The platform is touted as a "comprehensive learning integrity platform" and a means to "secure remote exams."
This includes the verification of exam takers prior to an assessment through the upload of biometric data and IDs; a remote "lockdown" to prevent outside information from reaching a test taker during the exam period; and the recording of a user's environment -- potentially achieved by taking control of a machine's microphone and camera.




There is government and then there is governing.
Facebook and Google to face mandatory code of conduct to 'level playing field' with traditional news media
The Federal Government has ordered the competition watchdog to develop a mandatory code of conduct to govern commercial dealings between tech giants and news media companies.
Treasurer Josh Frydenberg said a mandatory code would help "level the playing field" by requiring digital platforms such as Google and Facebook to pay news media businesses for the content they produce.
"It's only fair that those that generate content get paid for it," Mr Frydenberg said.
The Australian Competition and Consumer Commission (ACCC) had initially been tasked with developing a voluntary code to address the bargaining power imbalance between digital giants and traditional media outlets.
However, the ACCC has since advised the Government that reaching a voluntary agreement over the crucial issue of payment for content would be "unlikely".




The right way…
Virtual Conferences: A Guide to Best Practices
Virtual Conferences: A Guide to Best Practices – A community resource from the ACM [Association for Computing Machinery] Presidential Task Force on What Conferences Can Do to Replace Face-to-Face Meetings Version 1.1 — April 13, 2020
We hope that this guide will serve both as a basic orientation for newcomers and as a repository of accumulated knowledge from the community. As heavy users of online technologies and as researchers responsible for developing them, the ACM community is especially well-positioned to offer advice that we hope will be helpful to other groups dealing with the same problems…”