Educational CyberPlayGround, Inc.
NetHappenings Newsletter 7-16-2020
subscribe / unsubscribe with email
Video interviews with internet pioneers
Prof. Jun Murai:
Prof. Dave Farber:
Prof. Dave Farber, Shumpei Kumon and Kilnam Chon
Nethappenings Newsletter Headlines
Malware stashed in China-mandated software is more extensive than thought
Three weeks ago, security researchers exposed a sinister piece of malware lurking inside tax software that the Chinese government requires companies to install. Now there’s evidence that the high-stealth spy campaign was preceded by a separate piece of malware that employed equally sophisticated means to infect taxpayers in China. GoldenHelper, as researchers from security firm Trustwave dubbed the malware, hid inside the Golden Tax Invoicing software, which all companies registered in China are mandated to use to pay value-added taxes. The malware is able to bypass the User Account Control, the Windows mechanism that requires users to give their approval before software can install programs or make other system changes. Once that’s done, GoldenSpy can install modules with System-level privileges. Trustwave published its findings on Tuesday here. GoldenHelper employs other tricks to conceal its malicious behavior and evade detection from endpoint protection systems and software. The tricks include: […]
Hackers Convinced Twitter Employee to Help Them Hijack Accounts
After a wave of account takeovers, screenshots of an internal Twitter user administration tool are being shared in the hacking underground. Hackers Convinced Twitter Employee to Hijack Accounts for Them (bribed)
Twitter VERIFIED accounts confirmed hacked: – Elon Musk – Apple – Uber -JoeBiden – Jeff Bezos – Bitcoin – Coinbase – BINANCE – CZ_Binance – Gemini – Kucoin – Gate .io – Coindesk – Tron – Justin Sun – Charlee Lee – MrBeast #Hacked
Look what they all have in common. No republicans or Whitehouse yet? This is Russia. Changing the narrative as Trump is on the negative end.
“we spoke to two hackers and we were able to independently verify they were in control of hijacked accounts today.”
This represents an astounding failure of engineering, monitoring, and internal controls. No one employee should be able to do things of this sort without at least one other set of independent eyes looking at what’s going on and signing off, let alone engage in this multiple times(!), without alarms ringing everywhere. The fact that, even after Donald Trump’s account was deleted in a similar fashion, a single employee was able to do this represents a total abdication of responsibility on the part of Twitter for exercising oversight and implementing internal controls to prevent incidents of this sort. ~ Thomas Leavitt
2011 FTC Accepts Final Settlement with Twitter for Failure to Safeguard Personal Information | Federal Trade Commission
EU court: US servers aren’t private enough
Top E.U. court ruling throws transatlantic digital commerce into disarray over privacy concerns
BRUSSELS — The European Union’s top court on Thursday threw a large portion of transatlantic digital commerce into disarray, ruling that data of E.U. residents is not sufficiently protected from government surveillance when it is transferred to the United States.
The ruling was likely to increase transatlantic tensions at a moment when President Trump has already been threatening tariffs and retaliation against the European Union for what he says are unfair business practices. It was a victory for privacy advocates who said that E.U. citizens are not currently as protected when their information is transferred to U.S. servers as when that information stays inside Europe. The European Court of Justice ruled that a commonly-used data protection agreement known as Privacy Shield did not adequately uphold E.U. privacy law. The decision means that many companies will have to reconsider how they store and collect the data of European customers, including making a choice between setting up costly Europe-based data hubs or curtailing business in Europe altogether. U.S. and E.U. negotiators, meanwhile, will likely have to start new negotiations about whether there are legal arrangements that could guarantee that data could be stored on U.S. soil but in compliance with E.U. law. U.S. security authorities have far-reaching access to personal data stored on U.S. territory that “are not circumscribed” in a way that is equivalent to E.U. rules, the court ruled. The court said that it was unacceptable for E.U. citizens not to have “actionable rights” to question U.S. surveillance practices. European data privacy advocates celebrated the decision….. < – >
‘DDoS-For-Hire’ Is Fueling a New Wave of Attacks
“Over 50 percent of that 809 million packets-per-second was coming from enterprise-level DVRs <https://www.wired.com/2016/10/internet-outage-webcam-dvr-botnet/>,” says Roger Barranco, Akamai’s vice president of global security operations. “What’s new is the concept of campaigns. We go back a couple of years and ‘attack’ was the right word to use. There were many attacks every single day, but they weren’t in my opinion campaign-oriented. Some of our more recent ones are campaign-oriented where the attacker is working in a coordinated way over an extended period of time.”
An invisible hand: Patients aren’t being told about the AI systems advising their care
Since February of last year, tens of thousands of patients hospitalized at one of Minnesota’s largest health systems have had their discharge planning decisions informed with help from an artificial intelligence model. But few if any of those patients has any idea about the AI involved in their care.
That’s because frontline clinicians at M Health Fairview generally don’t mention the AI whirring behind the scenes in their conversations with patients.
At a growing number of prominent hospitals and clinics around the country, clinicians are turning to AI-powered decision support tools — many of them unproven — to help predict whether hospitalized patients are likely to develop complications or deteriorate, whether they’re at risk of readmission, and whether they’re likely to die soon. But these patients and their family members are often not informed about or asked to consent to the use of these tools in their care, a STAT examination has found.
The result: Machines that are completely invisible to patients are increasingly guiding decision-making in the clinic.
Hospitals and clinicians “are operating under the assumption that you do not disclose, and that’s not really something that has been defended or really thought about,” Harvard Law School professor Glenn Cohen said. Cohen is the author of one of only a few articles examining the issue, which has received surprisingly scant attention in the medical literature even as research about AI and machine learning proliferates. < – >
Russian Hackers Trying to Steal Coronavirus Vaccine Research, Intelligence Agencies Say
The hackers have been targeting British, Canadian and American organizations researching vaccines using spear-phishing and malware.
WASHINGTON — Russian hackers are attempting to steal coronavirus vaccine research, the U.S., British and Canadian governments said Thursday, opening a dangerous new front in the cyberwars and intelligence battles between Moscow and the West. The National Security Agency said APT29, the hacking group known as Cozy Bear which is associated with Russian intelligence, has been taking advantage of the chaos created by the coronavirus pandemic and targeting health care organizations seeking to steal intelligence on vaccines. The Russian hackers have been targeting British, Canadian and American organizations researching vaccines against Covid-19. The hackers have been using spear-phishing and malware to try to get access to the research. “We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic,” said Paul Chichester, the director of operations for Britain’s National Cyber Security Center.Cozy Bear is one of the most high profile, and successful, hacking groups associated with the Russian government, and was implicated alongside the group Fancy Bear in the 2016 hacking of the Democratic National Committee.
“APT29 has a long history of targeting governmental, diplomatic, think-tank, health care and energy organizations for intelligence gain so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory,” said Anne Neuberger, the N.S.A.’s cybersecurity director. The British and Canadian governments said Thursday that Cozy Bear is almost certainly part of the Russian intelligence services. The two government’s cyberdefense arms published advisories aimed at helping health care organizations bolster their computer network defense. The malware used by Cozy Bear to steal the vaccine research included code known as “WellMess” and “WellMail.”
Bytedance, the company behind hit video app TikTok, has achieved extraordinary success in its home country China.
Video app fined for collecting data on kids
TikTok, formerly known in the U.S. as Musical.ly, has agreed to pay millions in fines for illegally collection of personal information
$$$$$$$$$$$$$$$$$$ lobby money enters