background preloader

Security & Privacy

Facebook Twitter

Big brother is here, and his name is Facebook. Ransomware 'here to stay', warns Google study. Cyber-thieves have made at least $25m (£19m) from ransomware in the last two years, suggests research by Google.

Ransomware 'here to stay', warns Google study

The search giant created thousands of virtual victims of ransomware to expose the payment ecosystem surrounding the malware type. Most of the money was made in 2016 as gangs realised how lucrative it was, revealed a talk at Black Hat. Two types of ransomware made most of the money, it said, but other variants are starting to emerge. "It's become a very, very profitable market and is here to stay," said Elie Bursztein from Google who, along with colleagues Kylie McRoberts and Luca Invernizzi, carried out the research. Ransomware is malicious software that infects a machine and then encrypts or scrambles files so they can no longer be used or read. Swedish PM Lofven drops two ministers over IT crisis. Sweden's Prime Minister, Stefan Lofven says his minority government will not resign despite a security crisis over the handling of sensitive public data.

Swedish PM Lofven drops two ministers over IT crisis

He said two ministers would leave their posts, rejecting calls for a snap election. The announcement came after the main opposition bloc called for a vote of no confidence and the resignation of three ministers involved in the scandal. Citing Brexit and security he said "I won't put Sweden in political crisis.

" Those leaving the government include the interior and infrastructure ministers. The defence minister has kept his post, despite being under pressure by the opposition. Crisis, what crisis? The crisis dates back two years to an IT contract that left public data in foreign hands but only this month has mushroomed into a security debacle with serious questions about the role of high-profile ministers. Wisconsin company Three Square Market to microchip employees. Image copyright AFP A Wisconsin company is to become the first in the US to microchip employees.

Wisconsin company Three Square Market to microchip employees

Three Square Market is offering to implant the tiny radio-frequency identification (RFID) chip into workers' hands for free - and says everyone will soon be doing it. The rice grain-sized $300 (£230) chip will allow them to open doors, log in to computers and even purchase food. And so far, 50 employees have signed up for the chance to become half-human, half-walking credit card. Judge rules pacemaker data admissible in court. Image copyright Getty Images An Ohio judge has ruled that data from a pacemaker can be used in court.

Judge rules pacemaker data admissible in court

Defendant Ross Compton, who faces aggravated arson charges, claims he was woken by a fire at home, packed a case, broke a window and threw out the bag. AirBnB host fined after racist comment. Image copyright Hashtag Re-hash / YouTube An AirBnB host who made a racist comment to an Asian guest has been fined $5,000 - and told she must attend a course on Asian-American studies.

AirBnB host fined after racist comment

Tami Barker cancelled Dyne Suh’s booking, telling her in a message: "One word says it all. Asian.” The fine was imposed due to a new agreement between AirBnB and California’s Department of Fair Employment and Housing (DFEH). It lets the DFEH examine hosts that have had discrimination complaints. EU clamps down on social media job snoops. Image copyright Getty Images Employers who use Facebook, Twitter and other social media to check on potential job candidates could be breaking European law in future.

EU clamps down on social media job snoops

Gmail to end ad-targeting email scans. Image copyright Microsoft Google's decision to stop scanning Gmail users' emails in order to target them with personalised adverts has been given a qualified welcome by privacy campaigners.

Gmail to end ad-targeting email scans

The tech firm revealed the change in a blog at the end of last week. Google promised to make the move before the year's end to bring the consumer version of Gmail in line with its business edition. The firm had faced much criticism over the years for the scans. The measure helped justify the cost of offering the public one gigabyte of "free" webmail storage in 2004 - an offer that was so much greater than the competition at the time that many originally believed it to be a joke. However, UK-based campaign group Privacy International tried to block the scans once it became apparent they were the cost of signing up to the service. Google's blog notes that users can opt out of seeing personalised ads on any of its services by changing their account settings. 'Thousands' of known bugs found in pacemaker code. Image copyright Science Photo Library Pacemakers, insulin pumps and other devices in hospitals harbour security problems that leave them vulnerable to attack, two separate studies warn.

'Thousands' of known bugs found in pacemaker code

One study solely on pacemakers found more than 8,000 known vulnerabilities in code inside the cardiac devices. The other study of the broader device market found only 17% of manufacturers had taken steps to secure gadgets. The reports come soon after more than 60 health organisations in the UK fell victim to a cyber-attack. The report on pacemakers looked at a range of implantable devices from four manufacturers as well as the "ecosystem" of other equipment used to monitor and manage them. Researcher Billy Rios and Dr Jonathan Butts from security company Whitescope said their study showed the "serious challenges" pacemaker manufacturers faced in trying to keep devices patched and free from bugs that attackers could exploit. A higher percentage of makers, 17%, took steps to secure the equipment they made.

Adoption of safer credit-card technology slow. It was supposed to be a technological change to rival the big Y2K computer upgrades at the turn of the century.

Adoption of safer credit-card technology slow

More than six months ago, everyone was supposed to have credit cards embedded with chip technology that would make it more difficult for customers' account information to be stolen and used to make fraudulent purchases. Most shoppers know that implementation is going way slower than expected. But the overall story is complicated, involving the nation's biggest retail chains and banks, and how they cover the costs when fraud occurs.

"This whole experience has been frustrating for consumers," said Bob Sullivan, author of the best-selling book "Stop Getting Ripped Off. " "The big surprise is when they use the chip and it takes a long time. Bigger than that, credit-card fraud means consumers must endure the time-consuming headache of getting a new credit or debit card and then contacting all of the companies that charge those cards for routine bills. DocuSign users sent phishing emails after data breach. Image copyright Getty Images Electronic signature service provider DocuSign has admitted customer emails were accessed in a data breach.

DocuSign users sent phishing emails after data breach

The addresses were then targeted in a series of phishing emails from "a malicious third party". The messages invited recipients to click on a link to a Microsoft Word document containing malware. DocuSign says that no other information was accessed in the incident, and the e-signature service remained secure. "No names, physical addresses, passwords, social security numbers, credit card data or other information was accessed," the company said in a statement. Investigatory Powers: 'Real-time surveillance' in draft update. Image copyright Getty Images The "live" surveillance of British web users' internet communications has been proposed in a draft technical paper prepared by the government.

If made law, such access would occur via the Investigatory Powers (IP) Act, which includes provisions for the removal of encryption on content. The paper was allegedly leaked to civil liberties body the Open Rights Group, which received the document on 4 May. The Home Office denied there was anything new in the consultation. Phone companies and internet service providers would be asked to provide "data in near real time" within one working day, according to one clause in the technical capabilities paper.

US government 'monitored bank transfers' Image copyright Getty Images A huge range of security weaknesses, said to be worth more than $2m (£1.6m) if sold on the black market, have been leaked online by a hacking group. The tools are said to have been created by the US National Security Agency. The way people tilt their smartphone can give away passwords and pins. Garadget faces backlash after locking out irate user. Image copyright Garadget The maker of an internet-enabled garage door device is facing a backlash after blocking its use by a customer who had complained about the tech.

The owner had written negative comments about Garadget's kit on both Amazon and the start-up's own site after having problems with its app. People have expressed concern about the US firm's actions. The block has been reversed and founder Denis Grisak agreed his first reaction was not the "slickest PR move". But he noted that Tesla's Elon Musk had once cancelled a customer's order after criticising the automaker online. Web inventor Sir Tim Berners-Lee slams UK and US net plans. Image copyright Getty Images The web's creator has attacked any UK plans to weaken encryption and promised to battle any moves by the Trump administration to weaken net neutrality.

Sir Tim Berners-Lee was speaking to the BBC following the news that he has been given the Turing Award. It is sometimes known as the Nobel Prize of computing. Tomorrow's cities: Are your shoes giving away data? Shops and retailers are taking over where street cameras left off, watching shoppers' every move. According to a 2015 survey of 150 retail executives from IT services firm Computer Services Corporation, a quarter of all British shops and 59% of fashion retailers use facial recognition software. Such technology is vital as offline stores attempt to keep up with online retailers, said Duncan Mann, chief operating officer at retail analysis firm Hoxton Analytics.

Image copyright Hoxton Analytics "Online retailers gather all kinds of information about shoppers and physical stores also want to understand how people behave in a shop," he said. But, he admits: "A lot of these technologies are kind of invasive. " Google DeepMind's NHS deal under scrutiny. Should you take your phone to the United States? German parents told to destroy Cayla dolls over hacking fears. Image copyright Getty Images. WhatsApp is rolling out two-step verification to all billion-plus users - The Verge. You can’t use US law to search foreign servers, appeals court confirms - The Verge.

WhatsApp backdoor allows snooping on encrypted messages. Cookie banner frustration to be tackled by EU. Anti-surveillance clothing aims to hide wearers from facial recognition. The use of facial recognition software for commercial purposes is becoming more common, but, as Amazon scans faces in its physical shop and Facebook searches photos of users to add tags to, those concerned about their privacy are fighting back. Facebook lurking makes you miserable, says study. EU data retention ruling goes against UK government. What every Browser knows about you. Phone encryption: Police 'mug' suspect to get data. 'Frighteningly easy' for criminals to get Visa card details, study claims. IPhone users hit by 'calendar spam' Hackers hit San Francisco transport systems. IoT is a security nightmare but Google and others have a plan to fix it.

LinkedIn blocked by Russian authorities. VoCo. Adobe MAX 2016 (Sneak Peeks) Adobe Voco 'Photoshop-for-voice' causes concern. The FCC just passed sweeping new rules to protect your online privacy. Can anyone keep us safe from a weaponized ‘Internet of Things?’ FBI director: Hackers 'poking around' voter systems. Germany orders Facebook to stop collecting data on WhatsApp users - The Verge. Google Deepmind: Should patients trust company with their data? Google weakens Allo chat app privacy promise. WhatsApp to give Facebook more data. Instagram scam preys on bank followers. EFF condemns Windows 10 data collection. France data authority criticises Windows 10 over privacy.

Why Google wants your medical records. Microsoft wins appeal over U.S. government access to emails held overseas. MIT’s anonymous online communications protocol Riffle could beat Tor at its own game. Ransomware 'stopped' by new software. Privacy Shield data pact gets European approval. Teachers fired over offensive private messages. US border authority seeks travellers' social media details. Privacy Shield: White House makes EU spying promise. Mark Zuckerbeg masks Mac webcam and microphone. Facebook uses AI to understand text-based posts. Google given access to UK patient records for research.