Topic 9: Security, Privacy & Ethics
Security, privacy and ethics; these three are intricately linked and dependent on each other. A large emphasis must be placed on the security of databases as anyone who has access to this private information means gaining a great deal of power. This is why a weak and insecure system will raise many eyebrows, just like Facebook’s little incident which stirred a whole lot of privacy and ethical issues.
Navigation Menu
List of Interesting Security, Privacy & Ethics Tech News
1. Biohackers Encoded Malware in a Strand of DNA
Link: https://www.wired.com/story/malware-dna-hack/
A group of researchers from the University of Washington has shown for the first time that it’s possible to encode malicious software into physical strands of DNA, so that when a gene sequencer analyzes, the resulting data becomes a program that corrupts gene-sequencing software and takes control of the underlying computer. The result, finally, was a piece of attack software that could survive the translation from physical DNA to the digital format, known as FASTQ, that’s used to store the DNA sequence.
2. How New EU Privacy Laws Will Impact Blockchain: Expert Take
Link: https://cointelegraph.com/news/how-new-eu-privacy-laws-will-impact-blockchain-expert-take
EU privacy laws, GDPR, will be introduced in respect of Facebook’s recent privacy lawsuit. Though it is evident that the new law would impact businesses whose revenue model centres around the utilisation of cookies for advertising, GDPR would also have a strong implication on the blockchain.
3. SMART TOYS MAY BE TOO SMART FOR YOUR OWN GOOD
Link: http://techgenix.com/smart-toys/
Link (Video): https://www.youtube.com/watch?v=A5tIjWcwPtk
As vulnerable and cuddly as it may seem on the outside, the growing smart toys market can also be exploited by hackers to steal your data and invade your child’s privacy. The features of these interactive and responsive toys also need data and internet connection which are recorded, processed and stored in the cloud. These technologies which are supposed to help children, if placed in the wrong hands could result in breaches of children’s personal information, identity theft and sensitive data leaks.
4. Facebook Privacy Scandal Unleashes Nationwide ‘Litigation Swarm’
This article summarises how Facebook got involved in the privacy scandal and discusses the consequences. Facebook was sued for leaking user data to a political research firm, Cambridge Analytica. Both its users as well as the investors are firing lawsuits against it. As the world’s largest social media network, Facebook is quickly losing trust from its users, resulting in user base erosion.
5. Paradise Papers leak reveals secrets of the world elite’s hidden wealth.
A project called the Paradise papers has leaked up to 13.4m files has exposed the secretive tax heavens that the world biggest businesses, heads of state and global figures in politics, entertainment and sport have enjoyed. This includes extensive tax avoidance and offshore dealings, in which serve as the key engine in driving global inequality.
6. What is WannaCry ransomware, how does it infect, and who was responsible?
This article is about what WannaCry ransomware is, how it infected PCs, who was responsible for it and what are some of the follow-up actions to tackle this ransomware.
7. This Company Staged A Hack With Multiple Devices To Show Your Home’s Vulnerability
BullGuard conducted an experiment, which involves the hacking of a fictional home with multiple smart devices such as the Amazon Echo, and found that it is very easy to hack into a “secure” smart home and gain physical entry to such homes. With the increasing use of smart devices, there is also a rising threat of destructive cyber attacks that can make such technology useless to our security.
8. FCC WiFi Blocking Fines Leave WLAN Admins In The Dark
Link: https://www.networkcomputing.com/wireless/fcc-wifi-blocking-fines-leave-wlan-admins-dark/657811287
The article shows how Hilton hotel has disrupted personal wifi hotspots so that consumers pay an exorbitantly high amount for the wifi services of the hotels. Even though it was the fault of the hotel, the Federal Communications Commission does not address the cause which is to go for the WLAN vendors. WiFi deauthentication capabilities have long been readily available in many commercial WLAN management products, including Cisco. Wifi Deauthentication attack is a form of denial of service (DOS) attack.
9. SMEs tightening cyber defences in view of threats
Link: https://www.todayonline.com/singapore/smes-beef-cyber-security-view-rising-threats
SMEs in Singapore are beefing up their defences in recent months amid greater awareness and having witnessed their systems come under siege. One recent example is where the hacker used an email similar to the employee to request for money from her finance department. More SMEs are becoming an easier target due to their size and the wider economic implications. Having a strong anti-virus and 2- Factor Authentication system and use of AI-based cyber defence are ways SMEs are trying to prevent attacks.
10. Quantum cryptography for intercontinental communications
Link (Video): https://www.youtube.com/watch?v=UiJiXNEm-Go
Thanks to the launch of a Chinese Satellite, Micius, a secure video conference was held between Europe and China using quantum cryptography. In the case of quantum cryptography, the “key” is sent using photons to guarantee privacy as the presence of an eavesdropper can be easily identified.
11. Facebook data scandal has CEO Zuckerberg isolated in the tech industry
Article Link: http://www.straitstimes.com/world/united-states/facebook-data-scandal-has-ceo-zuckerberg-isolated-in-tech-industry
This article talks about the recent data leaking issue of Facebook users by a data mining company, Cambridge Analytica and also about how Facebook makes use of the user’s data for its targeted advertising strategy. This approach was criticized by famous tech leaders like Apple Inc’s CEO, Tim Cook and Tesla Inc’s CEO, Elon Musk.
12. Here’s How To Plug One Of The Biggest Privacy Holes In The Internet
An upgrade to DNS, the internet’s address book, would make it harder for ISPs to know where you surf, and for hackers to hijack your traffic. Today, Mozilla and Cloudflare fired up a privacy remedy using a new encrypted version of DNS. Meanwhile, researchers at Princeton have proposed another DNS tweak to further obfuscate your surfing.
13. Selected white hat hackers invited to break into Singapore Ministry of Defence’s Internet-facing systems
This article talks about the Ministry of Defence, Singapore employing white hat hackers to test the vulnerability of their Internet-facing systems such as the MINDEF website and CMPB website. The white hat hackers who can detect valid and unique vulnerabilities will receive rewards ranging from $150 to $20,000, depending on the severity of vulnerability discovered.
14. THE APPLE-FBI FIGHT ISN’T ABOUT PRIVACY VS. SECURITY. DON’T BE MISLED
Link: https://www.wired.com/2016/02/apple-fbi-privacy-security/
The ongoing fight between Apple and the FBI over custom access to an iPhone used by one of the two terrorists who killed 14 people in San Bernardino, has sparked an argument as a simple trade-off: You must surrender a little privacy if you want more security. However, the government is requesting Apple to create a backdoor for the FBI to access the phone and not just to purely unlock it.
15. Insider Threats as the Main Security Threat in 2017
Insider threats or cyber security threats caused by employees themselves are the main security threat in 2017. This occurs when employees fall prey to phishing, theft and even carelessness, thereby inviting malware into the company system. Despite being less frequent than such as DDOS, ransomware and even hacking, insider threats often lead to even more severe repercussions as it is harder to detected and difficult to take measures against.
16. Universities in Singapore hacked
4 Universities in Singapore were attacked by an Iranian hacker and more than 31 terabytes of academic data and intellectual property were stolen. The incident was a phishing attack where staff members were directed to a credential harvesting website to key in their login details. The credentials were then used to gain unauthorized access to the institutes’ library websites to obtain research articles published by staff members.
17. How Creative DDOS Attacks Still Slip Past Defenses
Link: https://www.wired.com/story/creative-ddos-attacks-still-slip-past-defenses/
DDOS attacks happen often, and just last month, the web had finally entered into the “terabit attack era,” when Akamai defended against a 1.3TB attack. There have been various unique ways of DDOS attacks being carried out by users, some so well-crafted that small disruptions could lead to a big impact on an organization’s defences.
18. How encryption works: Public and private keys
Link (Video): https://www.youtube.com/watch?v=M7kEpw1tn50
The video describes how encryption works and how hackers find it difficult to hack the public keys made despite them being made available. The video touches on the basics of encryption and how banks and other corporations are depending on it to keep our data secured.
19. Hacking can kill you
Link: https://www.timesofisrael.com/hbos-vice-news-showcases-israel-as-global-cybersecurity-powerhouse/
Link (Video): https://www.youtube.com/watch?v=ca-C3voZwpM
Israel has this program that can hack your car system. Through the video, you can see that you can die from the hacking of the car.
20. Mindef hit by a targeted cyber attack
MINDEF was hit by a cybersecurity attack where personal data of over 850 national servicemen and MINDEF employees was compromised. CSA director of the National Cyber Incident Response Centre stressed that “no one is immune to cyber-attacks”, “It is a matter of when not if, an organisation is breached,”. MINDEF uses 3 different types of computer systems for different purposes, the Internet-facing system, namely the I-net for individual access to Internet servers, the Internal system for day-to-day administrative services, with no web access on this system and the military system where top-classified information is kept, and there is no web access with stringent security features in place.
21. The Ransomware Attack That Locked Hotel Guests Out of Their Rooms
Guests at the Romantik Seehotel Jaegerwirt in the Austrian village of Turracherhohe found themselves unable to open their hotel room doors. In the end, the hotel ended up having to pay about $1,800 (two bitcoins) to hackers who had penetrated its systems and managed to remotely lock its doors.
22. The Evolution of the Computer Virus
Link: https://cmitsolutions.com/blog/evolution-of-the-computer-virus/
Link (Video): https://player.vimeo.com/video/234588622
This article talks about the evolution of computer virus, from its beginning theory of reproduction to today’s mass cyber attack. The famous virus, such as Festering Hate are ILoveYou listed in this article. It also summarises the current trend of the virus which is to gain unauthorized access and steal users’ personal information to make profits. The final paragraph summarizes the protection method against the virus by having proactive maintenance and multi-layered monitoring to secure ourselves in today’s cybersecurity challenges.
23. We All Lose in the Biometrics Arms Race
Link: https://www.inverse.com/article/21591-biometrics-security-problems
The article highlights the underlying key threats that biometrics may pose to users of biometrics who unknowingly often think biometrics is the best form of security. However, biometrics may not be that safe after all as the database of the biometric information such as fingerprints and iris scans could still be vulnerable and this information may even, in fact, cause more harm to society.
24. Era of AI-Powered Cyberattacks Has Started
Link: https://blogs.wsj.com/cio/2017/11/15/artificial-intelligence-transforms-hacker-arsenal/
Link (Video): https://www.youtube.com/watch?v=nqYJ1ReIdVU
Although old threats such as trojans and phishing still exist in today’s cyber world, there has been a paradigm shift towards a new, growing form of threat that can overhaul systems and poses a danger far greater than those in the past. Artificial intelligence, growing more potent and becoming easier to use, threatens to compound the already considerable challenges that companies face as they deal with current needs of cybersecurity and protection.
25. Cyber attack on S’pore public organization was by state-sponsored group: CSA
This article talks about how an unnamed public organization in Singapore was hit by an Advanced Persistent Threat (APT) malware infection in 2016. The attackers used multi-stage infection through a phishing email that ultimately allowed the attacker backdoor access. It also briefly talked about other cases – the WannaCry worm which encrypts data files, Petya which locked down the operating system of computers until users made payment to regain access to their file, and a DDoS attack on an unnamed Singapore Institution unless a ransom was paid.
26. New Open Source Tools Test for VPN Leaks
Link: https://www.technewsworld.com/story/85005.html
The article introduces the release of the first-ever public tools under an open source MIT License to let users test for vulnerabilities that can compromise privacy and security in virtual private networks by allowing automated testing for leaks on VPN. The tools allow users to check VPNs that might not be providing complete protection to users. Then, it talks about the reasons different people use VPN, possible vulnerabilities of implementing and using VPN, and how can the VPN testing tools help with the users’ privacy.
27. Changes in Singapore cybercrime law and what does it means for us?
Link: https://www.channelnewsasia.com/news/singapore/changes-to-singapore-s-cybercrime-law-passed-8712368
With changes in Singapore’s cybercrime law being passed last year, there are various impacts on stakeholders. What is ethical & justifiable will radically change regarding actions taken with regards to cyber data and softwares.
28. How hackers are hijacking your cell phone account
Link: https://www.nbcnews.com/business/consumer/how-hackers-are-hijacking-your-cell-phone-account-n859986
Fraudsters have figured out how to break into online accounts protected by two-factor authentication, where the authenticating device is your mobile phone. Mobile phone hijacking is on the rise. Reports of this crime to the Federal Trade Commission more than doubled between 2013 and 2016, from 1,038 incidents to 2,658. Hijackers can take over any account where that smartphone is the verification device, such as bank, cryptocurrency, and email and social media accounts. The article also explains the process of how the hijackers carry out this so-called “port-out” scam.
29. What is ethical hacking? White hat hackers explained
Link: http://www.itpro.co.uk/hacking/30282/what-is-ethical-hacking-white-hat-hackers-explained
This article summarises what a white hat hacker is. A white hat hacker is a hacker that uses his skills for good and not for nefarious means such as theft and selling of personal data. Nowadays, due to the increasing threats of being hacked, companies are hiring white hat hackers to do penetration testing on their IT systems to identify vulnerabilities and patch those vulnerabilities.
30. 7 cybersecurity trends to watch out for in 2018
In 2017, there was a large number of high-profile cyber attacks including Uber, Deloitte, Equifax and the now infamous WannaCry ransomware attack. Despite the constant flow of security updates and patches, the number of attacks continues to rise. According to the article, AI-powered attacks, sandbox-evading malware and ransomware & IoT etc. are the current cyber-security trends and future predictions. The rise of nation-state cyber-attacks is also one of the most concerning areas of cyber-security. Such attacks are usually politically motivated and go beyond financial gain. They may also be used to target electronic voting systems to manipulate public opinion in some way.
31. Uncovering password habits: Are users’ password security habits improving?
1000 internet users were surveyed to gain insights about their password security habits, how frequently they implement best practices for password hygiene, what methods they rely on to remember the abundance of passwords they manage and other details that shed some light on the current state of password hygiene. One finding from this survey is that 56% of users reported creating complex passwords or passphrases that use a mix of uppercase and lowercase letters, numbers, and special characters, and only 6.5% of users reported creating simple passwords that are typically a short, single word.
32. On internet privacy, be very afraid
The article focuses on an interview with cybersecurity expert Mr. Bruce Schneier. Schneier offers his opinions on corporate and government surveillance, stating his view that governments should take on a bigger role in monitoring internet privacy. He addresses the dilemma of internet privacy as an issue of law and morality and explains that the differences between privacy regulations in the US (more lenient) and in Europe (stricter) are a result of different political circumstances. Lastly, when asked how internet users should protect themselves, he states that opting-out isn’t an option and that the users should get involved politically.
33. China Aims for Near-Total Surveillance, Including in People’s Homes
Link: https://www.rfa.org/english/news/china/surveillance-03302018111415.html
By 2020, China will have completed its nationwide facial recognition and surveillance network, achieving near-total surveillance of urban residents, including in their homes via smart TVs and smartphones. Guangdong-based Bell New Vision Co. is developing the nationwide “Sharp Eyes” platform that can link up public surveillance cameras and those installed in smart devices in the home, to a nationwide network for viewing in real time by anyone who is given access. Soon, police and other officials will be able to monitor people’s activities in their own homes, wherever there is an Internet-connected camera. The Sharp Eyes system will also be implemented in tandem with a “social credit” system that makes simple actions like buying a train ticket subject to sufficient social credit.
34. Mozilla’s new Firefox extension keeps your Facebook data isolated to the social network itself
Mozilla launched a new Firefox browser add-on called “Facebook container” for users who want to retain their Facebook account but wants to maintain control over how much data Facebook can obtain. Users only log on to Facebook in the container, and the Facebook cookies and site data that identify the users are only available in the container. This prevents Facebook from accessing users’ activities outside of Facebook and for Facebook to send targeted advertising.
35. The one reason to get a blackberry: Security
Link: https://www.makeuseof.com/tag/one-reason-get-blackberry-2016-security/
While consumers have largely lost interest in BlackBerry devices, Blackberry phones are still popular amongst business and corporate phones due to its much-deserved reputation for security and trust. All emails sent to BlackBerry devices were transported through serves operated transport level security which makes it impossible for an attacker to intercept the messages or even steal the email credentials through the man-in-the-middle attack. Furthermore, Blackberry allows the IT department of the company to remotely administer devices through its BlackBerry Enterprise Server to prevent embarrassing data loss issues.
36. A Frightening New Kind Of DDoS Attack Is Breaking Records
Hackers unleashed a new brand of DDoS Attacks that are blasting a record-breaking 1.7Tbps at its target. That would translate to around 680,000 Americans using the full capabilities of their connection to flood the same website at the same time. This arises from exploiting a bit of software called Memcached. Precautionary measures by companies are also mentioned in the article.
37. Are you ready? Here is all the data Facebook and Google have on you
Link (Video): https://www.youtube.com/watch?v=JoHP7YxFdXQ
Google and Facebook store copious amounts of data about every one of us, data that could fit up to a few million Word documents. Google tracks our location every time we turn location tracking on our phone and stores search history across all our devices of everything we searched and then deleted. Even if you delete your search history on one device, it can retrieve the data saved on other devices. Google also creates a personal advertisement profile for each, collects emails – even those marked as spam and deleted as well as information on the events we attend through Google calendar. Facebook does a similar job of collecting everything from stickers sent to your location and has access to your webcam and microphone.
38. Your anti-virus software is not enough
Link: https://www.popsci.com/antivirus-software-protect-your-computer#page-6
As cybersecurity gets more complicated, antivirus alone isn’t enough to protect your computer from viruses. The article shared with us a multifaceted approach involving some common sense steps to keep our machine and personal data safe.
39. My Cow Game Extracted Your Facebook Data
Link (Video): https://www.youtube.com/watch?v=OpHf3_-iRYc
Ian Bogost extracted private data by abusing Facebook platform with a silly cow game. Cow Clicker is not an impressive work of software. After all, it was a game whose sole activity was clicking on cows. If you played Cow Clicker, even just once, Ian got enough of your data that, for years, he could have assembled a reasonably sophisticated profile of your interests and behaviour. He might still be able to; all the data is still there, stored on his private server, where Cow Clicker is still running, allowing players to keep clicking where a cow once stood before his caprice raptured them into the digital void.
40. Don’t get Confused – Difference Between Cache and Cookies
Link: http://www.techcuriosity.com/resources/difference_between/difference_between_cache_and_cookies.php
A cookie is a very small piece of information that is stored on the client’s machine by the website and is sent back to the server each time a page is requested. Cache is temporary storage of web page resources stored on client’s machine for quicker loading of the web pages.
41. The City of Atlanta Is Still Locked Out of Files Over a Week After SamSam Ransomware Attack
Over a week ago, SamSam ransomware began spreading throughout Atlanta city computer systems. The result of the cyber attack was large stretches of computer systems being encrypted by the attackers and missing data. Businesses, public servants and even the Police have reverted to paper record keeping method phased out years ago.
42. Siemens Teams With Airbus to IBM in Cyberattack Defense Plan
Along with other companies, Siemens is forming a collaborative effort to counter large-scale hacking attacks that threaten to cost $8 trillion in damage over the next five years. This unified approach would encourage more companies along the value chain to share their experiences and prevent a lot of hacking in the future.
43. Dockless Bikes: A Security Threat?
Link: https://www.citylab.com/transportation/2018/02/are-dockless-bikes-a-cybersecurity-threat/552206/
Dockless bikes are taking over the world by storm – gaining popularity around developed cities.
Dockless bike sharing, like ride-hailing, is built on data-sharing platforms. The business model of which is heavily dwelt into user data collection. This information may be retained for company’s purposes, or sometimes even shared with 3rd parties. Essentially. As data-gathering machines, they provide valuable consumer insight for usage by their investors shortly. Furthermore, it has been reported that China companies commonly share data with their government. The very thought that your data may be in the hands of another government (for who knows what reasons) can be terrifying. Till this date, many consumers continue to use dockless bikes.
44. Cybercrooks hacked the Winter Olympics opening ceremony sparking ticket chaos for hours
This article shows how cybersecurity is particularly important even for large-scale events such as the Winter Olympics. This cyber attack disrupted the flow of the events, even causing a large number of drones which were part of a display to be grounded.
45. The Battle Against Synthetic Identity Fraud Is Just Beginning
Synthetic identity fraud is a type of fraud in which criminals combine real and fake information to create fraudulent accounts and make fraudulent purchases. This involves using social security numbers that are not actively being used which usually belong to children and elderly who have limited purchases. In the long-run, they may even interact with banks through burner phones. This type of theft is the most common type of identity fraud and by far, a major source of loss for financial institutions. It has been difficult for banks to detect because fraud filters are not sophisticated enough to detect it. As such, as stated in the article, a key feature of dealing with this fraud is through artificial intelligence engines and machine learning methods. The problem is so large that it should be tackled with by an industry-wide solution such as working with other banks and leveraging on technology.
46. Hackers Can Now Steal Data Even From Faraday Cage Air-Gapped Computers
Link: https://thehackernews.com/2018/02/airgap-computer-hacking.html
A team of security researchers have published another research showcasing that they can steal data not only from an air gap computer but also from a computer inside a Faraday cage. MAGNETO and ODINI are the 2 techniques that make use of proof-of-concept malware installed on an air-gapped computer inside the Faraday cage to control the “magnetic fields emanating from the computer by regulating workloads on the CPU cores” and use it to transmit data stealthily.
47. Privacy watchdog fines 22 in past two years over security breaches
Link: http://www.straitstimes.com/tech/privacy-watchdog-fines-22-in-past-two-years-over-breaches
22 organisations have been fined by Singapore’s Personal Data Protection Commission in the past two years. It is a concern that companies are not taking the issue of privacy seriously. Nearly all of the companies fined had one glaring issue – they had inadequate measures in keeping personal information secure. This lack of concern also rises from the fact that companies believe they are in the safe-zone by putting disclaimer clauses on their website or by attending some course. Companies are still not fully-understanding how data laws apply to their operations. It is worrying to hear that many enterprises are ignorant of the laws, as stated by the trainer of data protection officers. It is advised for companies to proactively identify and tackle these privacy breaches, before it may cascade to a huge problem when those personal data falls into the wrong hands.
48. ‘Evil’ software that allowed hackers to watch you through webcam discovered in Bristol
Link: https://www.bristolpost.co.uk/news/bristol-news/evil-software-allowed-hackers-watch-1168226
This article informs us of a recent hacking program that was discovered in Bristol. The software, which allowed hackers to seize control of a victim’s computer, was available online for just £30 and was the center of a major investigation.
49. This is how your phone’s e-wallet can be hacked
Link: https://www.channelnewsasia.com/news/cnainsider/how-phone-e-wallet-can-be-hacked-security-9422814
While many Singaporeans now make use of e-wallet and iBanking applications on their smartphones, there has been an increasing frequency of hackers making use of a modified or disguised version of the e-wallet application to hack into smartphones. This e-wallet application promises free credits and money to fool users into downloading the application, which at the same time automatically downloads a hiding hard-to-detect computer virus such as Trojan into the user’s smartphones.
50. Teenager suspected of crippling Dutch banks with DDoS attacks
A Dutch teenager is suspected of DDoS-ing Dutch Bank servers. Originally thought to be Russians behind the attacks, the Dutch teenager was finally arrested, and he was also previously convicted of attacking a small Dutch bank before. After interviewing the teenager, he mentioned that he did it for fun and to “make everyone freak out about Russia”, and that banks should get their security in order.
51. BOY OR GIRL: SHOULD WE BE ABLE TO CHOOSE?
Link: https://pursuit.unimelb.edu.au/articles/boy-or-girl-should-we-be-able-to-choose
The article speaks about the ethical decisions on whether we should be allowed to choose the sex of our child. Here are some reasons why we prefer not to choose: the ‘commodification’ of children, fears about the distortion of the parent/child relationship, any discriminatory practices underpinning selection in favour of one particular sex (which might occur in some cultures), inequality between the sexes and lastly non-medical sex selection might allow the creation of so-called ‘designer babies’. On the other hand, here are some reasons why people prefer to choose: a desire to parent a child of a particular sex, cultural reasons, family balancing or where a family has lost a child.
52. iPhone app can alert you if your device gets hacked
Link: https://www.cnet.com/news/iphone-app-can-alert-you-if-your-phone-has-been-hacked/
A new app dubbed System and Security Info will scope out your iPhone for potential security threats. System and security info is an app developed by iPhone security researcher, Stefan Esser, that detects any abnormal activity and identifies any potential privacy or security breaches to gather information about the user. The app was built in response to a rise in government spyware. Companies like FinFisher or HackingTeam that are selling iOS spy software to government and others, they usually require to only use jailbroken phones. So the idea behind that is whoever is trying to spy on someone needs to get physical access to the device, jailbreak it, and then they can run the spying tools from Hacking Team or FinFisher.
53. Tinder Flaws Let Stalkers Watch Your Every Move
Link: https://www.infosecurity-magazine.com/news/tinder-flaws-let-stalkers-watch/
The article talks about the widely used dating app, Tinder having loop holes in their security, allowing stalkers to monitor every move of a user in the app. It also enables an attacker to control the profile pictures that the user sees, swapping them with malicious content. The attacker can also blackmail the user, threatening to expose private information from user’s profile and actions in the app.
54. 78% of Healthcare Workers Lack Data Privacy, Security Preparedness
Link: https://healthitsecurity.com/news/78-of-healthcare-workers-lack-data-privacy-security-preparedness
This article talks about research done to show that healthcare workers do not have strong data privacy and security preparedness. Hence, emphasizing the importance of employee training programs. It was said that healthcare employees could not identify phishing emails, fail to report potential data privacy or security incidents and tend to opt for unsecured, public Wi-Fi network to complete their work.
55. Hacker’s Paradise: Secrets of the “Dark Web”
Link: https://www.cbsnews.com/news/wannacry-ransomware-hackers-dark-web/
Most people either knew little or nothing about the dark web before the WannaCry cyberattack which happened in 2017. It was, in fact, the biggest cyber attack in history, crippling computers in 150 countries. A hacker group called Shadow Brokers stole a cybersecurity weapon called Eternal Blue from the US National Security Agency, loaded it into the dark web and turned it against us. In most cases, the dark web is effectively a field of combat between white hat hackers such as the British researcher who discovered the kill switch that turned off WannaCry and saved millions of computers, and black hat hackers who recorded the virus to remove the kill switch and make it even more virulent.
56. WhatsApp security problem leaves millions of users exposed to hackers
Link (Video): https://youtu.be/UR_i5XSAKrg
A “severe” security problem with WhatsApp could have left “hundreds of millions” of accounts vulnerable to hackers; A bug which surfaced have affected the web version of the messaging app, would have allowed people with technical knowledge to take over users’ accounts with a simple message. Clicking and opening a malicious file could have let hackers see victims’ conversations, photos, videos, contacts, shared files and more
57. Equifax Hack – Vulnerability in Apache Struts
Link: https://www.wsj.com/articles/weve-been-breached-inside-the-equifax-hack-1505693318
Equifax, a consumer credit reporting agency failed to patch a software vulnerability, resulting to unauthorized third parties gaining access to one of Equifax’s portal. More than 145 million consumers were compromised as their data was leaked out. That data includes their social security numbers, birth dates, driver’s license numbers.
58. Netflix Phishing Scam & Safety Steps
Link: https://www.wired.com/story/netflix-phishing-scam/
Netflix is still one of the common themes that are used for credential theft. Netflix phish includes a lot of clever touches – it replicates a lot the HTML Netflix uses on its actual website, to make the fake pages look as genuine as possible. The login pages even include auto filling backsplashes that promote Netflix original content. The phishing emails also use a template system, to personalize the messages by auto-filling each victim’s name at the beginning. Most importantly, the Netflix phishers use a well-known technique of compromising legitimate web accounts or web servers and hosting their phishing pages off of those services. By hosting the pages on sites that have been around for a while and weren’t previously malicious, the attackers buy time on URLs that have credibility (known online as a good reputation score) and won’t be flagged by security scanners.
59. Dangers of Public Wi-Fi
Link: https://due.com/blog/12-reasons-never-use-public-wi-fi/
Internet users risk leaking their private information online by choosing to connect to public wireless networks that do not require security passwords. By deciding to connect, they expose their data in messages, Notes, camera roll to the network administrator. Many free networks do not have encryption technology as it is expensive to adopt the system hence you unwittingly endanger your privacy. Hackers have unfettered access to unsecured devices on the same network.
60. The Internet of Things Needs a Code of Ethics
Link: https://www.theatlantic.com/technology/archive/2017/05/internet-of-things-ethics/524802/
The article is about an incident when a malware called Mirai took over poorly secured webcams and DVRs and used them to disrupt internet access across the United States. In such cases, who should be held responsible? The one who coded the malware, or who unleashed it on an essential piece of the internet’s infrastructure or the unsecured devices’ manufacturers be liable for the damage their products?
61. Forget viruses or spyware—your biggest cyberthreat is greedy currency miners
This article talks about how cryptocurrency mining is becoming a more serious problem than ransomware as a tool for extorting money. Cryptocurrency mining allows hackers to earn a lot of money with minimal effort. This is preferred as many people ignore ransomware as they know they can back up their computers, or they are unsure of the payment method. Although some antivirus softwares can detect the cryptocurrency mining software, the higher level cryptocurrency mining softwares cannot be detected by anti-virus software.
62. Inviting hackers to infiltrate US defence
The article talks about how the US is taking every approach to make sure that their IT defence system is secured. Hence they have this program called “Hack the Pentagon.” They will invite many hackers to come and hack this pentagon and if they manage to find a way, they will tell the US Defense how they infiltrate and they will be rewarded with a handsome sum of money.
63. When friends create enemies: Facebook’s mutual-friends feature may create security risks, privacy concerns
Link: https://www.sciencedaily.com/releases/2013/05/130530132437.htm
The mutual-friends feature on social networks such as Facebook, which displays users’ shared friendship, might not be so ‘friendly.’ When it comes to social media, I believe that a lot of people will not give/post most of your personal information online. Even if you posted, you might tailor your privacy settings to ‘share with friends only.’ However, is the privacy settings safe and will not leak out any of your information to outsiders?
64. Strava Fitness App Can Reveal Military Sites, Analysts Say
Strava is a fitness app that posts a map of its users’ activity has unwittingly revealed the locations and habits of military bases and personnel, including those of American forces in Iraq and Syria, security analysts say. The app, Strava, which calls itself “the social network for athletes,” allows millions of users to time and map their workouts and to post them online for friends to see, and it can track their movements at other times. The app is especially popular with young people who are serious about fitness, which describes many service members.
65. MAKING SENSE OF APPLE’S RECENT SECURITY STUMBLES
Link: https://www.wired.com/story/apples-security-macos-high-sierra-ios-11/
This articles basically tells us how big technology companies like Apple do have security flaws too. Big companies like Apple earned a strong reputation for security, however recently they are facing strong hackers who are trying to fix bugs in their systems. This lead us to the question, how to save are their security measures. As a personal user of Apple, I feel that with such problems coming along, they may lose the customer based on strong competitors like Oppo or even Samsung just because of a security issue.
66. Hackers are stealing millions in cryptocurrency during ICOs
Link: https://www.engadget.com/2018/01/22/hackers-stealing-millions-cryptocurrency-ico/
In this article, the author talks about how security is a problem when it comes to cryptocurrencies. It was found that 10 percent of Initial Coin Offering (ICO) were stolen by hackers and it amounts to $1.5 million a month. Also, these hackers are also gaining access to personal information like addresses, phone numbers, bank details and credit card numbers. The author explained how with the lack of proper safeguards lead to the rise of hacking in cryptocurrency and phishing method is popular among hackers.
