Weekly News Recap #12

1. Facebook to acquire a cybersecurity firm

In the wake of their most recent hack, Facebook has been reportedly in search for cybersecurity aid, planning to purchase a cybersecurity firm in order to gain key security talent and to serve as a positive public relation move.

To recap, the hacking, which took place a month ago, resulted in access tokens stolen for more than 30 million accounts (pared down from an initial estimate of 50 million), which granted the complete access to the user profiles. Basic contact information such as name and either email or phone number for 14 million accounts, and additional data like gender, religion, location, device information, and the 15 most recent searches for another 15 million accounts.

Two anonymous sources say the company has approached multiple firms about a possible purchase and aims to close the deal by the end of the year. Presently there is no information on what type of security Facebook is looking to get.

Considering the numerous amounts of hacks Facebook experiences, there is a broad consensus amongst Facebook users that a solid security system should be set in place to protect users from having their data stolen.

Tip: you can check to see if your account was compromised here https://www.theverge.com/2018/10/12/17968562/facebook-hack-how-to-tell-if-data-stolen

Source: The Verge

2. YouTube mini-player for desktop browsers

Finally, quality of life update from YouTube. Users who prefer the use of desktop computers to their mobile devices will be happy to hear that an in-browser mini-player is now available for download. The new feature was brought out earlier this month, allowing the viewers to continue playing the video while browsing for another one. A bold move was made, similar to one of Facebook, which has the video minimised and moved to the side of the page allowing for continuous scrolling.

YouTube users can opt to exit the mini-player by merely pressing the “x” or escape keys on their keyboards. You can also control playlists, queues, and next videos directly through the minimised video. This means that if you’re searching for that one specific video, but you don’t want to stop playing the video you already have up have up or miss out on the next playlist queued, you can continue watching a video while searching for something else! What a grand improvement to the desktop version.

If you want to use the mini-player, hover over the bottom of the video, and use the icons in the right-hand corner to select mini-player. Enjoy the endless browsing!

Source: The Verge

3. Government health insurance hack

According to the Centers for Medicare and Medicaid Services, the government health care system in America has been breached last week, compromising the personal data for 75,000 individuals. The system is commonly used by insurance agents and brokers.

Unusual activity was detected in the Federally Facilitated Exchanges, or FFE’s Direct Enrollment pathway to help people applying for health insurance. CMS says that “approximately 75,000 individuals’ files were accessed,” and that after the breach was verified on the 16th, it took steps to secure the system.

The Direct Enrollment system has been shut down by CMS to implement new security measures — it plans to have it up and running again in a week. Those who might have been affected will be notified shortly and will be offered assistance with measures like credit protection. The general website where the public can sign up for health care coverage will not be affected and will have no impact on the upcoming open enrollment period, which begins on November 1st.

Source: The Verge

4. Apple demands Bloomberg retract Chinese spy chip report

Apple CEO, Tim Cook, has gone on the record for the first time to battle the allegations, calling for Bloomberg to withdraw their story about the report of Chinese spies compromising a company server through the use of malicious microchips. Bloomberg alleged that the Chinese spies infiltrated the critical tech infrastructure belonging to companies like Apple and Amazon by injecting tiny microchips inside Supermicro servers. The hacking potentially would have allowed for the Chinese government to access the computer networks run on those servers.

Cook protests “This did not happen. There’s no truth to this”. Previously Apple released a statement criticising the story apart, denying each individual claim. “On this, we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” the release said. Soon after, the company’s vice president of information security, George Stathakopoulos, wrote to Congress denying the allegations directly.

No malicious chips have been found, and no evidence has been proposed in the weeks following the release of the report.

Source: The Verge

5. Saudi Arabia spying on Twitter users

Last week, The New York Times published a report detailing Saudi Arabia’s efforts to combat dissent on platforms like Twitter, such as slain US journalist Jamal Khashoggi, who was subjected to intense and personal attacks online before his death. As part of those efforts, the kingdom’s reportedly worked to groom a Twitter employee to spy on user accounts.

The western intelligence officials have allegedly contacted Twitter, reporting that the Saudi government was “grooming” one of its employees, Ali Alzabarah, “to spy on the accounts of dissidents and others.” The employee began working for Twitter back in 2013 as an engineer with access to user accounts and was convinced by Saudi intelligence officials to look into several accounts.

The moment Twitter found out, they placed Alzabarah on administrative leave as the investigation took place. Even though “they could not find evidence that he had handed over Twitter data to the Saudi government,” the employee was fired in 2015, and Twitter notified ‘a few dozen’ accounts that they might have been targeted.

Source: The Verge

Leave a Reply

Your email address will not be published. Required fields are marked *