Oracle enters race to buy TikTok’s US operations

Oracle has become the latest contender to purchase TikTok, following President Trump’s promise to shut it down unless it is taken over by a US company by mid-November. Oracle is working with a group of US investors that already own a stake in ByteDance, to take over its operations in the US, Canada, Australia, and New Zealand. This puts Oracle in a race with Microsoft and Twitter for the popular video app, although Microsoft retains a more widespread vision, aiming to take over TikTok’s global operations.

(Financial Times)

Jack Daniel’s hit with ransomware

The makers of Jack Daniel’s Whiskey were hit with a ransomware attack over the past weekend. Brown-Forman, which owns and manufactures brands including Jack Daniel’s and Finlandia Vodka, stated that none of its files were encrypted in the attack, but some data may have been stolen. The hacking team known as REvil, accessed and screenshotted files, but Brown-Forman’s IT security team successfully detected them prior to a ransom situation. Brown-Forman says it is not keen on negotiating, but, REvil has threatened to auction the stolen data if a ransom is not paid.

(CISO Mag)

200,000 Healthcare records exposed through GitHub credentials leak

Nine data breach incidents at multiple U.S. health care providers involving the medical records of more than 200,000 US patients were discovered recently by ethical hacker Jelle Ursem, working in association with Data data leaks were the result of a developer leaving login credentials exposed in a GitHub repository. According to Ursem, it took him less than ten minutes to find the medical data by using variations on search phrases like “medicaid password FTP” to locate hardcoded login usernames and passwords for systems like Microsoft Office365 and Google G Suite environments.

(CISO Mag)

Apple will not make any exceptions for Epic

In the ongoing dispute between Apple and Epic the makers of Fortnite, Apple has now threatened to revoke Epic’s access to iOS and Mac developer tools by removing it from the Apple Developer Program unless it cuts out the payment processing option that is at the cause of the rift.

Apple and Google removed Fortnite from the App Store and the Play Store in response to Epic’s attempts to avoid guidelines that forced in-app purchases of digital goods to go through Apple and Google.

Epic has prepared lawsuits suing the two companies for anticompetitive practices and has also filed a preliminary injunction asking the courts to prevent Apple from cutting it off from the developer program. Otherwise, Apple says, Epic has until August 28th to make the changes.

(The Verge)

Crypto-mining worm steals AWS credentials

What appears to be the first crypto-mining malware operation that contains functionality to steal AWS credentials from infected servers has been discovered. According to research published earlier this year by Trend Micro, a cybercrime group called TeamTNT uses malware that searches for Docker systems that have been misconfigured and have left their management API exposed on the internet without a password. A further report from UK security firm Cado Security says that TeamTNT has upped its game to target Kubernetes installations and steal AWS credentials. In addition to selling the stolen credentials on the black market, this type of exploit may allow TeamTNT to boost its profits by installing crypto-mining malware in more powerful AWS EC2 clusters directly.


Microsoft delayed Zero Day fix for two years

A security flaw in Microsoft Windows had been actively exploited through malware attacks for two years before it was patched last week, says Brian Krebs. One of these flaws dealt with the way Windows validates digital signatures for computer programs in order to sign executable files and scripts and ensure that the code has not been changed or corrupted. Microsoft itself said an attacker could bypass security features by spoofing the credentials. Microsoft has been quiet about why it took so long to make the fix, despite acknowledging that its products were being actively exploited.

(Krebs ON Security)

British students’ grades algorithm reveals potential for cultural bias in AI

A grading algorithm intended to produce fair results while controlling for potential grade inflation by ambitious teachers has resulted in unfair grade reductions and disproportionate amounts of negative impacts on students from disadvantaged backgrounds. Applied to British A-Levels – the equivalent to Advanced Placement tests in the US, high achieving students from disadvantaged backgrounds were allegedly left unfairly punished while underachieving students from affluent areas were undeservedly rewarded since students’ grades were largely based on their postal code and socio-economic status.

Even UK Education Secretary Gavin Williamson acknowledged there were problems, and the exercise is being seen as evidence of how cultural bias can penetrate artificial intelligence application design.

(The Verge)

Oculus users envision a Facebook future

Virtual reality headset users will be forced to use a Facebook account in order to maintain an Oculus account. Facebook, which owns Oculus, says existing accounts will stay functional until January 1, 2023, after which, users and developers must go through Facebook.The company stated, “Facebook will manage all decisions around use, processing, retention and sharing of your data.” Oculus will also adopt Facebook’s core community standards.

(The Verge)