Cyber Security Headlines – December 18, 2020

Ex-Homeland Security adviser: ‘We’re being hacked’

Thomas P. Bossert, former Homeland Security adviser to Presidents Trump and George W. Bush, said in a New York Times article that the magnitude of the ongoing SolarWinds hack is “hard to overstate” and that remediation will be “staggering.” As many as 18,000 organizations downloaded the boobytrapped SolarWinds update, including most federal government unclassified networks and more than 425 Fortune 500 companies. Kaspersky Labs software is a case in point, he said: it took over a year to get it off networks. 

(New York Times)

Ignore Facebook ‘Christmas bonus’ come-on

Beware of Facebook posts about a Christmas bonus that people in your contact list may be sharing: they’re scams. This year’s version of holiday rip-off targets users with a “Christmas bonus” or “Christmas benefit,” according to the non-profit Identity Theft Resource Center (ITRC). The messages are actually coming from friends’ cloned accounts, and they claim that the individual has won a “Facebook Christmas Bonus Giveaway,” the ITRC explains. 

(Info Security)

Twitter to start removing COVID-19 vaccine misinformation

Twitter will remove deceptive COVID-19 tweets beginning next week. Such false messages have included that, for example, Peru is carrying out compulsory COVID-19 vaccinations, which it is not. Twitter says it will remove any tweets that “intentionally cause harm to control populations” or that invoke conspiracy theories. Tweets falsely suggesting that COVID-19 doesn’t exist or espouse “widely debunked” claims may also be removed, Twitter said. 

(The Verge)

Court rules that you may secretly record police in public places

A Boston federal appears court has ruled that people may surreptitiously record police officers at work in public spaces such as parks. The ruling concerns two cases: in one, two Boston civil-rights activists sued for the right to record police officers in public without fear of getting arrested. In the other case, a right-wing activist group sued so that it could privately record anyone, including landlords, people at alleged Antifa gatherings and government officials discussing immigration. (Universal Hub)

Thanks to our episode sponsor, ReversingLabs

Cyber attacks targeting open source software have increased 430%. Is your source code protected? Have your 3rd party applications been verified before moving to production? If any component has been compromised, how do you know? Learn more about how ReversingLabs can inspect software repositories for threats, and watch an on-demand demo at reversinglabs.com/demo.

Apple slaps back at Facebook’s ads over anti-tracking privacy measure

As we reported yesterday, in its upcoming iOS 14 privacy measure, Apple will require that users grant permission before being tracked for advertising purposes—a step that Facebook has criticized to the tune of full-page ads in national newspapers. Facebook’s says that the pop-ups will devastate small businesses. Apple’s response: users “should know when their data is being collected and shared across other apps and websites—and they should have the choice to allow that or not.”

(Mac Rumors)

More than 3 million users have downloaded 28 malicious Chrome or Edge extensions

15 Chrome and 13 Edge extensions—all of them malicious—have been downloaded by more than 3 million users, according to the security firm Avast. Avast found code that redirects user traffic to ads; that redirects user traffic to phishing sites; that collects personal data such as birth dates, email addresses, and active devices; that collects browsing history; or that downloads even more malware onto a user’s device. Researches say the primary objective appears to be hijacking user traffic for profit. 

(ZDNet)

Facebook reverses algorithm that favored news from mainstream news sites

Facebook has rolled back an algorithm tweak that sought to keep misinformation quiet during the post-election vote-counting period. The algorithm had been tuned to lift news from authoritative sources in favor of that coming from hyperpartisan sources. Now, it looks like Facebook is going back to its status quo. Mainstream news publishers such as CNN had enjoyed more traffic due to the algorithm, while sites such as Breitbart and Occupy Democrats had seen their numbers fall. The move dismays some Facebook employees: According to the New York Times, post-election, some Facebook employees asked at a company meeting whether the “nicer news feed” could stay.

(New York Times)

AI being trained to detect guns with homemade ‘active shooter’ videos

How do you stop a shooting before the first bullet? By training an algorithm to detect a gun as soon as it’s drawn. To do that, some companies are dangling firearms in front of backdrops that make it look like they’re being pulled out in environments including city streets or forests. The idea is that if AI can recognize a gun, police will be called before a shooter becomes active. However, ethicists warn that inherent bias in AI algorithms could lead to even more police violence. (Vice)