Oracle begins auditing TikTok’s algorithms
The vetting of TikTok’s algorithms and content moderation models are to ensure they aren’t being manipulated by Chinese authorities, Axios has learned. In June, after longstanding pressure from the U.S. government, TikTok said it had begun routing all its U.S. user data to Oracle’s cloud infrastructure. Both of those moves are part of a broader TikTok effort called Project Texas, which is meant to give U.S. TikTok users and lawmakers assurance that U.S. user data is safe and content recommendations aren’t being manipulated. The project name refers to Oracle’s headquarters in Texas.
(Axios)
Digital Ocean dumps Mailchimp after attack leaked customer data
Cloud Service Digital Ocean made the move after revealing that on August 8th its engineering team had noticed that Mailchimp had stopped delivering emails such as confirmations, password resets, email-based alerts for product health, and “dozens of other transactional emails” without warning. Mailchimp stated on its website that malicious actors were increasingly deploying an array of sophisticated phishing and social engineering tactics targeting data and information from crypto-related companies, leading Digital Ocean to infer that the delivery stoppage was related to their work in the crypto-sphere.
Signal users exposed in targeted Twilio attack
The security breach at Twilio led to the exposure of the phone numbers and SMS registration codes for 1,900 Signal users, however representatives of the encrypted messaging service claim the attacker would not have been able to access the message history, contact lists, profile information, or other personal data associated with these user accounts, due to their encryption processes. The organization posted a security note on its site that it has identified and is notifying the affected users directly, and urges them to re-register Signal on their devices.
Hackers attack UK water supplier but extort wrong company
South Staffordshire Water, which provides drinking water to 1.6 million British consumers daily, has confirmed an IT disruption from a cyberattack. It says however that the disruption of the IT systems doesn’t impact the supply of safe water. The Clop gang who is claiming responsibility for the attack seems to have misidentified its victim, claiming, on their onion site that they had hit Thames Water which provides water and wastewater treatment services to the Greater London area. The apparently informed Thames Water of its network security inadequacies, and published samples of stolen data including passports, screenshots from water treatment SCADA systems, driver’s licenses, and more. Thames Water has officially disputed these claims as a hoax, a position substantiated by the fact the published data contains South Staffordshire email addresses.
Thanks to today’s episode sponsor, 6clicks
Pentagon put microgrid technology to the test at DEF CON
The Pentagon is planning to deploy local, self-contained electric grids, called microgrids, to Army bases. To assess their viability they brought the technology to DEF CON, looking for hackers’ help in finding vulnerabilities. More than 1,700 DEF CON attendees participated in Pentagon’s microgrid hacking challenge, with many of them successfully shutting down the mock grid in minutes. The Army is promoting the microgrid effort because the systems are “energy efficient, cost-effective and can keep bases up and running even if a cyberattack or natural disaster takes out the larger power grid.”
Kreb’s CISA split is impractical, say experts
Following up on a story we brought you last week, Chris Krebs, suggestion to re-form CISA was met with heavyweight skepticism by others in his community. Speaking at Black Hat, Krebs described how a standalone CISA could help streamline how the private sector and other stakeholders work with the government to combat cyberthreats. But former CISA officials and other cybersecurity experts called this unrealistic and impractical, stating to Cyberscoop that “DHS gives CISA size and Cabinet-level seniority, that private sector engagement would not be seamless, and that CISA would turn into an an agency whose “capability is only advisory” which would likely undercut its work.
The scariest things at Black Hat 2022
Like almost everyone else, PCMag was at Black Hat. Their reporters complied a list of the things that scared them the most. This includes, the weakness of SMS in MFA, how touch screens can be essentially keylogged, the systemic lack of a clear historical narrative regarding major cyber incidents, malware that targets job seekers with phishing links, fast-growing startups that don’t incorporate security into their early planning, Apple products becoming less secure, bug hunters getting sued, car key fobs getting hacked, Zoom chat delivering malware, tracking devices being spoofed, and the implications of the cyberwar in Ukraine. The full report is available at PCMag.
(PCMag)
Cyber Security Headlines turns two today
This is David Spark, producer for the CISO Series cutting in to provide the day’s last story which is that Cyber Security Headlines is the most popular show on CISO Series having been on the network for only two years. We’ve grown twelve-fold since launching with more than 1.7 million downloads, and we’re consistently in the top ten on Apple Podcasts for Tech News in the United States. Huge thanks to our reporters Steve Prentice, Rich Stroffolino, and Sean Kelly, plus our producers Aaron Diaz and Andrew Freels. And especially a huge thanks to our sponsors who have supported every single episode of this podcast. Lastly, a thanks to the listeners who keep listening and tell their friends to tune in. Please keep sharing with your cyber friends, and if you haven’t left a review or shouted about it on social media, please do so. This is just two years and we plan on continuing to deliver the most important cyber news to you every single day for many more years. Thank you for your support.