Facebook reaches settlement related to Cambridge Analytica scandal
Facebook has agreed to pay $725 million as a penalty to settle a long pending legal battle related to its sale of user data to the now defunct Cambridge Analytica. During US 2016 Polls, Cambridge Analytica leveraged the data to solicit info such as page likes, DoBs, genders, locations, and political interests using a quiz app called “thisisyourdigitallife.” The procedure was deemed illegal because it was conducted for political advertising without the consent of Facebook’s users. The proposed settlement is pending approval by San Francisco’s US District Court.
BTC.com lost $3 million in cyberattack
One of the world’s largest crypto mining pools, BTC.com, discovered on December 3 that it was the victim of a cyberattack that resulted in the theft of approximately $3 million worth of crypto assets. Around $700,000 worth of the stolen crypto was owned by customers while $2.3 million in digital assets is owned by the company. BTC.com reported the incident to Chinese authorities and says it has recovered some of the stolen funds. The company says it has taken measures to block such attacks in the future but has not disclosed whether any data was affected as a result of the incident.
Hackers use trojan to steal $8 million from BitKeep users
Multiple BitKeep crypto wallet users reported that their wallets were emptied during Christmas after hackers triggered transactions that didn’t require verification. BitKeep is a decentralized multi-chain web3 DeFi wallet used by over eight million users worldwide. The incident appears to have impacted users who downloaded an unofficial and trojanized version of the BitKeep app. Affected users should create a new wallet address after downloading the official apps from Google Play or App Store and then transfer their funds to it. Losses are expected to grow due to delays in users noticing and responding to the incident because of the attack occurring during the holiday season.
Military device containing PII sold on eBay
More than decade ago, the US military last used its Secure Electronic Enrollment Kit (SEEK II) in Afghanistan to scan fingerprints and irises. Back in August 2022, German security researcher, Matthias Marx, bought the chunky black rectangular device on eBay for $68. The device included a memory card containing PII of more than 2,600 individuals including names, nationalities, photos, and biometric data. Most of the info belongs to those classified as terrorists or wanted individuals, but some info belongs to other civilians. The Department of Defense said that the hardware should have been destroyed on site as soon it fell out of use and asked that it be returned. One of the sellers told the New York Times that the company acquired the device at a government equipment auction.
(Gizmodo)
And now a word from our sponsor, Tines
TikTok used its app to spy on reporters
Employees of TikTok’s Chinese parent company, ByteDance, tracked IP addresses of journalists who were using TikTok to try and determine if they were in the same location as employees suspected of leaking confidential information. According to an internal email from ByteDance general counsel, at least four members of staff based in both the US and China improperly accessed the data. All four have been fired and company officials said they were taking additional steps to protect user data.
J. Robert Oppenheimer cleared of 68-year-old accusations
Nearly 70 years after having his security clearance revoked by the Atomic Energy Commission (AEC) due to suspicion of being a Soviet spy, renowned Manhattan Project physicist J. Robert Oppenheimer has finally received some form of justice. In 1954, Oppenheimer was subjected to security hearings over his alleged Communist ties, and ultimately was found innocent of treason, but he was ruled “not reliable or trustworthy” and was stripped of his access to military secrets. The hearings severely tarnished the accomplished physicist’s reputation. US Secretary of Energy Jennifer M. Granholm released a statement nullifying the controversial decision against Oppenheimer, declaring it to be the result of a biased and flawed process that violated the AEC’s own regulations.
EarSpy attack eavesdrops on phones via motion sensors
A team of researchers from several US universities has developed a side channel eavesdropping attack for Android devices, named EarSpy. Researchers used ‘Physics Toolbox Sensor Suite’ to capture reverberations from the ear speaker of Android devices and then fed it to MATLAB for analysis. A machine learning (ML) algorithm was then used to recognize speech content, caller identity, and gender. Using this approach researchers correctly identified caller gender between 77.7% and 98.7% of the time, caller ID classification ranged between 63.0% and 91.2%, and speech recognition ranged between 33.3% and 56.4%. Not surprisingly, user movement and lowering the volume of the ear speaker resulted in lower accuracy.
Piers Morgan’s Twitter account abuses queen and Ed Sheeran in apparent hack
On Tuesday, the Twitter account of former Good Morning Britain (GMB) host, Piers Morgan, was wiped of much of its content, amid reports it was hacked. Monday night, Morgan’s account shared posts containing false information, racial slurs and abusive messages directed at the late Queen Elizabeth II and the singer Ed Sheeran. The incident comes on the heels of UK education secretary, Gillian Keegan’s account apparently being hacked on Christmas Day. Morgan has yet to publicly address the apparent hack and his other social media accounts appear to be functioning normally.