Breaking up Facebook won’t be easy
The US government and 48 attorneys general want to break up Facebook. In twin lawsuits filed on Wednesday, they allege that Facebook has engaged in illegal, anti-competitive tactics to buy, bully and kill its rivals. The burden of proof is daunting: for one, they’ll need to prove that Facebook bought rivals like Instagram and WhatsApp with the sole purpose of killing off competition.
Intel source ‘Spider’ outed in election lawsuit’s redaction gaff
A lawsuit seeking to overturn the election in President Trump’s favor hit another snag, this time when a federal prosecutor tried to redact the name of a star witness. That witness, code-named “Spider,” claims to be a former military intelligence official and claims that American voting machines were compromised. He doesn’t claim to have analyzed any voting machines, but that hasn’t stopped him from coming up with conspiracy theories. Reuters reporter Brad Heath has pointed out that the metadata in previous filings indicate “Spider’s” real name.
AI is coming for your job … slowly
Cybersecurity jobs are going the way of the dodo, according to a new survey from Trend Micro. More than two-fifths of IT leaders said that they think AI is going to make their jobs moot by 2030. If you find that worrisome, here’s a kind of, sort of silver lining: according to the site Data Center Knowledge, the progression of machine learning is going to be slowed by siloed systems and a lack of integrated management.
Massive ransomware attack goes after MySQL servers
As of Thursday morning, more than 85,000 MySQL servers had been breached in what was then an ongoing ransomware campaign. Researchers at Guardicore Labs say that the campaign, which they’ve dubbed “Please_Read_Me,” started as early as January 2020. The attackers are selling 250,000 databases on the Dark Web. Guardicore called the attack “extremely simple”: it starts with password brute-force on the MySQL service, followed by a series of database queries and collection of data on existing tables and users.
Thanks to our episode sponsor, Code42
Instagram click farm revealed by leaky Elasticsearch server
vpnMentor security researchers stumbled across tens of thousands of fake Instagram files being operated in a massive Instagram click farm in central Asia. It was revealed by an unsecured Elasticsearch database that the operators connected to the public-facing internet. vpnMentor said that the highly automated process involved tens of thousands of fake proxy accounts, proxy servers and IP addresses to hide the farm’s activity. Each had its own avatar, bio and persona, and seemed to join Instagram from all over the world.
Germany probes Facebook over tying Oculus to Facebook accounts
Germany is investigating Facebook over its requirement that users of its Oculus VR product have a Facebook account. This summer, Facebook announced it would merge users of the latest Oculus kit onto a single Facebook account and would end support for existing Oculus account users by 2023. Its move has forced new users to immediately get a Facebook account in order to log in and access content.
Cookies without consent to cost Amazon, Google
France’s data protection agency is slapping Google with a $120 million fine for dropping tracking cookies without consent on users of its French domain. Amazon is getting hit with a $42 million fine for doing the same thing. The agency, CNIL, investigated the sites over the past year and found tracking cookies being automatically dropped when a user visited the domains, in breach of the country’s Data Protection Act. In total, CNIL uncovered three consent violations.
Crooks publish data purportedly stolen from financial giant TSYS
Attackers have published reams of data they claim to have stolen from the third-largest third-party payment processor for financial institutions in North America. The company, Total System Services Inc. (TSYS), provides payment processing services and other payment solutions, including prepaid debit cards and payroll cards. The company says it’s “immaterial” because cardholder data wasn’t jeopardized. Conti, a hacker group behind use of the ransomware strain Conti, also known as Ryuk, published more than 10 gigabytes of purportedly stolen data—likely because TSYS refused to pay its ransom.