Nov 15, 2019
Technology news headlines for this week include Microsoft endorsing the CCPA, PEMEX targeted by ransomware, and Google's health and banking initiatives.
CyberScoop: Microsoft says it will apply California privacy law across the country
By: Sean Lyngaas
“Microsoft on Monday said it would apply the privacy protections stipulated in a relatively stringent California law to customers across the U.S. in an effort to push other states to adopt similar measures.”
TechCrunch: New 5G flaws can track phone locations and spoof emergency alerts
By: Zack Whittaker
“Security researchers at Purdue University and the University of Iowa have found close to a dozen vulnerabilities, which they say can be used to track a victim’s real-time location, spoof emergency alerts that can trigger panic or silently disconnect a 5G-connected phone from the network altogether.”
Reuters: Hackers demand $5 million from Mexico's Pemex in cyberattack
By: Adriana Barrera & Raphael Satter
“Hackers demanded about $5 million in bitcoin from Mexico’s Pemex, they told Reuters on Tuesday, saying the state oil firm missed a special discount by not paying immediately after a cyberattack that fouled up the company’s systems.”
Wall Street Journal: Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans
By: Rob Copeland
“Google is engaged with one of the U.S.’s largest health-care systems on a project to collect and crunch the detailed personal-health information of millions of people across 21 states.”
Gizmodo: Forget Credit Cards, Google's Looking to Open Its Own Checking Accounts
By: Victoria Song
“This year saw plenty of tech giants dabble in finance. Apple released its credit card, Facebook just launched a Venmo competitor and is trying to get its Libra cryptocurrency off the ground, and now Google is reportedly mulling offering a financial product of its own—checking accounts.”
Motherboard: This Bank Had the Worst Password Policy We've Ever Seen
By: Lorenzo Franceschi-Bicchierai
“FinecoBank, a bank with more than 1.3 million customers in Italy and the UK, suggested an unusual password strategy to its customers: copy and paste the password into Google, and see if anyone else is using it.”
CNBC: Amazon cites ‘unmistakable bias’ in Microsoft’s military cloud contract win
By: Jordan Novet & Amanda Macias
“Amazon said Thursday it has filed a notice in the U.S. Court of Federal Claims indicating a plan to protest the Pentagon’s decision to give Microsoft a multibillion dollar contract for cloud computing services.”
NPR: A Smart Home Neighborhood: Residents Find It Enjoyably Convenient Or A Bit Creepy
By: Joshua McNichols
“When the Ferguson family decided they wanted to live in the Seattle suburb of Black Diamond they weren't in the market for a smart home. But they wound up with one, a house packed with Internet-connected devices.”
Ars Technica: IoT doorbell exposed customer Wi-Fi passwords to eavesdroppers
By: Sean Gallagher
“Ring has pushed out a fix to a security issue in the configuration code for its Internet-connected home security products. Researchers from Bitdefender notified Ring in June of a flaw in Ring Video Doorbell Pro cameras' software that made it possible for wireless eavesdroppers to grab the Wi-Fi credentials of customers during the device's setup—because those credentials were sent over an unsecured Wi-Fi connection to the device using unencrypted HTTP.”
Android Police: Shady app lets stalkers view private Instagram accounts in exchange for their own data
By: Manuel Vonau
“Facebook doesn't have the best reputation when it comes to minding its users' privacy, and Cambridge Analytica exploiting the social network's third-party APIs for unchecked data collection surely hasn't helped. Now, we've found another service called Ghosty that takes advantage of Instagram's API to create a stalker paradise. By crowdsourcing the data of all of its users' Instagram accounts, it lets anyone view many private profiles.”