New York Times: The Government Protects Our Food and Cars. Why Not Our Data?
By: Natasha Singer
"After Apple discovered in June that certain MacBook laptops could overheat, posing a fire hazard, the Consumer Product Safety Commission quickly issued a warning, along with information about consumer burns and smoke inhalation. But after Apple learned that its FaceTime video chat app was enabling consumers to listen in on the conversations of people they called — even when the recipients did not answer their phones — there was no designated federal protection agency to warn Americans or collect reports of privacy invasions. After Fitbit wristbands began causing people to develop skin rashes and blisters a few years ago, the consumer safety agency announced a recall of about one million of the fitness-tracking devices."
New York Times: With a Laser, Researchers Say They Can Hack Alexa, Google Home or Siri
By: Nicole Perlroth
"Since voice-controlled digital assistants were introduced a few years ago, security experts have fretted that systems like Apple’s Siri and Amazon’s Alexa were a privacy threat and could be easily hacked. But the risk presented by a cleverly pointed light was probably not on anyone’s radar. Researchers in Japan and at the University of Michigan said Monday that they had found a way to take over Google Home, Amazon’s Alexa or Apple’s Siri devices from hundreds of feet away by shining laser pointers, and even flashlights, at the devices’ microphones."
Washington Post: Think You’re Anonymous Online? A Third of Popular Websites are ‘Fingerprinting’ You
"Just when you thought we had hit rock bottom on all the ways the Internet could snoop on us — no. We’ve sunk even lower. There’s a tactic spreading across the Web named after treatment usually reserved for criminals: fingerprinting. At least a third of the 500 sites Americans visit most often use hidden code to run an identity check on your computer or phone. Websites from CNN and Best Buy to porn site Xvideos and WebMD are dusting your digital fingerprints by collecting details about your device you can’t easily hide. It doesn’t matter whether you turn on 'private browsing' mode, clear tracker cookies or use a virtual private network. Some even use the fact you’ve flagged “do not track” in your browser as a way to fingerprint you."
CBS News: Uber Allegedly Paid $100,000 Ransom and had Hackers Sign NDAs After Massive Data Breach
"New details about how Uber responded to a massive hack attack in 2016 raise questions about the way it handled sensitive customer information. Instead of reporting the hackers to police, the company allegedly paid $100,000 in exchange for a promise to delete 57 million user files the men stole off a third party server, prosecutors said. Within weeks of paying the ransom, Uber employees showed up at Brandon Glover's Winter Park, Florida, home and found Vasile Mereacre at a hotel restaurant in Toronto, Canada, the Justice Department said. The pair admitted their crimes, but Uber didn't turn them over to the cops. Instead, they had the hackers sign non-disclosure agreements, promising to keep quiet. The two hackers pleaded guilty on Wednesday."
CyberScoop: Inside the FBI's Quiet 'Ransomware Summit'
By: Sean Lyngaas
"In March, officials in sparsely populated Jackson County, Georgia, made a painful decision. Rather than rebuild their networks from scratch, they paid $400,000 to hackers to get the county’s data back. The six-figure amount — eclipsed by a nearly $600,000 payment made by a Florida city in June — is symptomatic of a much larger problem. Across the U.S., poorly secured businesses, local governments, and schools have lost millions of dollars to attackers who can cheaply buy access to ransomware-as-a-service kits on underground forums."
ZDNet: Half of Americans Do Not Believe Deepfake News Could Target Them Online
By: Eileen Brown
"Although AI is trying to bring truth into data journalism, fake arguments, catfishes, and inaccurate statistics still plague the web. So how do people sift through the news to find out what is actually the truth? Deepfaking is an AI-based technology used to produce or alter online content. It presents something that did not actually occur. It is used to produce videos of politicians or celebrities saying or doing things that they did not say or do. London-based web hosting guide Who is Hosting this? has released an online trust study. It asked 981 Americans -- from baby boomers to millennials -- how they worked through fake news items produced by AI-based technology to find out what is true."
The Guardian: Undercover Reporter Reveals Life in a Polish Troll Farm
"It is as common an occurrence on Polish Twitter as you are likely to get: a pair of conservative activists pouring scorn on the country’s divided liberal opposition.
'I burst out laughing!' writes Girl from Żoliborz, a self-described 'traditionalist' commenting on a newspaper story about a former campaign adviser to Barack Obama and Emmanuel Macron coming to Warsaw to address a group of liberal activists.
'The opposition has nothing to offer. That’s why they use nonsense to pull the wool over people’s eyes,' replies Magda Rostocka, whose profile tells her almost 4,400 followers she is 'left-handed with her heart on the right.'"
TechCrunch: Saudi Arabia Reportedly Recruited Twitter Employees to Steal Personal Data of Activists
By: Devin Coldewey
"Saudi Arabian officials allegedly paid at least two employees of Twitter to access personal information on users the government there was interested in, according to recently unsealed court documents. Those users were warned of the attempt in 2015, but the full picture is only now emerging. According to an AP report citing the federal complaint, Ahmad Abouammo and Ali Alzabarah were both approached by the Saudi government, which promised 'a designer watch and tens of thousands of dollars' if they could retrieve personal information on certain users. Abouammo worked for Twitter in media partnerships in the Middle East, and Alzabarah was an engineer; both are charged with acting as unregistered Saudi agents — spies."
CBC: 'What a Mess': McDonald's Customers Frustrated as 'Hamburglar' Hacks More App Accounts
By: Sophia Harris
"The so-called Hamburglar is still at large, hacking customers' McDonald's app accounts and ordering food on their dime. For some victims, their troubles didn't end there as they were unhappy with how McDonald's handled their cases. 'What a mess,' said Deborah Kelly of Peterborough, Ont. She's unimpressed after the fast-food giant mistakenly blamed mystery charges on her account on a technical glitch, not a fraudster. Since February, CBC News has heard from more than 20 people who allege a fraudster somehow infiltrated their McDonald's phone app — which was linked to their debit or credit card — and ordered meals for pickup."
Motherboard: A Robinhood Exploit Let Redditors Bet Infinite Money on the Stock Market
By: Edward Ongweso Jr.
"Redditors in the irony-poisoned Wall Street Bets (r/wallstreetbets) community discovered an exploit in the investing app Robinhood they’ve named 'infinite leverage' that enables them to lose huge sums of money at record speeds. Robinhood is a mobile brokerage app that allows users to trade stocks and options without commission fees. Understanding Robinhood as an attempt to gamify stock trading helps clarify why members of WSB were are so eager to find hacks, glitches, and oversights in the software. It’s a game to them."