Google and iPhone deflect blame for latest security flaw in this week's cybersecurity headlines.
CNET: Google says iPhone Security Flaws let Websites Hack Away for Years
By: Sean Keane & Alfred Ng
"Google's Project Zero security researchers revealed that they found several hacked websites that slipped malware onto people's iPhone for years. If people visited one of the sites, their messages, photos and location data could have been compromised. The team reported its findings to Apple earlier this year, and the vulnerability was patched in the same update that fixed the FaceTime eavesdropping bug."
The Next Web: Facial Recognition in Schools Leads to Sweden’s First GDPR Fine
By: Már Másson Maack
"The Swedish Data Protection Authority (DPA) has served a municipality in northern Sweden the country’s first GDPR fine — amounting to almost €19,000 (200,000 SEK) — for using facial recognition technology to monitor the attendance of students in school.
The high school in Skellefteå conducted a pilot program last fall where the attendance of 22 students over a period of three weeks was taken with the help of facial recognition technology, instead of good ol’ fashioned roll call, according to Computer Sweden."
Fast Company: Uh-oh: Silicon Valley is Building a Chinese-Style Social Credit System
By: Mike Elgan
"Have you heard about China’s social credit system? It’s a technology-enabled, surveillance-based nationwide program designed to nudge citizens toward better behavior. The ultimate goal is to 'allow the trustworthy to roam everywhere under heaven while making it hard for the discredited to take a single step,' according to the Chinese government."
Motherboard: Cops Hijack Botnet, Remotely Wipe Malware From 850,000 Computers
By: Lorenzo Franceschi-Bicchierai
"French police, with help from an antivirus firm, took control of a server that was used by cybercriminals to spread a worm programmed to mine cryptocurrency from more than 850,000 computers. Once in control of the server, the police remotely removed the malware from those computers. Antivirus firm Avast, which helped France’s National Gendarmerie cybercrime center, announced the operation on Wednesday."
Ars Technica: Google Play Apps with 1.5 Million Downloads Drained Batteries and Slowed Devices
By: Dan Goodin
"Researchers have discovered two Google Play apps with more than 1.5 million downloads engaging in a new form of click fraud that drained batteries, slowed performance, and increased mobile data usage on infected phones. The apps—a notepad app called 'Idea Note: OCR Text Scanner, GTD, Color Notes' and a fitness app with the title 'Beauty Fitness: daily workout, best HIIT coach'—carried out the stealthy form of fraud for almost a year until it was discovered by researchers at security firm Symantec. Google removed them from Play after receiving a private report."
New York Times: U.S. Cyberattack Hurt Iran’s Ability to Target Oil Tankers, Officials Say
By: Julian E. Barnes
"A secret cyberattack against Iran in June wiped out a critical database used by Iran’s paramilitary arm to plot attacks against oil tankers and degraded Tehran’s ability to covertly target shipping traffic in the Persian Gulf, at least temporarily, according to senior American officials. Iran is still trying to recover information destroyed in the June 20 attack and restart some of the computer systems — including military communications networks — taken offline, the officials said."
Bloomberg: Cloud Security Boom Creates New Crop of Tech Darlings
"A new generation of cybersecurity companies is creating billions of dollars in market value for investors as businesses increasingly turn to cloud-based products for better protection from sophisticated attacks. Okta Inc., Zscaler Inc. and Crowdstrike Holdings Inc. have experienced rapid growth, and analysts say that should continue as customers allocate more resources to security systems that operate in the cloud. Shares of Okta and Zscaler have rallied more than 80% this year, while Crowdstrike has more than doubled since its June initial public offering, making it one of the best performing tech debuts in 2019."
Los Angeles Times: It was Sensitive Data from a U.S. Anti-Terror Program – and Terrorists Could have Gotten to it for Years
"The Department of Homeland Security stored sensitive data from the nation’s bioterrorism defense program on an insecure website where it was vulnerable to attacks by hackers for over a decade, according to government documents reviewed by The Times. The data included the locations of at least some BioWatch air samplers, which are installed at subway stations and other public locations in more than 30 U.S. cities and are designed to detect anthrax or other airborne biological weapons, Homeland Security officials confirmed. It also included the results of tests for possible pathogens, a list of biological agents that could be detected and response plans that would be put in place in the event of an attack."
ESPN: Seahawks WR Keenan Reynolds and His 'Cryptic' Job in the Navy
By: Brady Henderson
"Unless you have the proper security clearance -- which no one at the Seattle Seahawks' headquarters has -- wide receiver Keenan Reynolds can't really tell you what his job in the military entails. Reynolds' position coach, Nate Carroll, can only guess. 'I would think it'd be some sort of like, codes, code-breaking in war, sending signals between people,' Carroll said. 'That would be a guess. Like, 'Windtalkers' I guess. I don't know.'"
The Next Web: Malware Found in CamScanner’s Document Scanning Android App, which has Over 100M Downloads
By: Ravie Lakshmanan
"Another day, another instance of Android malware found on the Google Play app store.
Researchers from Kaspersky Lab said they found an app with 100 million downloads that housed a malicious module that then pushed ads or downloaded apps surreptitiously onto compromised Android devices. The malicious component was found by the researchers after they were alerted to ‘suspicious behavior’ in the free version of the popular document scanning app CamScanner following a rash of negative reviews left by users to avoid using the app."