{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

10/09/2019
linkedin facebook twitter instagram
WorkScoop
Using your phone number for 2FA on Twitter? It might have been used against you for advertising purposes. Suspected Iranian hackers strike out against the researchers trying to catch them. And a closer look at that Senate Intel report. This is CyberScoop for Wednesday, October 9.

A deep, heavy sigh

Twitter announced Tuesday it accidentally misused, for advertising purposes, email addresses and phone numbers that users had supplied strictly for security reasons. In a blog post, the company says the addresses and numbers were dumped into its “Tailored Audiences” product, which allows advertisers to target ads to customers based on the advertiser’s own marketing lists. The numbers came from Twitter's two-factor authentication process, which sends a one-time code via SMS during the login process. Using a phone number in two-factor is already frowned upon in some security circles, so this incident isn't going to make things any better. Greg Otto has more context.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


Russia used Google to boost Donald Trump's candidacy, too

Russian propagandists relied heavily on Facebook and Twitter to spread disinformation before the 2016 U.S. presidential election, and a new congressional report elaborates on how they also used two other prominent services — Google Search and YouTube — to sway Americans’ public opinion in favor of Donald Trump. The Senate Intelligence Committee detailed just how valuable they were for Russia's Internet Research Agency troll farm. IRA agents started posting inflammatory content to YouTube in September 2015, ultimately resulting in 1,100 videos, or 43 hours of content, posted to 17 YouTube channels, the Senate found. The “overwhelming preponderance” of the content was aimed at African-Americans, and they focused particularly on police brutality and the Black Lives Matter movement. Jeff Stone covered the news yesterday.


Charming Kitten claws at Israeli researchers

After Microsoft’s announcement last week that Iranian hackers had tried to breach a presidential campaign, researchers are sharing more information on the group’s infrastructure and its penchant for revenge. Israeli cybersecurity company ClearSky this week revealed new phishing sites set up by the group, known as Charming Kitten or APT35. “They tried to attack me personally and ClearSky as well many times,” said Ohad Zaidenberg, a researcher at ClearSky Cybersecurity. “They don’t like us.” Sean Lyngaas has the story.


Is airport facial recognition a reasonable security measure, or a violation of civil liberties?

Could it be either, depending on context? And where’s the line? These questions are on the minds of many, from members of Congress to the traveling public. Now, the Privacy and Civil Liberties Oversight Board is looking into it too. PCLOB exists to make sure that any actions taken by the government to protect against terrorism don’t infringe upon American civil liberties. In June the board announced that it intends to review “how biometric technologies are used to verify identity at each phase of a journey, from booking to baggage claim, considering both operational needs and privacy and civil liberties concerns attending particular applications of these technologies.” PCLOB's chairman told Tajha Chappellet-Lanier what might be next.


U.S. curbs Chinese companies over Uighur surveillance

The U.S. Commerce Department is working this week to blacklist eight Chinese surveillance and AI companies for their human rights abuses of Chinese Muslim populations. The department said it was adding major firms to the U.S. Entity List, a move intended to limit their business with the U.S. Although the department names human rights abuses as the primary concern in its latest action, some of the companies have also come under federal scrutiny in recent months for security issues, including Hikvision and Dahua, which the Trump administration listed in a rule issued in August meant to bar federal purchases of their telecommunications equipment over national security concerns. Shannon Vavra is following it.


Watch out for hackers on Sesame Street

The Sesame Street Live Store, where fans of the children’s show buy merchandise, is one of more than 6,500 websites that security researchers say may be compromised by payment skimmers after an apparent incident at an e-commerce platform. A breach at Volusion, which provides cloud infrastructure for online stores, made it possible for thieves to insert malicious code on to many of the sites partnered with Volusion, according to researcher Marcel Afrahim. Malicious JavaScript code “which on the surface looks like some code that some developer just grabbed from any open source libraries” is extracting credit card information from affected pages, Afrahim wrote. Volusion told CyberScoop on Wednesday that the issue, which affected what it described as V1 merchants only, has been resolved. No word on if Big Bird was affected.


Tweet Of The Day

Image

That's too real.


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}