Wednesday, May 12, 2021

How Amazon Sidewalk Works—and Why You May Want to Turn It Off

The premise is convenient. But the ecommerce giant’s record on privacy isn't exactly inspiring.

DarkSide Hit Colonial Pipeline—and Created an Unholy Mess

As the White House gets involved in the response, the group behind the malware is scrambling.

Apple Execs Chose to Keep a Hack of 128 Million iPhones Quiet

Emails from the Epic Games lawsuit show Apple brass discussing how to handle a 2015 iOS hack. The company never notified affected users.

What's Google Floc? And How Does It Affect Your Privacy?

There's a battle raging over how advertisers can target us on the web—or whether they should be able to target us at all.

Google Gets Serious About Two-Factor Authentication. Good!

The tech giant wants to push its billions of users—and the rest of the industry—to enable multifactor authentication by default.

The Colonial Pipeline Hack Is a New Extreme for Ransomware

An attack has crippled the company’s operations—and cut off a large portion of the East Coast’s fuel supply—in an ominous development for critical infrastructure.

Microsoft Will Soon Kill Flash on Windows 10 for Good

Plus: A Peloton data leak, Russian hacker details, and more of the week’s top security news.

ISPs Funded 8.5 Million Fake Comments Opposing Net Neutrality

The secret campaign, backed by major broadband companies, used real people’s names without their consent.

Twitter's Tip Jar Privacy Fiasco Was Entirely Avoidable

Sending its users to PayPal has created all sorts of problems that Twitter should have caught ahead of time.

How a Former Netflix Exec Built a Brazen Bribery Scheme

The company’s ex-vice president of IT faces 20 years in prison for creating a pay-to-play environment with technology vendors.

Then a Hacker Began Posting Patients’ Deepest Secrets Online

A family-run psychotherapy startup grew into a health care giant. It was a huge success—until the data breach and the anonymous ransom notes sent to clients.

Don’t Buy Into Facebook’s Ad-Tracking Pressure on iOS 14.5

The company tells Apple users that tracking helps keep those platforms “free of charge,” but opting out now doesn't mean paying up later.

A Ransomware Group Hit DC Police—Then Pivoted to Extortion

Warrantless searches, tracking troops, and more of the week’s top security news.

A Ransomware Group Hit DC Police—Then Pivoted to Extortion

Warrantless searches, tracking troops, and more of the week’s top security news.

Google's Grand Plan to Eradicate Cookies Is Crumbling

Regulators in the EU and competitors have raised concerns about the company's proposals to rewrite the rules of online advertising.

An Ambitious Plan to Tackle Ransomware Faces Long Odds

A task force counting Amazon, Cisco, and the FBI among its members has proposed a framework to solve one of cybersecurity's biggest problems. Good luck.
The Hacker News

Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild

Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild. The list of updated applications includes Adobe Experience Manager,...
The Register

Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data

Online lending apps and more given fifteen days to ‘rectify’ behaviour China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…
SecurityWeek

SAP Patches High-Severity Flaws in Business One, NetWeaver Products

SAP has released a total of six new security notes on its May 2021 Security Patch Day, along with updates for five other security notes, including three rated Hot News. read more
The Register

South Korea orders urgent review of energy infrastructure cybersecurity

No prizes for guessing why, as Colonial Pipeline outage stretches patience and looks like lasting a week South Korea’s Ministry of Trade, Energy and Infrastructure has ordered a review of the cybersecurity preparedness of the nation’s energy infrastructure.…
SecurityWeek

Ransomware Gang Threatens Release of DC Police Records

A Russian-speaking ransomware syndicate that stole data from the Washington, D.C., police department says negotiations over payment have broken down, with it rejecting a $100,000 payment, and it will release sensitive information that could put lives at risk if...