EFF

Fixed? The FTC Orders Facebook to Stop Using Your 2FA Number for Ads

EFF

Since academics and investigative journalists first reported last year that Facebook was using people’s two-factor authentication numbers and “shadow” contact information for targeted advertising, Facebook has shown little public interest in fixing this critical problem. Subsequent demands that Facebook stop all non-essential uses of these phone numbers, and public revelations that Facebook’s phone number abuse was even worse than initially reported, failed to move the company to action.

Yesterday, rather than face a lawsuit from FTC, Facebook agreed to stop the most egregious of these practices.

Full article

EFF

Thank Q, Next

EFF

In its next release, Android plans to up its privacy game. But the operating system still caters to ad trackers at its users’ expense.

The newest release of Android, dubbed “Q,” is currently in late-stage beta testing and slated for a full release this summer. After a year defined by new privacy protections around the world and major privacy failures by Big Tech, this year, Google is trying to convince users that it is serious about “protecting their information.” The word “privacy” was mentioned 22 times during the 2019 Google I/O keynote. Keeping up that trend, Google has made—and marketed—a number of privacy-positive changes to Android for version Q.

Many of the changes in Q are significant improvements for user privacy, from giving users more granular control over location data to randomizing MAC addresses when connecting to WiFi networks by default. However, in at least one area, Q’s improvements are undermined by Android’s continued support of a feature that allows third-party advertisers, including Google itself, to track users across apps. Furthermore, Android still doesn’t let users control their apps’ access to the Internet, a basic permission that would address a wide range of privacy concerns.

Full article

EFF

EFF Extensions Recommended by Firefox

EFF

Earlier this month, Mozilla announced the release of Firefox 68, which includes a curated “list of recommended extensions that have been thoroughly reviewed for security, usability and usefulness”. We are pleased to announce that both of our popular browser extensions, HTTPSEverywhere and PrivacyBadger, have been included as part of the program. Now, when you navigate to the built-in Firefox add-ons page (URL: about:addons), you’ll see a new tab: “Recommendations,” which includes HTTPS Everywhere and Privacy Badger among a list of other recommended extensions. In addition, they will be highlighted in Add-ons for Firefox and in add-on searches.

Full article

Ars Technica

Judge allows suit against AT&T after $24 million cryptocurrency theft

Ars Technica

When Michael Terpin’s smartphone suddenly stopped working in June 2017, he knew it wasn’t a good sign. He called his cellular provider, AT&T, and learned that a hacker had gained control of his phone number.

The stakes were high because Terpin is a wealthy and prominent cryptocurrency investor. Terpin says the hackers gained control of his Skype account and tricked a client into sending a cryptocurrency payment to the hackers instead of to Terpin.

Full article

Naked Security

Facebook admits to Messenger Kids security hole

Naked Security

Facebook was red-faced this week after admitting to a loophole in its child-focused Messenger Kids system.

The company was found apologizing to parents via email after a hole in the supposed closed-loop messaging system allowed children to join group chats with people their parents hadn’t approved.

Full article

ZDNet

NSA to establish a defense-minded division named the Cybersecurity Directorate

ZDNet

The National Security Agency announced today plans to establish a new defense-minded cyber-security division that will focus on defending the US against foreign cyber-threats.

This new division, which will be named the Cybersecurity Directorate, will become operational on October 1, later this year.

Anne Neuberger will be the division’s first Director of Cybersecurity. She will report directly to General Paul Nakasone, the NSA’s Director.

Neuberger previous positions included NSA Chief Risk Officer; Deputy Director of Operations; and Lead of NSA’s Russia Small Group.

The Russia Small Group was a joint collaboration between the NSA and US Cyber Command to counteract Russian interference during the 2018 US midterm elections.

Full article

Naked Security

Big password hole in iOS 13 beta spotted by testers

Naked Security

A security clanger has been spotted in the current beta version of iOS 13 which allows anyone to access a user’s stored web and app passwords without having to authenticate.

Affecting iOS 13 public beta 2, developer beta 3, and iPadOS 13 betas, the issue appears to have surfaced first on Reddit, complete with a brief demo video later expanded with commentary on YouTube channel iDeviceHelp.

The issue can be reproduced by repeatedly tapping on Website & App Passwords menu (Settings > Password & Accounts) which stores credentials used by the web autofill function.

Full article

Naked Security

Hacked Bulgarian database reaches online forums

Naked Security

Data on millions of people stolen from the Bulgarian government has already popped up on hacker trading forums.

A hacker originally stole the data from the National Revenue Agency (NRA), which is part of Bulgaria’s Ministry of Finance, sending media outlets a link to the downloadable copy last Monday, 15 July 2019. The NRA confirmed this in a statement on its website.

Full article

Forbes

Russia’s Secret Intelligence Agency Hacked: ‘Largest Data Breach In Its History’

Forbes

Red faces in Moscow this weekend, with the news that hackers have successfully targeted FSB—Russia’s Federal Security Service. The hackers managed to steal 7.5 terabytes of data from a major contractor, exposing secret FSB projects to de-anonymize Tor browsing, scrape social media, and help the state split its internet off from the rest of the world. The data was passed to mainstream media outlets for publishing.

FSB is Russia’s primary security agency with parallels with the FBI and MI5, but its remit stretches beyond domestic intelligence to include electronic surveillance overseas and significant intelligence-gathering oversight. It is the primary successor agency to the infamous KGB, reporting directly to Russia’s president.

A week ago, on July 13, a hacking group under the name 0v1ru$ that had reportedly breached SyTech, a major FSB contractor working on a range of live and exploratory internet projects, left a smiling Yoba Face on SyTech’s homepage alongside pictures purporting to showcase the breach. 0v1ru$ had passed the data itself to the larger hacking group Digital Revolution, which shared the files with various media outlets and the headlines with Twitter—taunting FSB that the agency should maybe rename one of its breached activities “Project Collander”.

Full article