Pete Recommends – Weekly highlights on cyber security issues June 17 2018

Subject: China hacked Navy contractor, secured trove of sensitive data on submarine warfare
Source: Chicago Tribune

Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to undersea warfare – including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials.
The breaches occurred in January and February, the officials said, speaking on the condition of anonymity to discuss an ongoing investigation. The hackers targeted a contractor who works for the Naval Undersea Warfare Center, a military organization headquartered in Newport, Rhode Island, that conducts research and development for submarines and underwater weaponry. The officials did not identify the contractor.

Subject: Were your posts shared on Facebook publicly by mistake? Here’s how to find out
Source: Quartz

Facebook announced today that a software glitch mistakenly made 14 million users’ posts public over a period of 10 days in May, even if the users had intended those posts to be private. During the period, any post an affected user published on Facebook would have automatically been posted publicly. The bug affected Facebook posts between May 18 and 27; although Facebook fixed the error on May 22, it took five days to reverse the problem for all affected posts. Typically, the social network assigns new posts the same privacy setting as the user’s most recent post, unless otherwise instructed. Facebook said that it was today beginning to notify affected users. Anyone whose posts were mistakenly made public will see a notification on their Facebook account—both the mobile app and website—entitled “Please Review Your Posts.” The affected users will then be shown which posts were marked public during the glitch.

Subject: Here Are 18 Things You Might Not Have Realized Facebook Tracks About You

Source: BuzzFeed via beSpacific

BuzzFeed: “When Facebook CEO Mark Zuckerberg testified before Congress in April in the aftermath of the Cambridge Analytica scandal, he said he’d have his team follow up on questions he couldn’t answer in full during the hearing. On Monday, Congress released a massive document with written answers to those questions. These responses were a good reminder that Facebook records a ton of information about you, including:

other beSpacific articles about PRIVACY:

RSS feed:

BuzzFeed TECH RSS feed:

Subject: What is an inspector general?
Source: CNNPolitics

What is an inspector general? Put simply, an inspector general is a watchdog who is part of the government and simultaneously independent from the entity they are tasked with investigating. Somewhat analogous to internal affairs at a police department, the inspector general’s office for a given agency is tasked with looking into potential malfeasance by that agency or members of that agency, and issuing reports and recommendations on its findings. On the federal level, the inspectors general are each assigned to a different part of the executive branch, with an inspector general’s office for the Environmental Protection Agency, one for the Department of Defense and so on. A 2014 report from the Council of the Inspectors General on Integrity and Efficiency put the total number of “statutory IGs” at 72, from the original 12 established in 1978. What do their reports do?..

RSS feed for CNNPolitics:

lots of other RSS feeds in CNN:


Subject: Can a Chrome plugin help solve the fake news problem?
Source: Columbia Journalism Review

Determining what online content is trustworthy and what isn’t has become a key focus both for the platforms and for media companies. Facebook is now ranking news sources based on whether users (and its algorithm) see them as trustworthy, although many—including New York Times CEO Mark Thompson, who spoke at a recent event in Washington, DC—see that as problematic. Tesla founder Elon Musk has talked about a crowdsourced trust ranking system, which many see as equally problematic. Can something like trust even be quantified?

All of these questions and more come to mind with a new automated trust solution, an extension to Google’s Chrome browser that claims it will sort out who is a trustworthy source, and also plans to use blockchain technology to create a public, crowdsourced database of trusted sites. The plugin, called Trusted News, comes from eyeo, the German company behind AdBlock Plus, which claims to be the world’s most popular ad-blocking software. According to the plugin description:

Subject: As computers get harder to crack, thieves are pillaging mailboxes
Source: CNBC via USA Today

Mailboxes increasingly are a target for criminals
“Mail fishing” is when people use tools to retrieve envelopes out of the blue mailboxes lining the streets, and it’s on the rise, according to law enforcement officials.

“It’s doubled over the last two years, at least,” said Lt. John Grimpel, a spokesman for the New York City Police Department.
There were 2,800 complaints of mail fishing filed across the five boroughs of New York in 2017, and 1,300 submitted so far this year, he said.
Mail fishers are not unique to Manhattan, however. Mail is under siege in Texas, Florida, New Jersey, Massachusetts, Colorado and California, among other places.

Subject: Google Helpfully Reminds Us How to Turn Off Invasive Personalized Ads
Source: Gizmodo

Google, seemingly aware that people are unnerved by just how much ad networks know about us, today said it’s refining how it lets you control what ads you see. The company has updated its ad personalization settings page, and in the process, has kindly reminded us that it’s easy to turn off personalized ads altogether. If you currently have the ad personalization feature turned on, Google’s refreshed Ad Settings page should include a list of topics and categories that Google is potentially using to serve you ads.

Subject: Oracle’s Internet Intelligence Map presents a real-time view of online threats
Source: Venturevet via beSpacific

Venture Beat: “Distributed denial of service attacks. Malware. State-imposed internet blackouts. It’s hard to keep abreast of every bad actor and natural disaster impacting the internet, but Oracle is making it a bit easier with the launch of Oracle Cloud Infrastructure’s Internet Intelligence Map, a real-time graphical representation of service interruptions and emerging threats. It’s now available for free…”

Subject: Five Ways to Fight Elder Abuse, Neglect, and Financial Exploitation
Source: Social Security Matters Blog

Posted on June 14, 2018

As Americans, we believe that people of all ages and abilities deserve to be treated fairly and equally and to live free from abuse, neglect, or financial exploitation. Tomorrow, on World Elder Abuse Awareness Day, we join the world in recognizing the importance of elders to our communities and standing up for their rights. Here are five ways you can join this fight.

This entry was posted in Guest Bloggers and tagged abuse, caregivers, elder abuse, elder abuse awareness, fraud, world elder abuse awareness day by Lance Robertson, Assistant Secretary for Aging and Administrator, Administration for Community Living, HHS. Bookmark the permalink.

Subject: OPM pushes agencies to report cyber workforce gaps
Source: FCW

The shortage of cybersecurity workers isn’t confined to government. A May 2017 report from the Center for Cyber Safety and Education predicted a global shortage of 1.8 million cybersecurity personnel by 2021. Government agencies are considering fast-hire authority, specialty pay and flexibility to move from public to private sector, to get the federal cybersecurity workforce up to speed.

In the memo, which follows the April 2 OPM guidance for coding and classifying jobs with IT and cyber functions, to help agencies address workforce shortages.

The full report “must include the completion of action plans with metrics and targets to address and mitigate root causes identified for the cybersecurity work roles of critical need,” writes Reinhold.

Subject: NIST builds drone forensics dataset
Source: GCN

When criminals take advantage of the technology to hide their tracks, law enforcement officials are left to try to extract evidence from their computers, phones or storage drives for investigations. Now that drones have been used to smuggle drugs into prisons or across the border, officials need a way to reliably pull data from these captured devices that ensures the evidence is preserved and usable in court.

To help law enforcement extract information from unmanned aerial systems, the National Institute of Standards and Technology has included forensics images of 14 popular makes and models of drones in its Computer Forensic Reference Datasets. The “forensic images” in CFReDS are not literal images but rather device specifications and sample digital evidence that investigators can download for free to learn what’s inside the drone.

Drone forensics is a relatively new field. It showed up in a few research papers in 2016, and by 2017 law enforcement starting asking for the capability. Now, any conference on digital forensics is sure to have a panel on drones, according to Steve Watson, founder and CTO at VTO Labs, the company that developed the forensic images for NIST.

Posted in: Big Data, Cybercrime, Cybersecurity, Economy, Government Resources, Social Media