“Abstract—Online meeting tools like Zoom and Google Meethave become central to our professional, educational, and personal lives. This has opened up new opportunities for large scale harassment. In particular, a phenomenon known as zoombombing has emerged, in which aggressors join online meetings with the goal of disrupting them and harassing their participants.In this paper, we conduct the first data-driven analysis of calls for zoombombing attacks on social media. We identify ten popular online meeting tools and extract posts containing meeting invitations to these platforms on a mainstream social network, Twitter, and on a fringe community known for organizing coordinated attacks against online users, 4chan. We then perform manual annotation to identify posts that are calling for zoombombing attacks, and apply thematic analysis to develop a codebook to better characterize the discussion surrounding calls for zoombombing.

Subject: They Stormed the Capitol. Their Apps Tracked Them.
Source: NYT via beSpacific
https://www.bespacific.com/they-stormed-the-capitol-their-apps-tracked-them/

The New York Times – Times Opinion was able to identify individuals from a trove of leaked smartphone location data.”…The sacking of the Capitol was a shocking assault on the republic and an unwelcome reminder of the fragility of American democracy. But history reminds us that sudden events — Pearl Harbor, the Soviet Union testing an atomic bomb, the Sept. 11 attacks — have led to an overreach in favor of collective security over individual liberty that we’d later regret. And more generally, the data collected on Jan. 6 is a demonstration of the looming threat to our liberties posed by a surveillance economy that monetizes the movements of the righteous and the wicked alike….

Abstracted from beSpacific

Vice: “Favicons are one of those things that basically every website uses but no one thinks about. When you’ve got 100 tabs open, the little icon at the start of every browser tab provides a logo for the window you’ve opened. Twitter uses the little blue bird, Gmail is a red mail icon, and Wikipedia is the bold W. It’s a convenient shorthand that lets us all navigate our impossible tab situation.  According to a researcher, though, these icons can also be a security vulnerability that could let websites track your movement and bypass VPNs, incognito browsing status, and other traditional methods of cloaking your movement online. The tracking method is called a Supercookie, …Strehle has set up a website that demonstrates how easy it is to track a user online using a favicon. He said it’s for research purposes, has released his source code online, and detailed a lengthy explanation of how supercookies work on his website.

The scariest part of the favicon vulnerability is how easily it bypasses traditional methods people use to keep themselves private online. According to Strehle, the supercookie bypasses the “private” mode of Chrome, Safari, Edge, and Firefox. Clearing your cache, surfing behind a VPN, or using an ad-blocker won’t stop a malicious favicon from tracking you.

With the growing importance of cyber-physical systems, the National Science Foundation’s research program aims to uncover cross-cutting principles, tools and hardware and software components that can accelerate the transition of CPS research into the real world.CPS tightly integrates computing devices and networking infrastructure to deliver sensing of the physical world. It relies on data analytics, machine learning, autonomy, internet of things, networking, privacy, security and verification and may include human-aided control. Architectures may be distributed or centralized and feature multi-level hierarchical control and coordination of physical and organizational processes.

“CPS technology will transform the way people interact with engineered systems — just as the Internet has transformed the way people interact with information,” NSF said in its program announcement.

The Department of Homeland Security’s Science & Technology Directorate, the Federal Highway Administration (FHWA), the National Institutes of Health and the Department of Agriculture are sponsoring the research.

DHS S&T’s Technology Centers Division is interested in CPS research that protects industrial controls from cyberattacks and that helps systems identify, predict or recover from faults. Privacy and managing the use of sensitive data is of interest, as is validation, verification and certification that speed up design cycles while ensuring high confidence in system safety and functionality.

[shhh, don’t tell’m about Stuxnet from more than a decade ago /pmw1

Google, owner of the world’s most popular web browser, set the countdown clock ticking last year when it said it would end support for third-party cookies in Chrome by 2022. It’s been experimenting with tools in its “Privacy Sandbox” that are designed to allow advertising to continue to work on the web but in a less privacy encroaching way.

Last month, Google said one of those new techniques – Federated Learning of Cohorts (also known as FLoC) – was “nearly as effective as cookie-based approaches” in its own tests. FLoC uses machine learning algorithms that run on a user’s device to cluster people into interest-based groups based on behavior like their browsing history. It’s now preparing to let other adtech companies experiment with some of its proposals.

…

Other companies have been adding feedback and discussing their own proposals for cookie alternatives in subcommittees of the World Wide Web consortium, or W3C, a key web standards group.
Insider spoke with Justin Schuh, security and privacy engineering director for Google Chrome, who is leading its Privacy Sandbox efforts. Schuh discussed how Chrome is attempting to assuage ad industry concerns about its cookie replacements, his ambitions for other browsers and platforms to adopt Privacy Sandbox-like solutions, and how Chrome is thinking about ways to give users more control how their data is used. This interview has been edited for clarity and length.

Thirty of the most downloaded mobile health apps are highly vulnerable to application programming interface cyberattacks, which could let hackers gain access to patient health records and protected health information, according to a recent Knight Ink and Approov report.For its report, API cybersecurity company Approov and cybersecurity content company Knight Ink tapped Alissa Knight to analyze the leading mHealth apps over a six-month period to assess cybersecurity vulnerabilities. Ms. Knight is a cybersecurity analyst and partner at Knight Ink. The mHealth app developers agreed to participate in the study as long as the results were not directly attributed to the app vendors.

…

other cybersecurity articles: https://www.beckershospitalreview.com/cybersecurity.html

Research from Google shows that hackers can quickly find security flaws in previously patched bugs. Maddie Stone, a security researcher at Google, said that bugs are often only partially fixed allowing for previously undetected flaws, known as zero-day vulnerabilities, to be exploited repeatedly, reports MIT Technology Review. Ms. Stone is part of a security team known as Project Zero, which has tracked more than 150 zero-day bugs over the past six years. According to Ms. Stone, security teams often fix software vulnerabilities incompletely, and hackers can get back in by changing a few lines of code or adding a few tweaks.

Ms. Stone said security teams at software firms are often working with limited resources and time, which may contribute to zero-day vulnerabilities. Security teams, she said, are often focused on fixing a specific flaw instead of the root cause of the flaw in its entirety.

…

https://www.beckershospitalreview.com/cybersecurity.html