Pete Recommends – Weekly highlights on cyber security issues, April 8, 2023

Subject: Here’s how Google Maps cracked down on fake contributions last year
Source: Android Central

Google Maps removed millions of abusive image contributions and fake business profiles in 2022. What you need to know:

  • Google has disclosed how it dealt with fake contributions in Maps last year.
  • The navigation service removed more fake reviews and phony business profiles in 2022 than in the previous year.
  • Google chalked this up to an update to its machine learning capabilities, which aided in identifying abusive trends more quickly.

It is no secret that there’s a whole community of scammers out there exploiting Google Maps‘ flaws for profit, primarily because it’s so easy to fake listings and reviews on the service that trusting them right away can be risky. That is why Google is always on the lookout for abusive trends, and it has revealed how it bolstered those efforts last year.


Subject: Clearview AI scraped 30 billion images from Facebook and gave them to cops
Source: Insider

Insider: it puts everyone into a ‘perpetual police line-up’ – ”

  • Clearview AI scraped 30 billion photos from Facebook to build its facial recognition database.
  • US police have used the database nearly a million times, the company’s CEO told the BBC.
  • One digital rights advocate told Insider the company is “a total affront to peoples’ rights, full stop.”

A controversial facial recognition database, used by police departments across the nation, was built in part with 30 billion photos the company scraped from Facebook and other social media users without their permission, the company’s CEO recently admitted, creating what critics called a “perpetual police line-up,” even for people who haven’t done anything wrong.

Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.

Subject: IRS-authorized tax return software caught serving JS malware
Source: BleepingComputer, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware.Security researchers state the malicious JavaScript file existed on website for weeks. BleepingComputer has been able to confirm the existence of the malicious JavaScript file in question, at the time.

Note, this security incident specifically concerns and not IRS’ e-file infrastructure or identical sounding domains.

Just in time for tax season – was caught serving malware, as spotted by multiple users and researchers. The malicious JavaScript file in question is called ‘popper.js’:



Subject: It’s Their Content, You’re Just Licensing it
Source: New York Times

The New York Times: “Amid recent debates over several publishers’ removal of potentially offensive material from the work of popular 20th-century authors — including Roald Dahl, R.L. Stine and Agatha Christie — is a less discussed but no less thorny question about the method of the revisions. For some e-book owners, the changes appeared as if made by a book thief in the night: quietly and with no clear evidence of a disturbance. In Britain, Clarissa Aykroyd, a Kindle reader of Dahl’s “Matilda,” watched a reference to Joseph Conrad disappear. (U.S. editions of Dahl’s books were unaffected.) Owners of Stine’s “Goosebumps” books lost mentions of schoolgirls’ “crushes” on a headmaster and a description of an overweight character with “at least six chins.” Racial and ethnic slurs were snipped out of Christie’s mysteries.In each case, e-books that had been published and sold in one form were retroactively (and irrevocably) altered, highlighting what consumer rights experts say is a convention of digital publishing that customers may never notice or realize they signed up for. Buying an e-book doesn’t necessarily mean it’s yours….

Subjects: Censorship, Digital Rights, Education, Free Speech, Freedom of Information, Knowledge Management, Legal Research, Libraries

Abstracted from beSpacific
Copyright © 2023 beSpacific, All rights reserved.

Subject: House Homeland Security Republicans request information regarding cybersecurity threat by Chinese-built cranes at U.S. ports
Source: Homeland Preparedness News

In a letter dispatched to Department of Homeland Security (DHS) Secretary Alejandro Mayorkas this week, Republican chairs linked to the House Committee on Homeland Security pressed for answers on potential cybersecurity threats posed by Chinese-manufactured cranes used at U.S. ports.“We are particularly concerned about technology employed by Chinese-manufactured cranes operating in U.S. ports, which significantly increases the cybersecurity risk to business operations systems and terminal industrial control systems,” the lawmakers wrote. “To address these concerns, the Committee on Homeland Security is conducting oversight of vulnerabilities in our nation’s maritime ports and the Department of Homeland Security’s (DHS) resilience strategies to address them.”

However, recent reports have alleged that approximately 80 percent of cranes used at U.S. ports are manufactured by Shanghai Zhenhua Heavy Industries Co. (ZPMC), a Chinese company. While traditionally this would simply mean the item moving other items on the docks came from overseas, in modern times it raises questions of their operational technology system, which could allow their creator to remotely monitor their movements and items they transport in real time.

“According to a former top U.S. counterintelligence official, ‘[c]ranes can be the new Huawei,’” the lawmakers wrote. “Any potential port shut down could create catastrophic economic and security consequences. These vulnerabilities could provide opportunities to near-peer nation-state adversaries, such as China, to cripple our economy from behind a computer screen.”

Subject: Understanding the NIST Cybersecurity Framework
Source: LastPass blog

The original version of the NIST Cybersecurity Framework, CSF 1.0, was introduced in 2014. The most recent official version, CSF 1.1, was released in 2018. Since the last version came out, NIST has been gathering feedback to incorporate in version 2.0, which is currently scheduled for a 2024 release.

CSF 2.0 is expected to include updated guidance on governance and supply chain risks. It is also anticipated to reflect the growing consensus that technology should be secure by design in order to better protect businesses, customers, and the general public. Businesses that want to get an advance look at the recommendations that may be included in CSF 2.0 can view the proposed changes in the NIST Cybersecurity Framework 2.0 Concept Paper.

Posted in: Big Data, Business Research, Cybercrime, Cybersecurity, Privacy, Social Media, Technology Trends