|
|
|
|
|
|
|
|
|
|
Cyber Daily: Securing Open Source Tools | Health Trackers Are Just Getting Started Harvesting Your Data
|
|
|
|
|
|
|
|
Welcome back. Today we're keeping an eye on a White House meeting of open-source tech organizations planning to hash out cybersecurity duties in the wake of the big Log4j compromise. (Get up to date with our explainer here.)
The Apache Software Foundation—host of the Log4j logging tool—doesn't want to be solely responsible for fixing problems, noting that lots of commercial tech providers use the tool but don't help with upkeep. In Tuesday's newsletter, I talked about Apache's pointed missive to the White House.
The Biden administration recognizes that open-source code is widely used but maintained by volunteers, which presents national security concerns. Apache and the Linux Open Source Foundation are expected to attend Thursday's meeting with federal agencies, along with Amazon, Google, IBM and others. Deputy National Security Advisor Anne Neuberger is due to host.
***
If you got in a workout today, some device probably logged stats like calories burned and heart rate. But connected watches and sneaker sensors will soon seem like kludgy 1980s car phones. (Hey, I had one like this and it cost way more than $29.99.)
Businesses and researchers are working on new methods to create and capitalize on personal health data. These developments bring concerns about security, as sensitive information is beamed to the cloud, and privacy, especially in cases where manufacturers own data about their customers’ health that the customers themselves can’t access.
Continued below.
|
|
|
|
|
CONTENT FROM OUR SPONSOR: Netscout
|
|
7 requirements for detecting Log4j exploits using packets.
Along with scanning and patching, start detecting and blocking. See why packet-derived data is the ultimate protection against Log4j exploitation.
Read More
|
|
|
|
|
|
|
|
The WSJ Future of Everything team looked at how health and fitness devices are about to get a lot more granular, for better or worse. It’s too early to know which metrics correspond to improved health or whether zealously tracking them itself has negative impacts.
|
|
|
Quantifying dental data, such as tracking acidity in the mouth, may help forecast cavities and draw connections between oral health and other health issues. Camera-enabled toothbrushes could send information to dentists, who might use machine learning to sift through the data to determine whether patients need to come in.
|
|
|
|
San Francisco-based Kinsa wants to turn its smart thermometers into a system that detects illness outbreaks and tells people how and when to seek treatment. The network has about 2.5 million thermometers in the U.S. so far.
|
|
|
|
Robots could help lull patients to sleep with breathing exercises and “digital sleeping pills” emitted through headbands that play music or soothing sounds. Eventually, a bespoke assessment of how much sleep each individual needs, as opposed to the one-size-fits-all recommendation of eight hours, could be offered.
|
|
|
|
|
|
|
|
Manufacturer blames bankruptcy on cyberattack. Houston-based United Structures of America Inc. filed for chapter 11 bankruptcy protection Tuesday, saying a 2019 ransomware attack destroyed all of its servers, 400 computers and assorted other machinery. The company paid a demanded ransom but never got its data unlocked, said Dain Drake, president of United Structures, in a court filing. The company lost financial, customer and order data, he said, and has since been winding down operations. United Structures, privately held and founded in 1980, made metal buildings.
Cybersecurity company breached. Salt Lake City-based Venafi Inc. disclosed to state regulators that a phishing attack compromised an employee's email account between Nov. 8 and Dec. 9, exposing sensitive data.
Identifying suspected Iran-backed hackers: U.S. Cyber Command warned organizations to look for certain earmarks of hacking tools routinely used by a group known as MuddyWater, linked to Iran's Ministry of Intelligence and Security.
|
|
|
|
|
PHOTO: DADO RUVIC/REUTERS
|
|
|
|
|
Electronic Arts discloses hacks of high-profile FIFA accounts. "Utilizing threats and other 'social engineering' methods, individuals acting maliciously were able to exploit human error within our customer experience team and bypass two-factor authentication to gain access to player accounts," EA said in a notice on its website.
|
|
|
|
Albuquerque Public Schools canceled classes for Thursday after a cyberattack on Tuesday disrupted computer systems. Schools could be closed Friday as well, said Scott Elder, superintendent of New Mexico''s largest school district. (KOAT Action News)
|
|
|
|
|
|
|
|
|
PHOTO: RODRIGO SURA
/SHUTTERSTOCK
|
|
|
|
|
|
-
The joint investigation by six organizations including Amnesty International and The Citizen Lab, a research group at the University of Toronto, found that the spyware was used to hack video and voice recordings, photos, contacts and phone conversations of dozens of independent journalists and editors in 2020 and 2021.
-
Among those affected, the organizations said, were 22 journalists from local publication El Faro, which has exposed corruption scandals and secret truce negotiations between El Salvador’s government and imprisoned gang leaders in exchange for financial and prison benefits.
-
A spokeswoman for President Nayib Bukele denied involvement in the illegal surveillance of journalists and said that authorities were investigating the use of Pegasus in the country. She added that the government wasn’t a client of the NSO Group and didn’t use its Pegasus spyware.
-
A spokeswoman for NSO Group said the company provides its software only to vetted intelligence and law-enforcement agencies to fight criminals, terrorists and corruption, and not to monitor dissidents, activists and journalists.
|
|
|
|
|
|
|
|
|
|
|
|
