Facebook Inc. disabled the personal accounts of a group of New York University researchers studying political ads on the social network, claiming they are scraping data in violation of its terms of service.

Facebook also cut the researchers off from Facebook’s APIs, a technology used to share data from Facebook to other apps or services, and disabled other apps and Pages associated with the research project, which is called NYU Ad Observatory. Facebook said it cut off the researchers to remain in compliance with a 2019 data privacy agreement with the Federal Trade Commission. The government punished the company for failing to police how outside developers collected data.

But Laura Edelson, a researcher at NYU’s Tandon School of Engineering, said, “Facebook is silencing us because our work often calls attention to problems on its platform.” (Kurt Wagner and Naomi Nix / Bloomberg)

Related: Engadget, Neowin, Protocol, Business Insider, Times of India, The Verge

Laura Edelson @LauraEdelson2

This evening, Facebook suspended my Facebook account and the accounts of several people associated with Cybersecurity for Democracy, our team at NYU. This has the effect of cutting off our access to Facebook's Ad Library data, as well as Crowdtangle. 1/4

August 4th 2021

3,632 Retweets7,410 Likes

David Carroll @profcarroll

Facebook gets to define what “privacy” means in the context of punishing the NYU Political Ad Observatory, concentrating corporate power. It signals to other academics that Facebook shamelessly now wears Cambridge Analytica as a fig leaf.

August 4th 2021

30 Retweets70 Likes

Facebook is building a team of artificial intelligence researchers to study ways of analyzing encrypted data without decrypting it. Their research focuses on"homomorphic encryption, which allows companies to reach and access data while keeping it encrypted.

The research could enable the social media giant to target ads based on encrypted Facebook-owned WhatsApp messages, although Facebook said it's"too early for us to consider homomorphic encryption for WhatsApp at this time." (Sarah Krouse and Sylvia Varnham O'Regan / The Information)

Related: Engadget, Slashdot, TechSpot, Android Authority, MacRumors

Researchers from Forescout Research Labs and JFrog Security Research found fourteen critical and high-risk vulnerabilities in a proprietary TCP/IP stack called NicheStack that's widely used in operational technology (OT) devices from up to 200 vendors. 

Among the devices affected are programmable logic controllers (PLCs), such as the Siemens S7, which are the building blocks of industrial automation and are used in critical infrastructure sectors. (Lucian Constantin / CSO Online)

Related: SecurityWeek, The Hacker News, Security Affairs, Forescout

The UK’s Ministry of Defense paid out its first bug bounties to ethical computer hackers who hunt for vulnerabilities following a months-long “hacker security test” conducted with HackerOne.

The contest focused on web-facing systems only, no automated mass-scanning, no phishing, among other criteria. The Ministry did not release information about the size of the bounties. (Gareth Corfield / The Register)

Related: TechTarget, Business Wire Technology: Security News

Pen registers are a little-understood, potentially privacy-endangering surveillance method that the U.S. government frequently uses on Facebook and its hugely popular messaging tool WhatsApp. This surveillance is evidenced by a July application by the Drug Enforcement Administration in Ohio to conduct surveillance on seven WhatsApp users.

The surveillance is legal under the Pen Register Act within the Electronic Communications Privacy Act of 1986. Courts have upheld that this Act does not violate Fourth Amendment, which protects Americans from unreasonable searches, obviating the need for law enforcement to show “probable cause” when seeking pen register surveillance. (Thomas Brewster / Forbes)

Thomas Brewster @iblametom

In another case, the gov did explain why it wanted a pen register on a fugitive Facebook user, but only because it also applied for data under the Stored Communications Act. The @EFF has previously said such “hybrid” orders are "inherently questionable.” How American Law Lets Feds Spy On WhatsApp Without Needing To Say WhyPen registers let governments keep tabs on when and with whom WhatsApp users are talking and which IP addresses they’re using, and they don’t have to give judges a full explanation as to why. The same goes for surveillance on any communications technologies, from Facebook to car Wi-Fi.forbes.com

August 3rd 2021

4 Retweets8 Likes

The local crime-tracking app Citizen, which advocates say already pushes privacy boundaries, is now offering customers access to a live safety agency when they are in “stressful or uncertain situations” in a service called Protect.

The new version can listen for user screams and offers a feature called Distress Detection that uses an algorithm to monitor a user’s mobile handset's microphone for sounds that “indicate trouble.” (Boone Ashworth / Wired)

Related: Mashable, Vox, TechCrunch, Cybersecurity| Reuters.com, Mashable, Vox

Researchers at Sophos say that Raccoon Stealer, a stealer-as-a-service, has been upgraded by its developer to steal cryptocurrency alongside financial information.

Among the upgrades is the use of droppers disguised as installers for cracked and pirated software instead of the usual spam delivery method. (Charlie Osborne / ZDNet) 

Related: CyberNews, Reddit - cybersecurity, Sophos, Threatpost

Researchers at the security consultancy Dolos Group says that hackers with access to a targeted laptop that meets prevailing security protocols can gain the ability to write not only to the stolen laptop but also to the fortified network it was configured to connect to, all within thirty minutes.

In an attack akin to the infamous “Evil Maid” attack, the intrusion works by exploiting the inadequacies of the trusted platform module or TPM, a heavily fortified chip installed on the motherboard that communicates directly with other hardware installed on the machine. (Dan Goodin / Ars Technica)

Related: Dolos Group

Facebook-owned WhatsApp unveiled View Once photos and videos, which vanish from a chat after they've been opened, "giving users even more control over their privacy."

WhatsApp says that View Once media is protected by end-to-end encryption (Abrar Al-Heeti / CNET)

Related: BusinessLine - Home, Pocket-lint, Phandroid, Silicon Republic, ZDNet Security, Android Authority, gHacks, The Sun, Information Security Newspaper | Hacking News, SlashGear, Memeburn, iPhone Hacks, TechWorm, SlashGear

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published a 59-page technical report containing guidance for hardening orchestration software Kubernetes’ clusters.

But because the container-oriented Kubernetes and Docker model is unlike traditional, monolithic software platforms, many system administrators have problems configuring Kubernetes to work securely. (Catalin Cimpanu / The Record)

Related: National Security Agency News, US-CERT, National Security Agency

Thoma Bravo-owned Sophos has announced its second takeover in as many weeks with the acquisition of Seattle-based DevSecOps startup Refactr, which offers an automation platform that helps cybersecurity and DevOps teams to operate collaboratively.

This deal follows Sophos’ announced acquisition of Braintrace, a cybersecurity startup that provides organizations visibility into suspicious network traffic patterns. The terms of the deal were not disclosed. (Carly Page / TechCrunch)

Related: MSSP Alert, Sophos News

In its fifth cybersecurity acquisition so far in 2021, Deloitte & Touche said it acquired aeCyberSolutions, the industrial cybersecurity business of Applied Engineering Solutions, or aeSolutions.

The other Deloitte acquisitions this year include the assets of cyber threat hunting provider Root9B, LLC (R9B), cloud security posture management (CSPM) provider CloudQuest, Inc., digital risk protection company, Terbium Labs, and Zero Trust network access (ZTNA) provider TransientX. (Joseph F. Kovar / CRN)

Related: Business Wire, AIThority

Photo by Souvik Banerjee on Unsplash