Biden Names Former NSA Officials To Top Cybersecurity Roles

President Biden has named two former National Security Agency vets to vacant cybersecurity positions. Jen Easterly, who helped launch U.S. Cyber Command has been nominated to head CISA, under Homeland Security. Former NSA deputy director John “Chris” Inglis was named national cyber director as well. The picks are subject to Senate confirmation.

These nominations follow the discovery earlier this year of two major cyber attacks linked to foreign governments. The well publicized SolarWinds was carried out via a Russian espionage campaign and targeted nine federal agencies. A separate attack by Chinese hackers targeted Microsoft Exchange servers.

533 Million Facebook User Records Leaked Online After Data Breach

Personal information of 533 million Facebook users has been posted to a low level hacking forum, bringing new privacy concerns to a 2019 hack. Previously, the information had been available for a fee, but is now freely available to anyone who searches for it.

Included in the leaked data are phone numbers, names, Facebook IDs, locations, birthdates, and email addresses. While Facebook claims that the vulnerability had been patched back in 2019, the information available can still be used by bad actors to try to impersonate or scam users.

Future Wi-Fi Standard May Track Your Every Move Warns Recent Paper

Within the next three years, the 802.11bf Wi-Fi standard will be released. One of the lesser-known components of the specification will be the ability of Wi-Fi devices to sense the presence, range, velocity, and proximity of people and objects.

While this new feature could usher in a wave of new and innovative products, those pushing the Wi-Fi Sensing project (SENS) haven’t considered the security and privacy issues that come along with it. In a recent paper from Northeastern University, researchers worry that this addition to the new Wi-Fi specification could lead to surreptitious monitoring as signals can penetrate walls and operate covertly.

Celebrate Safer Internet Day 2021

Safer Internet Day is a global event dedicated to making the internet a safer and better place. Initially started as an EU event in 2004, it has grown globally and is now celebrated in 150+ countries, including the United States and Australia.

This year, the theme is “Together for a better internet,” encouraging everyone “… to contribute to a safer and better internet, especially for its youngest users.” And, while physical celebrations are on hold, countries around the world are hosting online events, workshops, and more. Check out what your country is doing and how you can get involved.

Norwegian Data Protection Authority Fines Dating App Grindr

On January 25, Norway’s Data Protection Authority announced it will fine Grindr, the largest gay dating app, 100 million Norwegian kroner ($11.7 million), for illegally sharing user information with advertisers. According to a complaint filed by the Norwegian Consumer Council (NCC) in January 2020, Grindr shared personal information, like user location and device data, with advertisers, without obtaining explicit consent, as required by European data law. Grindr has until February 15 to comment on the decision.

Experts Raise Concerns Over Security Exploits in Popular Router

Security researchers have raised concerns over a potential backdoor found in Walmart’s popular Jetstream router. The backdoor allows attackers to access a user network remotely and even take control of the devices on the network.

COVID-19 Apps Raise Privacy Concerns

A recent study done by Jonathan Albright, director of the Digital Forensics Initiative at the Tow Center for Digital Journalism, analyzed the data permission requests of 493 iOS apps related to COVID-19 tracking, including contact tracing, exposure notification, screening, reporting, workplace monitoring, and more.

The study found that an overwhelming majority of the apps did not rely on Apple’s exposure-notification system, which collects Bluetooth location tracking, instead opting for more personal information. Many apps request access to information like live location tracking at all times and access to a user’s camera and microphone.

While Albright and his team found no evidence of malicious data usage, the study highlights the need for vigilance and awareness on users’ part when downloading apps.

VPN Installs Jump in Thailand After Government Crackdown on Porn

Thailand recently began enforcing a ban on pornographic content, blocking access to 191 popular adult websites, including Pornhub. The ban resulted in a 644% spike in VPN downloads as citizens looked to bypass the block.

HackerOne Releases Annual List of Top Security Vulnerabilities

Ethical hacking firm HackerOne released its annual report of the “Top 10 Most Impactful and Rewarded Vulnerability Types of 2020.” The company found that organizations paid ethical hackers over $20 million in bug bounties for finding flaws. Over the course of 2020, many companies, like Apple and ExpressVPN, embraced bug-bounty programs as a way to find flaws in their products.

October is Cybersecurity Awareness Month

Launched in 2004 by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS), Cybersecurity Awareness Month is a collaborative effort of industry and government to highlight the importance of cybersecurity. This year, the theme is “Do Your Part. #BeCyberSmart.” Each week in October, NCSA and its partners will be sharing useful tips on how you can keep your home and office (even if they are now one and the same) cyber safe.

US Move to Block TikTok, WeChat Sparks Uptick in VPN Interest

After the US government announced that it would block Chinese-owned apps TikTok and WeChat over potential national security risks, VPN companies saw a dramatic spike in interest from US users. Representatives from NordVPN, ExpressVPN, and Surfshark stated that inquires rose 20-38% after the US government’s announcement.

Recent Study Finds Major Security Flaws in 100+ Routers Models

A recent study by the German Fraunhofer Institute for Communication (FKIE) recently tested 100+ consumer routers for security vulnerabilities. These included models from popular manufacturers like Linksys, Netgear, and TP-Link. The study found that 46 models had not received a security update in the past year. And, even those that were patched more regularly contained serious security vulnerabilities. Most shockingly, the researchers found that most of the routers used outdated Linux kernels that could have been easily updated.

U.S. Considering Banning TikTok – What Does That Mean?

Earlier this week, US Secretary of State Mike Pompeo indicated that the United States is considering banning a number of Chinese social media apps, including TikTok. Pompeo’s comment reflects a growing concern among officials regarding how TikTok handles user data. While TikTok is based in the US, its parent company is China-based ByteDance. Some legislators worry that the Chinese government could force the company to hand over user data to Beijing.

Wi-Fi Customers Who Own Their Own Routers Report Higher Levels of Satisfaction

A recent poll on Wi-Fi satisfaction found that users who owned their own Wi-Fi router reported much higher levels of satisfaction with their internet connection performance compared to those who leased from their ISP.

Sony Releases First Look at the PS5

On June 11, Sony gave consumers an in-depth look at PlayStation 5 console. The new console features an all-new design, upgraded specs, and backward compatibility. Sony also released trailers for 26 upcoming titles available on the new console, including Horizon: Forbidden West and Destiny 2.