Subject: Viral App FaceApp Now Owns Access To More Than 150 Million People’s Faces And Names
Source: Forbes via beSpacific
Forbes – “And we thought we learned a lesson from Cambridge Analytica. More than 100 million people have downloaded the app from Google Play. And FaceApp is now the top-ranked app on the iOS App Store in 121 countries, according to App Annie. While according to FaceApp’s terms of service people still own their own “user content” (read: face), the company owns a never-ending and irrevocable royalty-free license to do anything they want with it … in front of whoever they wish:
Forbes category: https://www.forbes.com/
Subject: Equifax To Pay Hundreds Of Millions In Data Breach Settlement
Source: KDKA via CBS Pittsburgh
WASHINGTON (AP/KDKA) — Equifax will pay up to $700 million to settle with the Federal Trade Commission and others over a 2017 data breach that exposed Social Security numbers and other private information of nearly 150 million people. [Note – see also beSpacific updates postings and associated resources on this settlement – Proving you deserve $20,000 from the Equifax settlement will be nearly impossible]
The proposed settlement with the Consumer Financial Protection Bureau, if approved by the federal district court Northern District of Georgia, will provide up to $425 million in monetary relief to consumers, a $100 million civil money penalty, and other relief.
Under the settlement, Equifax has also agreed to strengthen its security practices going forward. Some of those practices include:
• Reorganizing its data security team;
• Minimizing its collection of sensitive data and the use of consumers’ Social Security numbers;
• performing regular security monitoring, logging and testing;
• Employing improved access control and account management tools;
• Reorganizing and segmenting its network; and
• Reorganizing its patch management team and employing new policies regarding the identification and deployment of critical security updates and patches.
Subject: 5G Wireless Network Risk Factors
Source: DHS via CISA
The Cybersecurity and Infrastructure Security Agency (CISA) has released an infographic on 5G wireless network risk factors. Although 5G technology will bring capacity, reliability, and security improvements, it may also introduce supply chain, deployment, network security, and competition and choice vulnerabilities. These vulnerabilities may affect the security and resilience of 5G networks.
CISA encourages users and administrators to review the CISA 5G infographic to better understand the risks associated with 5G wireless networks.
RSS for CISA Alerts:
Subject: Building Resilience to Foreign Interference, Misinformation Activities
Source: DHS via CISA
As part of the effort to #Protect2020, the Cybersecurity and Infrastructure Security Agency (CISA) is working with national partners to build resilience to foreign interferences, particularly information activities (e.g., disinformation, misinformation). The Department of Homeland Security (DHS) views foreign interference as malign actions taken by foreign governments or actors designed to sow discord, manipulate public discourse, discredit the electoral system, bias the development of policy, or disrupt markets for the purpose of undermining the interests of the United States and its allies.
Responding to foreign interference requires a whole of society approach—CISA has made available the following foreign interference resources to #Protect2020: [3 PDFs:]
- The War on Pineapple: Understanding Foreign Interference in 5 Steps
- Foreign Interference Taxonomy
- Social Media Bots Overview
Subject: How vulnerable are the undersea cables that power the global internet?
Source: CNN Wire via WPMT FOX43
[some history, too … ]
In 2012, Hurricane Sandy slammed into the US East Coast, causing an estimated $71 billion in damage and knocking out several key exchanges where undersea cables linked North America and Europe.
“It was a major disruption,” Frank Rey, director of global network strategy for Microsoft’s Cloud Infrastructure and Operations division, said in a statement.
“The entire network between North America and Europe was isolated for a number of hours. For us, the storm brought to light a potential challenge in the consolidation of transatlantic cables that all landed in New York and New Jersey.”
For its newest cable, Marea, Microsoft chose to base its US operation further down the coast in Virginia, away from the cluster of cables to minimize disruption should another massive storm hit New York.
But most often when a cable goes down nature is not to blame. There are about 200 such failures each year and the vast majority are caused by humans.
Subject: Vulnerabilities in Multiple VPN Applications
Source: CISA DHS via
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of vulnerabilities affecting multiple Virtual Private Network (VPN) applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages administrators to review the following security advisories and apply the necessary updates:
- Palo Alto Security Advisory PAN-SA-2019-00200
- FortiGuard Security Advisory FG-IR-18-384
- Pulse Secure Security Advisory SA44101
Subject: What Does Incognito Mode Actually Do? Here’s Everything You Need to Know
Source: Digital Trends
What does opening a browsing session in Incognito Mode actually do? Not as much as you might think. Research has shown that over 40% of people believe that using Incognito Mode hides their browsing location from the sites they visit, and around a third think that it hides browsing from employers. Not so.
Actually, privacy modes are a lot more limited than you might think: They may prevent casual records of your internet activity, but don’t go much further. Here’s everything you should know.
Subject: Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges
Source: U.S. GAO
To protect against cyber threats, federal agencies should incorporate key practices in their cybersecurity risk management programs.
- These key practices include:
- Designating a cybersecurity risk executive
- Developing a risk management strategy and policies
- Assessing cyber risks
- Coordinating between cybersecurity and enterprise-wide risk management functions
All but one of the 23 agencies we reviewed designated a risk executive. However, none of these agencies fully incorporated the other key practices into their programs. We made 58 recommendations to federal agencies to help improve their cybersecurity risk management programs.
- PODCAST: Defending Against Cyber Attacks
NB Cyber and Info security RSS feed:
Subject: Oversight committee OKs subpoena on White House use of private email
“The committee has obtained direct evidence that multiple high-level White House officials have been violating the Presidential Records Act by using personal email accounts, text messaging services, and even encrypted applications for official business — and not preserving those records in compliance with federal law,” Cummings said.
The Presidential Records Act demands that all federal employees who create documents using non-governmental email accounts forward them to their governmental accounts within 20 days.