Gabriel Kojima

Google still lets third-party apps scan your Gmail data https://money.cnn.com/2018/09/20/technology/google-gmail-scanning/index.html Google is defending its policy to allow third-party apps to access and share data from Gmail accounts, according to a letter made public Thursday. Gmail, which has over 1.4 billion users globally, lets third-party developers integrate services into its email platform, such as trip planners and custom relationship management systems. "Developers may share data with third parties so long as they are transparent with the users about how they are using the data," Susan Molinari, VP of public policy and government affairs for the Americas at Google, said in the letter to Senators, which was obtained by CNNMoney.

Full disclosure: Benchmarking data reveals the human error in privacy  incidents https://iapp.org/news/a/full-disclosure This month, we are returning to this topic to dig deeper into incident intent classifications and how they can be further broken down into specific scenarios. To level set, looking at data from January 2017 through July 2018, we can see that the vast majority of incidents fall into one intent classification: ·           Intentional, malicious intent: 0.86 percent of incidents. ·           Intentional, not malicious intent: 2.78 percent of all incidents. ·           Unintentional or inadvertent intent: 96.33 percent of all incidents. The numbers show that unintentional or inadvertent incidents — those typically caused by human error rather than malicious intent such as hacking — are by far the most common. ...

Cyber security is changing, and so is the way it’s being sold https://www.itworldcanada.com/article/cybersecurity-is-changing-and-so-is-the-way-its-being-sold/409213 Cyber security vendors still have sales targets to meet and their own products to glorify, but a “weird sales dynamic,” as Brian Krause describes, is also creeping its way into the market. “Every single person in here is a salesperson, there’s no denying what we’re doing here … it’s our software first,” said the director of North American channels for Centrify, referring to a room full of cyber security vendors at Optiv Security‘s 2018 Toronto Enterprise Security Solutions Summit last week. “But we’re seeing more, especially in the software community, most of us are partnering with each other.”

BlackBerry CEO John Chen warns driverless cars could turn into fully loaded weapons if hacked https://business.financialpost.com/technology/driverless-driverless-cars-could-be-fully-loaded-weapons-if-tech-i Driverless cars could be hacked and deployed as “fully loaded weapons,” according to the chief executive of BlackBerry. Best known for its smartphones, the company is developing software for driverless cars in partnership with Baidu, the Chinese web search giant. John Chen, BlackBerry’s chief executive, said driverless cars were programmed with more lines of code than a typical fighter jet, offering enormous scope for hackers to exploit vulnerabilities to insert malware

https://globalnews.ca/news/4476625/ncix-server-data-breach/ Privacy advocates are raising the alarm after data potentially belonging to thousands of Canadians allegedly made its way onto buy-and-sell website Craigslist. The information was contained on servers and hard drives formerly owned by Vancouver-based computer retailer NCIX. The company went bankrupt last December, and its inventory was auctioned off. Link to the original source article and principle investigation below. Very interesting read! https://www.privacyfly.com/articles/ncix_breach/

Vodafone Tells Hacked Customers with "1234" Password to Pay Back Money https://www.bleepingcomputer. com/news/security/vodafone- tells-hacked-customers-with- 1234-password-to-pay-back- money/ A Czech court recently sentenced two hackers to three years in prison for accessing Vodafone customer's mobile accounts and using them to purchase 600,000 Czech Koruna worth of gambling services. Vodafone reportedly wants the hacked victim's to pay for these charges as they were using an easy password of "1234". According to reporting from Czech news site  idnes.cz , the hackers accessed mobile customer's accounts by using the password 1234. Once they were able to gain access, they ordered new SIM cards that they picked up from various branches. As they knew the phone number and password they were able to pick up the SIM card and install it in their phones without any other verification. This allowed the attackers to charge over 600,000 Czech K...

Apple Removes Top Security App For Stealing Data and Sending it to China Apple removed today a very popular anti-malware app called Adware Doctor from the Mac App Store because it was gathering browsing history and other sensitive information without a user's permission and then uploading it to someone in China. Adware Doctor is promoted as an anti-malware and adware protection program that claims to be able to protect your Mac from malicious files and browser from adware. This program was the #1 paid utility in the Mac App Store with a 4.8 star rating and over 7,000 reviews. https://www.bleepingcomputer. com/news/security/apple- removes-top-security-app-for- stealing-data-and-sending-it- to-china/

Teenage hacker admits making hoax bomb threats against schools and airlines British police have announced that they have arrested a 19-year-old man in connection with a series of hoax bomb threats and distributed denial-of-service (DDoS) attacks. George Duke-Cohan (who goes by online aliases such as “7R1D3N7”, “DoubleParallax”, and “optcz1”) is also reported to be a member of the Apophis Squad hacking gang, which has launched denial-of-service attacks against secure email provider ProtonMail, and cybersecurity blogger Brian Krebs. https://hotforsecurity. bitdefender.com/blog/teenage- hacker-admits-making-hoax- bomb-threats-against-schools- and-airlines-20309.html

Facebook, Twitter try to limit U.S. regulation at hearing Senior executives of Facebook and Twitter faced a Congressional committee Wednesday morning trying to limit the amount of regulation the U.S. government might impose on social media companies in the wake of increasing evidence that foreign organizations are using them for disinformation campaigns there and in other countries. “Actions taken show how determined we are to do everything we can do to stop this from happening,” said Facebook COO Sheryl Sandberg. She noted the company has more than doubled the number of people working in its safety and security divisions to 20,000, reviewing reports in 50 languages. With the use of machine learning Facebook is more proactive in finding abuse, she said. In the first three months of this year over 85 per cent of violent content was either taken down or added warning labels before they were reported. “We are now blocking millions of attempts to register false accounts each and e...

The company, one of the world's biggest makers of smartphones and telecommunications equipment, took the unusual step of publishing an open letter to Australian lawmakers on Monday. Recent public comments linking Huawei to security concerns "are ill informed and not based on facts," Huawei Australia's chairman and two board directors wrote in the letter. Australian wireless carriers will soon need to hire companies to build new superfast mobile networks. But Huawei faces opposition from Australian national security agencies, according to reports last week from outlets including the Australian Financial Review and the Australian Broadcasting Corporation. The concerns are linked to alleged ties between Huawei and the Chinese government, according to the reports. Related: What is 5G? In its open letter, the company insisted that it is "a private company, owned by our employees with no other shareholders." But the company has been dogged by securi...

http://money.cnn.com/2018/06/ 18/technology/apple-911- location/index.html Your smartphone knows your location well enough to send a car to where you're standing in a busy city, map a morning run through the woods, or navigate inside an airport. But if you call 911 from that same mobile phone, emergency responders will only have a vague sense of where to send an ambulance, fire truck, or police car. The difference in distances can be the difference between life and death. Apple is rolling out a new feature in its next iPhone software update to send emergency responders instant, precise location information in the US. The update, coming in iOS 12 later this year, calculates a caller's location based on data collected from WiFi access points, nearby cellular towers, and GPS. The tricky part isn't finding out where a caller is — Apple has been using its hybrid location technology since 2015 — but relaying that information to a fragmented and aging 911 system built f...

Virtually everything that’s connected to the internet can be hacked With that in mind, questions have been raised over the past few years regarding whether the increasing digitization of airline operations and flight controls puts in-flight aircrafts at risk of becoming the victims of cyber threats. The U.S. Department of Homeland Security (DHS) reported in government documents, obtained by Motherboard, that it’s “only a matter of time” before cyber criminals are able to hack and remotely control an airplane. “Potential of catastrophic disaster is inherently greater in an airborne vehicle,” a section of a recent presentation from the Pacific Northwest National Laboratory (PNNL), a Department of Energy government lab, reads. https://globalnews.ca/news/ 4267715/airplane-hack-only- matter-of-time/

OTTAWA–Canada’s electronic spies have been given almost total responsibility for defending the federal government’s computer networks against cyber attacks and hacks. Under the Liberal government’s updated cyber security plan, released Tuesday, the Communications Security Establishment (CSE) will become a “one-stop shop” for defending federal networks and systems. The federal government has announced the establishment of a new Canadian Centre for Cyber Security. Public Safety Minister Ralph Goodale says the centre will provide expert support to governments, businesses and individuals. (The Canadian Press) “(We’ll) be defending Government of Canada networks, unlike (our assistance) to the private sector where we’ll typically be providing advice and guidance,” Scott Jones, the head of CSE’s IT Security branch, told the Star. “It’ll be an integrated defence for any Government of Canada organization.” Currently the responsibility to protect the federal government’s networks is shar...

As part of efforts to bolster the nation's readiness to deal with health disasters and emergencies - natural and man-made - Congress is considering beefing up the focus on healthcare sector cybersecurity issues in legislation to reauthorize the Pandemic and All-Hazards Preparedness Act, which was enacted in 2006. A Wednesday hearing of the House Energy and Commerce Committee's Subcommittee on Health focused on bipartisan draft legislation, the Pandemic and All-Hazards Preparedness Reauthorization Act of 2018 introduced by Rep. Susan Brooks R-Ind., and Rep. Anna Eshoo, D-Calif. The legislation seeks to beef up the nation's ability to prepare for and respond to health threats from infectious diseases, bioterrorism, chemical attacks, radiological emergencies and cybersecurity incidents. https://www.databreachtoday. com/congress-considers-ways- to-beef-up-healthcare- cybersecurity-a-11060

How to Wrestle Your Data From Data Brokers, Silicon Valley — and Cambridge Analytica Making statistically informed guesses about Americans’ political beliefs and pet issues is a common business these days, with dozens of firms selling data to candidates and issue groups about the purported leanings of individual American voters. Few of these firms have to give your data. But Cambridge Analytica is required to do so by an obscure European rule. How You Can Request Your Data From Cambridge Analytica: 1.       Visit Cambridge Analytica’s website here and  fill out this web form . 2.       After you submit the form, the page will immediately request that you email to  data.compliance@ cambridgeanalytica.org  a photo ID and two copies of your utility bills or bank statements, to prove your identity. This page will also include the company’s bank account details. 3.       Find a way to send ...

GATINEAU, Que. — Owners of Quebec-based ticket reseller 514-BILLETS have agreed to offer $10 rebate coupons to 7,500 clients in the first application of Canada’s anti-spam law involving unsolicited messages sent to mobile phones.    The Canadian Radio-television and Telecommunications Commission alleged that 514-BILLETS violated the law by sending text messages without the consent of recipients.   It also alleged the ticket reseller didn’t identify the person who sent the messages or provide information so that recipients could contact the sender. The 514-BILLETS service primarily resells tickets for sporting and cultural events.  It is owned by two numbered companies — 9118-9076 QUEBEC INC. and 9310-6359 QUEBEC INC. — which have agreed to pay $75,000 in rebates and $25,000 to the federal government to settle the case. The CRTC said the companies will also appoint an officer responsible for making sure the organization complies with Canada’s anti-spam law , ...

Yahoo's parent company has dropped a controversial new term of service that would have required its Canadian users to share data from their friends and contacts, including phone numbers, with the U.S.-based multinational group. The Office of the Privacy Commissioner confirmed Tuesday that the company known as Oath, which owns Yahoo, Tumblr, AOL, Huffington Post and other businesses, had agreed to remove the clause following complaints.   People who used the Yahoo email service provided with their Rogers accounts were among the first to complain about the clause, which was within Oath's recently revised terms of service.  Terms of service, in general, outline the legal obligations of the provider and the user. In the case of Oath, which operates on a global scale, there were sections specific to different countries and regions. Rogers Communications Inc. issued a statement Tuesday saying it knows some customers had concerns about Yahoo's clause related to personal c...

Almost a third of Canadian businesses unknowingly divulged sensitive information — including customer data — to phishing scams in 2017. According to the first Canadian Internet Security Survey conducted by the Canadian Internet Registration Authority (CIRA), this can be traced to a large gap between cybersecurity awareness and personal protection. “Cybersecurity, whether it be for your home, your business or your corporation, is a prominent subject across all sectors … but the education associated with that is not a one-stop shop. It’s a long, complex process,” said Dave Chiswell, VP of product development at CIRA said in an interview. While all businesses face cybersecurity challenges as attacks grow more sophisticated, small businesses without the resources to invest in expensive precautions often leave themselves vulnerable to these attacks,  Chiswell said. The report states that 77 per cent of small businesses that own their own domain are concerned about becoming the ...

Senior officials at the White House, including ousted communications director Anthony Scaramucci, were duped by an email prankster after being sent a series of messages that appeared to come from other top aides in the Trump administration, CNN first reported Monday night.    The anonymous prankster , who lives in Britain and tweets using the handle @SINON_REBORN, reportedly  posed as White House Chief of Staff Reince Priebus  in one of the email chains to Scaramucci shortly after Priebus announced his resignation last week.  “At no stage have you acted in a way that’s even remotely classy, yet you believe that’s the standard by which everyone should behave towards you?” a mock Priebus emailed. “General Kelly will do a fine job.  I’ll even admit he will do a better job than me.  But the way in which that transition has come about has been diabolical.  And hurtful. I don’t expect a reply.  ”Scaramucci replied: “Yo...

   German authorities suspect the Russian cyber espionage group, “Snake” (aka “Turla” or “Uruburos”), to be behind an attack on the government’s computer network. The authorities only became aware of it in December; they believe the attack had been under way for a year .  Snake is believed to have links to Russian intelligence.     The group’s existence was revealed in 2014 as it was believed to be behind the aggressive cyber espionage operations against Ukraine and a host of other European and US government organizations for nearly a decade. Security sources believe Snake gained access to the network via the German Federal Academy of Public Administration. The attackers seem to have implanted malware and then searched the federal government’s extensive server network for a way into the German foreign ministry, with particular interest in information about Germany’s Russia policy.    The German domestic intelligence agency’s report ...

Visa said last week that two years after US retailers started deploying terminals that could read chip-based credit and debit cards, reports of counterfeit card fraud have dropped by 70%. While modern chip-based payment cards - also known as EMV (Europay, MasterCard, Visa) cards after the three organizations that promoted the new technology - are the standard payment card issued in most regions of the globe, the US has always lagged behind.   The reasons are many, but most banks and retailers cited that it would be more costly to issue new EMV cards and replace classic magnetic strip payment terminals with modern devices that could also accept EMV cards.   But  US banks and retailers got a kick in the behind in 2015 after a series of hacks at high-profile retailers such as Home Depot and Target.  Hackers stole a large number of card numbers during those incidents, which fueled a sudden rise in counterfeit magnetic strip cards that criminal groups use...

Romance scams are different from other scams.  They prey on lonely people looking to connect with someone, and can often take months to develop to the point where money changes hands.  The emotional harm to the victim can be even more painful than the monetary loss.  The spread of online dating sites and apps has made this fraud even easier to commit.    Victims in the US and Canada have reported losing nearly $1 billion over the last three years, and BBB estimates there may be more than a million victims in the U.S. alone. Because most people do not file complaints about romance scams with BBB or law enforcement, this may just be the tip of the iceberg.   BBB’s study, “Online Romance Scams: How Scammers Use Impersonation, Blackmail, and Trickery to Steal from Unsuspecting Daters” looks at how these scams work, who the scammers are, and what is being done to combat them. Anatomy of a Romance Scam -  Experts identify several distinct stages of t...

According to the 2018 Scalar Security Study (commissioned by Scalar and conducted independently by IDC Canada),  Canadian organizations are attacked in varying degrees of severity more than 450 times per year, with 87 per cent suffering at least one successful breach.  Almost half (46 per cent) are not confident in their ability to defend against attacks.    “As cybersecurity breaches become the new normal, organizations can’t be complacent.  Many companies are still reporting gaps in their defences despite hiring full-time security staff, which may point to a deficit in the availability of highly skilled IT workers,” said Theo Van Wyk, Chief Security Architect, Scalar Decisions.  “The rising number of high-impact breaches coincides with the increasing costs of recovery.” The study, examining the cybersecurity readiness of Canadian organizations and year-over-year trends in handling and managing growing cyber threats, also found:  (1) Of the c...

A federal grand jury has indicted 13 Russian nationals and three Russian entities for a massive operation intended to interfere with the 2016 US presidential election.  US Special Counsel Robert Mueller has accused the defendants of posing as Americans to sway election results.  The Internet Research Agency, a Russian organization, and the 13 actors reportedly began targeting the United States back in 2014.    Mueller's indictment claims they "had a strategic goal to sow discord in the U.S. political system, including the 2016 U.S. presidential election."   To do this, they launched an operation to support the Trump campaign and denigrate Hillary Clinton.  In April 2014 the agency formed a department focused on the US population and operated on social platforms including Facebook, Instagram, Twitter, and YouTube.  By 2014, its strategy included fomenting distrust in US presidential candidates and the US political system. Activity included buying...

The federal government is embarking on a new pilot program that will allow people to cross borders faster if they create a digital profile filled with their personal information on their mobile devices.   The  Known Traveller Digital Identity  is a joint venture between the governments of Canada and the Netherlands, and will be tested first on travelers going between those countries.  The plan is to have it ready for a wider global roll out by 2020. The project announcement was made at the Davos World Economic Forum last month  but has mostly flown under the radar.  According to the World Economic Forum document outlining the program, international traveler arrivals are expected to jump from 1.2 billion in 2016 to 1.8 billion by 2030.  This will increase risk and security requirements for the aviation and travel and tourism sectors.  Much like other trusted-traveler programs — such as Nexus, which allows people quicker movement between Cana...

A telephone scam sweeping Calgary and Alberta  has prompted a warning to ignore missed overseas calls. Tony Tighe reports.  The  one-ring scam  is back and is catching a new wave of unsuspecting cellphone owners.  The calls show up on your phone as a missed call and come from overseas locations like Albania, Macedonia or the Seychelles. Ebun Edewole got one while she was sleeping at  2 a.m.  and thought it was a relative from overseas.  She waited until morning to call back, but when she checked again, didn’t recognize the number.  “Ever since then, I get at least one a day, maybe in the morning and then in the evening,” Adewole said.  “I thought maybe my phone number was on a weird website or something or I thought it was a telemarketer.  “It wasn’t until I started looking it up that I thought it might be a scam.” According to the Calgary Better Business Bureau (BBB), it’s called the one-ring scam or the Japanese name “Wan...