TechLetters #110 US offensive cyberoperations in context of mid-term elections. PyTorch infected with malware. LastPass password manager breach #GDPR fine for Microsoft
Happy New Year! TechLetters Insight likely to come this week, too.
Security
Offensive cyber operations by US in context of local elections. In 2022: “The U.S. military's Cyber Command hunted down foreign adversaries overseas ahead of this year's mid-term elections, taking down their infrastructure before they could strike”. Target unknown this time. In 2018, US Cybercommand did this vs a Russian company.
Somewhat a password replacement Passkeys now supported by Apple and Google ecosystems. Other platforms to follow, soon. Tolerable user-interface, leak/theft-resistant. Uses smartphone unlock function to authenticate. Soon, this will be considered state of the art. I predict GDPR fines for not supporting this, at some point.
Password manager breach. LastPass password manager breached "threat actor copied information from backup that contained customer information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses". No recommended actions that users need to take due to secure default settings (if these were used/followed by the user).
PyTorch breached. Development version of the world-critical machine learning framework infected with malware. Take note if you use it.
Hacking Nintendo. Oh no, console game can be hacked. Vulnerable: Nintendo 3DS, Wii, Switch.
Privacy
Data Protection fine for Microsoft/Bing. 60,000,000 (and +€60,000 a day of delay until a fix is compliant) GDPR-ePrivacy fine for Microsoft (Bing.com) by the French DPA CNIL. "Cookies set without their consent, while MS was pursuing, in particular, an advertising objective".
Face blurring library from google. Here.
In case you feel it's worth it to forward this content further:
If you’d like to share: