❌ Apple’s Shazam App Boots Facebook Ads and Other Third-Party SDKs ❌

The music-recognition app that Apple bought for $400 million is removing Facebook Ads, DoubleClick, Facebook Analytics and more.

📖 Read

via "Threatpost | The first stop for security news".

🕴 POS Vendor Announces January Data Breach 🕴

More than 120 restaurants were affected by an incident that exposed customer credit card information.

📖 Read

via "Dark Reading: ".

❌ Separ Malware Plucks Hundreds of Companies’ Credentials in Ongoing Phish ❌

An ongoing phishing campaign is targeting hundreds of businesses to steal their email and browser credentials using a simply - but effective - malware.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Mastercard, GCA Create Small Business Cybersecurity Toolkit 🕴

A new toolkit developed by the Global Cybersecurity Alliance aims to give small businesses a cookbook for better cybersecurity.

📖 Read

via "Dark Reading: ".

❌ Researcher: Not Hard for a Hacker to Capsize a Ship at Sea ❌

Maritime transport still contributes in an important way to the world’s economy, with on-time shipments influencing everything from commodities availability and spot pricing to the stability of small countries. Unfortunately, capsizing a ship with a cyberattack is a relatively low-skill enterprise, according to an analysis from Pen Test Partners. With so many previously outlined ways […]

📖 Read

via "Threatpost | The first stop for security news".

🔐 Best practices for handling gaps in cloud security 🔐

Establishing sufficient cloud security is a complex challenge. Learn where your attention is best directed to achieve the best results.

📖 Read

via "Security on TechRepublic".

🕴 As Businesses Move Critical Data to Cloud, Security Risks Abound 🕴

Companies think their data is safer in the public cloud than in on-prem data centers, but the transition is driving security issues.

📖 Read

via "Dark Reading: ".

⚠ Can you really sniff out gas station card skimmers with your phone? ⚠

A viral post suggests (wrongly) that card skimmers always use Bluetooth. Anyway, just looking at nearby Bluetooth names doesn't help much...

📖 Read

via "Naked Security".

🕴 Insurer Offers GDPR-Specific Coverage for SMBs 🕴

Companies covered under the EU mandate can get policies for up to $10 million for fines, penalties, and other costs.

📖 Read

via "Dark Reading: ".

ATENTION‼ New - CVE-2018-15380

A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a).

📖 Read

via "National Vulnerability Database".

ATENTION‼ New - CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.

📖 Read

via "National Vulnerability Database".

<b>&#9939; Unsupervised Learning: No. 165 &#9939;</b>

<code>Media</code><code>Unsupervised Learning is my weekly show where I spend 5-20 hours finding the most interesting stories in security, technology, and humans, which I then curate into a 30-minute podcast & companion newsletter.</code><code>The goal is to catch you up on current events, show you the best content from around the web, and hopefully give you something to think about as well.</code><code>Subscribe to the Newsletter or Podcast</code><code>&#128737;&#65039; Security News


&#128293; The OpenAI team created an algorithm that can write news stories so well that they are refusing to release it due to potential use to create fake news. I get what they’re doing, but the odds of this not being co-developed by many other groups is close to zero over a span of months. Here’s an example of a fake story it wrote about national security, and it did this on its second try with just a few words of seeding by a human. Link

People are concerned that Twitter may not be actually deleting DMs when you delete them. Someone pulled their data archive from Twitter and found their own deleted DMs. It’s a good reminder that it’s a good policy to just consider anything you do online to be permanent. Link

Trend Micro and the Ponemon Institute created a Cyber Risk Index, which ranks from -10 to 10. Strangely, the lower the number the better, even though it’s called a Risk Index. And if you put that in a graph from left to right, the right side is better than the left side. I couldn’t even get into the way they built the numbers because I’m forced to assume that process was as bad as the interface. The whole purpose of a system like this is to be used by others, so how could you possibly make such bad choices on the UI? Link

Someone found an open Chinese database online that was being used to track the location of millions of Uyghurs in the country. Between this, the re-education camp, the mass-surveillance and social credit system, the nation-wide censorship firewall, and their colonization of Africa, it’s obvious they’re willing to do anything to win at this real-life game of Civiilization. The’ve become morally belligerent. Link

Drones will soon require visible license plates. Link

Switzerland is doing a bug bounty on their e-voting system. Link

The Pentagon is worried about China and Russia fielding ground-based lasers that can blind and otherwise disable U.S. satellites. Link

Advisories: Ubiquiti Device DDoS Potential, 75 Adobe Vulnerabilities, Android App Tracking, SAP HANA,

Leaks: 620 Million Records For Sale on Dark Web


&#9881;&#65039; Technology News


If you refresh this website you’ll get a human face, except they’re not real humans—they’re AI generated. Importantly, it’s not a collection of pre-made images getting loaded. They’re all generated on the fly. Link

Chinese phones now make up a third of the European market, and Huawei has the top position. Link

One in six Americans wear a smartwatch. Link


&#128103;&#127996;  Human News


Student debt that’s 90 or more days delinquent is now at $166 billion dollars—which is an all-time high. Link

Men who could do more than 40 push-ups had a 96% reduced risk of cardiovascular disease relative to men who could do less than 10, over a ten-year study. Link

Mars Rover Opportunity’s last words were, “My battery is low and it’s getting dark.” It was a little robot that was only supposed to work for 90 days, but it soldiered on for 15 years. And after not being able to raise her after many attempts, they sent her Billie Holliday’s I’ll Be Seeing You. It’s strange how I get emotional about such things, but I’ll miss her. I hope to be able to watch when we revive her once on the planet. Link

NASA and ESA are planning a mission to deflect an astroid. Link


&#128161; Ideas, Trends, & Analysis


The Rise of the Corporate Technology Ecosystem — My new essay on how corporations will soon become our universal and subscription-based…

⚠ Sorry, we didn’t mean to keep that secret microphone a secret, says Google ⚠

It's been off by default, Google says - not much consolation to those who don't cotton to the notion of a "secret" listening gadget.

📖 Read

via "Naked Security".

⚠ Hacker Lauri Love denied bid to get computers back ⚠

Hacker Lauri Love has failed to get his computers back six years after UK’s National Crime Agency took them as part of a criminal investigation.

📖 Read

via "Naked Security".

🔐 5 workplace technologies that cause the most employee data breaches 🔐

Some 83% of US security professionals said employees have accidently exposed sensitive customer information, according to an Egress survey.

📖 Read

via "Security on TechRepublic".

❌ 19-Year-Old WinRAR Flaw Plagues 500 Million Users ❌

Users of the popular file-compression tool are urged to immediately update after a serious code-execution flaw was found in WinRAR.

📖 Read

via "Threatpost | The first stop for security news".

⚠ Password managers leaking data in memory, but you should still use one ⚠

Several popular password managers appear to do a weak job at scrubbing passwords from memory once they are no longer being used.

📖 Read

via "Naked Security".

🕴 Security Analysts Are Only Human 🕴

SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.

📖 Read

via "Dark Reading: ".

❌ Highly Critical Drupal RCE Flaw Affects Millions of Websites ❌

Admins should update immediately to fix a remote code-execution vulnerability.

📖 Read

via "Threatpost | The first stop for security news".

🔐 How to regenerate certificates on VMware host servers 🔐

Regenerating certificates may securely resolve authentication traffic, which is not being properly encrypted.

📖 Read

via "Security on TechRepublic".

🔐 How to set the AppArmor mode for a service in Ubuntu Server 🔐

If you work with a service outside of its standard behavior, you may need to change its AppArmor profile mode.

📖 Read

via "Security on TechRepublic".