Global Cyber News Digest

GE anesthesia machines can be exposed to hackers: DHS

Source: FOX News
By: Brooke Crothers
Published: July 11, 2019

* GE anesthesia machines are ripe for tampering, according to a new DHS advisory.
* GE Healthcare is aware of the vulnerability, issuing a statement that says there is "potential ability to modify gas composition parameters...modify device time and silence alarms after the initial audible alarm," according to the GE Healthcare website.

Israel Cyber Body Issues Warning on AI Phishing Attack that Uses AI to Imitate Voices

Source: News18
By: IANS
Published: July 11, 2019

* In a warning, an Israeli cyber body has unearthed a new type of attack where hackers are using Artificial Intelligence (AI) technology to impersonate senior company executives.
* The main innovation is the attacking software, which learns to mimic the voice of a person defined for it and makes a conversation with an employee on behalf of the Chief Executive Officer (CEO).

People 'have no clue' how much data Facebook and Google collect, antitrust advocate says

Source: Yahoo! News
By: Jon Ward
Published: July 10, 2019

* Facebook and Google have reached so far into the private lives of their users without their knowledge that they are committing "a fraud on the American people," said a prominent advocate of stricter government regulation for the tech giants.
* "The amount of data that Facebook and Google are collecting about the average person is absolutely insane, massive, widespread, ubiquitous, and I think honestly, a fraud on the American people that the people don't understand that this is happening," said Sally Hubbard of the Open Markets Institute, an organization that advocates curbing the power of monopolies.

K12.com exposed 7 million student records for a week

Source: Engadget
By: AJ Dellinger
Published: July 10, 2019

* K12.com, an online education platform, inadvertently exposed the personal information of nearly seven million students, according to security researchers at Comparitech.
* The exposed database contained full names, email addresses, birthdates and gender identities, as well as the school that the students attend, authentication keys for accessing their accounts and other internal data.

Arlington Investigating Cyber Attack on County Payroll System

Source: ARLnow
By: FNU LNU
Published: July 10, 2019

* In a statement, the county says a number of employees were impacted by the intrusion, but did not specify the exact number or impacts. The intrusion appears to be the result of a "phishing" email targeting county employees and not a hack, the press release suggests.
* Arlington's cybersecurity division previously told ARLnow that it was staffing up and training county employees in light of the growing number of cyber attacks. The county budgeted $60,000 for the department to teach county employees how to avoid phishing emails, among other security best practices.

Face off: Congress questions use of Americans' biometric data

Source: Federal Times
By: Andrew Eversden
Published: July 10, 2019

* Lawmakers on Capitol Hill expressed concerns over the U.S. Customs and Border Protection's use of facial recognition technology on American citizens, questioning CPB's right to even collect it.
* At many airports across the country, this process is done manually. But there are facial recognition systems in place at airports such as Washington Dulles International and New York John F. Kennedy International, along with numerous other large U.S. airports, according to the CBP biometrics website.

DDOS ATTACKS SURGE AROUND THE WORLD: CHINA AND US STILL THE LARGEST SOURCES, BUT THEIR SHARE KEEPS DROPPING

Source: KODDOS
By: Ali Raza
Published: July 9, 2019

* DDoS attacks continue to grow in numbers around the world, with each new quarter bringing new reports of increased hacking activity.
* The fact that the most compromised devices are in China does not necessarily mean that the attackers themselves are based in China. It is just as possible that the attackers are simply compromising more devices in China.

UK proposes another huge data fine. This time, Marriott is the target

Source: CNN Business
By: Charles Riley
Published: July 9, 2019

* Marriott faces a $124 million fine for failing to protect customer data, the second major penalty proposed this week by UK regulators under Europe's tough new privacy rules.
* The hotel chain said in a regulatory filing Tuesday that Britain's Information Commissioner's Office intends to impose a £99 million ($124 million) fine under the General Data Protection Regulation (GDPR).

Google Finds iPhone Text Bomb That Can Only Be Fixed with a Full Wipe

Source: Softpedia News
By: Bogdan Popa
Published: July 8, 2019

* Text bombs have been around for a long time on iPhones, but this time it's a serious one, as it can only be fixed with a full device wipe that would obviously lead to data loss too.
* Specifically, Google's Project Zero engineers discovered that sending a malformed message via iMessage to an iPhone or Mac leads to various issues on these devices.

10 times malware proved that MacOS isn't bulletproof

Source: SecurityBrief
By: Sara Barker
Published: July 8, 2019
* In the first six months of 2019 there have been at least ten types of malware specifically targeting macOS, indicating that Mac users need to come to terms with the fact that their devices are not immune from attack. * According to security firm SentinelOne's Phil Stokes, cybercriminals are targeting Apple's Mac platform more often - and they're exploiting it.