Friday 10 May 2019

Photo App Pivots to Violating Its Users’ Privacy

MFW I Learned: WTF?


Ever AI is accused of playing fast and loose with user privacy. An investigation alleges it’s been using billions of private photos from millions of users to train an AI facial-recognition product—aimed at enterprises, police forces and the military.

The app, formerly known as EverRoll, doesn’t get informed consent from its users, say critics. Since the story broke, the company has updated its privacy policy a little, but that’s hardly the point.

On the face of it, this isn’t a good look for Ever. In today’s SB Blogwatch, we go live in a cave, forever.


Read more: securityboulevard.com/2019/05/photo-app-pivots-to-violating-its-users-privacy

Thursday 9 May 2019

China eats NSA's lunch, uses its zero-days for a year

NOBUS? NOPE.


Chinese state-sponsored hackers have been making fools of the US National Security Agency. It turns out that Shadow Brokers weren’t the first to steal the NSA’s secret exploits.

“NObody But US”—NOBUS, the NSA doctrine of not reporting vulnerabilities so it can keep them for itself—is once again under fire. It’s now believed that China has been using the NSA’s own spy tools since early 2016—months before any previously known leak.

You gotta be kidding me! Nope. In this week’s Security Blogwatch, we jest not.


Read more: techbeacon.com/security/china-eats-nsas-lunch-uses-its-zero-days-year

Monday 6 May 2019

Git Code Repos Held to Ransom – Thousands Hacked

Git Hit


Many private Git repositories are at risk of being leaked to the public. Anonymous hackers have wiped victims’ code and are demanding Bitcoin.

Or else? Or else they’ll open-source it for you. And then everyone will be able to see your soopah-sekrit sores, bruh.

But how? The way they broke in is making many scratch their head: It seems people had been publishing their GitHub, GitLab or BitBucket credentials on the web.

FAIL! You could say that. In today’s SB Blogwatch, we furiously facepalm.


Read more: securityboulevard.com/2019/05/git-code-repos-held-to-ransom-thousands-hacked