Speed Traps On Google Maps!
Billions Of Cloud Files Exposed / NBC Millennial News / HiddenWasp Stings Linux / Election Cyberthreats Enumerated By FireEye
Engadget: Google Maps speed limits and radar locations arrive in 40 countries
After running limited tests in the US and elsewhere, Google Maps is rolling out speed limit warnings and both fixed and mobile radar locations in over 40 countries, Google has confirmed to TechCrunch. The features are borrowed from Google-owned Waze and will appear in the iOS and Android Maps. The speed limit signs are located in the bottom corner of Maps and the radar and photo radar traps appear as icons on the virtual roads.
…users in France, Switzerland and Germany noted that they aren’t seeing the radar trap locations, likely because such features are illegal in those countries. In France, police are allowed to check your mobile phone for illegal apps and can levy steep fines and even confiscate your vehicle if they find them.
While both iOS and Android users can benefit from the new features, only Android users can report fixed photo radar and mobile radar location, for now.
Read More to discover all countries where this new features is rolling out.
(How long until municipalities demand behavioral information such as speed data to send us a ticket?)
Threatposts’s Tara Seals: 2.3B Files Exposed in a Year: A New Record for Misconfigs
The last 12 months has seen the exposure of a record 2.3 billion files across cloud databases and online shares, according to an analysis released on Thursday.
A report from Digital Shadows’ Photon Research Team, Too Much Information: The Sequel, assessed the scale of inadvertent global data exposure. The 2.3 billion number represents an increase of more than 750 million files since 2018 — a more than a 50 percent annual increase.
The team’s research revealed that about half of the customer data, (1.071 billion files, including personal demographic information, passport scans and bank statements, job applications, personal photos, credentials for business networks and more) was exposed via the Server Message Block (SMB) protocol — a technology for sharing files first designed in 1983.
Other misconfigured technologies included FTP services (20 percent of the total), rsync (16 percent), Amazon S3 buckets (8 percent) and network attached storage (NAS) devices (3 percent).
The exposure — including 326 million records from the U.S., 121 million from Germany and 98 million from the UK, — puts many companies at significant risk, according to the report. For instance, countries within the European Union are collectively exposing over one billion files — nearly 50 percent of the total globally (and some 262 million more than last year), meaning that GDPR-related privacy fines would be levied.
TechCrunch contributor Sarah Perez: NBC target millennials with launch of a new streaming news service
NBC’s new digital streaming news network, NBC News Now, has officially launched. The service offers viewers 8 hours of continuous daily programming from 3 PM to 11 PM on weekdays. Its goal is to capture the attention of younger news consumers — those who don’t necessarily subscribe to pay TV or watch television in a more traditional manner, and who instead often get their news from apps and various streaming channels.
NBC News Now can also be found in an app: the NBC News app for mobile devices and for TVs (by way of apps for Roku, Apple TV, and Amazon Fire TV). The service is free to stream and supported by ads. Citi is a debut sponsor as the service goes to launch.
Read More about this new streaming service at TechCrunch.
Graham Cluley writes for TripWire: HiddenWasp malware seizes control of Linux systems
Security researchers have discovered a new strain of malware called “HiddenWasp” that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers.
According to a blog post by researchers at Intezer, the malware borrows from existing malware code publicly available on the internet including the Azazel rootkit and the notorious Mirai worm.
The researchers say there are similarities between HiddenWasp and the Linux branch of the Winnti malware family, as the malware contains a user-mode rootkit, a Trojan horse and an initial deployment script.
In its initial deployment script, HiddenWasp sets up a user named ‘sftp’ on the compromised system with a hardcoded password. It would appear that the script does this to allow hackers to continue to gain access to targeted systems even if their malware is later spotted and removed.
Is it China? Find out more at TripWire.com
Luke McNamara for FireEye: Framing the Problem: Cyber Threats and Elections
This year, Canada, multiple European nations, and others will host high profile elections. The topic of cyber-enabled threats disrupting and targeting elections has become an increasing area of awareness for governments and citizens globally. To develop solutions and security programs to counter cyber threats to elections, it is important to begin with properly categorizing the threat.
Historically, FireEye has observed targeting of a wide range of organizations connected to elections. In considering their role and criticality to the process of elections, these various entities can be grouped into three categories: core election infrastructure, supporting organizations involved in the administration of elections, and other groups that have a participatory role in the electoral process. All of these entities may be targeted for a variety of reasons to influence or collect intelligence on the electoral process and participants.
To counter and mitigate risks to elections, properly categorizing the specific activity and intent is important. While terms like “election interference” are often used to describe all of the threats in this space, some of the malicious activity FireEye has witnessed may fall outside this definition. Broadly speaking most election-related threats can be thought of in four categories: social-media enabled disinformation, cyber espionage, “hack and leak” campaigns, and attacks on critical election infrastructure.
Of the activity described here, FireEye has observed a full spectrum of campaigns by Russian-nexus actors, from carrying out intrusions into organizations and stealing data, leaking that data through online personas and fronts, as well as targeting of election infrastructure. From limited observations, China has for the most part focused solely on cyber espionage operations, as in the case of activity FireEye reported on in the targeting the 2018 Cambodian election. From various motivations, FireEye has also witnessed limited evidence of activity from hacktivists and criminal entities in targeting parts of the election ecosystem.
Read the deeper details and conclusions reached at FireEye.
Help me spread the news! Share this blog with the social media buttons on the left side of this page.
Get updates throughout the day from my Twitter feed @Weym0 Subscribe free to the “Your Tech Moment” blog, the RSS feed, the Amazon Skill for your Flash Briefing, listen to the podcast from SoundCloud, Stitcher, and Spotify… or watch on YouTube.
If you have a special news item you’d like us to promote or if you would like to sponsor this podcast with an embedded advertisement, please follow me on Twitter and when I follow you back, send a direct message to get more information.
