Oh boy, victim blaming! That'll make everyone who was in the data breach feel better! Do not use biometrics to log in, you can't change your iris or fingerprint, your fingerprint isn't as unique as everyone thought, and cops can force you to unlock a device locked with biometrics but not pin/password.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #49/2023 is out! It includes the following and much more:
➝ 🔓 🧬 #23andMe updates user agreement to prevent #databreach lawsuits
➝ 🔓 🇺🇸 Hackers Exploited #ColdFusion Vulnerability to Breach Federal Agency Servers
➝ 🔓 🇺🇸 #Navy contractor Austal USA confirms #cyberattack after #dataleak
➝ 🔓 🇯🇵 #Nissan is investigating cyberattack and potential data breach
➝ 🔓 🇬🇧 Sellafield nuclear site hacked by groups linked to #Russia and #China
➝ 🔓 👾 #Roblox, #Twitch allegedly targeted by #ransomware cartel
➝ 🇰🇵 N. Korean #Kimsuky Targeting South Korean Research Institutes with #Backdoor Attacks
➝ 🇷🇺 🦠 ITG05 operations leverage #Israel-#Hamas conflict lures to deliver Headlace #malware
➝ 🇷🇺 Russian military hackers target #NATO fast reaction corps
➝ 🇮🇪 🇮🇱 Cyberattack on Irish Utility Cuts Off Water Supply for Two Days
➝ 🇷🇺 🇬🇧 Russia hacking: '#FSB in years-long cyber attacks on UK', says government
➝ 🇷🇺 🤖 Russia's AI-Powered Disinformation Operation Targeting #Ukraine, U.S., and #Germany
➝ 🇷🇺 📨 #Microsoft Warns of Kremlin-Backed #APT28 Exploiting Critical #Outlook Vulnerability
➝ 🚢 💊 Inside Job: How a Hacker Helped Cocaine Traffickers Infiltrate Europe’s Biggest Ports
➝ 📱 🕵🏻♂️ Governments spying on #Apple, #Google users through push notifications - US senator
➝ 🤖 🕵🏻♂️ Due to AI, “We are about to enter the era of mass spying,” says Bruce Schneier
➝ 🇺🇦 🫡 Ukraine appoints new cyber chief following ouster of top officials
➝ 🇳🇴 💰 Norwegian Labor and Welfare Administration fined for data protection failures
➝ 🇫🇷 💬 French government recommends against using foreign chat apps
➝ 🐛 🛜 "Sierra:21" vulnerabilities impact #criticalinfrastructure routers
➝ 🎠 🇹🇭 New Stealthy 'Krasue' #Linux Trojan Targeting #Telecom Firms in Thailand
➝ 🦠 🤖 SpyLoan #Android malware on Google Play downloaded 12 million times
➝ 🦠 #LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks
➝ 🔓 💻 Just about every #Windows and #Linux device vulnerable to new LogoFAIL firmware attack
➝ 🔐 💬 #Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger
➝ 🔐 Addressing post-quantum #cryptography with #CodeQL
➝ 🤖 📨 #Gmail’s AI-powered #spam detection is its biggest security upgrade in years
➝ 📱 🔓 Your mobile password manager might be exposing your credentials
➝ 🐛 #Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks
📚 This week's recommended reading is: "The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws" by Dafydd Stuttard
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
You would NEVER give a security-incompetent company your data if you could avoid it, right? Triple that sentiment when the data is granular genetic information -- yes, I'm talking about 23andMe, which has had a catastrophic hack.
Guess what? If a close relative gave them the DNA, you're screwed, too.
You didn't invite a breach of your most personal information, but your well-meaning relative inadvertently did.
We need laws that require your consent, not just theirs.
Your post makes some very incorrect claims about DNA testing and #GeneticGenealogy.
Yes, hackers stole the DNA information for people who tested with #23AndMe. No, the DNA data of people who did NOT test with them was NOT stolen--because it was never there.
Relationships can be deduced using #DNA (IF YOU HAVE EXISTING FAMILY TREE FILES to pair it with, and the MANY hours to group your results into family lines)....but your specific #Genetic information (hereditary diseases, eye color, etc.) is NOT in the database, because that cannot be accurately deduced based only on your relatives' DNA.
Those of us who research #Genealogy know well that #DNAtesting is not for the faint of heart. You tend to get...surprises (like "Grandpa cheated").
You're also handing your DNA results over to a company (and sometimes copying this to other websites), so you have to trust them to keep it safe, just like you do with any bank, employer, tax return prep company, big data company, etc.
In was bin ich denn da reingetreten? Wie kann man so sehr verleugnen, dass private Daten von Menschen, bei der Veröffentlichung genau dann zum Problem werden, wenn der Kontext an Information rechtsextremen Menschen in die Hände spielt.
Aber man kann ja alles wissenschaftlich derailen, dass es kein Problem sei, Daten jüdischer Menschen wären kein Problem, weil deren DNA "Mensch" ist und man das daraus nicht erkennen könne.
Die Personen haben selbst angegeben, Juden zu sein. Die Daten wurden so als gruppierter Satz im Darknet angeboten und verkauft.
DAS IST DAS PROBLEM.
Da kann man sich das noch so schönreden, dass die genetischen Marker ggf. wertlos sind, weil das den Personen egal sein wird, die Interesse an den Daten haben. Denen geht es nur darum ihre Listen aufzubauen, gerne mit pseudowissenschaftlicher Bestätigung.
Solche Infos in Händen von Antisemiten ist eine Katastrophe.
#Cybersecurity#DataProtection#Privacy#ClassAction#23AndMe: "The older ToS also required users to waive rights to a class action, asking users to agree that "any arbitration shall be conducted in our respective individual capacities only and not as a class action, and you and we each expressly waive our respective right to file a class action or seek relief on a class basis." But the previous version also included a now-omitted stipulation that following arbitration, 23andMe users could turn to a federal or state court to "adjudicate the party’s claim or prayer for 'public injunctive relief.'"
This language has now been updated, drastically cut down, and positioned much more prominently."
Following the breach of 6.9 million 23andMe users, the DNA and ancestry company has changed its terms of service. Axios asks a law expert whether the change will protect them from customers who might wish to take legal action.
Sure, the #23andMe leak was bad, but seriously, if people are afraid that something bad might happen if their #DNA got leaked, I wonder whether they really honestly believe that their DNA is a "secret"?
Just like fingerprints, you leave your DNA everywhere you go.
It has never been a problem for suitably motivated and resourced actors to get your DNA. Or #fingerprint. Unless you are extremely motivated to keep both secret, but in that case you wouldn't have used 23andMe, would you?
@ljrk@lexd0g
And yes, I think that instead of Passkeys we should've yeeted SSL for PGP as this would've made login-bruteforcing like with #23AndMe more resource-costly, slower to do and more likely to get caught early on.