Welcome to Metacurity’s Friday Report where we wrap up the week and identify the big threads that emerged from the mass of infosec-related news reports published during the week.
In the U.S. the week was a weird one with the July 4th holiday coming as it did during the middle, giving everyone an excuse to slack off a bit in the days preceding and following the holiday. So, not a lot of ground-breaking news got broke during the bi-furcated week, but one recurrent data security theme emerged: a whole lot of sneaky data sharing appears to be going on.
First, as part of a more than 700-page document dump to the House Energy and Commerce Committee late Friday evening, Facebook revealed to Congress that it shared user data with 52 hardware and software-making companies, including some Chinese firms that considered national security threats.
As an aside, Facebook’s steadily flowing data sharing revelations, particularly its role in the Cambridge Analytica scandal, may cause the social media giant’s legal fees to soar given the growing number of federal agencies digging into Facebook’s data sharing arrangement with Donald Trump’s former data analysis firm.
Another Silicon Valley giant, Google, made its own big data sharing news this week when the Wall Street Journal reported that third-party developers are reading the private emails of Gmail users even as Google itself promised to stop scanning the inboxes of its users. Google confirmed the practice but said (some say weakly) it vets those third-party apps and services that have access to sensitive Gmail data.
In what appeared to be a screw-up data sharing arrangement, a coding error resulted in the sharing of confidential health information for 150,000 patients in England in clinical audit and research despite these patients’ requests that the data not be shared for research purposes, the UK’s NHS said.
Finally, in the out-and-out sneaky data sharing category, Google and Mozilla have removed the Stylish browser extension from their respective add-on stores following a report by software engineer Robert Heaton that accused the extension of logging users’ browser histories and sending the data to remote servers.
Despite the holiday week, a lot more happened in cybersecurity, so check out Metacurity’s homepage or scroll back day-by-day using the calendar function at the top the of the page.
With that, we leave you with a nostalgic tweet that uncannily signaled the sock-puppet-Russian-bot-Twitter-troll universe we now all live in.
— Mikko Hypponen (@mikko) July 5, 2018
Be safe and be sane out there!