The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.
Music-Oriented YouTube Channels Hacked
Within the last week, hackers have defaced multiple YouTube music videos, focusing largely on Vevo channels with high view counts. Most of the videos were quickly taken down after suspicious upload activity was found on several accounts, leaving some videos with the statement “Free Palestine” in the description. Vevo worked quickly to resolve the defacement and is in the process of returning the affected videos to viewable status.
Pen Test Reveals Security Risks for Radar
Researchers have recently been working to determine if radar is truly secure, as industry professionals have claimed, since it doesn’t interact with the Internet. Unfortunately, after a bit of effort, these same researchers were able to successfully breach the core systems for radar on a Navy vessel and modify it enough to set the ship off course without raising alarms. The system, had it been maliciously compromised, could have easily run the ship aground or sent off on a dangerous interception course. In addition to taking control of the vessel, the researchers were also able to remove all radar detections and leave the ship effectively blind in the water.
Majority of Android Users Denied Consent to Facebook over Data Collection
In a recent survey, nearly 90% of the 1,300 users had refused consent to Facebook for collecting SMS and call data. Unsurprisingly, Facebook has replied that the choice was an opt-in rather than out and users should have been asked, though many agree that no choice had ever been presented to them. Some users have even reported seeing over two years worth of call and SMS data saved within their Facebook account’s data.
Facebook Announces Permissions Change
In the wake of the Cambridge Analytica fiasco, Facebook has made multiple changes to its policy on app permissions that collect user data. Any app that hasn’t been accessed within the last 90 days will require the user to go through the Facebook login page and re-consent to any data collection that may take place. These changes will not be immediate, but instead rolled out over a two-week period, giving users time to decide which apps they want to use and letting expired data tokens be deleted.
Department of the Interior Faces Malware Infection
Nearly three years after the data breach within the Office of Personnel Management, the Interior Department is still having issues with properly securing their systems. The latest internal threat stems from a US Geological Survey employee who was found to be watching pornography and saving the videos to an external hard drive, which led to their computer hosting Russian malware. This likely ties back to the department relying on automated security systems, rather than having trained personnel actively monitoring for malicious activity.