OVER THE PAST few years, online disinformation has taken evolutionary leaps forward, with the Internet Research Agency pumping out artificial outrage on social media and hackers leaking documents—both real and fabricated—to suit their narrative. More recently, Eastern Europe has faced a broad campaign that takes fake news ops to yet another level: hacking legitimate news sites to plant fake stories, then hurriedly amplifying them on social media before they’re taken down. On Wednesday, security firm FireEye released a report on a disinformation-focused group it’s calling Ghostwriter. The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; they’ve posted fake content on everything from social media to pro-Russian news websites.
Google this week announced a series of security and ease-of-use improvements for the Autofill feature in Chrome. Designed to help users fill in forms in a secure manner, everywhere on the web, Autofill is about to become more secure when it comes to credit card numbers, Google says. For those users who save credit cards in their Google Accounts, Chrome typically asks for confirmation when autofilling a form. Until now, users needed to provide their CVC to confirm they allow the operation, but moving forth biometric authentication, such as a fingerprint, can be used for confirmation. Thus, users will need to provide the CVC only the first time they use the credit card, while for the following transactions the credit card will be confirmed solely through biometrics. “Biometric authentication is optional. You can choose to confirm your card with its CVC and you can also turn this feature on and off in Chrome Settings at any time,” Google explains.
One of the main challenges posed by the internet has been the need to secure communications across a massive tangle of public and private networks. Security experts agree that end-to-end communication encryption is the best means of defending users against third-party interception or breaches that could expose the potentially sensitive content. A new approach to end-to-end encryption called Mathematical Mesh was quietly introduced at this year’s HOPE (Hackers of Planet Earth) conference by esteemed cryptographer Phillip Hallam-Baker, who is currently a principal scientist at Comodo and was formerly a member of the CERN team that designed the World Wide Web, among many other accomplishments.
Brain-computer interfaces (BCIs) offer a direct link between the grey matter of our human brains and silicon and circuitry of computers. New technologies always bring with them new security threats, but with the human brain a single store of the most sensitive and private information it’s possible to imagine, the security stakes couldn’t be higher. If we’re soon to be plugging computers directly into our brains, how can we protect that connection from those who want to attack them? The first wave of brain-computer interfaces are beginning to make their way onto the market, offering users a way of keeping tabs on their stress levels, control apps, and monitor their emotions. BCI tech is also progressing outside the consumer area, with medical researchers using them to help those with spinal injuries to move paralysed limbs and restore a lost sense of touch.
Havenly, a US-based interior design web site, has disclosed a data breach after a hacker posted a database containing 1.3 million user records for free on a hacker forum. Havenly is an online interior design and home decoration site where users can get help designing a room in their house from certified designers. Last week, BleepingComputer reported that the ShinyHunters hacking group had leaked the databases for 18 companies on a hacker forum for free. These databases contained a combined total of 386 million user records. One of the leaked databases contained 1.3 million user records for Havenly.com. From the samples of this database seen by BleepingComputer, the leaked data included a user’s login name, full name, MD5 hashed password, email address, phone number, zip, and various other data related to the usage of the site.