THREATS
Poison in the well. Last week Google's elite Project Zero hacking team revealed details on 14 alarming iPhone vulnerabilities it discovered hackers to be exploiting in the wild for as long as two years. At the time they were discovered, the bugs affected iOS versions 10 through 12, Apple's latest phone software. Apple released patches; to protect yourself, make sure your iPhone software is up to date.
The contagion spreads. Following Google's iPhone vulnerability disclosure, TechCrunch reported that the referenced hackers were (likely) Chinese state sponsored actors targeting Uyghurs, an ethnic minority group. Forbes then reported that the hackers were also targeting Google Android and Microsoft Windows. Apple acknowledged that Uyghurs were targeted, but it has also disputed some of Google's claims . This is a convoluted story that continues to develop...
"Man-in-the-Middle" Kingdom. Beijing-linked agents broke into Asian telecom companies to track the movement of Uyghur travelers, Reuters reports, citing unnamed sources. And an online forum for organizing Hong Kong protests got knocked offline by a distributed denial of service attack.
Sharif don't like it. A U.S. cyber operation conducted wiped a database used by Iran militants to target oil tankers in the Persian Gulf, the New York Times reports. The June 20th strike followed Iran shooting down an American drone. The alleged data destruction demonstrates how U.S. Cyber Command is upping its retaliatory tactics in cyberspace.
Si vis pacem, para bellum. NATO is opening a new cyber operations center in Mons, Belgium. In a statement about the news, Secretary General Jens Stoltenberg reaffirmed the group's commitment to collective defense, specifically relating to cyberwar. "A serious cyberattack could trigger Article 5 of our founding treaty," Stoltenberg writes, meaning "an attack against one ally is treated as an attack against all."
iPhone? More like "iPwn." Zerodium, a broker that buys phone-busting software tools from hackers and resells them to government and law enforcement agencies, is for the first time paying more for Android exploits than iPhone ones. Some security experts think Apple is having a bad year security-wise.
Hacks, leaks, and breaches. A server containing 419 million Facebook records, including people's phone numbers, was found to be exposed to the Internet. Hostinger, a website hosting company, forced a password reset for customers after someone gained access to a database containing information on 14 million customers. The forums of XKCD, the humorous web comics site, were breached, exposing information on more than 560,000 people . Actress Chloë Moretz's Twitter account apparently got hacked.
"Astronaut accused of hacking former spouse's bank account from space"
Share today’s Cyber Saturday with a friend: http://fortune.com/newsletter/cybersaturday/?utm_source=email&utm_medium=newsletter&utm_campaign=cyber-saturday&utm_content=2019090717pm
Looking for previous Data Sheets? Click here.
ACCESS GRANTED
Cliff-hanging chad. The following excerpt is from a piece of speculative fiction penned by Alex Stamos, the former chief security officer of Facebook. In it, he imagines what horrors could befall the 2020 U.S. presidential election as a result of cybersecurity vulnerabilities, social media disinformation, and other systemic issues. To reiterate, the story, published on the national security blog Lawfare, is fictional...but it reads all too real.
Jan. 1, 2021. New Year’s Day is traditionally spent recovering from the previous night’s revelry. This year, the United States awakens to the greatest New Year’s hangover in the country’s almost 245-year history: a crisis of constitutional legitimacy as all three branches of government continue to battle over who will take the presidential oath of office later this month. This coming Wednesday, Jan. 6, a joint session of Congress will meet for what is a traditionally perfunctory counting of the Electoral College votes. With lawsuits still pending in seven states, both major-party candidates claiming victory via massive advertising campaigns and the president hinting that he might not accept the outcome of the vote, it’s time to reflect on how everything went so very wrong.
FORTUNE RECON
Alarmed By Deepfake Videos, Facebook Creates Contest to Detect Them by Jeremy Kahn
Most Americans Distrust Companies Using Facial Recognition Technology by Jonathan Vanian
A $170 Million Joke: Why the FTC’s ‘Record’ YouTube Fine for Collecting Kids’ Data Won’t Change Anything by Jeff John Roberts
Facebook and Google Met With U.S. Intelligence About Online Security for the 2020 Presidential Election by Kurt Wagner
Deepfake App Zao Makes You a Movie Star. But It Also Raises Big Privacy Concerns by Alyssa Newcomb
Facebook Is Turning Off Facial Recognition Features By Default, Continuing Its Pivot to Privacy by David Z. Morris
Instagram, WhatsApp, and Deepfakes May Threaten 2020 U.S. Presidential Election By Danielle Abril
The Best Way to Thwart Hackers and Cyber Crooks by Adam Lashinsky
ONE MORE THING
Listen all y'all, it's a sabotage. It remained an open mystery how western spies snuck centrifuge-destroying malware into an Iranian nuclear facility in more than a decade ago. Now Yahoo Finance reports, citing anonymous intelligence sources, that U.S. and Israeli agents collaborated with Germany, the Netherlands, and France to pull off the operation. Key to their success: A Dutch mole posing as a mechanic who allegedly loaded the virus, Stuxnet, onto an internal computer.