Security related News for week ending 2020 06 16

We start this week’s coverage not with a case of social media manipulation, but something strikingly close, we then have an absolutely crazy story about an Ebay reaction to critical journalism (and yes the fact that the Security team were the culprits), indications that the Wuhan virus might have had its start months earlier than December, before moving to a sad observation from outer space and finally finishing with a happier story that has no security relevance to it at all but is a really great dog story that even we could not resist.

We hope you like this week’s mashup of security, privacy and dog stories and that you stay safe and secure.


The U.S. Has Not Suffered The Biggest Cyber-Attack In History: Here’s What Actually Happened

Davey Winder: As hundreds of thousands of people reported mobile carriers and internet services down, and ‘DDoS’ started trending on Twitter, ‘Anonymous’ laid the blame on China and suggested a major cyber-attack was underway. Here’s what actually happened.

Early in the afternoon of June 15, people across the U.S. started noticing that they were unable to make calls or send text messages. Customer complaints soon popped up on social media suggesting multiple mobile carriers were all experiencing outages. But that wasn’t all: internet service providers, the social media platforms themselves, and online services from gaming to banking were all apparently going down like dominoes.

Matthew Prince, CEO at DDoS protection specialist Cloudflare, also did a little bit of basic investigative work. What he found was absolutely no actual evidence that a significant DDoS attack was underway. There was “no spike in traffic to any of the major internet exchanges,” he tweeted, what’s more, the traffic to services that were being reported as under attack was showing as perfectly normal. Most damning of all, none of the mobile carrier networks, internet providers or online services were reporting any major downtime. Apart from one: T-Mobile.

Mike Sievert, the T-Mobile CEO, issued a statement which confirmed that “T-Mobile has been experiencing a voice and text issue that has intermittently impacted customers in markets across the U.S.” which started just after noon EDT. “This is an IP traffic related issue that has created significant capacity issues in the network core throughout the day,” he said. The issue was eventually resolved in the early hours of June 16, and the internet returned to normal.

People unable to connect to services, because the T-Mobile network core was disrupted, reported those services as being down. People failing to connect calls to other mobile carriers reported them as being down. The cyber-attack fire being stoked by the supposed Anonymous affiliate retweet was all it took to propel this from being a single network incident, albeit a serious one, to becoming global news. The moral of this story? Don’t believe everything that ‘Anonymous’ accounts on Twitter say.


NO: COVID-19 Tracking Apps ‘A Privacy Trash Fire’ As Norway Nixes Its Own

Thomas Brewster: Analysis carried out by Amnesty International and led by security researcher Claudio Guarnieri describes the global rollout of such apps as a “trash fire.” He’s concerned that apps are being rolled out too fast without enough attention on the security of people’s data.

The Norwegian app, Smittestopp, uploaded live or near-live user locations as GPS coordinates to a central server. “The Norwegian app is deeply intrusive and put people’s privacy at risk. It is the right decision to press pause and go back to the drawing board to design an app that puts privacy front and centre,” Guarnieri said in a statement.


BH: Coronavirus Tracing App Shared Data With Game Show

Emma Woollacott: Contact-tracing apps around the world are infringing privacy. Most shockingly, Bahrain’s “BeAware Bahrain” app has been sharing data with a national television show called “Are You at Home?”, which offered prizes to those who stayed at home during Ramadan. Initially installation of the app. for all citizens was mandatory.


Credit-Card Skimming Malware Hit Websites As Coronavirus Lockdown Forced Retailers to Close High Street Stores

Graham Cluley: On March 20th, the Claire’s accessories retail chain beloved by young girls around the world made the sensible decision to close all of its physical stores in response to the Coronavirus Covid-19 pandemic. within 24 hours of Claire’s bricks-and-mortar stores closing for business, someone had registered the domain claires-assets.com.

This domain was then used, the following month, to exfiltrate information entered on the checkout pages of Claire’s online store and its sister brand Icing. Hackers managed to gain write-access to Claire’s website, and inject an otherwise legitimate piece of JavaScript used by the site with additional code which skimmed customer and full payment details from online purchasers as soon as they tried to “checkout.” Magecart’s malicious script can lurk on a company’s website watching the information as it is entered by customers into a payment form, and send it to the waiting hackers.

Other companies whose customers have been impacted by past Magecart attacks include Ticketmaster, British Airways, Feedify, Umbro, Vision Direct, Newegg, Sweaty Betty, SHEIN, Nutribullet, the American Cancer Society… and many more.


Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations

Ravie Lakshmanan: Technical details were released today for vulnerabilities reported in Oracle’s E-Business Suite (EBS), an integrated group of applications designed to automate CRM, ERP, and SCM operations for organizations.

The two vulnerabilities, dubbed “BigDebIT” and rated a CVSS score of 9.9, were patched by Oracle in a critical patch update (CPU) pushed out earlier this January. But the company said an estimated 50 percent of Oracle EBS customers have not deployed the patches to date.

According to researchers, “an unauthenticated hacker could perform an automated exploit on the General Ledger module to extract assets from a company (such as cash) and modify accounting tables, without leaving a trace.”


Mass Layoffs Risk Exodus Of Corporate Data, Experts Warn

Paul F. Roberts: The suspension of office work followed by mass layoffs were devastating consequences of the COVID 19 virus once it took hold in the United States in February. Mass data theft may be the next.

As corporations across industries rush to trim their payrolls and stay afloat financially, they are inviting data loss on a large scale, as millions of departing workers take sensitive company files and other data with them on the way out the door, experts warn.

Industries such as hospitality, restaurants and bars, media, manufacturing and healthcare have all been hit hard. Boeing said it would shed 13,000 jobs. Ride hailing firm Uber has cut more than 6,000 positions as it tries to stay afloat amid depressed demand for its ride hailing service.

Many of those departing employees will not leave empty handed, experts warn. “We’ve seen an enormous spike in exfiltrated data,” said Joe Payne of the firm Code 42.

The sheer volume of layoffs has also posed a challenge, compacting a year or more of attrition into the space of a single day. “We had a client who laid off 17% of their workforce,” Payne said. “That’s typically what you’d see in an entire year in the high tech space.” Most data theft is not malicious, but evidence of people making “poor decisions,” Payne said. “You don’t want to get in the way of (employees) being productive, Payne said. “But you also don’t want critical corporate data leaving the company.”


US: Former eBay Execs Allegedly Made Life Hell for Critics

ANDREAS PEIN: A sweeping criminal complaint released Monday by the Massachusetts US Attorney’s Office details the unlikely, appalling consequences of that exchange. It charges six former eBay employees and contractors, including James Baugh, Ebay’s former senior director of safety and security, with a cyberstalking campaign against the publishers of an ecommerce news site that covered the company. While the complaint does not identify the victims by name, it cites specific headlines and stories that indicate that Baugh and his team were after the husband and wife publishers of EcommerceBytes.

Last Summer a campaign to “silence” the couple began with e-mail threats, then August 10th 2019, the deliveries started. First, an email confirming the order of a “Preserved Fetal Pig” that was on its way to the victims’ house. (The order was canceled, after an inquiry from the vendor.) Later that same afternoon, Amazon delivered a Halloween mask of a bloody pig’s face. Fourteen minutes later, court documents say, an Ebay team created Twitter account sent a DM: “DO I HAVE UR ATTENTION NOW???”

On August 12, another Amazon delivery, a copy of the book Grief Diaries: Surviving the Loss of a Spouse. The next day, a voicemail for the second victim following up on a fabricated inquiry to open an Adam & Eve sex toy franchise. The next, a package of fly larvae and live spiders. Another containing live cockroaches. On August 15, two of the couple’s neighbors received copies of Hustler: Barely Legal in the husband’s name. That same day, a local florist delivered a funeral wreath to the couples’ home. The Tui_Elei account sent harassing messages throughout.

On August 16, members of the eBay team allegedly tailed the couple in a rented Dodge Caravan. The surveillance team was listening to the local police dispatch; when the couple reported they were being followed, the crew peeled off. That night, court documents say, three of the defendants ran up a $750 bill at a Boston restaurant, batting around more potential deliveries like chainsaws, human feces, and a dead rat. In the middle of the night, they sent an emergency plumber to the home.

The surveillance continued, prosecutors say, as did the harassment. A little after midnight on August 18, a classified ad appeared on Craigslist promoting a week-long “BLOCK PARTY” for “singles/couples/swingers” and listed the victims’ Natick address. Visitors were encouraged to arrive after 10 pm and to “knock on the door/ring the doorbell anytime of day or night.” That afternoon, the complaint says, the Tui_Elei account posted their names and address as well. A few minutes later, a direct message: “U get my gifts!!??”

Two minutes later, another Craigslist posting advertising an “Everything must go!” estate sale at the same address. Just over an hour later, a third Craigslist ad: “Mature (50s) married couple seeking singles or other couples open to exploring threesomes, bdsm, cross dressing.”

The couple successfully got Twitter to suspend the Tui_Elei account for doxxing, but more popped up in its place—which prosecutors also have tied back to the eBay team.

By August 22, the Natick police called in the Federal Bureau of Investigation. The eBay team allegedly continued to dissemble, both to law enforcement and to eBay’s own lawyers, who by August 26 had begun to conduct their own interviews about the matter. “As the police and eBay’s lawyers continued to investigate, the defendants allegedly deleted digital evidence that showed their involvement, further obstructing what had by then become a federal investigation,” the Massachusetts US Attorney’s office said in a press release Monday.

Monday, eBay said that it had “terminated all involved employees” in September 2019. Former eBay CEO Devin Wenig also left the company that month. While he isn’t named in the criminal complaint, eBay confirmed that he is “Executive 1,” who allegedly gave the initial order to “take the couple down”

The six former eBay employees and contractors are all charged with conspiracy to commit cyberstalking and conspiracy to tamper with witnesses. Each charge carries a sentence of up to five years in prison, three years of supervised release, a fine of up to $250,000, and restitution.


CN: Analysis of hospital traffic and search engine data in Wuhan China indicates early disease activity in the Fall of 2019

Nsoesie, Elaine Okanyene, Benjamin Rader, Yiyao L. Barnoon, Lauren Goodwin, and John S. Brownstein Harvard University: The global COVID-19 pandemic was originally linked to a zoonotic spillover event in Wuhan’s Huanan Seafood Market in November or December of 2019. However, recent evidence suggests that the virus may have already been circulating at the time of the outbreak. Here we use previously validated data streams - satellite imagery of hospital parking lots and Baidu search queries of disease related terms - to investigate this possibility. We observe an upward trend in hospital traffic and search volume beginning in late Summer and early Fall 2019. While queries of the respiratory symptom “cough” show seasonal fluctuations coinciding with yearly influenza seasons, “diarrhea” is a more COVID-19 specific symptom and only shows an association with the current epidemic. The increase of both signals precede the documented start of the COVID-19 pandemic in December, highlighting the value of novel digital sources for surveillance of emerging pathogens.

“In August, we identified a unique increase in searches for diarrhea which was neither seen in previous flu seasons or mirrored in the cough search data. While surprising, this finding lines up with the recent recognition that gastrointestinal (GI) symptoms are a unique feature of COVID19 disease and may be the chief complaint of a significant proportion of presenting patients.

This symptom search increase is then followed by a rise in hospital parking lot traffic in October and November, as well as a rise in searches for cough. While we cannot conclude the reason for this increase, we hypothesize that broad community transmission may have led to more acute cases requiring medical attention, resulting in higher viral loads and worse symptoms.”


Palantir news


UK: Britain gave Palantir access to sensitive medical records of Covid-19 patients in £1 deal

Sam Shead: Britain’s National Health Service has given secretive U.S. tech firm Palantir access to private personal data of millions of British citizens, according to a contract published online.

The NHS health records that Palantir has access to can include a patient’s name, age, address, health conditions, treatments and medicines, allergies, tests, scans, X-Ray results, whether a patient smokes or drinks, and hospital admission and discharge information. Any data that may make patients personally identifiable are replaced with a pseudonym or aggregated before they’re shared with Palantir.

Details of the Covid-19 data store were first made public in March but the U.K. government refused to publish the all-important data-sharing agreements following a number of freedom of information requests, including one by CNBC. The contracts were finally published last week after OpenDemocracy and Foxglove threatened legal action.

Co-founded by billionaire Peter Thiel, an ally of President Donald Trump, Palantir has developed data trawling technology that intelligence agencies and governments use for surveillance and to spot suspicious patterns in public and private databases. Customers include the CIA, FBI, and the U.S. Army.

Palantir sees a huge opportunity in Europe and now has more staff in its London office than it does at its headquarters in Palo Alto, California.


US: Palantir to File IPO in Weeks For Possible Fall Debut

By Katie Roof and Lizette Chapman: Palantir Technologies Inc., the secretive big-data firm, plans to file to go public in the coming weeks and could start trading as early as the fall, according to people familiar with the matter.

The Palo Alto, California-based company is preparing to register an S-1 filing confidentially with the U.S. Securities and Exchange Commission, said the people, who asked to not be identified because the matter isn’t public.

Co-founded by billionaire Peter Thiel, Palantir’s software mines troves of personal and commercial data and looks for patterns. The company, founded in 2003, got its start interpreting intelligence for the U.S. Central Intelligence Agency and the Pentagon and then moved on to banks, helping them watch for suspicious behavior. In-Q-Tel, the venture arm of the CIA, is a Palantir investor.

Dozens of law enforcement and government agencies around the world use Palantir to compile and search for data on citizens with the intent of combating crime, hunting terrorists and in recent months, tracking the spread of Covid-19. The pandemic has boosted business, particularly with businesses using the products to help determine how to reopen. However, Palantir is highly controversial for the way its tools have been used to compromise privacy and enable excessive surveillance. Its use by police and immigration officials, in particular, has sparked numerous protests.

Thiel, a co-founder of Pay PayPal Holdings Inc., has helped launch or advance Silicon Valley firms including Facebook Inc., where he has been a board member since 2004. Through Founders Fund, his influence has been extended to an array of technology companies. The billionaire has also served as an adviser to President Donald Trump, chastising other technology companies, in particular Alphabet Inc.’s Google, for their reluctance to work with the Defense Department.


Twitter tests a feature that calls you out for RTing without reading the article

Taylor Hatmaker for TechCrunch: Twitter and other social networks are regularly deluged with divisive conspiracy theories and other misleading claims, but misinformation isn’t the only thing driving users apart. Polarization is a baked-in feature in the way social platforms work, where sharing content that confirms existing biases is never more than a single click away. With the test feature, Twitter is tinkering with how to slow that process down by urging users to pause and reflect. In May, Twitter began testing a prompt that warns users they’re about to tweet a potentially harmful reply, based on the platform’s algorithms recognizing content that looks like stuff often reported as harmful.


CN: China’s Trillion-Dollar Campaign Fuels a Tech Race With the U.S.

Beijing plans to spend $1.4 trillion in the next five years in sectors including 5G, artificial intelligence and data centers.

Liza Lin for WSJ: China has embarked on a new trillion-dollar campaign to develop next-generation technologies as it seeks to catapult the communist nation ahead of the U.S. in critical areas.

Since the start of the year, municipal governments in Beijing, Shanghai and more than a dozen other localities have pledged 6.61 trillion yuan ($935 billion) to the cause, according to a Wall Street Journal tally. Chinese companies, urged on by authorities, are also putting up money.

The government is pushing hardest for investment in building new 5G networks. Supercharged 5G mobile connections are expected to underpin a whole new world of next-generation connected devices, collectively known as the internet of things, that businesses believe could revolutionize daily life and manufacturing alike.

The balance of that money is slated to flow into the building of new data centers and intercity rail networks, development of homegrown artificial intelligence chips, smart factories, electric-vehicle charging stations and ultrahigh-voltage power facilities.

Preferential policies favoring Chinese companies mean foreign companies are unlikely to see much of a windfall from the campaign, foreign business groups said.


Twitter deletes 170,000 accounts linked to China influence campaign Content focused on Covid-19 and the protests in Hong Kong and over George Floyd in the US

Josh Taylor for the Guardian: Twitter has removed more than 170,000 accounts the social media site says are state-linked influence campaigns from China focusing on Hong Kong protests, Covid-19 and the US protests in relation to George Floyd.

The company announced on Thursday that 23,750 core accounts – and 150,000 “amplifier” accounts that boosted the content posted by those core accounts – had been removed from the platform after being linked to an influence campaign from the People’s Republic.

Researchers at the Australian Strategic Policy Institute found that while Twitter is blocked from access in China, the campaign was targeted at Chinese-speaking audiences outside the country “with the intention of influencing perceptions on key issues, including the Hong Kong protests, exiled Chinese billionaire Guo Wengui and, to a lesser extent, Covid-19 and Taiwan”.

The researchers analyzed 348,608 tweets between January 2018 and April 2020 and found most tweets were posted during business hours in Beijing between Monday and Friday, and dropped off on the weekends.

The tweets usually contained images featuring Chinese-language text, with researchers finding that the primary targets of the campaign were people living in Hong Kong, followed by broader Chinese diaspora.

The vast majority of the accounts (78.5%) had no followers and 95% had fewer than eight followers, but those accounts had a high level of engagement, albeit not organic. That pointed to the use of commercial bot networks, the research said.

The major themes of the tweets were that that Hong Kong protesters were violent, and the US was interfering with the protests; accusations about Guo; the Taiwan election; and praise of China’s response to the Covid-19 pandemic.

Focus has now shifted to the Black Lives Matter protests in the US, accusing the country of “hypocrisy for its criticism of the response by police to protests in Hong Kong, while the US’s own police and troops use violence against protests in the US, and warns Hong Kong protesters not to think they can rely on the US for support against China’s national interests”.


An Additional 140,000 User Accounts May Have Been Accessed Maliciously, Nintendo Says…On top of the original 160,000

Ryan Craddock: Nintendo has issued an updated statement to its official customer support website today, warning users that April’s data breach may have impacted considerably more accounts than initially reported.

You may remember that back in April, Nintendo confirmed that around 160,000 user accounts which used a Nintendo Network ID to log in may have been affected by unauthorized logins. It was warned that these users’ personal info may have been viewed by a third party, though credit card information remained safe. A number of users did report that their accounts were used to buy in-game items in titles such as Fortnite, however.

In today’s updated statement, Nintendo notes that further investigation into the data breach has revealed that there were “approximately 140,000 additional NNIDs that may have been accessed maliciously”, on top of the original 160,000. Passwords for these NNIDs have been reset and those account holders have been contacted.

Nintendo recommends that users enable two-step verification.


UK: Babylon Health App Leaked Patients’ Video Consultations

Graham Cluley: Babylon Health, makers of a smartphone app that allows Brits to have consultations with NHS doctors, has admitted that a “software error” resulted in some users being able to access other patients’ private video chats with GPs.

The data breach came to light after one user, Rory Glover, tweeted that he was shocked to find the app’s “GP at Hand” functionality had given him unauthorised access to “over 50 video recordings”: “Why have I got access to other patients’ video consultations through your app? This is a massive data breach. Over 50 video recordings are on this list!”

To make mistakes is human, and software developers are (mostly) human… so it’s not a surprise to hear that a complex app like this might have bugs. However, it underlines the importance of proper quality control and testing before an app – especially one like this which is used for communicating personal and sensitive medical information – is rolled out to the public.


Facebook’s TransCoder AI converts code from one programming language into another

Kyle Wiggers for Venture Beat: Facebook researchers say they’ve developed what they call a neural transcompiler, a system that converts code from one high-level programming language like C++, Java, and Python into another. It’s unsupervised, meaning it looks for previously undetected patterns in data sets without labels and with a minimal amount of human supervision, and it reportedly outperforms rule-based baselines by a “significant” margin.

Migrating an existing codebase to a modern or more efficient language like Java or C++ requires expertise in both the source and target languages, and it’s often costly. For example, the Commonwealth Bank of Australia spent around $750 million over the course of five years to convert its platform from COBOL to Java. Transcompilers could help in theory — they eliminate the need to rewrite code from scratch — but they’re difficult to build in practice because different languages can have a different syntax and rely on distinctive platform APIs, standard-library functions, and variable types.

Facebook’s system — TransCoder, which can translate between C++, Java, and Python — tackles the challenge with an unsupervised learning approach.

The cross-lingual nature of TransCoder arises from the number of common tokens — anchor points — existing across programming languages, which come from common keywords like “for,” “while,” “if,” and “try” and also digits, mathematical operators, and English strings that appear in the source code. Back-translation serves to improve the system’s translation quality by coupling a source-to-target model with a “backward” target-to-source model trained in parallel. The target-to-source model is used to translate target sequences into the source language, producing noisy source sequences, while the source-to-target model helps to reconstruct the target sequences from the noisy sources until the two models converge.

The Facebook researchers trained TransCoder on a public GitHub corpus containing over 2.8 million open source repositories, targeting translation at the function level. (In programming, functions are blocks of reusable code that are used to perform a single, related action.) After pretraining TransCoder on all source code available, the denoising auto-encoding and back-translation components were trained on functions only, alternating between the components with batches of around 6,000 tokens.

To evaluate TransCoder’s performance, the researchers extracted 852 parallel functions in C++, Java, and Python from GeeksforGeeks, an online platform that gathers coding problems and presents solutions in several programming languages. Using these, they developed a new metric — computational accuracy — that tests whether hypothesis functions generate the same outputs as a reference when given the same inputs.

Facebook notes that while the best-performing version of TransCoder didn’t generate many functions strictly identical to the references, its translations had high computational accuracy. According to the researchers, TransCoder demonstrated an understanding of the syntax specific to each language as well as the languages’ data structures and their methods during experiments, and it correctly aligned libraries across programming languages while adapting to small modifications (like when a variable in the input was renamed). And while it wasn’t perfect — TransCoder failed to account for certain variable types during generation, for example — it outperformed frameworks that rewrite rules manually built using expert knowledge.


A U.S. Secret Weapon in A.I.: Chinese Talent

By Paul Mozur and Cade Metz: New research shows scientists educated in China help American firms and schools dominate the cutting-edge field. Now industry leaders worry that worsening political tensions will blunt that edge. More of China’s top A.I. talent ends up in the U.S. than anywhere else. Of 128 researchers with undergraduate degrees from Chinese universities whose papers were presented at the A.I. conference, more than half now work in the U.S.

The Trump administration is now moving to limit Chinese access to advanced American research, as relations between the United States and China reach their worst point in decades. That worries many of the companies and scientists in the heady realm of cutting-edge A.I., because much of the groundbreaking work coming out of the United States has been powered by Chinese brains.

China sees artificial intelligence as a field of strategic importance. It has thrown vast amounts of money at researchers with an aim of getting them to work for Chinese companies and institutions.

The United States has noted China’s technology ambitions with alarm. It has cracked down on espionage and bolstered enforcement of disclosure rules at American universities and institutions. Last month, The New York Times reported that the Trump administration planned to cancel the visas of Chinese researchers and graduate students who have direct ties to universities affiliated with China’s military.

Chinese-born researchers are a fixture of the American A.I. field. Li Deng, a former Microsoft researcher and now chief A.I. officer at the hedge fund Citadel, helped remake the speech recognition technologies used on smartphones and coffee-table digital assistants. Fei-Fei Li, a Stanford professor who worked for less than two years at Google, helped drive a revolution in computer vision, the science of getting software to recognize objects.

At Google, Dr. Li helped oversee the Google team that worked on Project Maven, the Pentagon effort. Google declined to renew the Pentagon contract two years ago after some employees protested the company’s involvement with the military. The Google team worked to build technology that could automatically identify vehicles, buildings and other objects in video footage captured by drones. In the spring of 2018, at least five of the roughly dozen researchers on the team were Chinese nationals, according to one of the people familiar with the arrangement.

A certain amount of government restriction is natural. The Pentagon typically bars citizens of rival foreign powers from working on classified projects. China also has a long history of carrying out industrial espionage in the United States.

For many Chinese students, the decision to stay or go has been more personal than political. Robert Yan, a former Google employee, returned to China to work at an A.I. start-up. The Bay Area didn’t suit him. He hated driving and missed Chinese food. A native of Shanghai, he thought he could advance more quickly in his home culture.

Still, Mr. Yan said, only about one out of 10 of his Chinese colleagues in the United States chose to go home. For those looking to do high-end theoretical research, many Chinese companies still weren’t the best place, he said.

“Compared to Google I now have far less freedom,” Mr. Yan said. “At a start-up you need to have a reason to do each task. We’re chasing efficiency. That does not facilitate doing things because you’re curious.”


United adds touchless check-in kiosks to airports across the US

Brian Heater: As Americans are ramping up to start traveling amid a loosening of COVID-19 restrictions, United has announced the addition of 219 touchless check-in kiosks across the U.S. The new check-in option was one of a number of initiatives announced as part of the carrier’s CleanPlus strategy of addressing travel during the pandemic. When travelers scan their phone or a printed pass, the device will automatically print out luggage tags and boarding passes. The first systems rolled out in Orlando, Boston, Dallas/Fort Worth and Chicago on May 10, before adding an additional 20 kiosks. This latest move brings the system to every U.S. airport where United operates kiosks. Additional systems will be added to domestic and international airports through next month, according to the airline.


Grow Credit, builds credit scores by paying for online subscriptions.

Jonathan Shieber: Using the Marqeta platform, Grow Credit will extend a loan to customers to expand their subscription services. Using the Mastercard network for payments, and Marqeta’s tools to restrict payment access, Grow offers credit facilities to its customers to pay for their monthly subscriptions. By using Grow Credit for those payments, users may improve their credit scores by as much as 61 points in a nine-month span.

Increases to a user’s credit score can make a significant dent in their costs for things like lease agreements for cars, mortgages for houses and better rates on other credit cards, said Bayen. “Everything is cheaper, you can get access to a credit card with lower interest rates and better rewards. We’re looking at ourselves as the single best route to getting access to an Apple card.”

For a $4.99 monthly fee, customers can get up to $50 of subscriptions covered by the service. For $9.99 that credit line increases to $150, Bayen said. Coming up, Grow Credit said it has a deal in the works with one very large consumer bank in the U.S. and will be launching the Android version of its app in a few weeks.

This type of methodology might not be considered legitimate by many, but it throws a new trick at credit reporting bureaus, an area that has been the bane of security and privacy professionals for years.


RU: Putin fury: Russian oil spill pollutes Arctic waters in worst accident of modern times

Oil has travelled 12 miles north from a collapsed fuel tank and is at risk of polluting the Arctic Ocean.

By GURSIMRAN HANS: Officials say it is the worst accident of modern times in the Arctic region of Russia. The leak began on May 29 and 21,000 tonnes have contaminated the Ambarnaya river and surrounding subsoil. Alexander Uss, governor of Krasnoyarsk region, said: "The fuel has got into Lake Pyasino. Investigators believe the storage tank sank because of melting permafrost.

Norilsk has been historically among one of the world’s most polluted cities. According to a 2018 NASA study based on satellite data, Norilsk tops the list for worst sulphur dioxide pollution, spewing 1.9 million tons of the gas over the Arctic tundra.

Apparently Putin learned of the massive oil spill not through secure reports, but through social media.


BR: Brazil deforested 10,000 square km of Amazon rainforest in 2019, up 34% on year

Reuters: Brazil’s space research agency INPE recorded 10,129 square kilometers of deforestation (3,911 square miles) for its benchmark annual period from August 2018 to July 2019. That’s an area about the size of Lebanon and a 34.4% rise from the same period a year earlier. Monthly data shows that deforestation has continued to worsen in 2020, rising 55% for January to April, as compared to the same period in 2019.


FR: Dogs trained to detect people with Covid-19

A group of researchers in France have looked to dogs as an alternative to helping diagnose Covid-19, and found that the animals can detect its presence.

Researchers at the National Veterinary School of Alfort, outside Paris, trained eight Belgian Malinois shepherd dogs to identify people infected with the coronavirus. They used odour samples taken from the armpits of more than 360 people, who were both positive and negative for the virus.

The dogs were able to detect the presence of Covid-19 with a 95% overall success rate!


1 Like

Can’t check your Twitter feed for 10 mins? Must be a massive conspiracy.

Great initiative @rps to have all the Security related News here. :wave:

1 Like