A Deepfake Porn Bot Is Being Used to Abuse Thousands of Women

This post is by Matt Burgess, WIRED UK from Feed: All Latest

An AI tool that “removes” items of clothing from photos has targeted more than 100,000 women, some of whom appear to be under the age of 18.

US Indicts Sandworm, Russia’s Most Destructive Cyberwar Unit

This post is by Andy Greenberg from Feed: All Latest

The Department of Justice has named and charged six men for allegedly carrying out many of the most costly cyberattacks in history.

A Cut Cable Knocked Out Virginia’s Voter Registration Site

This post is by Brian Barrett from Feed: All Latest

Plus: Barnes and Noble got hacked, Zoom adds real end-to-end encryption, and more of the week’s top security news.

Twitter’s ‘Hacked Materials’ Rule Tries to Thread an Impossible Needle

This post is by Andy Greenberg from Feed: All Latest

The company’s flip-flopping on the policy after banning a shady New York Post story highlights the challenges facing social media in 2020.

Consumers Need Real Control Over Their Data. Here’s How to Give it to Them.

This post is by Aaron Rinberg from Powered by Battery

After the many headline-grabbing data breaches we’ve seen in the past decade, it’s clear: It’s no longer a matter of if a company will put your data at risk, but when. Simply put, the internet as we know it has not been designed to safeguard consumer data. Quite the opposite, in fact—personal data is the lifeblood of online advertising. Consumers have readily handed over their information (sharing it, on average, with 350 services, according to one study) and depend largely on the goodwill and efforts of private companies to protect their privacy—and companies across the board have been failing.

With recent regulations, governments are trying to shift the balance of power between companies and individuals. The most prominent regulations are the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA). Among other measures, both regulations empower consumers with “the right to be forgotten”.

In theory, having the right to be forgotten means you have the right to delete your data from corporate servers, thus reducing your exposure to improper use or theft. But these regulations haven’t meaningfully solved the problem of online privacy for consumers. Consumers are more empowered now to take charge of their data, but not actually equipped to do so. While you technically have the right to be forgotten, actually getting a company to forget you in the real world is incredibly difficult.

For example, as a frequent Marriott customer, I was recently notified that the company had suffered a data breach. I jumped through several complicated hoops to try to find out what data they had from me—my address? My credit card number? What else? Then I hit a roadblock: Marriott asked me to send them a scan of my passport to prove that I was who I said I was. Why would I give this company, who’s just proved it can’t be trusted to safeguard my data, even more of my personal information? It’s jaw-dropping.

Some companies offer tools to help consumers exercise their privacy rights. Mine* (a Battery portfolio company) gives consumers tools to find and delete their information across the web. Transcend and Ethyca create back-end tools for companies to delete user data more easily when requested to do so. Trace & BigID create data-management tools for companies that are designed with privacy in mind. Other companies create tools to help consumers use the internet more safely: DuckDuckGo offers a safer way to search, Brave is a privacy-first web browser, and Jumbo tightens up your social media privacy settings for you.

These tools are invaluable. But more still needs to be done to make privacy a meaningful right for consumers. Here are three ideas that would equip consumers with the tools they need to keep their personal data secure:

1. Entrepreneurs: Let’s create a trusted intermediary for data. The same way PayPal safeguards your payment information by acting as an intermediary for e-commerce transactions, a new company could become a trusted intermediary that handles all personal data during transactions. This intermediary would release data to other companies only on a need-to-know basis, and ensure that those companies delete this data once they no longer need it—for instance, once the return window has closed on the product you’ve bought.

Some precedents already exist for such a service. Password managers like Dashlane and 1Password offer a paid tier to consumers, enabling them to keep their passwords organized and secure. LifeLock empowers consumers to protect themselves against identity theft and data breaches. As consumers feel more pain around privacy and their awareness of how difficult protecting it grows, it creates market opportunity. Eventually, as these services catch on, consumers will second-guess purchases with any company that doesn’t partner with a privacy-protection service – much the way you might hesitate at purchasing from a brand-new merchant via Instagram if they don’t offer PayPal as a checkout option.

2. Companies: create a meaningful one-time checkout option. ‘Guest’ checkout is a fiction. Once you give a company your data, they have it, even if you’ve used a so-called ‘guest’ option. Every company that does business online (which, in 2020, is practically every company) should create a real one-time checkout option where customer data will automatically be deleted once it’s no longer needed. Say you’re planning to visit the Vatican and buy tickets online for a tour. The odds you’ll be a repeat customer are pretty low, so why should the Vatican store your data as if you’ll be back to see the Sistine Chapel again soon?

3. Governments: Create a CFPB for privacy rights. If you’re having a dispute with your mortgage company, you can file a complaint with the Consumer Financial Protection Bureau (CFPB) and get this watchdog agency to intervene on your behalf to make sure your rights are respected. But where should you direct your complaints if a company mishandles your data? Technically, you can submit a privacy complaint to the FTC, but privacy is only one of many types of complaints the FTC handles. In a world that runs on data, consumers need a regulator that’s laser-focused on protecting their right to privacy.

In today’s world, data is currency. Consumers urgently need better tools to safeguard their personal information. Recent privacy regulations are a good start, but there’s still a way to go before consumers have an actionable right to privacy, starting with their right to be forgotten. Consumers need tools that will help them easily exercise their rights, and they also need a clear authority who will defend their rights when companies fail to live up to their commitments.

Battery Ventures provides investment advisory services solely to privately offered funds. Battery Ventures neither solicits nor makes its services available to the public or other advisory clients. For more information about Battery Ventures’ potential financing capabilities for prospective portfolio companies, please refer to our website.

*Denotes a past or present Battery portfolio company. For a full list of all Battery investments, please click here. No assumptions should be made that any investments identified above were or will be profitable. It should not be assumed that recommendations in the future will be profitable or equal the performance of the companies identified above.

Content obtained from third-party sources, although believed to be reliable, has not been independently verified as to its accuracy or completeness and cannot be guaranteed. Battery Ventures has no obligation to update, modify or amend the content of this post nor notify its readers in the event that any information, opinion, projection, forecast or estimate included, changes or subsequently becomes inaccurate.

The post Consumers Need Real Control Over Their Data. Here’s How to Give it to Them. appeared first on Powered by Battery.

Fancy Bear Imposters Are on a Hacking Extortion Spree

This post is by Lily Hay Newman from Feed: All Latest

Nice looking website you’ve got there. It’d be a shame if someone DDoS’d it.

Application security platform NeuraLegion raises $4.7 million seed led by DNX Ventures

This post is by Catherine Shu from Fundings & Exits – TechCrunch

A video call group photo of NeuraLegion's team working remotely around the world

A video call group photo of NeuraLegion’s team working remotely around the world

Application security platform NeuraLegion announced today it has raised a $4.7 million seed round led by DNX Ventures, an enterprise-focused investment firm. The funding included participation from Fusion Fund, J-Ventures and Incubate Fund. The startup also announced the launch of a new self-serve, community version that allows developers to sign up on their own for the platform and start performing scans within a few minutes.

Based in Tel Aviv, Israel, NeuraLegion also has offices in San Francisco, London and Mostar, Bosnia. It currently offers NexDAST for dynamic application security testing, and NexPLOIT to integrate application security into SDLC (software development life cycle). It was launched last year by a founding team that includes chief executive Shoham Cohen, chief technology officer Bar Hofesh, chief scientist Art Linkov and president and chief commercial officer Gadi Bashvitz.

When asked who NeuraLegion views as its closest competitors, Bashvitz said Invicti Security and WhiteHat Security. Both are known primarily for their static application security testing (SAST) solutions, which Bashvitz said complements DAST products like NeuraLegion’s.

“These are complementary solutions and in fact we have some information partnerships with some of these companies,” he said.

Where NeuraLegion differentiates from other application security solutions, however, is that it was created specifically for developers, quality assurance and DevOps workers, so even though it can also be used by security professionals, it allows scans to be run much earlier in the development process than usual while lowering costs.

Bashvitz added that NeuraLegion is now used by thousands of developers through their organizations, but it is releasing its self-serve, community product to make its solutions more accessible to developers, who can sign up on their own, run their first scans and get results within 15 minutes.

In a statement about the funding, DNX Ventures managing partner Hiro Rio Maeda said, “The DAST market has been long stalled without any innovative approaches. NeuraLegion’s next-generation platform introduces a new way of conducting robust testing in today’s modern CI/CD environment.”

A Trickbot Assault Shows US Military Hackers’ Growing Reach

This post is by Andy Greenberg from Feed: All Latest

Despite the operation’s short-term effects, it sets new precedents for the scope of Cyber Command’s mission.

Internet Freedom Has Taken a Hit During the Covid-19 Pandemic

This post is by Lily Hay Newman from Feed: All Latest

From surveillance to arrests, governments are using the novel coronavirus as cover for a crackdown on digital liberty.

The Man Who Speaks Softly—and Commands a Big Cyber Army

This post is by Garrett M. Graff from Feed: All Latest

Meet General Paul Nakasone. He reined in chaos at the NSA and taught the US military how to launch pervasive cyberattacks. And he did it all without you noticing.

Split-Second ‘Phantom’ Images Can Fool Tesla’s Autopilot

This post is by Andy Greenberg from Feed: All Latest

Researchers found they could stop a Tesla by flashing a few frames of a stop sign for less than half a second on an internet-connected billboard.

Amazon’s Latest Gimmicks Are Pushing the Limits of Privacy

This post is by Lily Hay Newman from Feed: All Latest

Privacy advocates warn that the Ring Always Home Cam and Amazon One both normalize aggressive new forms of data collection.

Researchers Found 55 Flaws in Apple’s Corporate Network

This post is by Dan Goodin, Ars Technica from Feed: All Latest

The company has patched the vulnerabilities and paid the team of white-hat hackers $288,000.

The Law Comes for John McAfee

This post is by Brian Barrett from Feed: All Latest

Plus: A buggy chastity lock, Iranian disinformation, and more of the week’s top security news.

Android Ransomware Has Picked Up Some Ominous New Tricks

This post is by Lily Hay Newman from Feed: All Latest

While it’s still far more common on PCs, mobile ransomware has undergone a worrying evolution, new research shows.

How Google’s Android Keyboard Keeps ‘Smart Replies’ Private

This post is by Lily Hay Newman from Feed: All Latest

The latest Gboard feature needs to know as much as possible about your digital life to work—but doesn’t share that data with Google.

Apple’s T2 Security Chip Has an Unfixable Flaw

This post is by Lily Hay Newman from Feed: All Latest

The Checkm8 vulnerability that exposed years of iPhones to jailbreaking has finally been exploited in Macs as well.

A Poker Pro Accused of Cheating Wants $330M in Damages

This post is by Brendan I. Koerner from Feed: All Latest

Mike Postle claims he was the victim of an elaborate online campaign to tar him as a fraud—and he’s suing a dozen defendants.

A Dangerous Year in America Enters Its Most Dangerous Month

This post is by Garrett M. Graff from Feed: All Latest

Seven distinct factors between now and the election threaten to combine, compound, and reinforce each other in unpredictable ways.

A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware

This post is by Andy Greenberg from Feed: All Latest

The tool attacks a device’s UEFI firmware—which makes it especially hard to detect and destroy.