The CEO of Strava promises to work with the US military and Government to better keep sensitive data secure. The company's fitness app generated a publicly accessible heat map of user activity that could be readily correlated with the location of sensitive US bases. Even anonymized and aggregated data can yield interesting intelligence.
An opinion piece in Technology Review argues that when it comes to user privacy, you're probably on your own. A report in the Guardian seconds that conclusion, noting that Strava isn't the only app tracking you: you're just a tap away from giving yourself away.
Hackers thought to be associated with Iran have been phishing Israeli nuclear scientists. The bait consists of links to bogus British news sites.
Phishing in the interest of state security can be done cheaply and without much skill. The University of Toronto's Citizen Lab has a report on a campaign directed against "members of the Tibetan community." For just a thousand dollars the phishers successfully spied for nineteen months.
Observers note that the large denial-of-service campaign against financial institutions in the Netherlands came shortly after stories broke about Dutch intelligence services having hacked into Russia's Cozy Bear.
Cisco has patched serious vulnerabilities in its VPN offerings. Users are advised to apply the patches as soon as possible.
In cryptocurrency news, South Korean authorities report $600 million in fraud, but will permit trading to continue. And the US Securities and Exchange Commission last week alleged fraud and shut down AriseBank's initial coin offering.