The FTC this morning announced the final details of its settlement with Facebook. Reuters reports that Facebook will, in addition to its financial penalties, be required to establish a board-level privacy committee. CEO Zuckerberg will be expected to certify, quarterly, that the company is properly safeguarding user privacy.
The complaint accompanying the settlement asserts that Facebook misled users about use of their data, insecurely implemented two-factor authentication, and failed to properly inform users about the access third-party apps had to "friends'" data. The Washington Post headline calls the penalties "stunning," but this is a minority view, undercut by the article itself, which recounts the ways in which Facebook arguably got off lightly.
Digital Revolution has named the hackers, "0V1ru$," who gave them the FSB documents now posted online. The files are said to come from SyTech, a Moscow contractor working for Unit 71330, an FSB shop that Naked Security says does signals intelligence.
BlueKeep exploitation grew likelier with publication of a guide to weaponizing the vulnerability. Ars Technica says the explainer appears associated with Tencent KeenLab. It's been posted as a slide deck to GitHub.
The US National Security Agency is creating a new directorate for cybersecurity. The Wall Street Journal reports that the new organization will become operational on October 1st. It will be led by Anne Neuberger, formerly NSA's Chief Risk Officer. The directorate is said to represent a closer coupling of defensive and offensive capabilities.
The US Justice Department is opening an anti-trust investigation into Big Tech.