Plus, the US and EU team up against ransomware, and the right to repair
Nonprofit privacy activist group Fight for the Future has launched a new website that tracks the decisions of major American colleges and universities to either do away with or continue using eproctoring software – apps that, Fight for the Future claims, endanger privacy and use racist algorithms. “The practice has sparked controversy in the U.S., with critics in both academia and government citing privacy concerns and the potential for such software to discriminate against marginalized students,” the group states on the website, which provides links to tweet and email the schools, as well as a petition to sign that calls for the banning of eproctoring apps. Eproctoring platforms like ProctorU and Proctorio were utilized by many schools during the pandemic to monitor students taking online exams. The software makes use of the students’ webcams to record them as they work, using either live monitors or automated systems to watch for signs of cheating. Avast researcher Luis Corrons thinks a complete ban of the software is a bit extreme. “Privacy is one of our most precious treasures, and we have to protect it,” he commented. “But starting witch hunts and advocating for censorship is the wrong approach. The algorithms might be off, but to fix them there is no need to ban or censor any software.” For more on this story, see The Verge. Following the E.U.-U.S. Justice and Home Affairs Ministerial Meeting in Lisbon this past week, the European Council issued a joint statement recapping how the E.U. and U.S. restated their commitment to work together in matters of cybercrime, with particular focus on ransomware. After the meeting, U.S. Secretary of Homeland Security Alejandro Mayorkas commented, “We have now a new ransomware working group to address the scourge of ransomware that has hurt the U.S. so much, and so many other countries.” The use of ransomware has surged globally since the pandemic began. For more, see Politico. Illegal data-selling group Marketo emailed their victim’s competitor companies to offer a “demo pack” of the stolen data, with the option to buy the whole package. “We have confidential and personal data, info about their tax payments, clients and partners. That might significantly lower the NASDAQ price,” the email reads. Bleeping Computer, which saw the email, reported that the list of emailed competitors included “multi-national billion-dollar companies whose names would be immediately recognizable to everyone.” The data in question allegedly comes from a large, heavy machinery and defense technology company that Marketo claims to have breached in April. A week after Ukranian police arrested 6 individuals associated with the Cl0p ransomware gang, that very same group published a fresh batch of data purportedly stolen in a recent hack. According to Ars Technica, the data has not yet been verified; but if it turns out to be genuine, it will show that the group was not hindered by the arrests, suggesting the apprehended suspects may have been affiliates and lesser players, not core leaders of the gang. Cl0p has been around since at least 2019, and has targeted a variety of entities including Shell oil company, U.S. bank Flagstar, and Stanford University. Congressman Joseph Morelle of New York filed legislation this week to make it easier for consumers to fix their own broken devices without having to pay exorbitant fees to the original manufacturers. If passed, the Fair Repair Act would require manufacturers like Apple and John Deere to give device owners and third-party repair shops access to replacement parts, diagnostic information, and any special tools needed to repair their electronics. Various similar “right-to-repair” movements have been launched at the state level but there is as yet no national law. The right-to-repair movement also pushes back against the trend of “planned obsolescence.” For more on this story, see Gizmodo. Amazon's "Just Walk Out" stores and technology take the collection of shopper data to the next level. We've taken a close look at the way that these Amazon outlets collect customers' money, how they access their data, and some of the privacy implications tied to this recent tech.US & EU team up against ransomware
Data thieves offer victim’s data to rivals
Arrests don’t stop Cl0p ransomware gang
Fair Repair Act goes to Washington
This week’s ‘must-read’ on The Avast Blog