TechCrunch: Google agrees not to sell facial recognition tech, citing abuse potential

TechCrunch: Google agrees not to sell facial recognition tech, citing abuse potential . “In recent months, pressure has been mounting for major tech firms to develop strong policies regarding facial recognition. Microsoft has helped lead the way on that front, promising to put in place stricter policies, calling for greater regulation and asking fellow companies to follow suit. Hidden toward the end of a blog post about using artificial intelligence to benefit health clinics in Asia, Google SVP Kent Walker affirmed the company’s commitment not to sell facial recognition APIs. The executive cites concerns over how the technology could be abused.”

ZDNet: Facebook bug exposed private photos of 6.8 million users

ZDNet: Facebook bug exposed private photos of 6.8 million users. “Facebook announced today another security incident affecting millions of its customers. This time, the company said that a bug in one of its APIs exposed the private photos of nearly 6.8 million users. Facebook blamed this new leak on a Photo API bug that was present in its backend code between September 13 to September 25, 2018.”

CNET: The worst passwords of 2018 are just as dumb as you’d expect

CNET: The worst passwords of 2018 are just as dumb as you’d expect . “It doesn’t look like we’re getting any smarter about our passwords. On Thursday, software company SplashData released its annual list of the Top 100 worst passwords, and it includes some pretty obvious blunders. Coming in at No. 1 is, you guessed it, ‘123456,’ and in second place is, yup, ‘password.’ This is the fifth year in a row these passwords have held the top two spots. “

Misconfigured server exposed half of all Brazilian taxpayer ID numbers: report (Cyberscoop)

Cyberscoop: Misconfigured server exposed half of all Brazilian taxpayer ID numbers: report. “A database containing personally identifying information of 120 million Brazilian citizens and residents was accessible on the open web for some time, according to a report published Tuesday by cybersecurity company InfoArmor.”

TechCrunch: France’s Ministry of Foreign Affairs says emergency contact information database has been breached

TechCrunch: France’s Ministry of Foreign Affairs says emergency contact information database has been breached. “The Ministry of Europe and Foreign Affairs in France has released a statement announcing that personal information has been stolen in a data breach. Around 540,000 records have been stolen — those records contained names, phone numbers and email addresses.”

Ars Technica: Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail

Ars Technica: Iranian phishers bypass 2fa protections offered by Yahoo Mail and Gmail. “A recent phishing campaign targeting US government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones.”