Summary:
By targeting the accounts of privileged Reddit employees, hackers got access to two stores of user data and were not detected for a few days. The cellphone accounts of the employees had been compromised so that the SMS messages for Reddit's two factor authentication were intercepted. Users of Reddit should consider changing their passwords.

Summary:
Ahead of the Black Hat conference, a team of researchers at IBM talked about their use of machine learning to develop defense-evading malware. Industry experts interviewed for the story claimed that AI designed hacking tools would become a real threat in the next few years. One claimed that "Whoever you personally consider evil is already working on this." [Editor's Note: The top rank of the Cipher Editor's personal evil list does not include any cybersecurity experts.]

Summary:
In a sealed decision in U.S. District Court in Fresno, a federal and state task force were rebuffed in their effort to compel Facebook to wiretap calls made with the Messenger app. In monitoring the MS-13 gang, the task force had been able to tap all ordinary phone calls, but not Messenger. At issue were 3 Messenger calls made by indicted gang members.

Summary:
Despite Apple's attempts to keep its App Store clean, a very popular app called Adware Doctor appeared to be a double-agent. In addition to its main function of blocking unwanted ads, the app also collected information about what other apps the user ran and sent that information regularly to a server in China. Researchers complained that Apple did not respond forcefully to their concerns, and that the app is, in fact, a reincarnation of an app that was previously banned.

Summary:
Facebook noticed a large surge in use of the "view as" feature that let's a user see his page as though he were an ordinary user, not the owner of the page. After some deep diving into the code, Facebook engineers found that three logic errors combined to open a gaping security hole that let hackers steal the private data of some tens of million of users. It was a "complex" bug with huge implications.

Summary:
On further examination, Facebook came up with the cheerful news that only 30 million accounts had been impacted by the "complex" bug, and of those, only 14 million were subjected to examination of personal user data. [Editor's note: Facebook recently purged a billion "fake" accounts. Perhaps some of them were in the "hacked" category.]

Summary:
New Zealand has new legislation affecting incoming travelers that "balances the protection of New Zealand with individual rights" by allowing custom's agents to demand all passwords necessary to examine a traveler's digital devices. Failure to comply would risk seizure of the items and subjecting them to forensic analysis. Not to worry, this can only be done if the customs officers have reason to suspect wrongdoing.

Summary:
The possibility of adding secret functionality to computer chips, in order to allow the operation of malware, is a problem that has been bothering security experts for a long time. This Bloomberg story says that that day has arrived, and it shows pictures of a tiny bump of metal on a computer board that may have been shipped to many US companies through a trustworthy third party. The board orginated in China, and the chip, it is said, compromised the boot process and allowed malware to exfiltrate data to some remote site.

There is a great deal of argument about whether or not any US companies used the compromised boards. They may have only used them during an evaluation period, or the boards might not exist at all. In the weeks after the story was published, all the named companies denied it, and the FBI announced that it had no open investigation and knew nothing about the boards.

Summary:
Google found a serious privacy bug in its Google+ service, but it did not inform government regulators or users for several months. At that time, it announced that it would be winding down the Google+ service, it would impose new privacy limits on developer's for Android apps, and it would limit the sharing of information about Gmail users. Google said it could not notify users about the bug when it was first discovered because it was not sure which users were affected.