Welcome to Codebook, your now-weekly source of cybersecurity news and dad jokes.
Illustration: Lazaro Gamio/Axios
Democratic senators involved in a key bipartisan working group left a Wednesday evening meeting with little to say about whether they were making progress on a national privacy bill Republicans hope will preempt state measures.
Why it matters: There is a unique convergence of forces behind privacy regulation. If the United States is ever going to pass a federal privacy law, the time might be now — and that's brought a wide array of stakeholders out of the woodwork to give advice.
The big picture: Republican lawmakers and groups like the U.S. Chamber of Commerce, typically hostile to regulation, are currently advocating federal privacy laws.
Browser-maker Mozilla, for example, released a framework for regulation Thursday focusing on a few key issues.
Details: The working group includes Senate Commerce Committee chairman Roger Wicker (R-Miss.), as well as panel members Sens. Richard Blumenthal (D-Conn.), Jerry Moran (R-Kan.) and Brian Schatz (D-Hawaii).
The intrigue: In the public mind, the debate around passing privacy regulation would pit ad-centric web companies like Facebook or Google against Congress. The reality is far different.
The fallout: The mix of advocates for a privacy law has created wildly different visions of what a final version could look like.
David McCabe contributed reporting.
UpGuard reports that two Facebook apps left user data exposed on cloud servers.
But, but, but: Some accounts have framed the story as a Facebook problem, and that's a stretch.
Hear me out: There's no evidence either of the Facebook apps — one from Mexican company Cultura Colectiva and one titled At The Pool — mined data in a way inconsistent with the permissions that users directly granted them.
The big picture: Typically, the flow of these data exposure stories works like this: A big company, let's call them SuperGlobalMegaCorp, either licenses data to a smaller company or employs a subcontractor, and that subcontractor improperly stores the data.
The other side: Axios' Scott Rosenberg argues that all the companies involved in data spills like this should take more responsibility.
Photo: Odd Andersen/AFP via Getty Images
German pharmaceutical firm Bayer announced it detected and eliminated an attack from its systems, reports Reuters.
The big picture: Bayer believes it was the Winnti group who orchestrated the attack. Winnti is associated with industrial espionage — Bayer does not believe that any industrial secrets were stolen — and some researchers have linked the group to China.
Details: Bayer found malware from the group in early 2018 and monitored the infection between then and March of this year, when it evicted the group.
London Blue, a criminal racket targeting businesses with email scams, is increasingly targeting Asian firms, according to a new report from email security firm Agari, and it's evolving its tactics to better hide criminal activity.
Background: The group first came to light when it tried to scam money from Agari, whose bread and butter is researching these kinds of email fraudsters.
Details: While U.S. targets still make up the plurality of London Blue's victims, the share of Asian targets is rising.
Codebook will be back on Thursday, our new weekly slot.