1. Uber agrees to expand FTC settlement to include 2016 breach by Kia Kokalitcheva

The gears of the court system never stop turning and this week's news regarding Uber's ongoing battle with its privacy and data security practices is a perfect example of that. Uber will have to submit all reports from the third-party audits of its privacy program to the Federal Trade Commission going forward, according to an expanded, proposed settlement it agreed to this week that included 2016’s breach it failed to disclose. To recap: The original settlement was based on an incident from four years ago where hackers infiltrated the transportation company's systems to make off with information on 100,000 drivers.

Federal Trade Commission image via bluemaumau's Flickr photostream, Creative Commons

2. Data exfiltrators send info over PCs' power supply cables by Richard Chirgwin

You have to wonder if the researchers at Ben-Gurion University will ever run out of interesting ways to exfiltrate data. Over the past several years researchers at the university's Cyber Security Research Center have managed to extract data from fanless computers, USB ports, LEDs, heat, a computer's speakers, and even the mechanical movements of a computer's hard-disk drive. This week the group claimed they could use malware to exploit how current flows through the power cords of an air-gapped computer. You can’t fault the researchers for not giving their research a catch name though: they called it PowerHammer. (.PDF)

3. SirenJack flaw exposes problems in emergency alert system by Rene Millman

Speaking of vulnerabilities with catchy names. Bastille, the same security firm that warned of MouseJack, a collection of security vulnerabilities affecting non-Bluetooth wireless mice and keyboards, unveiled SirenJack this week. According to SC Magazine, researchers with the firm say that an emergency alert system developed by ATI Systems and used in cities and towns worldwide lacks encryption. Because of the vulnerability it wouldn't be difficult for an attacker to remotely exploit sirens connected to the system and in turn, cause panic. One only needs to flash back to the Hawaii employee that accidentally sent out a false alarm warning of a missile attack earlier this year to consider how dangerous an errant warning could be.