1. Exfiltrating data from the browser using battery discharge information by Lukasz Olejnik

File this under far-fetched but feasible: Researchers found a way to leak data from a battery if it's been "poisoned." The attack, broken down by Princeton’s Center for Information Technology Policy blog Freedom to Tinker on Wednesday, relies on tricking an API used by major web browsers called the W3C Battery Status API. Academics from Technicon, Hebrew University, and UT Austin recently published the paper the research is on, “Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices (.PDF)" Assuming an attacker could swap in a malicious battery or poison hardware at a factory, perhaps in a supply chain attack, they could determine information about that user, including what kind of sites they visited, characters typed, when a camera shot was made, and when an incoming call was made. It's hard to imagine actually seeing this pulled off in real life but the fact that it's possible in the first place is fascinating enough for me to include it here.

2. Cybersecurity: Why this Spanish region has just created a new research center by Anna Solana

Spain is bulking up its cyber research capabilities and one new center has an excellent name: Cybercat. The center, which recently opened in the Catalonia region, was partially spurred after attacks against the area government increased by 200 percent last year. According to ZDNet's Anna Solana going forward the center will consult with organizations on how to comply with the EU's General Data Protection Regulation (GDPR) and solve issues revolving around IoT and engaging smart cities. The group is comprised of seven research groups from the region, located in northeastern Spain, 100 researchers, with over €6M ($6.9M) revenue.

3. Android Gets New Anti-Spoofing Feature to Make Biometric Authentication Secure by Mohit Kumar

Google unveiled a new model – part of its Android mobile operating system – this week designed to enhance biometric security and keep users' data safer. The new model doesn't have a nifty name but it will tamp down its biometric authenticatiion mechanism. Currently the system uses two metrics to verify biometrics. While those techniques are well and good - Google isn't doing away with them - it is deploying two new metrics that "account for an attacker in the threat model," according to Mohit Kumar over at The Hacker News. Kumar cites an even more in depth blog on the subject via Vishwath Mohan, a security engineer with Android, for those seeking more information on Google’s recent fortifications.