It was the week of Zuck. As Facebook founder and CEO Mark Zuckerberg slogged through more than 10 hours of testimony in front of two different Congressional committees, privacy and security advocates were listening for anything they could glean about how Facebook manages data, implements privacy protections, and helps users make informed choices—or doesn't[1]. Neither session delved as deeply as it could have[2] into specific information about Russian goals and strategies in conducting information operations on Facebook during the 2016 US elections. And Facebook admitted this week[3] that the data consulting firm Cambridge Analytica could have accessed private Facebook messages, on top of everything else, for the 87 million users that were in its reach. Here's how to check[4] if you were one of the users caught in Cambridge Analytica's dragnet.

Meanwhile, researchers have found a troubling "patch gap"[5] in the software updates many Android handsets will claim to have installed versus what patch code is actually present on the phone. In other words, your Android phone may be lying to you about being fully up to date. A new report indicates that attackers are actively exploiting a vulnerability[6] in devices like routers and video game consoles that researchers have been warning about, in vain, since 2006. And it turns out that emergency siren equipment sold by the Boston-based company ATI Systems and used in municipalities around the US isn't adequately encrypted to protect against system tampering[7] or even sabotage.

The internet infrastructure company Cloudflare announced this week that it is expanding its DDoS defense and other web security protections onto corporate networks beyond the public internet[8]. The nonprofit Mozilla Foundation assessed the state

Read more from our friends at