Privacy

bitdefender.com

15,000 private webcams left open to snooping, no password required

Once again concerns are being raised about the sorry state of IoT security, after a security researcher discovered over 15,000 private webcams that have been left wide open for anyone with an internet connection to spy upon.

Read more in my article on the Bitdefender BOX blog.


0 sec read

Medical images and details of 24.3 million patients left exposed on the internet

Researchers discover that confidential images of X-rays, CT and MRI scans related to millions of patients has been left unprotected on hundreds of servers used by health providers worldwide.


1 min read

bitdefender.com

Police raids after data on most of Ecuador’s citizens leaks online

If you’re a citizen of Ecuador, chances are that you’ve had your personal and financial information exposed after an ElasticSearch server was left unsecured.

Victims even include Wikileaks founder Julian Assange…


0 sec read

Smashing Security #145: Apple and Google willy wave while home assistants spy – DoH!

Apple’s furious with Google over iPhone hacking attacks against Uyghur Muslims in China, DNS-over-HTTPS is good for privacy but makes ISPs angry, and concern over digital assistants listening to our private moments continues to rise.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist John Leyden.


2 min read

tripwire.com

Hundreds of millions of Facebook users’ phone numbers found lying around on the internet

A security researcher found a server on the internet containing more than 419 million records related to Facebook users.

No password protection was in place – meaning the treasure trove of phone numbers was available to literally anybody with an internet connection.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #144: Google helps the FBI, Twitter Jack’s hijack, and car data woes

Should Google really be helping the FBI with a bank robbery? What’s the story behind the Twitter CEO claiming there’s a bomb in their offices? And how much does your car really know about you?

And we mourn the loss of Doctor Who legend Terrance Dicks…


2 min read

Earn $2.5 million if you find a remote zero-day exploit for Android

A vulnerability broker is offering up to $2.5 million for zero-day remote exploits which would allow attackers to infect a remote Android smartphone with malware, with no user interaction required. But who will they then sell exploits to?


1 min read

Smashing Security #142: Mercedes secret sensors, smart cities, and ransomware runs riot

Darknet Diaries host Jack Rhysider joins us to discuss how cities in Texas are being hit by a wave of ransomware, how Mercedes Benz has installed a tracker in your car (but not for the reason you think), the security threats impacting smart cities, and a new feature coming to your Facebook app.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.


1 min read

tripwire.com

More than a million people have their biometric data exposed in massive security breach

A biometrics system used to secure more than 1.5 million locations around the world – including banks, police forces, and defence companies in the United States, UK, India, Japan, and the UAE – has suffered a major data breach, exposing a huge number of records and unencrypted fingerprints.

Read more in my article on the Tripwire State of Security blog.


0 sec read

tripwire.com

Cryptocurrency exchange Binance offers $290,000 bounty to unmask blackmailer

One of the world’s largest cryptocurrency exchanges has revealed that it is being blackmailed to the tune of 300 Bitcoin (approximately US $3.5 million) by someone who is threatening to release some 10,000 sensitive photographs of its customers.

Read more in my article on the Tripwire State of Security blog.


0 sec read

SWAPGS attack: The Spectre-like flaw affecting Intel CPUs

Security researchers at Bitdefender have discovered a way of exploiting a flaw in Intel chips that could be used to steal passwords and encryption keys.


54 sec read

500,000 Monzo banking customers told to change their PINs

Mobile-only bank Monzo has apologised for a gaffe which left the PINs of a subset of its customers exposed to its internal engineers.


2 min read

Amazon now lets you opt-out of having humans review your Alexa conversations

Now it’s Amazon’s turn to respond to growing concerns about sensitive personal conversations recorded by digital home assistants are being reviewed by third-party contractors.


40 sec read

Apple’s Siri contractors will no longer hear you having sex, making drug deals

Apple has decided to suspend what it calls Siri “grading” globally, while it conducts a “thorough review.”


1 min read

Google contractors told to stop listening to conversations captured on your Home assistant… for now, in Europe at least

Google has agreed to temporarily stop listening to audio captured by its Google Home smart speaker across the European Union… after an investigation was started by German regulators.


44 sec read

Smashing Security #139: Capital One hacked, iMessage flaws, and anonymity my ass!

Capital One gets hacked, critical vulnerabilities are found in iMessage, and data anonymization may not be as good as we hope. But listen up, we also discuss the Legend of Zelda, a biography of tech giants, offer advice for escaping an angry moose, and are introduced to… Penelope?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast.


2 min read