Privacy

bitdefender.com

Hacking the iOS/macOS webcam – Apple pays out $75,000 to bug hunter

A vulnerability researcher has received a bug bounty after discovering security holes in Apple’s software that could allow malicious parties to hijack an iPhone or Mac user’s camera and spy upon them.

Read more in my article on the Hot for Security blog.

tripwire.com

Zoom promises to improve its security and privacy as usage (and concern) soars

Having suddenly found itself with a gigantic increase in usage, Zoom was facing a crisis. It risked losing a large amount of the goodwill it had received because of revelations about its less-than-perfect attitude towards security and privacy.

Lets hope it keeps to its word and begins to threat the safety of its users as a priority.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #172: UncleF***Face

Carole details how companies are spying on their stay-at-home workers, Mikko Hyppönen discusses the trustworthiness of video chat apps, and Graham gets embarrassed when he admits he’s bought a Facebook Portal for his in-laws.

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with Graham Cluley and Carole Theriault.

The UK Cabinet is meeting on Zoom… here’s the meeting ID

In case you’ve lost the Zoom meeting ID for today’s UK Cabinet meeting, here it is.

Has Houseparty really been hacked? $1 million reward offered to unearth who is behind widespread claims

In recent days warnings have spread rapidly across social networking sites that the Houseparty app – which makes it easy for anyone to drop in for a video chat with friends locked down during the Coronavirus pandemic – is unsafe.

But is there any evidence?

Smashing Security #171: WhatsApp hoaxes, Zoombombs, and 8-bit love

Blackmailers are threatening to infect your family with Coronavirus, trolls are making Zoom an unsafe place for those of a sensitive disposition, and what is the mysterious Dr Negrin audio message spreading on WhatsApp?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast.

bitdefender.com

Have you patched your IoT devices against the KrØØk Wi-Fi chip flaw?

Unpatched IoT gadgets, smartphones, tablets, laptops, Wi-Fi access points and routers with Broadcom chips are all at risk from the KrØØk vulnerability.

Read more in my article on the Bitdefender BOX blog.

The Shield: the open source Israeli Government app which warns of Coronavirus exposure

The Israeli health ministry released a smartphone app which takes location data from users’ phones in an attempt to determine if they might have been exposed to the COVID-19 Coronavirus.

Should you be worried about your privacy? Perhaps not.

Security firm leaves more than five billion records exposed on unsecured database

A massive database, containing more than five billion records derived from past security breaches between 2012 and 2019, has been left unprotected, without any password protection on the internet.

And who left it exposed? A security firm.

Smashing Security #170: PornHub, Coronavirus apps, and remote working

It’s a self-isolated Coronavirus special as we discuss with our quarantined special guest how COVID-19 is making itself felt in the world of cybersecurity, and we offer tips on how to better protect yourself if you’re unexpectedly working from home.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with Graham Cluley and Carole Theriault, joined this week by Malicious Life’s Ran Levi from his attic.

Smashing Security #169: Burglaries, breaches, and bidets

How one guy’s exercise routine made him a burglary suspect, how multi-factor authentication can cause headaches as well as stop hacks, and how Virgin Media got itself in a pickle over its sloppy data security.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

bitdefender.com

Secret-sharing app Whisper failed to keep users’ fetishes and locations private

Security researchers raised the alarm after discovering that hundreds of millions of Whisper users’ intimate messages, tied to their locations, had been left publicly available since the app’s launch in 2012.

Read more in my article on the Hot for Security blog.

Comcast Xfinity published the contact details of 200,000 customers who paid for them to be kept private

Nearly 200,000 customers in the United States, who thought they were paying Comcast Xfinity to keep their information safely out of the public eye, have had their details exposed on the company’s online directory… putting their safety and privacy at risk.

Virgin Media left 900,000 consumers’ details exposed in unsecured database

One of the UK’s largest internet providers has admitted that it left a database containing the unencrypted details of more than 900,000 UK residents – including existing and potential customers – freely accessible to anybody on the internet, with no password required.

Exposed data included records which could have linked users to pornographic websites.

Smashing Security #168: The Bitcoin fraud factory

Fraudsters steal millions from those hoping to jump on the Bitcoin bandwagon, Twitter verifies a fake US politician, and it’s another face palm for facial recognition.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s Dave Bittner.

Police raid tech support scam centre who had their CCTV hacked by vigilantes

An indepth investigation by online vigilantes has exposed the activities of an Indian tech support scam centre.

Extraordinarily, fraudsters had the tables turned on them as YouTuber Jim Browning was able to hack into the call centre and access recordings of scam phone calls and even watch live CCTV footage exposing the criminals at work.