Privacy

Internet-enabled dash cams that allow anyone to track your GPS location in real-time

Watch out car drivers. If you have have installed a BlackVue dash cam into your vehicle you might have unwittingly made available your real-time GPS location.

tripwire.com

PlanetDrugsDirect reveals security breach, warns customers their data may have been exposed

Canadian online pharmacy PlanetDrugsDirect.com has contacted customers warning them that their data might have been exposed in what they euphemistically describe as a “data security incident”.

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

Peekaboo Moments app left baby videos, photos, and 800,000 users’ email addresses exposed on the internet

The developer of a smartphone app has carelessly left a database accessible to anybody with an internet connection, leaving exposed a database of millions of records containing baby videos and photos, as well as the email addresses of users.

Read more in my article on the Hot for Security blog.

PussyCash adult webcam data breach exposes highly sensitive data of models

You may have been expecting to reveal a lot by signing up as an adult webcam model, but I doubt this is quite what you had in mind.

Amazon Ring fired staff for snooping on customers’ security videos

It’s not only external hackers who pose a threat to the customer data that your company stores.

tripwire.com

Man jailed for using webcam RAT to spy on women in their bedrooms

A British man has been jailed for two years after police caught him using a notorious Remote Access Trojan (RAT) to hijack the webcams of young women, and spy upon them.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #160: SNAFUs! MS Word, Amazon Ring, and TikTok

We discuss how Microsoft Word helped trap a multi-million dollar fraudster, how Amazon Ring may be recording more than you’re comfortable with, and how teens are flocking to TikTok (and why that might be a problem).

All this and much more is covered in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Smashing Security #158: The man behind The Missing Cryptoqueen

We’re joined by special guest Jamie Bartlett of “The Missing Cryptoqueen” podcast in this bumper episode where we discuss his investigation into the OneCoin cryptocurrency scam, the Russian cybercriminals behind Evil Corp, and the mysterious leaks about the NHS that have turned oh-so-political…

All this and much much more can be found in the latest edition of the “Smashing Security” podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.

bitdefender.com

1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre

1&1 Telecom GmbH has been hit with one of the largest fines dished out so far under European GDPR legislation, Germany’s federal privacy watchdog has announced.

Read more in my article on the Hot for Security blog.

49% of workers, when forced to update their password, reuse the same one with just a minor change

A new survey has revealed some alarming news about the way users are choosing their passwords in their homes and workplace.

tripwire.com

Facebook and Twitter warn some users’ private data was accessed via third-party app SDK

Facebook and Twitter have announced that personal data related to hundreds of users may have been improperly accessed after users logged into third-party Android apps with their social media accounts.

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

Millions of Android phones may be vulnerable to camera spying vulnerability

Security researchers have uncovered a vulnerability in Android smartphones that could allow an attacker to secretly take photos and record videos without any permissions being granted.

Read more in my article on the Hot for Security blog.

About the “easy to hack” EU Exit: ID Document Check app

The British Home Office’s app for EU citizens applying to live and work in the UK post-Brexit “could allow hackers to steal phone numbers, addresses and passport details.”

But is this something worth losing any sleep over?

Donation details “leak” from the Labour Party website

You may have missed it amongst the many news reports of the denial-of-service attacks troubling Labour, but that wasn’t the only reason the UK political party made the cybersecurity headlines this week.

Medical data is being leaked by NHS pagers, and then broadcast for the world to see…

Medical data is being broadcast unencrypted by hospitals across the UK, as ambulances are directed to respond to 999 emergency calls.

How Facebook helps an abusive ex-partner find out your new identity, even after you’ve blocked them

Imagine you’re in an abusive relationship, and things have turned violent.

You leave him, block his Facebook account, and update the name on your profile to hide your identity.

Would you expect your ex-partner to be able to see what your new name is?