"Your fridge and your laptop should not be on the same network," the FBI's Portland office said in a weekly tech advice blog and warned owners of Internet of Things (IoT) devices to keep their primary devices, such as laptops, desktops, or smartphones on a separate WiFi network.By keeping all the IoT equipment on a separate network, any compromise of a "smart" device will not grant an attacker a direct route to a user's primary devices, where most of their sensitive data is stored. Jumping across the two networks would require considerable effort from the attacker. Read the full article to learn more tips on how to secure your IoT devices....
Whether you're worried about Google's recent $2.1 billion purchase of Fitbit or just generally conscious about your privacy, you should pay attention to where your health and fitness data goes and who has access to it.It's among the most sensitive data you have. Sadly you can't control where all of your health information goes, but you can still dedicate a few minutes to a health data audit, making sure your calorie burns and step counts are entirely private. Or, if not, that they're shared only by choice. Read more to learn how to lock down your health data here on WIRED.
Security researchers found an unsecured server that exposed 1.2 billion records of personal data, including email addresses, employers, locations, job titles, names, phone numbers, and social media profiles. While the number is remarkable for its sheer volume, the data doesn't include other sensitive information like passwords, credit card numbers, or Social Security numbers.
Vinny Troia, the security researcher who made the discovery, said: "This is the first time I've seen all these social media profiles collected and merged with user profile information into a single database on this scale. From the perspective of an attacker, if the goal is to impersonate people or hijack their accounts, you have names, phone numbers, and associated account URLs. That's a lot of information in one place to get you started."More details here at WIRED
This year's Black Friday is expected to break all previous records, with consumers estimated to spend $29 billion online over Thanksgiving weekend. Cybercriminals will also be busier than ever using malware to target both you and the online retailers you trust. Some hackers attack retailers' websites directly. Many more frauds, however, are designed to lure you away from genuine sellers and direct you toward malicious websites or apps that often spoof familiar retailers like Amazon or Walmart.
The best protection against these scams is having the knowledge to identify these threats. Take a look at the list of popular scams to make sure not to get duped this holiday season.
Read the full article here: CNET
A new vulnerability has been found in the Camera apps for millions, if not hundreds of millions, of Android devices that could allow other apps to record video, take pictures, and extract GPS data from media without having the required permissions.
Android apps expose various intents, or functions such as the ability to take a picture, that can be executed by other apps on the device. In order to execute an exposed intent, another app has to have the needed permissions.
In a coordinated disclosure with Google and Samsung, researchers from Checkmarx disclosed today a new vulnerability that allows apps to take pictures, record videos, or get a device's location even if they do not have permissions to do so.
This vulnerability, known as CVE-2019-2234, is known to affect the Google Camera and Samsung Camera apps if they have not been updated since before July 2019.
After analyzing the Google Pixel's Camera app, Checkmarx researchers discovered numerous intents that could be combined to manipulate the device's camera in order to take pictures and record video.
Normally, an app needs to have the android.permission.CAMERA, android.permission.RECORD_AUDIO, android.permission.ACCESS_FINE_LOCATION, and android.permission.ACCESS_COARSE_LOCATION permissions in order to record video, take pictures, or access a device's location.
Checkmarx discovered that apps that have the 'Storage' permission, which gives the app access to the device's entire SD card and the media stored on it, also gives an app the ability to use the Camera app's exposed intents without the permissions listed above.
"A malicious app running on an Android smartphone that can read the SD card, not only has access to past photos and videos, but with this new attack methodology, can be directed to initiate (take) new photos and videos at will. And it doesn’t stop there. Since GPS metadata is usually embedded into the photos, the attacker can take advantage of this fact to also locate the user by taking a photo or video and parsing the proper EXIF data. "
San Francisco residents have been suffering from a recent rise in laptop and gadget thefts from their cars, which has raised questions about whether burglars are using Bluetooth scanners to choose target cars based on which have gadgets inside emitting wireless signals.
Bluetooth scanner apps are easily accessible by anyone, and they use the smartphone's own internal Bluetooth sensors to find nearby signals. These apps can provide details like what type of device they're picking up, whether that device is connected to another device over Bluetooth, and how close the listed devices are within a few meters. Police say they now know that the thieves are utilizing these scanners and advise people not to leave their devices in their cars.Read More here