fbpx

Download free GDPR compliance checklist!

Tag Archives for " cybersecurity "

Google, Cisco and VMware join Microsoft to oppose NSO Group in WhatsApp spyware case

A coalition of companies have filed an amicus brief in support of a legal case brought by WhatsApp against Israeli intelligence firm NSO Group, accusing the company of using an undisclosed vulnerability in the messaging app to hack into at least 1,400 devices, some of which were owned by journalists and human rights activists.

NSO develops and sells governments access to its Pegasus spyware, allowing its nation-state customers to target and stealthily hack into the devices of its targets. Spyware like Pegasus can track a victim’s location, read their messages and listen to their calls, steal their photos and files and siphon off private information from their device.

Source: Google, Cisco and VMware join Microsoft to oppose NSO Group in WhatsApp spyware case | TechCrunch

Law enforcement wiretapped the very service used by criminals to evade interception

The virtual private network (VPN) Safe-Inet used by the world’s foremost cybercriminals has been taken down in a coordinated law enforcement action led by the German Reutlingen Police Headquarters together with Europol and law enforcement agencies from around the world.

This VPN service was sold at a high price to the criminal underworld as one of the best tools available to avoid law enforcement interception, offering up to 5 layers of anonymous VPN connections.

Much of the criminal activity occurring on the network involved cyber actors responsible for ransomware, E-skimming breaches, spearphishing, and account takeovers.

Source: Law enforcement wiretapped the very service used by criminals to evade interception

The vulnerabilities that allowed Russia’s SolarWinds hack have been known for decades

The most stunning thing about Russia’s latest hack of 18,000 computer networks—including those of at least six federal agencies, including the State Department, the Homeland Security Department, and the National Nuclear Security Administration—is not how sophisticated the attack was. It’s that these sorts of attacks are still happening—are still possible, in some cases easy—and that months can go by with nobody noticing them.

The awareness that something like this could happen dates all the way back to the dawn of the internet, when it was a Defense Department research-sharing project called the ARPANET.

Full article: The vulnerabilities that allowed Russia’s SolarWinds hack have been known for decades.

Trump Twitter Account Hacker Won’t Be Punished

The Netherlands’ Public Prosecution Service has announced that Victor Gevers, the Dutch hacker who broke into the Twitter account of US President Donald Trump in October this year, will not be punished.

Even though hacking is a criminal offense in the Netherlands, the nation’s Public Prosecution Service (Openbaar Ministerie – OM) made the announcement after an investigation by the High Tech Crime Team, which found that Gevers’ intent was non-malicious and fell under what are considered ‘special circumstances’, aka ‘responsible disclosure’.

Source: Trump Twitter Account Hacker Won’t Be Punished – SecAlerts – Security vulnerabilities in your inbox

Firefox to ship ‘network partitioning’ as a new anti-tracking defense

Firefox 85, scheduled to be released next month, in January 2021, will ship with a feature named Network Partitioning as a new form of anti-tracking protection.

The feature is based on “Client-Side Storage Partitioning,” a new standard currently being developed by the World Wide Web Consortium’s Privacy Community Group. Network Partitioning will allow Firefox to save resources like the cache, favicons, CSS files, images, and more, on a per-website basis, rather than together, in the same pool.

Source: Firefox to ship ‘network partitioning’ as a new anti-tracking defense | ZDNet

UK Online Safety Bill may have implications for freedom of expression and privacy

The UK Online Safety Bill may have “implications for freedom of expression and privacy” as private messaging may fall within the scope of the regulatory framework, a digital rights group has warned.

On 15 December, the UK government published its full response to the Online Harms White Paper consultation ahead of the publication of the Online Safety Bill next year.

Source: UK Online Safety Bill may have implications for freedom of expression and privacy, says digital rights Group

Sensitive Data Leak From Baidu Apps Allows Lifetime User Tracking According To Researchers

Researchers from Palo Alto Networks discovered data leak from Baidu and other apps that could allow user tracking across devices for a lifetime.

Unit 42 researchers found that Baidu Search Box and Baidu Maps leaked sensitive data that could be used for cross-device lifetime user tracking. Google removed the risky apps from the Play Store on October 28 after receiving the report.

About 1.4 billion people worldwide were affected by the data leak, according to a Unit 42’s estimate.

Source: Sensitive Data Leak From Baidu Apps Allows Lifetime User Tracking According To Researchers – CPO Magazine

Study Shows Robot Vacuum Cleaners Can Be Hacked to Spy on People

Robot vacuum cleaners use LiDAR (light detection and ranging) sensors to navigate and map the floor plan. By modifying LiDAR sensors on robot vacuum cleaners, hackers can use it for LidarPhone attack and listen to private conservation for extracting sensitive information.

As the robot cleaner maps the floor by pointing lasers at nearby objects such as dustbins, desks, speakers, or even takeaway bags, the researchers were able to obtain the original sound that vibrated on the object. They found that glossy polypropylene bags were the best reflector of sound while glossy cardboard was the worst.

Source: NUS Study Shows Robot Vacuum Cleaners Can Be Hacked to Spy on People

Cloudflare and Apple design a new privacy-friendly internet protocol

Engineers at Cloudflare and Apple say they’ve developed a new internet protocol that will shore up one of the biggest holes in internet privacy that many don’t know even exists.

Dubbed Oblivious DNS-over-HTTPS, or ODoH for short, the new protocol makes it far more difficult for internet providers to know which websites you visit.

Source: Cloudflare and Apple design a new privacy-friendly internet protocol | TechCrunch

Court orders encrypted email biz Tutanota to build a backdoor in user’s mailbox

Tutanota has been served with a court order to backdoor its encrypted email service – a situation founder Matthias Pfau described to The Register as “absurd.”

Court in Germany last month ordered Tutanota to help investigators monitor the contents of a user’s encrypted mailbox. The site has until the end of the year to add functionality to perform this surveillance.

Source: Court orders encrypted email biz Tutanota to build a backdoor in user’s mailbox, founder says ‘this is absurd’ • The Register

>