Cyber security news and services

Google and Apple Plan to Turn Smartphones into Coronavirus Contact-Tracking Devices


Apple and Google have joined forces to develop an interoperable contract-tracing tool that will help individuals determine if they have come in contact with someone infected with COVID-19. When two people come in close contact for a certain period of time (say 10 minutes or more), their phones will exchange anonymous identifier beacons. The identifiers rotate every 15 minutes and have no personally identifiable information. If one of the two is positively diagnosed for COVID-19, that infected person can enter the test result into an app from a public health authority that has integrated the aforementioned API.…
Read more ⟶

Zoom banned from New York City schools due to privacy, security flaws


A few weeks ago, New York City’s 75,000 teachers scrambled to learn how to use videoconferencing services like Zoom as novel coronavirus cases began to rise and schools prepared to close their doors and institute remote learning. Now, the city’s teachers will have to scramble once more, after Department of Education Chancellor Richard Carranza announced late last night that he had decided to ban Zoom, citing security and privacy issues with the platform.…
Read more ⟶

Facebook tried to buy NSO Group’s iOS spyware to monitor iPhone users


Reported by Motherboard, when Facebook was starting to build its spyware cloaked in a VPN product, Onavo Protect for iOS and Android, the social media company reached out to the controversial company NSO Group that creates spyware for government agencies. NSO declined to sell Pegasus to Facebook, but it stillbuilt and launched Onavo without Pegasus as a spyware tool in early 2018 under the misleading pretense of being a VPN app.…
Read more ⟶

Boeing 787s must be turned off and on every 51 days to prevent ‘misleading data’ being shown to pilots


The US Federal Aviation Administration has ordered Boeing 787 operators to switch their aircraft off and on every 51 days to prevent what it called ‘several potentially catastrophic failure scenarios’ – including the crashing of onboard network switches. The airworthiness directive, due to be enforced from later this month, orders airlines to power-cycle their B787s before the aircraft reaches the specified days of continuous power-on operation. The power cycling is needed to prevent stale data from populating the aircraft’s systems, a problem that has occurred on different 787 systems in the past.…
Read more ⟶

A New York Power Plant Is Mining $50K Worth of Bitcoin a Day


Greenidge Generation, a natural gas power plant near the town of Dresden in the Finger Lakes region, announced it had successfully installed a mining farm in its facility. Comprised of nearly 7,000 mining rigs and powered by electricity generated on-site, the facility can mine an average of 5.5 bitcoins (BTC) every day, roughly $50,000, according to CoinDesk’s Bitcoin Price Index. Greenidge uses its own ‘behind the meter’ power, the generated electricity it uses itself at the basic cost of production.…
Read more ⟶

Google Says It Doesn’t ‘Sell’ Your Data. Here’s How the Company Shares, Monetizes, and Exploits It.


‘Google will never sell any personal information to third parties; and you get to decide how your information is used.’ – Sundar Pichai Sound familiar? Although big tech companies like Google keep the lights on by harvesting and monetizing your personal data, they can be quick to mince words and deny the strawman scenario of exchanging hard drives full of your data for a suitcase of money. Now California law has given them another reason to deny and deflect.…
Read more ⟶

TikTok instructed moderators to suppress posts by ‘ugly’ and poor users


Internal documents, published byThe Intercept over the weekend, show that the social network instructed moderators to not promote videos from users who had ‘ugly facial looks’ such as scars, too many wrinkles and fangs to the app’s ‘For You’ page. Getting a video highlighted on that page could help a user attract more views and followers. Users who had an ‘obvious beer belly’ or shot their videos in a ‘shabby and dilapidated’ environment such as a slum might have also been excluded from the page.…
Read more ⟶

Senate bill would ban TikTok from government phones


Concerns over cybersecurity risk and possible spying by China have already brought about bans from DHS, DoD, TSA, and the State Department. On Thursday, two US senators introduced a bill that would ban all federal employees from using the Chinese singing/dancing/jokey platform on government phones. The bill comes from Senators Josh Hawley (R-MO) and Rick Scott (R-FLA). It would expand on current TikTok bans from the State Department, the Department of Homeland Security (DHS), the Department of Defense (DoD), and the Transportation Security Administration (TSA).…
Read more ⟶

Working From Home? Zoom Tells Your Boss If You’re Not Paying Attention


If you’re working from home and using Zoom, you probably want to read this. During the COVID-19 pandemic, millions of Americans will be forced to work, play, and learn from home for the foreseeable future. Such a massive shift will lean not only on shaky and expensive U.S. broadband networks, but popular teleconferencing programs that often don’t quite work as advertised. Zoom in particular has seen a flood of new users, and the company’s stock has jumped roughly 20 percent since the COVID-19 outbreak began.…
Read more ⟶

Europol busts up two SIM-swapping hacking rings


What a nightmare: your phone goes dead, and you can’t log into your bank account because it’s controlled by a hacker who’s draining you dry. After months-long, cross-border investigations, Europol announced on Friday that it’s arrested more than two dozen people suspected of draining bank accounts by hijacking victims’ phone numbers via SIM-swap fraud. Following a ramp-up in SIM-jacking over recent months, police across Europe have been gearing up to dismantle criminal networks that organize these attacks, Europol says.…
Read more ⟶

Researchers Uncover a Nigerian Hacker’s Pursuit of his Million Dollar Dream


Social engineering-driven malware threats continue to be a big threat, but new research details how cybercriminals profit off such schemes to launder hundreds of thousands of dollars from stolen credit cards of unsuspecting victims. Source: thehackernews.com…
Read more ⟶

iPhone Unlocking Tech GrayKey Went Up in Price Because Hacking iPhones Got Harder


The cost of an annual license for the online version of GrayKey increased to $18,000, according to emails obtained by Motherboard. Last year, iOS forensics firm Grayshift increased the price of one of its iPhone unlocking products because breaking into iPhones became harder, according to emails obtained by Motherboard. The news shows that although federal agencies and local police around the country have purchased the company’s GrayKey device to break into locked and encrypted iPhones, that sort of access is not necessarily constant.…
Read more ⟶

WordPress and Apache Struts account for 55% of all weaponized vulnerabilities


WordPress and Apache Struts account for 55% of all weaponized vulnerabilities Comprehensive study looks at the most attacked web technologies of the last decade. A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. Source: zdnet.com…
Read more ⟶

Hospitals Need to Repair Ventilators. Manufacturers Are Making That Impossible


We are seeing how the monopolistic repair and lobbying practices of medical device companies are making our response to the coronavirus pandemic harder. As hospitals face the prospect of a critical ventilator shortage caused by the worst public health crisis in a century, they face another problem: not being able to repair the ventilators that they do have. This is because, like John Deere, Apple, and so many other electronics companies, the major device manufacturers have spent the last several years cementing a repair monopoly.…
Read more ⟶

The Facebook Container for Firefox


For those who would like to opt out of Facebook tracking, the Facebook Container extension for the Firefox browser will block those embedded widgets on non-Facebook pages. And in doing so, Firefox helps you protect your browsing history and data from Facebook. Source: mozilla.org…
Read more ⟶

US Army scraps $1b. Iron Dome project, after Israel refuses to provide source code


Since 2011, Congress has provided Israel more than $1.5 billion to produce Iron Dome batteries, developed by Rafael Advanced Defense Systems. In August 2011, Raytheon and Rafael — which partnered on David’s Sling, a US-Israeli cooperative missile defense development program — announced an agreement to allow Raytheon to market Iron Dome in the United States. In 2014, the US and Israeli governments signed a co-production agreement to enable some portions of the Iron Dome system to be produced in the United States.…
Read more ⟶

The Case for Limiting Your Browser Extensions


Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who’d edited the Web site in the past month. The incident is a reminder that browser extensions — however useful or fun they may seem when you install them — typically have a great deal of power and can effectively read and/or write all data in your browsing sessions.…
Read more ⟶

Top 10 Most Innovative Cybersecurity Companies After RSA 2020


10 most innovative cybersecurity companies that deserve your attention by their distinctive technical or scientific approach, value-proposition or long-term vision. Source: thehackernews.com…
Read more ⟶

Alleged Vault 7 leaker trial finale: Want to know the CIA’s password for its top-secret hacking tools? 123ABCdef


Joshua Schulte stands accused of stealing the highly valuable materials directly from the CIA’s innermost sanctum and slipping them to WikiLeaks to share with the rest of the planet. Federal prosecutors have spent the past four weeks explaining exactly why they believe that to be the case. And Uncle Sam’s lawyers have developed a compelling case to send Schulte away for virtually the rest of his life. But Schulte’s lawyer, Sabrina Shroff, has picked away at that seemingly watertight case, and pointed out, countless times, that the evidence against her client is dangerously thin.…
Read more ⟶

Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys


Over the past few years, owners of cars with keyless start systems have learned to worry about so-called relay attacks, in which hackers exploit radio-enabled keys to steal vehicles without leaving a trace. Now it turns out that many millions of other cars that use chip-enabled mechanical keys are also vulnerable to high-tech theft. A few cryptographic flaws combined with a little old-fashioned hot-wiring—or even a well-placed screwdriver—lets hackers clone those keys and drive away in seconds.…
Read more ⟶