Privacy, Threat Management

No fix for garage door bug that allows attackers to open door, manipulate alarm and meddle with smart plugs

A security researcher named Sam Sabetan had already reported the security vulnerabilities he had found in some Nexx products, but the company refused to address the issue, SecurityWeek reports. Sabetan found the bugs last year and disclosed details about them earlier this week. Most of these bugs are of high or critical severity ratings and could let threat actors remotely open garage doors and hijack alarms and smart plugs. The U.S. Cybersecurity and Infrastructure Security Agency said Nexx also ignored its attempts to report the bugs. The agency simultaneously rolled out an advisory warning potential victims about the threat. It is estimated that over 40,000 devices, located in both residential and commercial properties, are impacted. Furthermore, I determined that more than 20,000 individuals have active Nexx accounts, Sabetan explained. Hackers only require a targeted user's name, email address, device ID, or MAC address in order to launch successful attacks using the bugs.

Related

HIPAA updated to include more robust reproductive health data privacy protections

The Department of Health and Human Services has introduced updates to the Health Insurance Portability and Accountability Act that would prevent healthcare organizations, doctors, and insurers from providing protected health information to state prosecutors in a bid to bolster abortion providers' and patients' privacy protections, according to The Record, a news site by cybersecurity firm Recorded Future.

Senate OKs Section 702 reauthorization bill

Approval has been given by the Senate to legislation that would extend Section 702 of the Foreign Intelligence Surveillance Act for another two years, which headed to the desk of President Joe Biden just minutes after the surveillance law expired, reports CyberScoop.

More data broker regulation needed in draft privacy bill

More protections against data brokers were urged by lawmakers and data privacy experts to be added to the draft American Privacy Rights Act, which would only allow the deletion of consumer data provided that individual requests are made to the data brokers, reports The Record, a news site by cybersecurity firm Recorded Future.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.