Security researchers found flaws in a smart tracker that was aimed at the elderly, especially those with dementia or other cognitive issues. In research released late this week, Pen Test Partners found flaws in source code that the manufacturer posted publicly. Most of the watches use SETracker as a backend, an app owned by the…
Enterprise CISOs are used to worrying about corporate data leaks via typical mobile, remote locations, IoT and Shadow IT. But what about the vehicles used by so many people who have access to the systems and data you are paid to protect? Although those vehicles technically fall into many of those categories (mobile, remote and…
A little over two years since GDPR took effect and a few days after California began to enforce the CCPA, a study found more than one-third – 37 percent – of U.K. cybersecurity professionals expect the number and monetary amount of fines their employers face for not adequately safeguarding data will increase by 2025 even…
Employers who have suddenly shifted a large percentage of their workforce to remote due to Covid-19 no doubt will shudder by the findings of a new Fraunhofer Institute for Communication, Information Processing and Ergonomics study that concluded no home router was without security vulnerabilities. The German tech think tank analyzed 127 home routers from seven…
Proponents of the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARNIT) might tout its tough stance on online child sexual abuse material but privacy and digital rights advocates contend the bill, just passed by the Senate Judiciary Committee, will erode end-to-end encryption. EARN IT revokes Section 230 protection for internet intermediaries for what…
A misconfigured AWS S3 bucket at V Shred exposed more that one million files, including PII on 99,000 people associated with the fitness brand’s customers. Researchers at vpnMentor led by Noam Rotem and Ran Locar discovered the open server and alerted the company, which apparently removed the file containing the most PII, but kept the…
Since April 10, eight cities in three states using the Click2Gov web-based platform to collect payments for services have been hit with Magecart card-skimming attacks that still appear active. Credit card information including card number, expiration date and CVV, as well as personal information such as name and contact address, were being exfiltrated from the…
The University of California, San Francisco (UCSF) ponied up $1.4 million to hackers to retrieve data encrypted during a NetWalker ransomware attack disclosed in early June. “The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” according to a statement from UCSF, which said…
Glupteba malware does something novel: It uses the bitcoin blockchain as a communications channel to receive updated configuration information. That’s important because malware always needs a way to go back to its home base, preferably without being detected, according to a paper released this week by Sophos Labs researchers. The new form of malware sprinkles…
Democrats in the House and Senate today introduced legislation banning federal law enforcement from using facial recognition technology. “Facial recognition technology doesn’t just pose a grave threat to our privacy, it physically endangers Black Americans and other minority populations in our country,” said Sen. Edward J. Markey, D-Mass., who introduced the bill along with Sen.…
