EFF’s New ‘Threat Lab’ Dives Deep into Surveillance Technologies—And Their Use and Abuse

EFF’s New ‘Threat Lab’ Dives Deep into Surveillance Technologies—And Their Use and Abuse

EFF is proud to announce its newest investigative team: the Threat Lab. Using a combination of research skills, the Threat Lab will take a deep dive into how surveillance technologies are used to target communities, activists, or individuals.

Microsoft researchers spot NSA style backdoor in Huawei laptops

Microsoft researchers spot NSA style backdoor in Huawei laptops

The Microsoft Defender Advanced Threat Protection (ATP) service featured in Windows 10 version 1809 alerted researchers to an NSA-inspired backdoor vulnerability in Huawei laptops. The PCManager software included in some Huawei’s Matebook systems allows unprivileged users to create processes with superuser privileges, according to a March 25 Microsoft security post.

High-Severity SHAREit App Flaws Open Files for the Taking

High-Severity SHAREit App Flaws Open Files for the Taking

“We wanted to give as many people as we can the time to update and patch their devices before disclosing such critical vulnerability.” The flaws, which could be exploited by an attacker on a shared WiFi network, have a CVSS 3.0 score of 8.2, meaning they are high-severity, researchers told Threatpost.

What are Data Manipulation Attacks, and How to Mitigate Against Them

What are Data Manipulation Attacks, and How to Mitigate Against Them

The ability of attackers to manipulate and shift data around is a real threat – one that could cause widespread financial and even physical harm as a result – if done successfully. Mitigating Against Data Manipulation Attacks To combat these types of attacks, organizations need to ensure they have endpoint visibility on their IT systems.

Facebook monitors and tracks the locations of users it deems a threat

Facebook monitors and tracks the locations of users it deems a threat

Facebook monitors and tracks the locations of its users when the company’s security team finds that they are making credible threats on its social network, according to a report from CNBC today .

Facebook's security team tracks posts, location for 'BOLO' threat list

Facebook's security team tracks posts, location for 'BOLO' threat list

Any suggestion our onsite physical security team has overstepped is absolutely false." Facebook is unique in the way it uses its own product to mine data for threats and locations of potentially dangerous individuals, said Tim Bradley, senior consultant with Incident Management Group, a corporate security consulting firm that deals with employee safety issues.

Apple App Store games found to be communicating with malware

Apple App Store games found to be communicating with malware

The researchers said the iPhone apps were loaded with ads, which could have duped users into tapping a link and granting permission for malware installed outside the App Store.

Privacy and Cybersecurity Are Converging. Here’s Why That Matters for People and for Companies.

Privacy and Cybersecurity Are Converging. Here’s Why That Matters for People and for Companies.

Today, however, the biggest risk to our privacy and our security has become the threat of unintended inferences, due to the power of increasingly widespread machine learning techniques. Once we generate data, anyone who possesses enough of it can be a threat, posing new dangers to both our privacy and our security.

“Change Encryption Laws Or We'll Pay Zero Tax Elsewhere" Says Tech Giants — The Betoota Advocate

“Change Encryption Laws Or We'll Pay Zero Tax Elsewhere" Says Tech Giants — The Betoota Advocate

LOUIS BURKE | Culture | CONTACT Multinational tech companies are threatening to leave the country after the passing of the Access and Assistance Bill, which could cost the government up to $0 in taxes if they make good on their threat.

What We Can Learn About Online Privacy From Climate Change

What We Can Learn About Online Privacy From Climate Change

But let’s be realistic: They’re small measures when you consider the big picture, that the gears of the online world are greased with our data.

A complete guide to Internet privacy

A complete guide to Internet privacy

When you use online services, like email or web browsing, your data travels across the network and gets stored on servers that belong to those companies. Almost all online services and Internet-connected devices have privacy settings you can update to restrict the amount of information collected and/or posted publicly online.

CSIS director warns business leaders of ‘state-sponsored espionage in Canada’

CSIS director warns business leaders of ‘state-sponsored espionage in Canada’

While Vigneault said terrorism remained the “number one national security-related danger to public safety in this country,” he called espionage and foreign interference “the greatest threat to our prosperity and national interest.”

What Constant Surveillance Does to Your Brain

What Constant Surveillance Does to Your Brain

“They suddenly had images that their family could be arrested, that they could be arrested, some people had post-traumatic stress disorder-like symptoms,” Chisholm said in a phone interview. “The fear and uncertainty generated by surveillance inhibit activity more than any action by the police,” Franco said in a phone interview.

Connected Wristwatch Allows Hackers to Stalk, Spy On Children

Connected Wristwatch Allows Hackers to Stalk, Spy On Children

Alan Monie, researcher with Pen Test Partners, outlined in a Thursday post how he was able to launch various Insecure Direct Object Reference (IDOR) attacks on the watches. Regardless, Monie told Threatpost that the security glitch would be difficult to fix, and recommends that consumers stop using the watch.

Microsoft, Amazon Top BEC's Favorite Brands

Microsoft, Amazon Top BEC's Favorite Brands

Nearly two-thirds of email attacks spoofing brand names impersonate Microsoft or Amazon, according to one of two studies released today on advanced emailed threats.

Microsoft Office Was Hackers' Favorite App Target This Year

Microsoft Office Was Hackers' Favorite App Target This Year

Kaspersky blocked 796.8 million attacks around the globe in Q1 2018, and the company found that one popular productivity suite was the victim of more than 47 percent of exploits: Microsoft Office.

Australian bill spells trouble for data privacy around the world

Australian bill spells trouble for data privacy around the world

An unlikely alliance of tech companies, start-ups and digital consumer rights groups has locked horns with the Australian government over its proposed anti-data encryption law, currently under review by the Parliamentary Joint Committee on Intelligence and Security (PJCIS).

YouTube CEO urges YouTube creators to protest European copyright law

YouTube CEO urges YouTube creators to protest European copyright law

Wojcicki focuses on Article 13 of the EU's new Directive on Copyright, which passed in early September and makes tech platforms liable for copyright-protected content. Essentially, this means that giant platforms that rely on user-generated content, including Google's YouTube, , and , would be responsible for making sure that users don't share copyrighted material.

Governments want your encrypted data, Australia wants them to have it, and you should be worried

Governments want your encrypted data, Australia wants them to have it, and you should be worried

This legislation comes after the Five Eyes intelligence alliance, including Australia, Canada, New Zealand, the U.S., and the U.K., released a statement calling for government access to encrypted files on the basis of national security and crime prevention.

Amazon staff said to be taking bribes to leak data

Amazon staff said to be taking bribes to leak data

The Wall Street Journal reports that Amazon employees have been bribed to leak corporate data - such as sales metrics and the personal details of reviewers - to sellers:

What Prevents Good Cybersecurity and Privacy Behaviors?

What Prevents Good Cybersecurity and Privacy Behaviors?

From a close reading of much of this prior work, my colleagues and I identified three inter-related high level barriers that may explain why advice about security and privacy is often ignored and why many security and privacy tools go largely unused: awareness, motivation, and knowledge.

Linux developers threaten to pull "kill switch"

Linux developers threaten to pull "kill switch"

Subject Re: A Plea to Unfuck our Codes of Conduct Regarding those who are ejected from the Linux Kernel Community after this CoC: Contributors can, at any time, rescind the license grant regarding their property via written notice to those whom they are rescinding the grant from (regarding their property (code)) .

Petition · European Commission: Investigate Axel Voss for undermining citizens digital rights in Europe · Change.org

Petition · European Commission: Investigate Axel Voss for undermining citizens digital rights in Europe · Change.org

We're asking our representatives and institutions to investigate and consider suspending Axel Voss, the rapporteur for the Copyright Directive, for potential conflict of interest and subversion of democracy within the European Union.

Hackers selling research phished from universities on WhatsApp

Hackers selling research phished from universities on WhatsApp

Iranian hackers have reportedly breached top British universities – including Oxford and Cambridge – to steal what the Telegraph says are “millions” of papers and academic research documents that they then put up for sale via WhatsApp and websites.

Thousands of MikroTik routers are snooping on user traffic

Thousands of MikroTik routers are snooping on user traffic

"The MikroTik RouterOS device allows users to capture packets on the router and forward the captured network traffic to the specified Stream server," the researcher said, adding that ports 20, 21, 25, 110, and 143 appear to be of the most interest to the eavesdroppers.