Once Again, Two New Election App Breaches Exposed Personal Data on Millions of Israelis

Once Again, Two New Election App Breaches Exposed Personal Data on Millions of Israelis

In addition to the personal details of almost 6.5 million Israelis which leaked for the second time, the new flaws also revealed correspondence between activists and potential voters as well as the app’s source code, according to activist hacker Noam Rotem and Ran Bar-Zik, a senior developer at Verizon Media, who discovered the leaks.

The Private Internet Access Android app is being open sourced

The Private Internet Access Android app is being open sourced

Private Internet Access (PIA) is open sourcing its Android VPN app and dependencies code to the public as part of its commitment to open sourcing all clients in the name of transparency and privacy.

What happens to privacy when China has personal data and the social graph of nearly everyone in the US?

What happens to privacy when China has personal data and the social graph of nearly everyone in the US?

But buried within its business-like announcement of the indictment of four Chinese military hackers, there is the following statement, which has huge implications for privacy: For years, we have witnessed China’s voracious appetite for the personal data of Americans, including the theft of personnel records from the U.S. Office of Personnel Management, the intrusion into Marriott hotels, and Anthem health insurance company, and now the wholesale theft of credit and other information from Equifax.

Critical Bluetooth Vulnerability in Android (CVE-2020-0022)

Critical Bluetooth Vulnerability in Android (CVE-2020-0022)

If you have no patch available yet or your device is not supported anymore, you can try to mitigate the impact by some generic behavior rules: Only enable Bluetooth if strictly necessary.

Children’s apparel company Hanna Andersson discloses data breach

Children’s apparel company Hanna Andersson discloses data breach

Hanna Andersson, a children’s clothing company with stores across the country, has told customers that their card payment data may have been compromised in a security breach last year.

Can hardware ever be trusted? The Betrusted project aims to find out by going back to basics

Can hardware ever be trusted? The Betrusted project aims to find out by going back to basics

Betrusted is more than just a secure CPU – it is a system complete with screen and keyboard, because privacy begins and ends with the user.” Its aim is to create a secure communication device whose hardware can be trusted, and which does protect privacy.

UK lays out tough child data privacy rules

UK lays out tough child data privacy rules

LONDON (AP) - Social media sites, games and other online services won’t be allowed to “nudge” British kids into revealing personal details or lowering their privacy settings, under tough new rules drawn up by the country’s privacy regulator.

More Details On Intel's CVE-2019-14615 Graphics Vulnerability, a.k.a. iGPU Leak

More Details On Intel's CVE-2019-14615 Graphics Vulnerability, a.k.a. iGPU Leak

As for CVE-2019-14615 the Intel graphics vulnerability disclosed this week affecting Gen7 through Gen9 graphics architectures, it's been dubbed "iGPU Leak" by the researchers involved.They dub this vulnerability "iGPU Leak" and describe it as an information leakage vulnerability on the Intel integrated GPU architecture.

FBI used Graykey to unlock an iPhone 11 Pro, which was previously thought to be the most secure iPhone

FBI used Graykey to unlock an iPhone 11 Pro, which was previously thought to be the most secure iPhone

Specifically, a product called Graykey was used in a case against Baris Ali Koch to unlock Koch’s iPhone – an iPhone 11 Pro. Graykey works by bypassing the timeout functionality in iOS and allows for brute forcing of the passcode or password.

Release v1.3.2 & v1.2.2 - Fix for persistent XSS vulnerability in filenames of attached files

Release v1.3.2 & v1.2.2 - Fix for persistent XSS vulnerability in filenames of attached files

This release includes an improved solution, which addresses the issue on a broader scope, avoiding this to reoccur in other areas of the code in the future.

Firefox gets patch for critical 0-day that’s being actively exploited

Firefox gets patch for critical 0-day that’s being actively exploited

Mozilla has released a new version of Firefox that fixes an actively exploited zero-day that could allow attackers to take control of users' computers.In an advisory, Mozilla rated the vulnerability critical and said it was "aware of targeted attacks in the wild abusing this flaw."

United States government-funded phones come pre-installed with unremovable malware

United States government-funded phones come pre-installed with unremovable malware

It’s with great frustration that I must write about yet another unremovable pre-installed malicious app found on the UMX U686CL phone: the mobile device’s own Settings app functions as a heavily-obfuscated malware we detect as Android/Trojan.

Hidden Data On Boarding Passes Pose Personal Security Risk

Hidden Data On Boarding Passes Pose Personal Security Risk

They were also able to put all the pertinent information on the airline website and pulled up a full itinerary, along with the cost of travel and a frequent flyer number.

Smile as you buy your holiday goods in a store – you are probably being watched, tracked and analyzed

Smile as you buy your holiday goods in a store – you are probably being watched, tracked and analyzed

For example, AiFi works in the same way as Amazon Go, but is designed to scale: the company claims its Autonomous Store Platform can track up to 500 people, and tens of thousands of products.

Privacy features on iOS 13: Tips to help protect your privacy

Privacy features on iOS 13: Tips to help protect your privacy

iOS 13 allows you to switch Face ID/Touch ID on and off for: iPhone Unlock iTunes and App Store Apple Pay Password AutoFill Go to Settings > Face ID & Passcode (or Touch ID & Passcode on older iPhones), and enter your existing passcode to take control of this.

Stolen Disney+ logins selling for $3 on hacking forums

Stolen Disney+ logins selling for $3 on hacking forums

Disney says its new Disney Plus streaming service doesn’t have a security breach, but some users have been shut out after hackers tried to break into their accounts.Disney Plus does require codes sent by email when changing account passwords, but it doesn’t use them for logging in from new devices.

Beyond Aadhaar: India wants to create a giant centralized facial recognition database

Beyond Aadhaar: India wants to create a giant centralized facial recognition database

As that indicates, the idea is that any kind of image – whether a photograph, a drawing, or a CCTV feed capture – can be run against the database to search for matches.

Smartphones with wheels: how modern transportation brings new privacy problems

Smartphones with wheels: how modern transportation brings new privacy problems

Here’s why vehicle-based surveillance is about to get much worse, as outlined by McKinsey: Today’s cars have up to 150 electronic control units; by 2030, many observers expect them to have roughly 300 million lines of software code.

Microsoft's Secured-Core PC Feature Protects Critical Code

Microsoft's Secured-Core PC Feature Protects Critical Code

Microsoft already offers Windows Secure Boot, a feature that checks for cryptographic signatures to confirm software integrity.Instead of relying on firmware, Microsoft has worked with AMD, Intel, and Qualcomm to make new central processing unit chips that can run integrity checks during boot in a controlled, cryptographically verified way.

Xi Jinping App Allows China Access To 100 Million Users' Phone: Report

Xi Jinping App Allows China Access To 100 Million Users' Phone: Report

China released app on ideology of Xi Jinping in January this year App considered Xi's high-tech equivalent of Mao Zedong's Little Red Book App can collect messages, photos, contacts, record audio, more: StudyThe Chinese Communist Party appears to have "superuser" access to all the data on more than 100 million cellphones, owing to a back door in a propaganda app that the government has been promoting aggressively this year.

Twitter under fire for profiting from millions of UK users' data sold to advertisers

Twitter under fire for profiting from millions of UK users' data sold to advertisers

Twitter has been accused of unfairly profiteering from the personal data of up to 14.1 million people in the UK after it used their email addresses to sell targeted advertising without their knowledge.

Ewwlo

Ewwlo

instead of building all apps from the source code (the proper way, to assure that there isn’t malware), 31 apps that come with the ROM are pre-built which is dangerous as you don’t know if those apps contain malware in them.

Now is the time to defend the final haven for privacy: your brain

Now is the time to defend the final haven for privacy: your brain

Glyn Moody is a freelance journalist who writes and speaks about privacy, surveillance, digital rights, open source, copyright, patents and general policy issues involving digital technology.

Snoops can bypass iOS 13 lock screen to eyeball your address book. Apple hasn't fix it yet. Valid flaw? You decide

Snoops can bypass iOS 13 lock screen to eyeball your address book. Apple hasn't fix it yet. Valid flaw? You decide

Video Apple's very latest version of iOS appears to have the same sort of lock-screen bypass that plagued previous versions of the iThing firmware.

A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?

A major security breach raises a key question: what happens when your biometric data is exfiltrated from a system?

As the researchers note, anyone who had found this database could use those admin passwords to take over a high-level BioStar 2 account with all user permissions and full clearances, and make changes to the security settings in an entire network.

Apple Gave Uber Access to a Secret Feature that Could Allow it to Record Your Screen

Apple Gave Uber Access to a Secret Feature that Could Allow it to Record Your Screen

It’s called an “entitlement,” and nearly all iPhone apps have some version of one—it’s the feature that enables things like your camera and Apple Pay. But Business Insider notes that there are some sensitive entitlements that are only for use by Apple—and one of these appeared in the code for Uber’s app.

Kasper-Spy: Kaspersky Anti-Virus puts users at risk

Kasper-Spy: Kaspersky Anti-Virus puts users at risk

A strange discovery on my office computer led me to unearth an astonishing data leak caused by Kaspersky's antivirus software.The data leak allowed websites to unnoticeably read the individual ID of Kaspersky users.

Arsenic in the water of democracy: UK police, politicians and privacy activists clash over facial recognition deployments

Arsenic in the water of democracy: UK police, politicians and privacy activists clash over facial recognition deployments

We call on the Government to issue a moratorium on the current use of facial recognition technology and no further trials should take place until a legislative framework has been introduced and guidance on trial protocols, and an oversight and evaluation system, has been established.

Hundreds of exposed Amazon cloud backups found leaking sensitive data

Hundreds of exposed Amazon cloud backups found leaking sensitive data

He said that all too often cloud admins don’t choose the correct configuration settings, leaving EBS snapshots inadvertently public and unencrypted.Morris found dozens of snapshots exposed publicly in one region alone, he said, including application keys, critical user or administrative credentials, source code and more.

WhatsApp security flaws can fake messages from you

WhatsApp security flaws can fake messages from you

Check Point Research says that it found three different ways to exploit the vulnerability, including the ability to put words in your mouth.