Privacy News Online | Weekly Review: October 2, 2020

Privacy News Online | Weekly Review: October 2, 2020

With real time bidding, Google sends personal data about internet activity to hundreds of advertising companies, and there’s no way to prevent this data from leaking.Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service.

A hacker published thousands of students' grades and private information after a Nevada school district refused to pay ransom

A hacker published thousands of students' grades and private information after a Nevada school district refused to pay ransom

Brett Callow, a threat analyst with cybersecurity firm Emsisoft, told Business Insider that he discovered leaked documents published to an online hacking forum that purported to include records from Nevada's Clark County School District, including students' names, social security numbers, addresses, and some financial information.

Hackers, Taking Advantage of At-Home Work, Drilling into Fed Agencies

Hackers, Taking Advantage of At-Home Work, Drilling into Fed Agencies

Housing Data Hit. Four years after reporting that the personal files of almost 500,000 Americans safeguarded in its system had been compromised, the Department of Housing and Urban Development is still failing to protect citizens’s sensitive information, including Social Security numbers, phone numbers, home addresses and dates of birth, the GAO said.

Iranian Hackers Can Now Beat Encrypted Apps, Researchers Say

Iranian Hackers Can Now Beat Encrypted Apps, Researchers Say

The reports, which were reviewed by The New York Times in advance of their release, say that the hackers have successfully infiltrated what were thought to be secure mobile phones and computers belonging to the targets, overcoming obstacles created by encrypted applications such as Telegram and, according to Miaan, even gaining access to information on WhatsApp. Both are popular messaging tools in Iran.

Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web

Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web

97% of companies have data leaks and other security incidents exposed on the Dark Web. 631,512 verified security incidents were found with over 25% (or 160,529) of those classed as a high or critical risk level+ containing highly sensitive information such as plaintext credentials or PII, including financial or similar data.

Peter Dutton confirms Australia could spy on its own citizens under cybersecurity plan

Peter Dutton confirms Australia could spy on its own citizens under cybersecurity plan

Dutton said law enforcement agencies would target terrorists, paedophiles and drug traffickers operating in the dark web – promising proposed new powers will apply “to those people and those people only”.

After Twitter Hack, Senator Asks Why DMs Aren't Encrypted

After Twitter Hack, Senator Asks Why DMs Aren't Encrypted

After hackers managed to take over a wave of high profile accounts on Twitter by leveraging access to an internal tool, Senator Ron Wyden is highlighting that the social network has not implemented end-to-encryption for direct messages, even though the company previously explored the idea.

Student finds privacy flaws in connected security and doorbell cameras

Student finds privacy flaws in connected security and doorbell cameras

Ring, Nest, SimpliSafe and eight other manufacturers of internet-connected doorbell and security cameras have been alerted to "systemic design flaws" discovered by Florida Tech computer science student Blake Janes that allows a shared account that appears to have been removed to actually remain in place with continued access to the video feed.

Computer science student discovers privacy flaws in security and doorbell cameras

Computer science student discovers privacy flaws in security and doorbell cameras

Ring, Nest, SimpliSafe and eight other manufacturers of internet-connected doorbell and security cameras have been alerted to systemic design flaws discovered by Florida Tech computer science student Blake Janes that allows a shared account that appears to have been removed to actually remain in place with continued access to the video feed.

Hospitals Outdated Operating Systems Might Leave Patients Data at Risk!

Hospitals Outdated Operating Systems Might Leave Patients Data at Risk!

The research was conducted by Palo Alto Networks , a cybersecurity firm, it revealed that 83% devices ran on outdated services that can’t even be updated even when it contains several loopholes that hackers can easily bypass and exploit.

Australian Signals Directorate has already spied on Australians, boss confirms

Australian Signals Directorate has already spied on Australians, boss confirms

Noble said that “while much of our cybersecurity role, and the protection of Australia’s digital borders, is conducted domestically – ASD is prohibited by legislation from producing intelligence on Australian persons except in rare circumstances, and only then under the authority of a ministerial authorisation”.

Privacy is Cybersecurity for People

Privacy is Cybersecurity for People

Some people still imagine that companies Cybersecurity is about protecting assets like film footage from movies, or studio production tracks from recording sessions with music artists, or secret plans for the next Apple computer (duh, its another iPhone).

Hacker group targeted law firms, released veterans’ stolen data related to PTSD claims

Hacker group targeted law firms, released veterans’ stolen data related to PTSD claims

Hackers have gained access to sensitive data from at least five law firms in the past four months, releasing stolen data that includes pain diary entries from veterans’ personal injury cases, Emsisoft, a cybersecurity and anti-malware company, told Military Times.

Cyberattacks against North Dakota state government skyrocket to 15M per month

Cyberattacks against North Dakota state government skyrocket to 15M per month

Shawn Riley, North Dakota's chief information officer and head of the information technology department, said there were more than 15 million cyberattacks against the state's government per month in 2019, a 300 percent increase since 2018.In 2018, there were about 5 million attempted cyberattacks per month.

Firefox attacks: Homeland Security urges all users to update browsers immediately in rare warning

Firefox attacks: Homeland Security urges all users to update browsers immediately in rare warning

The issue is this: Firefox versions for desktop older than the just-patched version contain a critical vulnerability that could allow an attacker to take control of a user’s entire operating system—whether they use Windows or Mac. More alarming, the vulnerability is already being exploited in the wild, thus Homeland Security stepping in with the urgent plea for users to upgrade.

New Intel CPU Vulnerability Puts Protected Data At Risk

New Intel CPU Vulnerability Puts Protected Data At Risk

Intel CPUs are at the center of controversy once again as yet another vulnerability is discovered by Cybersecurity researchers.According to their findings, the security vulnerability can compromise SGX (software guard extensions) protected by undervolting the CPU when executing protected computations, to the degree that the SGX memory encryption failed to protect data.

A Saudi Telecom Exposed a Streaming List of GPS Locations

A Saudi Telecom Exposed a Streaming List of GPS Locations

STCS, a Saudi Arabian telecom company, was running a server containing hundreds of thousands of constantly updated GPS locations before Motherboard contacted the organization about the issue.

Why hospitals are a weak spot in U.S. cybersecurity

Why hospitals are a weak spot in U.S. cybersecurity

"Cybercriminals know they are a soft target where they can access patient records and social security numbers and other information," Suzanne Schwartz, a deputy director in the FDA's device center, tells Axios.

Starting December 1st, China’s new MLPS 2.0 cybersecurity laws will require submission of a facial scan to receive internet access

Starting December 1st, China’s new MLPS 2.0 cybersecurity laws will require submission of a facial scan to receive internet access

China’s new MLPS (Multi-level Protection of Information Security) 2.0 cybersecurity laws goes into full effect on December 1st, 2019 and will see all internet service providers (ISPs) and mobile data providers requiring facial scans to sign up for new service.

Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold

Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold

After demoing the cable for Motherboard at the Def Con hacking conference this summer, MG said "It’s like being able to sit at the keyboard and mouse of the victim but without actually being there.".

Can you give away your fingerprints in a photo?

Can you give away your fingerprints in a photo?

Going to such lengths to protect your fingerprints might seem extreme, but incentives to bypass biometric security are growing as it increasingly shows up in everything from smartphones to door locks.“As biometrics become more prevalent in the authentication process, motivated attackers will definitely find innovative ways to bypass them,” said Vivek Chudgar, senior director at Mandiant, a consulting arm of cybersecurity firm FireEye. But some experts say harvesting fingerprints from pictures requires some specific conditions.

This Online Black Market Will Sell Your Entire Digital Identity

This Online Black Market Will Sell Your Entire Digital Identity

An online marketplace called Richlogs is selling stolen digital fingerprints that include access to a person’s entire online presence or web activity.Basically, it’s enough data to let a buyer totally assume their identity online, according to a report published Wednesday by the cybersecurity firm IntSight.

Why You Should Never Borrow Someone Else's Charging Cable

Why You Should Never Borrow Someone Else's Charging Cable

For the moment, Henderson says, a bigger threat than malicious charging cables is USB charging stations you see in public places like airports.Many travelers know that, in a pinch, the hotel front desk will often have a drawer of charging cables that were left behind by guests.

Cybersecurity Protections for SMBs Found to Be Lacking

Cybersecurity Protections for SMBs Found to Be Lacking

The ransom demand is also likely to be considerably higher than the cost of cybersecurity protections for SMBs to prevent ransomware attacks.

A new clothing line confuses automated license plate readers

A new clothing line confuses automated license plate readers

Garments from Adversarial Fashion feed junk data into surveillance cameras, in an effort to make their databases less effective.In a talk, she explained the that hoodies, shirts, dresses, and skirts trigger automated license plate readers (ALPRs) to inject useless data into systems used to track civilians.

Senator Wyden to AT&T and T-Mobile: You Don’t Need to Store So Much Customer Data

Senator Wyden to AT&T and T-Mobile: You Don’t Need to Store So Much Customer Data

"I write to ask that you protect your customers’ privacy—and U.S. national security—from foreign hackers and spies by limiting the time you keep records about your customers’ communications, web browsing, app usage and movements," Wyden's letter addressed to the CEOs of each teleco reads.

5 big questions to ask companies before entrusting them with your personal data

5 big questions to ask companies before entrusting them with your personal data

Given the number of data breaches and privacy violations in recent years involving companies from Equifax EFX, -0.67% to Facebook FB, -0.77%, some people might only be surprised if their personal data was not hacked, said Britt Siedentopf, vice president of services at Global Asset, a cybersecurity and IT support firm in the Dallas, Texas metro area.

US attorney general says encryption creates security risk

US attorney general says encryption creates security risk

Gail Kent, Facebook’s global public policy lead on security, recently said that allowing the government’s ability to gain access to encrypted communications would jeopardize cybersecurity for millions of law-abiding people who rely on it.

Studies prove once again that users are the weakest link in the security chain

Studies prove once again that users are the weakest link in the security chain

Organizations need to make sure users understand the importance of protecting sensitive data and safeguarding company assets, and that they’re aware of how their actions impact the overall security for the whole organization.

Data of Nearly Every Adult in Bulgaria Likely Stolen in Cyberattack

Data of Nearly Every Adult in Bulgaria Likely Stolen in Cyberattack

The Bulgarian public first caught light of the hack on Monday, after someone claiming to be the hacker behind the attack contacted several local media outlets to say that they had stolen the personal information of more than five million citizens (in a country with a population of 7 million), and shared some of the data they had stolen.