1:M Cyber Security News 1/13/20

Happy New Year to you all! I hope you are staying safe, and very cyber secure online as always!

OK, some wicked cyber security stuff going on lately:

=================

If you happen to live in the Middle East, please remove the ToTok app from your phone now! It has been flagged by Google and Apple as being a surveillance tool used by the UAE government to track their citizens 🙁

More:

• https://www.wired.com/story/totok-alleged-emirati-spy-app/

=================

Make sure to update your browsers to the latest versions ASAP! There were a lot of critical security flaws that were addressed in the latest releases of browsers, as well as some really cool anti-phishing and password protection features in the newest Firefox and Chrome.

=================

A bombshell report about a children’s ’smartwatch’ that had a flaw in it that allowed hackers to be able to track 1000’s of children, by exploiting their GPS coordinates being sent by the watch to their parents.

It also allowed hackers to read the children’s messages, and know their names and ages. Not only that, but hackers could EVEN send the kids messages and call them, all while pretending to be their parents! This is another example of how IoT security is not well thought out before a ‘smart’ product is rushed to market. So please stay away from any ‘smart’ devices unless you’re assured that they take their security VERY seriously (reputable company, frequent firmware updates, 2FA and password protection etc).

More:

• https://threatpost.com/iot-smartwatch-childrens-personal-gps-data/150656/

=================

Here is a nice illustrated article that breaks down in simple terms ways to lock down your iPhone. Check it out!

More:

• https://www.zdnet.com/article/how-to-keep-hackers-snoopers-and-thieves-out-of-your-iphone/

=================

An incredibly eye-opening report on how mobile data on millions of mobile users was syphoned off by a data marketing firm, and could have been used to profile and track individuals lives over the course of 2 years, simply from their mobiles pinging. It also includes 3 tips from they same NYTimes to help stop mobile phone tracking!

More:

• https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html

• https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-privacy-tips.html

=================

Amazon is now planning to use facial recognition software and its very own ‘Ring’ smart home security devices to create an artificial-intelligence enabled “neighborhood watch list,”. According to Amazon, the “watch list” would automatically alert a Ring owner with a “suspicious activity prompt” on their mobile phones when an individual that was deemed “suspicious” was captured in the camera frame. You can imagine the drama this would unfold if the AI technology wrongly profiled someone as ‘suspicious’, especially when that AI-data is being fed into the system by other Ring owners. This feature will be controversial for sure.

More:

• https://threatpost.com/amazon-ring-facial-recognition-watch-list/150681/

• https://theintercept.com/2019/11/26/amazon-ring-home-security-facial-recognition/

=================

Twitter bans political ads

This one irritates me! Twitter has finally said they will band all political ads, in the run up to the 2020 US Presidential election. Yet Facebook says that it’s quite possible that it would allow “lying or misleading political ads to run without taking them down. What????.

Zuckerberg said that “Facebook would “probably” allow candidates to buy ads that lie about their opponents. Facebook also thinks that in a democracy, “people should decide what’s credible, not tech companies” Unbelievable! And Shame on Facebook!

More:

• https://nakedsecurity.sophos.com/2019/11/01/twitter-bans-political-ads/

=================

A simple break down of how to turn on DoH on every browser out there. Remember that DoH stands for DNS -Over-HTTP, which essentially encrypts ones website lookups on the Internet from your ISP (who love to sell this traffic to marketing and data firms).

More:

• https://www.zdnet.com/article/dns-over-https-will-eventually-roll-out-in-all-major-browsers-despite-isp-opposition/

=================

News flash: a huge exposure of 1.2 billion peoples aggregated personal information, was found sitting on an exposed database for all to see on the Internet. The data includes “home and cell phone numbers, associated social media profiles like Facebook, Twitter, LinkedIn, work histories seemingly scraped from LinkedIn, almost 50 million unique phone numbers, and 622 million unique email addresses.” They also say the data might have come from several data brokers (who essentially are in the business of buying/selling millions of our personal data behind the scenes).

Unfortunately this is nothing new these days. My best advise to you is to sign for ‘Have I Been Pwned’ or Firefox Monitor’ (or both), which are 2 free services that warn you, if any of your email addresses/passwords have been found exposed in large data breaches on the Internet. They monitor all my various email addresses, and alert me as soon as they find out. I can’t recommend them enough.

More:

• https://haveibeenpwned.com/

• https://monitor.firefox.com/

• https://www.wired.com/story/billion-records-exposed-online/

=================

Please take note that the California Consumer Privacy Act (CCPA) has officially gone into effect as of January 1, 2020. Although this was primarily written for California residents, because California is the 5th biggest economy, it will touches most people around the world. It is very similar to Europe’s GDPR law, and essentially protects the data of CA residents from being used in a way they did not consent to, and gives the resident a lot of power to control their data:

1. Know what personal data is collected about them.

2. Know if their personal data is sold or disclosed and to whom.

3. Opt-out of the sale of personal data.

4. Access their personal data.

5. Request businesses to delete all personal information collected about the consumer.

6. Not discriminate in service for exercising their privacy rights under it.

Definitely 10 steps in the right directions! The CCPA will apply to any company that operates in California and either makes at least $25 million in annual revenue, gathers data on more than 50,000 users, or makes more than half its money off of user data. It won’t be enforced for 6 months months though so keep that in mind also.

More:

• https://mashable.com/article/what-is-the-ccpa/

=================

A great new series by @Wired magazine on cool tips n’ tweaks to get the most out of your browser and router of choice:

More:

• https://www.wired.com/story/safari-settings-you-should-tweak-right-now/

• https://www.wired.com/story/firefox-browser-settings-tips-tricks/

• https://www.wired.com/story/google-chrome-browser-settings-tips-tricks/

• https://www.wired.com/story/secure-your-wi-fi-router/

=================

Get ready to merge your mind with a computer with Neuralink

Musk has said before that he believes that AI is one of the greatest threats to humankind, and brain computer interfaces could be one way of mitigating that threat – giving us a chance to at least keep up, and even eventually become part of the super-intelligent AI, which is why a a high bandwidth link is needed in our brains: to enable our minds to eventually communicate at the same pace as an AI. Crazy stuff!

More:

• https://www.zdnet.com/topic/building-the-bionic-brain/

=================

Lasers can inject voice commands into home assistants

Trust out, if a laser is pointed at one of your home digital assistants (Amazon Echo, Google Assistant etc), it can be used to “inject” sound into a microphone. The device will then process the resulting signal as it would a voice command sent by the user e.g. “control home light switches, open garage doors, unlock and start vehicles, open locks, and make online purchases on behalf of the victim”.

The report says “the most efficient mitigations against such attacks would be adding an extra layer of authentication, using physical barriers to block straight light beams from reaching the microphone, and using multiple microphones, as a legitimate voice command would result in a signal being transmitted to more than just one microphone”.

More:

• https://www.securityweek.com/hackers-can-use-lasers-send-voice-commands-phones-smart-speakers

=================

Burglars are now using Bluetooth Scanners to see if you have your laptop/phone hidden away in your car! Make sure to put your devices into airplane mode, shut them off, so that Bluetooth isn’t giving off any signals from your car trunk.

More:

• https://www.msn.com/en-us/news/technology/car-burglars-use-bluetooth-scanners-to-locate-unattented-devices/vi-BBXo1uB

=================

How to Opt Out of the Sites That Sell Your Personal Data

If you have some time on your hands , and want to remove your personal data from as many data brokers and people-search sites as possible, as well as get off of direct marketing and telemarking lists, prescreened credit offers, and Do Not Call registry, then read on. It’s much harder than it should be, but it’s possible.

• https://www.wired.com/story/opt-out-data-broker-sites-privacy/

———–



Please be safe out there everyone.

#ClickGameOver