WebProNews

Category: CybersecurityUpdate

CybersecurityUpdate

  • Judges Orders Facebook To Hand Over Data About Possible Privacy Issues

    Judges Orders Facebook To Hand Over Data About Possible Privacy Issues

    According to The Wall Street Journal, “a Massachusetts judge has ordered Facebook to turn over data about thousands of apps that may have mishandled its users’ personal information.”

    In the wake of the Cambridge Analytica scandal, Facebook has faced ongoing scrutiny and lawsuits related to how it handles user data. The U.S. Federal Trade Commission fined the social media giant $5 billion for its role in Cambridge Analytica. More recently, Brazil levied a $1.6 million fine on the company for the same thing.

    The most recent decision stems from Facebook’s own “admission last year that it had suspended ‘tens of thousands of apps for possible privacy violations.” Unfortunately, that was all Facebook was willing to admit to, providing neither the specific apps that were suspended, nor the alleged violations they were guilty of. As a company that has long since lost the trust of many customers and lawmakers, Facebook’s protestations that it shouldn’t be forced to turn over the data fell on deaf ears. Now the Suffolk Superior Court judge has given the company 90 days to turn over the data.

    “We are pleased that the Court ordered Facebook to tell our office which other app developers may have engaged in conduct like Cambridge Analytica,” Massachusetts Attorney General Maura Healey said in a statement.

    Facebook says it is reviewing its options and may appeal the ruling.

  • EU Considering A Five-Year Ban On Facial Recognition In Public

    EU Considering A Five-Year Ban On Facial Recognition In Public

    Politico is reporting that the European Union (EU) is considering banning facial recognition in public areas for up to five years.

    Facial recognition is quickly becoming the latest battleground in the fight over user privacy. Some countries, such as China, have embraced the technology and taken surveillance of citizens to an all-new level. The U.S. has waffled back and forth, rolling out facial recognition in sensitive areas—such as airports—but often making participation optional. However, the Department of Homeland Security recently made headlines with a proposal that would expand facial recognition checks at airports, making them mandatory for citizens and foreigners alike.

    The EU, however, may be preparing to take the strongest stand against facial recognition and toward protecting individual privacy. According to a draft document Politico obtained, the EU is looking to expand its already rigorous privacy laws with a “future regulatory framework could go further and include a time-limited ban on the use of facial recognition technology in public spaces.”

    The ban would cover facial recognition use by both public and private entities.

    “This would mean that the use of facial recognition technology by private or public actors in public spaces would be prohibited for a definite period (e.g. 3-5 years) during which a sound methodology for assessing the impacts of this technology and possible risk management measures could be identified and developed,” adds the document.

    As the debate about facial recognition continues, it will be interesting to see where the U.S. lands: whether it will emphasize protecting individual privacy like the EU, or emphasize surveillance like China.

  • Sophos Warns Of ‘Fleeceware’ Apps On The Google Play Store With 600 Million Downloads

    Sophos Warns Of ‘Fleeceware’ Apps On The Google Play Store With 600 Million Downloads

    Security firm Sophos has once again warned of the dangers of “fleeceware” on the Google Play Store.

    Fleeceware is a term for apps “where users could be charged excessive amounts of money for apps if they don’t cancel a ‘subscription’ before the short free trial window closes.” Sophos had previously warned of the dangers of fleeceware but, rather than improving, the problem has only gotten worse.

    Following Sophos’ initial report, Google removed the apps that were highlighted, but unscrupulous developers have continued to create and release new fleeceware apps. In fact, “the total number of installations of these apps, as reported on Google’s own Play pages, is high: nearly 600 million in total, across fewer than 25 apps; A few of the apps on the store appear to have been installed on 100 million+ devices, which would rival some of the top, legitimate app publishers on Google Play.”

    To make matters worse, uninstalling the app does not cancel the subscription. Many publishers of these apps have a complicated process for canceling, designed to extend the “subscription” as long as possible. Sophos recommends keeping copies of all correspondence with one of these publishers so it can be shared with Google if needed.

    600 million downloads spread out over less than 25 apps is a shocking number of malicious downloads and illustrates the need for Google to do a better job of vetting apps. Apple is often criticized for its ‘walled garden’ approach but, in light of Sophos’ report, Apple’s approach doesn’t look too bad.

    If you are an Android user, there’s the list of known fleeceware apps, courtesy of Sophos:

     

    Play Store Fleeceware Apps via Sophos
    Play Store Fleeceware Apps via Sophos
  • Senators Propose Over $1 Billion To Fund Huawei Alternatives

    Senators Propose Over $1 Billion To Fund Huawei Alternatives

    CNBC is reporting that a bipartisan group of senators has introduced legislation to spend more than $1 billion to fund 5G alternatives to Huawei.

    Huawei is currently the number one provider of 5G equipment around the world. In spite of that, the company has faced ongoing criticism and accusations that it represents a risk to other countries’ national security because of its close ties to Beijing. All Chinese corporations are required to cooperate with the Chinese government and intelligence agencies, but Huawei is believed to have closer ties to Beijing than most.

    Even so, carriers have warned their governments that going with non-Huawei alternatives could add years of work and billions in cost. Huawei is also seen as having some of the best 5G technology on the market. This puts carriers in the unenviable position of choosing between inferior technology or inferior security.

    Now a group of bipartisan senators wants to address that, with legislation that would allocate over $1 billion to leveling the playing field. According to CNBC, “Chairman of the Senate Intelligence Committee Richard Burr, R-N.C., is a co-sponsor of the bill, alongside Republican Senators Marco Rubio of Florida and John Cornyn of Texas. Democratic Senators Bob Menendez of New Jersey and Michael Bennet of Colorado are also co-sponsors alongside Warner.”

    The bill would authorize the Federal Communications Commission to “direct at least $750 million or up to 5% of annual auction proceeds from new auctioned spectrum licenses to create an open-architecture model (O-RAN) research and development fund.”

    In addition, “another $500 million would become a Multilateral Telecommunications Security Fund, which would be available for 10 years ‘to accelerate the adoption of trusted and secure equipment globally and to encourage multilateral participation.’”

    If the bill gets passed into law, it could finally help create viable alternatives to Huawei in the U.S. market.

  • PSA: NSA Issues Warning About Windows 10 Vulnerability

    PSA: NSA Issues Warning About Windows 10 Vulnerability

    The National Security Agency (NSA) has issued a press release detailing a severe vulnerability in Windows 10 and encouraging all users to update immediately.

    According the NSA’s press release, the agency discovered the vulnerability in the Windows 10 cryptography functionality. “The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality.”

    It is relatively unusual for the NSA to issue a press release about a vulnerability, but the severity of this particular one warranted it.

    “The vulnerability places Windows endpoints at risk to a broad range of exploitation vectors. NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.”

    The agency recommends all users immediately apply all January 2020 Patch Tuesday patches to mitigate the danger.

  • Google Restricting Cookies In Chrome To Improve Privacy

    Google Restricting Cookies In Chrome To Improve Privacy

    The days of cookies may be coming to an end as Google announces its plans to phase out third-party cookies within two years.

    The first indications of Google’s plans came in August when the company announced a new initiative called Privacy Sandbox. The initiative was founded in an effort to keep publishers from abusing technologies to track users. Specifically, many web publishers have found ways to work around blanket efforts to block third-party cookies with even more invasive types of tracking, such as fingerprinting. As Google describes:

    “With fingerprinting, developers have found ways to use tiny bits of information that vary between users, such as what device they have or what fonts they have installed to generate a unique identifier which can then be used to match a user across websites. Unlike cookies, users cannot clear their fingerprint, and therefore cannot control how their information is collected.”

    With today’s announcement, Google is looking for a more nuanced approach, one that addresses the needs of advertisers to make money in a way that does not abuse privacy. The company has been receiving feedback from W3C forums and other standards participants, feedback that indicates it is on the right track. Bolstered by this feedback, Google has committed to a timeline for its plans.

    “Once these approaches have addressed the needs of users, publishers, and advertisers, and we have developed the tools to mitigate workarounds, we plan to phase out support for third-party cookies in Chrome. Our intention is to do this within two years.”

    Google also plans to address other privacy issues, such as cross-site tracking and fingerprinting. The company has been under increasing scrutiny for Chrome’s privacy, or lack thereof. In June 2019, The Washington Post went so far as to label the browser “spy software,” and blamed it on Google’s position as both a browser maker and the single biggest cookie generator on the web. Relying on the search giant to protect user privacy is akin to relying on the fox to guard the henhouse.

    Hopefully Privacy Sandbox and Google’s commitment to phase out third-party cookies are a step in the right direction.

  • Verizon Launches OneSearch, A Privacy-Focused Search Engine

    Verizon Launches OneSearch, A Privacy-Focused Search Engine

    Verizon has announced the launch of OneSearch, a brand-new search engine focused on privacy, according to a press release.

    Privacy is increasingly becoming a major factor for tech companies, governments and users alike. The European Union’s Genera Data Protection Regulation (GDPR) privacy law went into effect in 2018. As of January 1, 2020, California implemented the California Consumer Privacy Act (CCPR), the most comprehensive privacy law in the U.S. The increased regulation, not to mention increasing consumer demand, has created both challenges and opportunities for tech companies.

    Verizon’s solution seems to be a search engine, powered by Bing, that caters toward privacy-conscious users. According to Verizon’s press release, “available for free today on desktop and mobile web at www.onesearch.com, OneSearch doesn’t track, store, or share personal or search data with advertisers, giving users greater control of their personal information in a search context. Businesses with an interest in security can partner with Verizon Media to integrate OneSearch into their privacy and security products, giving their customers another measure of control.”

    The search engine has additional advanced features, such as temporary link sharing. When Advanced Privacy Mode is enabled, any links to search results will expire in one hour.

    Users will still see ads when searching, but they will not be customized or based on the person’s search or browsing habits.

    “To allow for a free search engine experience, OneSearch is an ad-supported platform. Ads will be contextual, based on factors like search keywords, not cookies or browsing history. For example, if someone searches for ‘flights to Paris,’ they may see ads for travel booking sites or airlines that travel to Paris.”

    OneSearch does use some personal information. For example, a person’s IP address does provide general location information that can be used to provide location-specific results. Personal data is obfuscated and is never shared with search partners.

    While it is always nice to see tech giants embrace privacy, it’s hard to see the benefits of OneSearch over DuckDuckGo. DuckDuckGo has a long-standing track record of providing private search. As CNET points out, the move is also interesting coming from Verizon Media, the branch of the telecommunications company “that runs an extensive ad network with more than 70,000 web publishers and apps as customers. While the search engine aims to attract users by turning on privacy features by default, OneSearch will also let Verizon Media hone its ad-matching powers on a search engine it owns. (Verizon also owns the Yahoo search engine.)”

    It will be interesting to see what becomes of OneSearch and if it lives up to its promise of respecting people’s privacy. In the meantime, most users will probably be better off using DuckDuckGo.

  • PSA: Update Firefox Immediately—Critical Vulnerability Being Exploited

    PSA: Update Firefox Immediately—Critical Vulnerability Being Exploited

    A recent release of Mozilla Firefox has a vulnerability severe enough that even the Department of Homeland Security is telling everyone to update.

    According to Mozilla, “incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw.”

    That last statement is particularly worrisome, as many software flaws are patched before bad actors start abusing them. In this case, however, this flaw is already being exploited.

    The Department of Homeland Security’s Cyber-Infrastructure (CISA) division states the following:

    “Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

    “The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.”

    As CISA points out, this flaw impacts both the regular and enterprise (ESR) versions of Firefox, so ALL users should update immediately. Individuals can use the app’s built-in updater or go to Mozilla’s official site for the latest version.

  • Amazon’s Ring Fires Employees For Improperly Accessing User Videos

    Amazon’s Ring Fires Employees For Improperly Accessing User Videos

    In the wake of reports of Ring devices being hacked, Amazon has informed senators of four incidents where employees improperly accessed user videos, according to Ars Technica.

    Amazon was replying to several senators who have sent inquiries to the company regarding their Ring business. Originally, the inquiries centered around Amazon’s relationship with hundreds of law enforcement agencies to promote Ring’s cameras. As news of Ring’s security woes became widely known, a group of senators sent a follow-up inquiry regarding those breaches.

    In their response, Amazon admitted there have been four employees in the last four hears who have improperly accessed user videos. In each case, according to the company, the employees did have legitimate access to user videos, however “the attempted access to that data exceeded what was necessary for their job functions.”

    Amazon says swift action was taken to fire the employees involved and “take appropriate disciplinary action in each of these cases.” In addition, “Ring periodically reviews the access privileges it grants to its team members to verify that they have a continuing need for access to customer information for the purpose of maintaining and improving the customer experience.”

    Even with these steps, this is unwelcome attention for a company trying to prove its products can be trusted.

  • Microsoft Unveils Tool To Help Protect Children From Sexual Predators

    Microsoft Unveils Tool To Help Protect Children From Sexual Predators

    It’s estimated that 89% of sexual solicitations made by a predator to a child were done within chat or instant messages. Microsoft is determined to help change that, with the release of “Project Artemis.”

    Project Artemis is a tool to help identify predators in online chat. It was “developed in collaboration with The Meet Group, Roblox, Kik and Thorn,” a tech nonprofit specializing in technology that helps protect children from sexual abuse.

    The tool is designed to evaluate conversations, looking for communication styles and patterns predators use to target children. According to Microsoft, “the development of this new technique began in November 2018 at a Microsoft ‘360 Cross-Industry Hackathon,’ which was co-sponsored by the WePROTECT Global Alliance in conjunction with the Child Dignity Alliance.”

    Once deployed, the tool “evaluates and ‘rates’ conversation characteristics and assigns an overall probability rating. This rating can then be used as a determiner, set by individual companies implementing the technique, as to when a flagged conversation should be sent to human moderators for review. Human moderators would then be capable of identifying imminent threats for referral to law enforcement, as well as incidents of suspected child sexual exploitation to the National Center for Missing and Exploited Children (NCMEC).”

    The tool will be freely available through Thorn “to qualified online service companies that offer a chat function.” Interested parties can contact Thorn directly at [email protected].

  • Cloud Company CloudFlare Acquires Browser Company S2 Systems

    Cloud Company CloudFlare Acquires Browser Company S2 Systems

    BizJournal is reporting that CloudFlare, after recently raising $525 million in its IPO, has purchased S2 Systems.

    CloudFlare is a web infrastructure and security company and “is one of the world’s largest networks.” The CloudFlare service “protects websites from all manner of attacks, while simultaneously optimizing performance.” CloudFlare allows websites to scale with demand and ensures high performance with data centers in 200 cities around the world.

    S2 creates browser isolation technology. This is a relatively new approach to browser security “that allows customers to launch browser code in the cloud rather than users’ devices. This technology is designed to be more secure.” As a result, if there is malicious code, the customer’s computers are insulated from the potential attack.

    The purchase is a logical addition to CloudFlare’s suite of security tools, and the company had been looking for some time at adding the capability. According to BizJournal, the company had approached a number of startups, as well as Symantec, to explore different options. S2 was the only one that the right blend of performance and security.

    “They have a similar culture and outlook as us. We have an engineering-driven culture where we like to tackle big hard tasks. I think that resonated with S2. We also are interested in making the Internet more accessible to the other half of the world who does not have it. This is part of our larger vision that we share,” CEO Matthew Prince told BizJournal’s Dawn Kawamoto.

    In spite of this acquisition, Prince said the company does not plan to go on a purchasing spree, preferring home-grown solutions.

  • U.S. Senator Wants Ban On Intel Sharing With Countries Using Huawei

    U.S. Senator Wants Ban On Intel Sharing With Countries Using Huawei

    In an escalation of the U.S. campaign to convince allies not to use Huawei, U.S. Senator Tom Cotton is calling for a ban on intelligence sharing with countries that use the company’s 5G equipment, according to Reuters.

    Huawei has been accused of being a conduit for Chinese spying on foreign countries. While all Chinese corporations are required to cooperate with the Chinese government and intelligence, Huawei is seen as having closer ties to Beijing than most. Huawei has denied the claims, but it has not stopped many carriers from looking elsewhere as they roll out their 5G networks.

    Cotton introduced a provision in the 2020 defense spending bill, which was signed into law by President Trump in December, that “directs intelligence agencies to consider the use of telecoms and cybersecurity infrastructure ‘provided by adversaries of the United States, particularly China and Russia,’ when entering intelligence-sharing agreements with foreign countries.”

    According to Reuters, Cotton is taking it a step further, drafting a new bill that would place much tighter restrictions on intelligence sharing agreements with countries that use Huawei for their 5G networks. The bill could be introduced as early as this month.

    This news comes as the UK debates what role Huawei will have in its own 5G rollout.

    “I’m profoundly concerned about the possibility that close allies, including the UK, might permit the Chinese Communist Party effectively to build their highly sensitive 5G infrastructure,” Cotton told Reuters.

  • CES 2020: Ring Adds Privacy Control Center In Wake Of Hacks

    CES 2020: Ring Adds Privacy Control Center In Wake Of Hacks

    In the wake of multiple hacks and a subsequent lawsuit, Ring is off to a promising start at CES 2020, unveiling a new privacy Control Center, according to CNN.

    Ring has had a tough few weeks as multiple incidents surfaced of strangers accessing customers’ camera feeds. In one incident, a strange man talks to an 8 year-old girl via the camera in her room, while in another case a man subjected a couple to racist comments about their son.

    While Ring said these incidents were not the result of a breach of their systems, and were instead indicative of people refusing passwords that may have been hacked or accessed elsewhere, VICE tested Ring’s security and found it was abysmal. In particular, Ring offered no way of knowing who else may be accessing a camera feed—or if anyone else has ever accessed it.

    The announcement of the Control Center should go a long way toward addressing these concerns. The new tab provides a way to see who is accessing feeds, as well as whether a camera is being shared in the Neighbors app. The new feature will give users the ability to adjust the privacy settings for all of their Ring devices from a central location.

    The company plans to continue giving users more control and simplifying the interface as the Control Center evolves.

  • Cyberattacks May Be Imminent In Wake Of U.S. Strike On Iranian Leader

    Cyberattacks May Be Imminent In Wake Of U.S. Strike On Iranian Leader

    In the wake of a U.S. strike that killed Iranian Maj. Gen. Qasem Soleimani, Quds Force Commander, analysts and former officials are warning that a cyberattack may be imminent, according to The Washington Post.

    “At this point, a cyberattack should be expected,” Jon Bateman, former Defense Intelligence Agency analyst on Iran’s cyber capabilities, and currently a cybersecurity fellow at the Carnegie Endowment for International Peace, told The Post.

    Iran’s cyber troops are some of the best in the world and the country has a long history of successfully attacking Western targets. Between 2011 and 2013, Iran was responsible for ongoing attacks on U.S. banks. Similarly, Iran is believed to be responsible for an attack on the Las Vegas Sands casino in 2014 that resulted in data being wiped.

    Quds Force, the unit Soleimani commanded, specializes in unconventional warfare, including cyber warfare. The fact it was the Quds Force commander who was killed will likely add to the desire for revenge by a unit uniquely qualified to exact it.

    Philip Ingram, a former senior officer in British Military Intelligence, told Forbes that we can expect something “immediate and spectacular.” He went into sat the killing of Soleimani “cannot be underestimated.”

  • U.S. Government Looks To Restrict Exports Of AI, Quantum Computing And Self-Driving Tech

    U.S. Government Looks To Restrict Exports Of AI, Quantum Computing And Self-Driving Tech

    According to The Washington Post, the Trump administration has floated a proposal that would limit high-tech exports to China.

    Under the proposal, artificial intelligence (AI), robots, quantum computing, image recognition and self-driving tech would all be prohibited from being exported to China. This would include the tech that drives smartphone assistants, such as Siri.

    “If you think about the range of products this potentially implicates, that’s massive. This is either the opening of a big negotiation with the industry and the public or a bit of a cry for help in scoping these regulations,” R. David Edelman, the director of the Project on Technology, the Economy, & National Security at MIT, told The Washington Post.

    At the very least, the administration seems intent on extending the restrictions to those countries that are already subject to U.S. arms embargoes, including China.

    Needless to say, industry experts are not happy with the proposal. In a separate report by The Washington Post, individuals with the National Venture Capital Association expressed concern about how effective these proposed restrictions would be, versus the damage they would cause.

    “Almost everything is using AI in one way or another,” said Jeff Farrah, NVCA’s general counsel. “So then is everything subject to export controls?”

    Farrah continued: “There’s not a lot of faith from people in the industry that the government will get this right.”

  • Xiaomi Says Camera Issue Has Been Identified And Partially Fixed

    Xiaomi Says Camera Issue Has Been Identified And Partially Fixed

    Following reports that Xiaomi cameras integrated with Google’s Nest Hub, showed images and feeds from strangers’ cameras, The Verge is reporting that Xiaomi has identified the problem.

    Dio, a user in the Netherlands, first reported the issue when he used his Google Nest Hub to access his Xiaomi camera feed. Instead, he saw a stranger’s kitchen. Repeated attempts showed a random collection of camera feeds, only occasionally displaying his own. In response, Google shut down integration between the two services, until a fix could be found.

    In a statement to The Verge, Xiaomi identified the problem as the result of a “cache update” that was rolled out on December 26. The update was supposed to improve streaming quality, but ultimately led to the glitch. Xiaomi said the glitch only occurs in “extremely rare conditions.”

    In investigating what led to the issue Dio experienced, Xiaomi told The Verge: “It happened during the integration between Mi Home Security Camera Basic 1080p and the Google Home Hub with a display screen under poor network conditions.”

    While Xiaomi says it has fixed the issue, Nest integration will remain suspended until the root cause can be identified and addressed.

    While it’s reassuring this appears to be an isolated case, it illustrates the security issues that can occur when multiple devices and services are linked together. The more complex the integration, the greater the risk of security issues creeping in.

  • ToTok Co-Creator Denies App Is A Tool For UAE Spying

    ToTok Co-Creator Denies App Is A Tool For UAE Spying

    ToTok was recently removed from both Apple and Google’s app stores over allegations it was being used by the United Arab Emirates government to spy on users. In an interview with the Associated Press, co-creator Giacomo Ziani defended the app and denied it was a tool for spying.

    ToTok was released only months ago, and quickly rose to become one of the most popular social apps. Helping drive its popularity was the fact that it was the only app offering internet calling that was allowed in the UAE. Competing apps, such as FaceTime, WhatsApp, Skype and others are not allowed.

    In a report by the New York Times—that was based on information from American officials who had access to classified intelligence—the app was accused of being a spying tool for the UAE to “track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.”

    Ziani, however, defended his creation and denied the allegations.

    “I was not aware, and I’m even not aware now of who was who, who was doing what in the past,” Ziani told the AP.

    Ziani attributed the allegations to professional jealousy, although he failed to provide any evidence to support his claim. It will be interesting to watch what happens with ToTok and whether Ziani is successful in getting the app reinstated on Apple and Google’s app stores.

    In the meantime, ToTok is a cautionary tale that illustrates the lengths some governments and organizations will go in order to spy on individuals.

  • Google Nest Hub and Xiaomi Cameras Give Window Into Strangers’ Homes

    Google Nest Hub and Xiaomi Cameras Give Window Into Strangers’ Homes

    CNET is reporting on the latest example of security cameras exposing the very people they’re supposed to protect.

    According to the report, Netherlands resident Dio clicked on the Xiaomi camera feed on his Google Nest Hub, expecting to see a blackboard he had the camera pointed at for test purposes. Instead, he saw a stranger’s kitchen. Repeated attempts showed a random collection of other people’s cameras, only occasionally displaying his own.

    At this point, no one is aware of the cause of the issues or whether it is on Google or Xiaomi’s end. In the meantime, Google has disabled Xiaomi integration until a fix can be implemented.

    “We’re aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we’re disabling Xiaomi integrations on our devices,” Google told CNET, although they did say they were not aware of other instances of this happening.

    Ring has been under fire recently over a number of hacking incidents, and security camera maker Wyze suffered a high-profile data breach. These incidents continue to demonstrate the need for IoT companies, especially ones in the security market, to place a greater emphasis on security protocols and testing.

  • Ransomware Responsible For $7.5 Billion Hit On Economy In 2019

    Ransomware Responsible For $7.5 Billion Hit On Economy In 2019

    The MIT Technology Review is reporting that ransomware may have cost the U.S. economy as much as $7.5 billion in 2019.

    Ransomware is a kind of computer malware that encrypts or locks out a system until the owner pays a ransom to the malware creator. In the last couple of years, ransomware has become big business for cyber criminals, as the risk/reward proposition is very favorable. Target the right type of organization—such as one in a fast-moving industry, one where lives are on the line or a government institution—and the target may have very little recourse other than to pay to get back up and running as quickly as possible.

    As the report highlights, governments, both local and national, as well as public institutions increasingly became targets. The cities of New Orleans and Baltimore were both hit in 2019, not to mention a U.S. Coast Guard base.

    These targets are often chosen because of a lax approach to security, especially on the state level. Here’s to hoping 2020 is the year governments, corporations and individuals alike put cybersecurity first.

  • Mozilla Bringing California Privacy Protections To All Firefox Users

    Mozilla Bringing California Privacy Protections To All Firefox Users

    The California Consumer Privacy Act (CCPA) went into effect on January 1, but Mozilla has vowed to apply its protections to all Firefox users in 2020.

    CCPA is a law California passed to protect user privacy and give people more control over how corporations can use their data. CCPA requires companies to be transparent about what data they collect and how they use it, as well as give users the ability to stop companies from selling their data.

    Microsoft was one of the first companies to publicly commit to applying CCPA protection to all of its U.S. customers. Mozilla is taking it a step further, applying CCPA rights to all Firefox users around the world. This is not the first time Mozilla has taken this stand. When the EU passed its GDPR privacy legislation, Mozilla similarly extended those protections to all users.

    Mozilla is also committing to extending these rules to so-called “telemetry data,” the anonymous technical information about browser usage that helps Mozilla improve security and performance.

    “One of CCPA’s key new provisions is its expanded definition of ‘personal data’ under CCPA. This expanded definition allows for users to request companies delete their user specific data.

    “As a rule, Firefox already collects very little of your data. In fact, most of what we receive is to help us improve the performance and security of Firefox. We call this telemetry data. This telemetry doesn’t tell us about the websites you visit or searches you do; we just know general information, like a Firefox user had a certain amount of tabs opened and how long their session was. We don’t collect telemetry in private browsing mode and we’ve always given people easy options to disable telemetry in Firefox. And because we’ve long believed that data should not be stored forever, we have strict limits on how long we keep telemetry data.

    “We’ve decided to go the extra mile and expand user deletion rights to include deleting this telemetry data stored in our systems. To date, the industry has not typically considered telemetry data ‘personal data’ because it isn’t identifiable to a specific person, but we feel strongly that taking this step is the right one for people and the ecosystem.”

    This is good news for all Firefox users and will likely help it continue to gain market share amongst privacy-minded individuals. Hopefully more companies will follow Mozilla and Microsoft’s example.

  • TikTok Releases Transparency Report In Effort To Quell Concerns

    TikTok Releases Transparency Report In Effort To Quell Concerns

    TikTok has released its first ever transparency report amid increasing scrutiny related to privacy and censorship, according to NBC News.

    TikTok has been in the news a lot lately, and not in the way any company wants to be. The Department of Defense recently released guidance instructing personnel to delete the app, with both the Navy and Army following suit.

    Its problems have also included a lawsuit alleging the app created an account and uploaded videos and face scans to servers in China. The plaintiff alleges that, while they downloaded the app, they had never set up an account.

    In view of the concerns, “Senate Democratic leader Chuck Schumer of New York and Sen. Tom Cotton, R-Ark., a member of the Armed Services and Intelligence committees, sent a letter asking Joseph Maguire, the acting director of national intelligence, to assess TikTok and other China-based companies for potential security risks.”

    In an effort to address those concerns, TikTok has released its first transparency report detailing the worldwide government requests it received in the first half of 2019. India took the top spot, with the U.S. coming in second. The company has vowed to continue releasing transparency reports moving forward.

    Notably, China is not listed in the report, although the company says it does not operate there and that data for American users is stored in the U.S.