720-891-1663

Security News Update for the Week Ending August 26, 2022

Mozilla Says 18 of 25 Pregnancy Apps: Privacy Not Included

Out of the 25 “reproductive health” apps and wearable devices, 18 received a “privacy not included” rating. That means that they have a problem protecting their user’s privacy. In today’s world that data could be used by private bounty hunters in states that offer that or law enforcement. In Texas, for example, bounty hunters could earn $10,000 for turning someone in who terminated a pregnancy. We saw that in Nebraska recently, so it is no longer a theoretical possibility. Most of this is legal. Some might not be. None the less, it is a situation people need to be aware of. Credit: The Register

NSO Group CEO Resigns; NSO Lays Off 100

NSO Group has gone from darling to devil in short order. At one point they were all governments go to company for hacking anyone from their political adversaries to journalists, with an occasional terrorist thrown in for cover. But as the story became public, they became toxic. Finally, the CEO/co-founder gave up and slithered off as the company laid off 100 (about 15%). It is likely to go for sale as scrap soon if it loses any of the court cases it is now facing. Credit: The Register

Israeli Phone Hacking Firm Shared Client Data With Japan Without Telling Clients

To be clear, this is not a hack; it was intentional. The data, which belongs to intelligence, defense and law enforcement agencies across the globe was shared with a Japanese shareholder and then Japan’s government without the knowledge of company management or customers. This could cause both reputational and legal damage to the company. Credit: Haaretz

City of Portland GAVE Hacker $1.4 Million in Oopsy

City of Portland employees fell for an old fashioned email scam and paid a hacker $1.4 million when he asked for it. This even after the city’s treasurer flagged the payment as suspicious and told employees to confirm the payment. The employees, either lazy or poorly trained, confirmed the transfer by replying to the email the hacker sent them. The city eventually detected the scam, although they did not get their money back, when the hacker tried to scam them a second time. Credit: PC Mag

Researchers Discover 8-Year-Old Vulnerability in Linux Kernel

I know I keep saying this, but even popular open-source software like Linux has bugs. This one has been around for 8 years and allows a regular user – or a compromised user account – to gain kernel permissions in 3 easy steps. The exploit is called DirtyCred by the Northwestern University researchers who found it. Look for patches soon (hopefully). Credit: The Hacker News

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *