Subject: Privacy scare leads Wyze to unpair all devices from Google Assistant and Alexa, you’ll need to add them back
Source: Android Police
Smart home appliance maker Wyze has responded to what it calls an “alleged” data breach against its production databases by logging all users out of their accounts and has strengthened security for its servers. Customers endured a lengthy reauthentication process as the company responded to a series of reports claiming that the company stored sensitive information about people’s security cameras, local networks, and email addresses in exposed databases.
The company said it decided out of caution to adjust access permissions for its databases and wipe all active login tokens — this also cleared users’ Alexa, Google Assistant, and IFTTT integrations as well. Customers who employed two-factor authentication complained shortly after the token refresh that their login attempts were denied due to various errors. Wyze updated its bulletin late last night to report it had fixed the 2FA login process.
Sample category RSS: https://www.androidpolice.com/
Increased security at US airports has people worried about the security of their mobile devices. But can the Transportation Security Administration (TSA) take and search your phone?Let’s explore if airport security can search your phone, and what to expect if they can.
Source: USA Today
You knew that every time you went online and typed away, companies took every one of your inputs to study, market and share with others.But did you really realize the extent of it?
A new California law, going into effect in January, has produced an avalanche of privacy law updates this week, no doubt flooding your inbox. The changes affect nearly everyone, since all the companies do business in California.
Here’s how Jessica Guynn described the law, in her preview piece this week. The California Consumer Privacy Act “will grant consumers the right to see the personal information that companies collect about them and stop them from selling it.”
The only hitch, as you’ll be able to tell from reading the privacy updates that went out, is this: the process of communicating with the companies and requesting them to stop will not be easy. And it won’t magically stop the firms from grabbing your info and profiting from it.
Have you taken a look at the privacy updates?
I’m assuming you didn’t. Most people don’t. So I did.
see other tech-focused articles:
Source: Michael Tsai blog via Slashdot
Mac developer Michael Tsai reports that Apple News no longer supports RSS. The news comes from user David A. Desrosiers, who writes: Apple News on iOS and macOS no longer supports adding RSS or ATOM feeds from anywhere. Full-stop, period. It will immediately fetch, then reject those feeds and fail to display them, silently without any message or error. I can see in my own server’s log that they make the request using the correct app on iOS and macOS, but then ignore the feed completely; a validated, clean feed. They ONLY support their own, hand-picked, curated feeds now. You can visit a feed in Safari, and it will prompt you to open the feed in Apple News, then silently ignore that request, after fetching the full feed content from the remote site. Simon Willison, creator of Datasette and co-creator of Django, points out that Apple News still hijacks links to Atom/RSS feeds — “so if you click on one of those links in Mobile Safari you’ll be bounced to the News app, which will then display an error.”
blog RSS feed 😉
Tag Cloud for blog:
RSS article tag:
Source: Naked Security
Strictly speaking, virus refers to a type of malware that spreads by itself, so that once it’s in your system, you may end up with hundreds or even thousands of infected files……on every computer in your network, and in the networks your network can see, and so on, and so on.These days, however, the crooks don’t really need to program auto-spreading into their malware – thanks to always-on internet connectivity, the “spreading” part is easier than ever, so that’s one attention-grabbing step the crooks no longer need to use.But the word virus has remained as a synonym for malware in general, and that’s how we’re using the word here.
So, for the record, here are seven categories of malware that give you a fair idea of the breadth and the depth of the risk that malware can pose to your organisation.
To jump to a specific item, click in the list below:
- DATA STEALERS
- RAM SCRAPERS
- BOTS, aka ZOMBIES
- BANKING TROJANS
- RATS (Remote Access Trojans)
- WHAT TO DO?
Malware category RSS feed:
Source: Military.com via CNN Wire via WPMT FOX43
The US Army has banned the use of the hugely popular short video app TikTok by its soldiers, calling it a security threat.The Army has joined the Navy in barring the use of the app on government-owned phones, following bipartisan calls from lawmakers for regulators and the intelligence community to determine whether the Chinese-owned app presents a threat to national security and could be used to collect American citizens’ personal data. Military.com was the first to report on the decision.
“There was a Cyber Awareness Message sent out on 16 December identifies TikTok as having potential security risks associated with its use,” Army spokesperson Lt. Col Robin L. Ochoa told CNN on Monday night. “The message directs appropriate action for employees to take in order to safeguard their personal information. The guidance is to be wary of applications you download, monitor your phones for unusual and unsolicited texts etc., and delete them immediately and uninstall TikTok to circumvent any exposure of personal information.”
Reuters reported that the Navy also made a similar decision in mid-December, telling sailors that anyone who hadn’t removed the app from their government-issued phone would be banned from the Navy intranet.
If you switch on two-factor authentication (2FA) on your accounts—and you really should—then you need something else besides a username and a password when you log in on a new device. That’s where a good authenticator app comes in.Many people will opt for giving the service their phone number so they can be texted a code to authenticate. But text message, or SMS, authentication is easy to hack. There’s also the privacy concern of giving, say Facebook, your phone number. Instead, you should use an authenticator app, which supplies a code via an app on your phone. The app is usually unique to your specific device so hackers will need physical access to get around it, and you’re not having to give up a phone number to big companies who may use it inappropriately.
Some accounts ask you to install a very specific authenticator app, but for others (including Google) you can take your pick: The Android and iOS app stores have a number of options to pick from. If you’ve always defaulted to one authenticator app in particular, it’s worth having a look at what else is around.
Site RSS: https://gizmodo.com/rss
See also A guide to the gadgets, and how to make them work for you:
- 2020 is when cybersecurity gets even weirder, so get ready
- FBI recommends that you keep your IoT devices on a separate network
- A decade of malware: Top botnets of the 2010s
- How to prevent a ransomware attack (ZDNet YouTube)
- Best home security of 2019: Professional monitoring and DIY (CNET)
- How to control location tracking on your iPhone in iOS 13 (TechRepublic)
Source: WSJ via FoxBusiness via https://www.bespacific.com/
WSJ via FoxBusiness: “The hackers seemed to be everywhere. In one of the largest-ever corporate espionage efforts, cyberattackers alleged to be working for China’s intelligence services stole volumes of intellectual property, security clearance details and other records from scores of companies over the past several years. They got access to systems with prospecting secrets for mining company Rio Tinto PLC, and sensitive medical research for electronics and health-care giant Philips NV. They came in through cloud service providers, where companies thought their data was safely stored. Once they got in, they could freely and anonymously hop from client to client, and defied investigators’ attempts to kick them out for years. Cybersecurity investigators first identified aspects of the hack, called Cloud Hopper by the security researchers who first uncovered it, in 2016, and U.S. prosecutors charged two Chinese nationals for the global operation last December. The two men remain at large. A Wall Street Journal investigation has found that the attack was much bigger than previously known. It goes far beyond the 14 unnamed companies listed in the indictment, stretching across at least a dozen cloud providers, including CGI Group Inc., one of Canada’s largest cloud companies; Tieto Oyj, a major Finnish IT services company; and International Business Machines Corp…”…
Subject: Why Abbreviating The Date In 2020 Could Be Risky
Source: CBS Pittsburgh