Privacy…

Ring Cameras Hacked in ‘Swatting’ Scheme

https://www.entrepreneur.com/business-news/ring-cameras-hacked-in-swatting-scheme/441518

Critics and researchers say the Ring cameras are used to surveil gig economy drivers and delivery people and that they give law enforcement too much power to survey everyday life.

The pair would hack people’s Yahoo email accounts, then their Ring accounts, find their addresses, call law enforcement to the home with a bogus story, and then stream police’s response to the call. Often, they would harass the first responders at the same time using Ring device capabilities.

++++++++

LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all…

https://nakedsecurity.sophos.com/2022/12/23/lastpass-finally-admits-they-did-steal-your-password-vaults-after-all/

…”customers’ information” turns out to include both customer data and password databases. Loosely speaking, the crooks now know who you are, where you live, which computers on the internet are yours, how to contact you electronically, and also have a detailed map of where you go when you’re online.

It’s therefore reasonable to assume that only users who had chosen easy-to-guess or early-to-crack passwords are at serious risk, and that anyone who has taken the trouble to change their passwords since the initial breach announcement has probably kept ahead of the crooks.

++++++++

Researcher Uncovers Potential Wiretapping Bugs in Google Home Smart Speakers

https://thehackernews.com/2022/12/researcher-uncovers-potential.html

A security researcher was awarded a bug bounty of $107,500 for identifying security issues in Google Home smart speakers that could be exploited to install backdoors and turn them into wiretapping devices.

The flaws “allowed an attacker within wireless proximity to install a ‘backdoor’ account on the device, enabling them to send commands to it remotely over the internet, access its microphone feed, and make arbitrary HTTP requests within the victim’s LAN,” the researcher, who goes by the name Matt, disclosed in a technical write-up published this week.

TikTok…

TikTok’s Parent Company Admits Using the Platform’s Data to Track Journalists

https://www.infosecurity-magazine.com/news/tiktoks-admits-using-its-data/

What was just a rumor has been confirmed: employees of ByteDance, the China-based company that owns TikTok and its Chinese counterpart Douyin, accessed data from TikTok to track a Financial Times reporter and a former BuzzFeed reporter in a bid to identify the source of leaks to the media.

ByteDance condemned the “misguided initiative that seriously violated the company’s code of conduct” and that none of the employees found to have been involved remained employed by the company. The Guardian reported that a person briefed on the matter said four ByteDance employees involved in the incident were fired, including two in China and two in the United States.

Apple…

EU forces Apple to Rip a Huge Hole in iPhone security

https://www.cultofmac.com/800222/eu-forces-apple-to-rip-huge-hole-in-iphone-security/

Criminals around the world are surely celebrating news that Apple is being forced by the N. The move will allow hackers to release a fresh tidal wave of malware, hoping to slip it onto iOS handsets. iPhone users will be forced to fend off attempts to trick them into installing this malware virtually every day.

Most iPhone users have never had to think much about malware. Because iOS devices get all their applications from the App Store, it’s nearly impossible for hackers to slip spyware or other nasty apps into iPhones.

Expect to see fraudulent pop-up windows crafted to look as much like Apple notices to trick users into installing malware.

Linux…

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?

https://nakedsecurity.sophos.com/2022/12/27/critical-10-out-of-10-linux-kernel-smb-hole-should-you-worry/

SMB is short for server message block, and it’s the protocol that underpins Windows networking, so almost any Linux server that provides network services to Windows computers will be running software to support SMB.

SMB support is also generally needed in home, and small-business NAS (network-attached storage) devices, which generally run Linux internally, and provide easy-to-use, plug-it-in-and-go file server features for small networks.

Listen to this episode