Search Results for “CNET”


September 24, 2019
Alfred Ng / CNET

Alfred Ng / CNET  
Amazon-Owned Ring Considered Building Tool to Activate Nearby Smart Doorbell Video Cameras Triggered by 911 Emergency Calls

Amazon-owned home surveillance company Ring considered building a tool that would automatically activate the video cameras on nearby smart doorbells in the event of a 911 emergency call, according to emails obtained by CNET. Although not currently working on it, Amazon told a California police department in August 2018 that the function could arrive in the “not-so-distant future.” The goal of the automatic triggering would be to have nearby Ring cameras record and stream video that police could then use to investigate an incident. Ring currently faces a number of controversies over its partnerships with nearly 470 police departments across the country.

September 20, 2019
Alfred Ng / CNET

Alfred Ng / CNET  
Workspace Provider WeWork Exposes Customers’ Sensitive Records via Insecure Wi-Fi Unless They Pay $95 Per Month More, Multiple WeWork Locations Use Identical Passwords

Digital media company employee Teemu Airamo discovered four years ago that workspace provider WeWork was exposing financial records, business transactions, client databases and emails from companies surrounding his office in Manhattan through its insecure Wi-Fi network, a situation that remains unchanged today despite the fact that Fast Company first exposed WeWork’s insecure Wi-Fi in August. CNET reviewed the Wi-Fi scans Airamo has been running on the WeWork network, in which 658 devices, including computers, servers, and coffee machines were exposing an “astronomical amount” of data. Moreover, multiple locations across WeWork’s massive landscape use the exact same password for its Wi-Fi network. WeWork does, however, offer “enhanced” security features for its customers, a VLAN costing an additional $95 a month with a $250 setup fee, although experts suggest that most Wi-Fi should have a baseline security requirement that doesn’t allow this kind of data exposure. Separately, on Tuesday WeWork postponed its planned initial public offering amid investor questions about its value.

August 7, 2019
Queenie Wong / CNET

Queenie Wong / CNET  
Facebook Sues Two Apps for Infecting Their Users’ Phones With Click Injection Malware

Facebook has filed lawsuits against two app developers, Hong Kong-based LionMobi and Singapore-based JediMobi, both of which Facebook says made apps available on the Google Play store to infect their users’ phones with ad fraud malware. Both apps used click injection to generate fake views for the ads that appeared on their phones. Both of the app developers have generated 207 million installs to date. Both apps are still available on Google Play Store.

October 8, 2019
Queenie Wong / CNET

Queenie Wong / CNET  
Instagram Adds New Anti-Phishing Feature to Detect Whether Instagram-Sent Emails Are Legit

Facebook-owned photo-sharing site Instagram said it’s introducing a new way for users to check if Instagram really sent them an email by incorporating an anti-phishing feature. The new feature is available in the site’s settings under the security tab. Instagram now also offers steps on its site users can take to secure their accounts if they believe they’ve been hacked. That includes requesting a login link, reverting an email change, and reporting the account.

Related: CNET, PCMag.com, Engadget, iClarified, The State of Security, The Next Web, The Verge, Fast Company, RAPPLER, Silicon Republic, NDTV Gadgets360.com, Social Media Today, Techerati


August 9, 2019
Alfred Ng / CNET

Alfred Ng / CNET  
Majority of Robocall-Blocking Apps Collect and Share Personal Data Collected From Devices Without User Consent

A majority of robocall-blocking apps are collecting personal data on people’s devices without their explicit consent and sharing it with analytics firms, Dan Hastings, a security researcher at NCC Group found. These “free” apps aimed at reducing pesky and unwanted robocalls are sharing people’s phone numbers with data analytics firms, looking at their text messages and phone calls, and can learn what apps users have on their devices. Hastings discovered that the top robocall-blocking app, TrapCall, is sending people’s phone numbers to three data analytics companies even though this sharing wasn’t explicitly mentioned in the app’s privacy policy. TrapCall contends it only shares phone numbers with service providers who power their internal analytics and app messaging platforms. Another top robocalling app, Hijay, also sends people’s phone data to three data analytics firms even before they agree to the privacy policy. Hiya said it would resubmit its apps to the iOS and Play stores to make sure that basic device information is not sent without people’s consent.

September 10, 2019
Alfred Ng / CNET

Alfred Ng / CNET  
More Than 50 CEOs Send Letter to Congress in Bid to Establish Federal Privacy Law That Shuts Down Tougher State-Level Legislation

Hoping to preempt and forestall tougher privacy laws at the state level, such as the recent California privacy legislation, more than fifty CEOs, including Amazon’s Jeff Bezos and AT&T’s Randall Stephenson, sent a letter to Congress calling for federal privacy legislation that would “strengthen consumer trust and establish a stable policy environment.” Under the auspices of the CEO group Business Roundtable the letter from the CEOs went to Senate Majority Leader Mitch McConnell, Senate Minority Leader Chuck Schumer, House Speaker Nancy Pelosi, and House Minority Leader Kevin McCarthy. Google and Facebook aren’t part of the Business Roundtable, but they have made the same points in congressional hearings on data privacy in the same kind of effort to establish weaker privacy rules at the federal level.

August 7, 2019
Laura Hautala / CNET

Laura Hautala / CNET  
Children’s Tablet LeapPad Ultimate and LeapPad Application Pet Chat Could Have Allowed Attackers to Intercept Information, Locate Children and Send Them Messages

Children’s tablet LeapPad Ultimate, made for children between the ages of 3 and 6, had flaws that could have allowed attackers to intercept information from the devices, locate them and send messages to the young users, researchers at Checkmarx discovered. LeapPad Ultimate tablet was sending information over an insecure Internet connection, which could’ve revealed children’s names, genders, and approximate ages. A LeapPad Ultimate application called Pet Chat also made it possible to find a tablet’s location and other device information. Checkmarx worked with LeapPad to fix the problems which have now been resolved.

October 4, 2019
Zack Whittaker / TechCrunch

Zack Whittaker / TechCrunch  
Microsoft Says ‘Phosphorous’ Threat Group Linked to Iranian Government Targeted Unnamed 2020 U.S. Presidential Candidate’s Email Account Along With 2,700 Other Email Accounts

Microsoft said that it has seen a threat group linked to the Iranian government, which it calls Phosphorous but is also known as APT 35, target an unnamed 2020 U.S. presidential candidate. In a 30-day period between August and September of this year, Phosphorous made more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers that are “associated” with a presidential campaign, current and former U.S. government officials, journalists and prominent Iranians living outside the country. Four of the accounts not associated with the U.S. presidential campaign or current and former U.S. government officials were compromised in the effort. The attacks, which Microsoft described as not sophisticated, attempted to use a “significant amount of personal information” to game password reset or account recovery features and try to take over some targeted accounts. Some of the attacks entailed gathering and targeting user phone numbers.

Related: Microsoft, Fifth Domain | Cyber, New York Post, Digital Trends, Algemeiner.com, AOL, Financial Times, The Hill: Cybersecurity, The Hill: Cybersecurity, The Register – Security, MSPoweruser, Gizmodo, The Age, Reuters, Axios , BleepingComputer.com, News : NPR, UPI.com, CNN.com, Slashdot , Haaretz.com, Jerusalem Post, Channel News Asia, Arutz Sheva News, News.com.au, CNBC, News.com.au, AP Breaking News,NBC News Top Stories, VentureBeat, USA Today, RT News, CTVNews.ca, TribLIVE, Star TribuneEngadget, PCMag.com, WashingtonExaminer.com, ZDNet, Bloomberg Politics, Al Jazeera English, CNET News, CNN.com, New York Times – Nicole Perlroth, CNET News, Deutsche Welle, Washington Post, Washington Post, ZDNet, The Palm Beach Post, The Age, ZDNet, Stars and Stripes, Windows Central , Law & Disorder – Ars Technica, GeekWire, JNS.org, The Verge, Fortune, TIME, POLITICO, RT News, The Times of Israel, South China Morning Post

Tweets:@Bing_Chris @Olivia_Gazis @W7VOA @tonyromm @adrianweckler @g_ratnam @shanav @jseldin @gregotto @jamestutt @magmill95 @alexwardvox

Microsoft: Recent cyberattacks require us all to be vigilant
Fifth Domain | Cyber: Iran-backed hackers targeted 2020 presidential campaign, says Microsoft
New York Post: Microsoft says Iran plotted cyber attack against US presidential campaign
Digital Trends: Microsoft blames Iran for hacking attempts on U.S. presidential candidates
Algemeiner.com: France Gives One Month to Get Iran-US to Negotiating Table
AOL: Iran-linked hackers tried to compromise presidential campaign, Microsoft says
Financial Times: Microsoft says Iran tried to hack 2020 Democratic campaign
The Register – Security: Iran tried to hack hundreds of politicians, journalists email accounts last month, warns MicrosoftThe Hill: Cybersecurity: Iran-linked group targeted email accounts for US presidential campaign, government officials
MSPoweruser: Microsoft uncovers US election hacking plot by Iranian agencies
Gizmodo: Someone ‘Highly Motivated’ Tried to a Hack 2020 Presidential Campaign, Microsoft Warns
Firstpost: Iranian hackers targeted U.S. presidential campaign, did not succeed – Microsoft
The Age: Iranian hackers targeted US presidential campaign, Microsoft says
Reuters: Iranian hackers targeted U.S. presidential campaign, did not succeed: Microsoft
Axios : Microsoft: Iranian group tried to hack unnamed 2020 candidate, others
BleepingComputer.com: Microsoft Discovers Iranian Hacking Campaign Targeting U.S. Politics
News : NPR: Microsoft Says Iranians Tried To Hack U.S. Presidential Campaign
UPI.com: Microsoft: Iran-linked hacking group has targeted 2020 U.S. campaign
CNN.com: Iranian hackers targeted presidential campaign and US government officials
Slashdot : Microsoft: Iranian Hackers Targeted a 2020 Presidential Campaign
Haaretz.com: Iranian hackers targeted a U.S. presidential campaign, Microsoft says
Jerusalem Post: Microsoft finds Iranian hackers targeted a U.S. presidential campaign
Channel News Asia: Iranian hackers targeted US presidential campaign, did not succeed – Microsoft
Arutz Sheva News: Microsoft: Iran-linked hackers tried to compromise US campaign
News.com.au: Microsoft: Iranian hackers targeted US campaign
CNBC: Microsoft says Iranian hackers targeted presidential campaign, government officials, media
News.com.au: Microsoft: Iranian hackers targeted US campaign
AP Breaking News: Iranian hackers said to target presidential campaign
New York Times : Iranian Hackers Targeted Presidential Campaign, Microsoft Says
NBC News Top Stories: Iran-linked hackers tried to compromise presidential campaign, Microsoft says
VentureBeat: Microsoft: Hackers linked to Iran targeted U.S. presidential candidate
USA Today: Microsoft: Iran government-linked hacker targeted 2020 presidential campaign
RT News: Iranian govt-linked op tried to HACK TRUMP 2020 campaign, Reuters sources claim
CTVNews.ca: Iranian hackers said to target U.S. presidential campaign
TribLIVE: Iranian hackers said to target presidential campaign
Star Tribune: Iranian hackers said to target presidential campaign
CNN.com: Iranian hackers targeted presidential campaign and US government officials
Engadget: Microsoft: Iranian cyberattack targeted a US presidential campaign
USA Today: Microsoft: Iran government-linked hacker targeted 2020 presidential campaign
PCMag.com: Microsoft: Iranian Hackers Targeted US Presidential Campaign
WashingtonExaminer.com: Microsoft: Iran-tied group attempted to hack US presidential campaign email accounts
ZDNet: Microsoft: Iranian hackers targeted a 2020 presidential campaign
Bloomberg Politics: Microsoft Says Iran Tried Hack of U.S. Presidential Campaign
Al Jazeera English: Iranian hackers targeted a US presidential campaign: Microsoft
CNET News: Iranian hackers targeted a US presidential campaign, Microsoft says – CNET
CNET News: Iranian hackers targeted a US presidential campaign, Microsoft says – CNET
Deutsche Welle: Hackers target US presidential campaign, Microsoft reports
Washington Post: Iranians tried to hack U.S. presidential campaign in effort that targeted hundreds, Microsoft says
The Palm Beach Post: Iranian hackers said to target presidential campaign
The Age: Iranian hackers targeted US presidential campaign, Microsoft says
ZDNet: Microsoft: Iranian hackers targeted a 2020 presidential campaign
Stars and Stripes: Iran tried to hack US candidates, journalists in effort that targeted hundreds, Microsoft finds
Firstpost: Iranian hackers targeted a U.S. presidential campaign, Microsoft says
Windows Central : Microsoft: Iranian hacking group targeted 2020 presidential campaign
TechCrunch: Microsoft says Iranian hackers targeted a 2020 presidential candidate
Law & Disorder – Ars Technica: Microsoft says Iranian hackers tried to hack a US presidential campaign
GeekWire: Iranian hacker group attacked email accounts tied to a US presidential candidate, Microsoft says
JNS.org: Microsoft: Iran sought to hack US presidential campaign
The Verge: Microsoft says Iranian hacking group targeted a 2020 US presidential candidate
Fortune: How Iran-linked Hackers Tried to Compromise a Presidential Campaign
TIME: Microsoft Says Iranian Hackers Targeted U.S. Presidential Campaign
POLITICO: Iranian hackers targeted 2020 presidential campaign, Microsoft finds
The Times of Israel: Microsoft says Iranian hackers targeted a US presidential campaign
South China Morning Post: Iranian hackers targeted 2020 US presidential campaign, Microsoft finds

@Bing_Chris: "The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran"
@Olivia_Gazis: .@Microsoft says it has detected hackers linked to the Iranian government targeting at least one U.S. presidential campaign:
@W7VOA: Cyber activity from #Iran and linked to that government detected by @Microsoft.
@tonyromm: A campaign linked to the Iranian government attempted to identify, attack and breach email addresses belonging to U.S. presidential campaigns, government officials and journalists, according to new data unveiled by Microsoft
@adrianweckler: Microsoft head of security posts blog saying Iranian govt-backed hackers attacked email accounts of journalists and an unnamed US presidential campaign
@g_ratnam: A group called Phosphorous, believed to be tied to Iran, has targeted 2700 email accounts associated with US presidential campaigns, US officials, journalists and others, per @Microsoft . 241 of those were then attacked.
@shanav: NEW: Microsoft says Iranian APT group Phosphorous, with ties to Iran's government, has worked to get past two-factor authentication and reset passwords for a U.S. presidential campaign, as well as current and former U.S. gov officials and journalists.
@jseldin: "Microsoft has notified the customers related to these investigations and threats and has worked as requested with those whose accounts were compromised to secure them" per @TomBurt45More here:
@gregotto: NEW: Microsoft found an Iranian group going after microsoft email accounts tied to a presidential campaign, current and former gov, and journalists
@jamestutt: Today we are sharing details of significant cyber activity from a threat group we call Phosphorous, believed to originate in Iran with links to the Iranian govt. More here: https://blogs.microsoft.com/on-the-issues/2019/10/04/recent-cyberattacks-require-us-all-to-be-vigilant/
@magmill95: Big cyber news today: Microsoft announced that it tracked an Iranian-linked threat group over 30 days attempt to identify and attack consumer email accounts linked to Microsoft customers, including an unnamed U.S. presidential campaign and U.S. officials:
@alexwardvox: .@Microsoft's @TomBurt45 : "Today we’re sharing that we’ve recently seen significant cyber activity by a threat group we call Phosphorous, which we believe originates from Iran and is linked to the Iranian government."


August 23, 2019
Stephen Shankland / CNET

Stephen Shankland / CNET  
Google Unveils Vision for ‘Privacy Sandbox’ to Allow Advertisers to Target User Interests While Protecting Privacy

Google’s Chrome team has outlined a vision for a “privacy sandbox” that’s designed to give users ads that publishers can target their interests but that don’t infringe upon their privacy. The privacy sandbox would restrict tracking technology in much the same way that the browser already restricts malware, offering “a secure environment for personalization that also protects user privacy.” For example, Chrome would restrict some private data to the browser until it’s shared across a large group of people using technologies called differential privacy and federated learning which uses machine learning software in the browser itself to assess people’s interests. It would also use a trust token that advertisers and publishers can use to reduce ad fraud by grouping web users into two segments, along with conversion measurement technology that’ll let advertisers figure out which ads lead to successful outcomes like people buying an advertised product. Finally, Google envisions a”privacy budget” that would limit how much personal information a website can access to prevent so-called fingerprinting.

Related: 9to5Google, EFF, Android Police, The Drum, PYMNTS.com, HotHardware.com, Vox, Techradar, Tech Insider, SC Magazine, ZDNet Security, The Mac Observer, CNET News, BGR, Digital Trends, The Register – Security, Engadget, Slashdot, Threatpost, Fortune,Tech Wire Asia, Chromium Blog, The Chromium Projects, The Keyword, NewsBytes App, BetaNews, NDTV Gadgets360.com, The Next Web, Security – Computing, Neowin, The Hacker News

Tweets:@BrendanEich

9to5Google: Google announces ‘Privacy Sandbox’ initiative to build a more private web
EFF: Browsers Take a Stand Against Kazakhstan’s Invasive Internet Surveillance
Android Police: Google wants to create new ‘Privacy Sandbox’ standards for online advertising and browsers
The Drum: ‘A blow to the fight for a fairer programmatic industry’: the inside story of how KPEX fell apart
PYMNTS.com: New Google Initiative Limits Tracking Of Web Users
HotHardware.com: Google Announces Chrome Sandbox Functionality To Further Enhance User Privacy
Vox: Google says it’s making Chrome more private, but advertisers will still track you
Techradar: Android 10 release date, new features and everything you need to know
Tech Insider: Google pushed an exception through to allow US Customs and Border Protection to try a key cloud product free, even as 1,300 Google employees protest any work with the agency (GOOG, GOOGL)
SC Magazine: AhMyth –based malicious app found in Google Play | SC Media
ZDNet Security: Chrome devs propose Privacy Sandbox to balance ad targeting and user privacy
The Mac Observer: Google Privacy Sandbox Probably Won’t Protect Your Privacy
BGR: Google’s new privacy standards want to save us from creepy ad practices
Digital Trends: Google plans to increase privacy online via its new Privacy Sandbox initiative
The Register – Security: As browser rivals block third-party tracking, Google pitches ‘Privacy Sandbox’ peace plan
Engadget: Google proposes new privacy standards to protect web browsing data
Slashdot: Google Chrome Proposes ‘Privacy Sandbox’ To Reform Advertising Evils
Threatpost: Google Launches Open-Source Browser Extension for Ad Transparency
Fortune: How Google’s Plan to Increase Your Online Privacy Differs from Apple and Firefox Ideas
Tech Wire Asia: Can Google’s Privacy Sandbox protect the future of the vibrant web?
Chromium Blog: Potential uses for the Privacy Sandbox
The Chromium Projects: privacy-sandbox
The Keyword: Building a more private web
NewsBytes App: Google plans to make web browsing more private: Here’s how
BetaNews: Google seeks to make the web more private for Chromium users with Privacy Sandbox
NDTV Gadgets360.com: Google’s Privacy Sandbox Initiative to Protect Users’ Privacy on Web
The Next Web: Google follows Apple with its own anti-tracking policy for Chromium-based browsers
Security – Computing: Google proposes alternative plan to improve web privacy – while keeping the ad tech industry onside
Neowin: Google wants to help protect your privacy on the web
The Hacker News: Google Proposes ‘Privacy Sandbox’ to Develop Privacy-Focused Ads

@BrendanEich: Unlike Brave, no user revenue share! Otherwise sounds like a personal-data-leaky subset of what we do. In conjunction with obstruction of privacy work at W3C, this looks like weak sauce in a misleading "privacy matters" bottle, from a conflicted superpower that dominates the W3C.


October 15, 2019
Clifford Colby / CNET

Clifford Colby / CNET  
Yahoo Users Can Now File a Claim As Part of Settlement For Series of Breaches Affecting More Than Three Billion Users

At the end of September, Yahoo announced that users with an account any time between  Jan.1, 2012, and Dec. 31, 2016, who are also are a resident of the US or Israel, can file a claim for part of the $117,500,000 settlement fund for a series of breaches in 2012 and 2013 that affected for more than three billion Yahoo accounts. In those breaches, hackers were able to steal names, email addresses, telephone numbers, birth dates, passwords, and answers to security questions. Users can submit claims for credit monitoring and money, including at least two years of credit monitoring services provided by AllClearID,  a cash payment of $100  to a max of $358.80 for those users who already have credit monitoring depending on funds available after other benefit payouts, cash reimbursement up to $25,000 to cover out-of-pocket costs to address fraud and identity theft as a result of a breach, as well as compensation for up to 15 hours of time spent recovering from a breach. On top of that, users can request up to 25 percent of the amount paid for a premium Yahoo account or a Yahoo Small Business User email service, with a cap of $500 a year.