Smart-assistant devices have had their share of privacy missteps, but they're generally considered safe enough for most people . New research into vulnerabilities in Amazon's Alexa platform, though, highlights the importance of thinking about the personal data your smart assistant stores about you—and minimizing it as much as you can.
Findings published on Thursday by the security firm Check Point reveal that Alexa's Web services had bugs that a hacker could have exploited to grab a target's entire voice history, meaning their recorded audio interactions with Alexa. Amazon has patched the flaws, but the vulnerability could have also yielded profile information, including home address, as well as all of the "skills," or apps, the user had added for Alexa.
While you're here, how about this:
Decrypted: Hackers show off their exploits as Black Hat goes virtual – TechCrunch
Every year hackers descend on Las Vegas in the sweltering August heat to break ground on security research and the most innovative hacks. This year was no different, even if it was virtual.
But with less than three months until millions of Americans go to the polls, Black Hat sharpened its focus on election security and integrity more so than any previous year.
* * *
The relationship between hackers and election machine manufacturers has been nothing short of fraught. No company wants to see their products torn apart for weaknesses that could be exploited by foreign spies. But one company, once resistant to the security community, has started to show signs of compromise.
Cybersecurity: These two basic flaws make it easy for hackers to break into your systems | ZDNet
Hackers can gain access to the internal networks of corporations by exploiting two security failings in as little as 30 minutes.
The report, based on anonymised data from real organisations that have had their networks tested, said that for 71% of companies, there's at least one obvious weakness that could provide malicious outsiders with entry into the network.
"The problem lies in the low levels of protection even for large organizations. Attack vectors are based primarily on exploiting known security flaws. This means that companies do not follow basic information security rules," Ekaterina Kilyusheva, head of information security analytics at Positive Technologies, told ZDNet.
Report: Unskilled hackers can breach about 3 out of 4 companies - TechRepublic
Positive Technologies found in a recent study that criminals with few skills can hack a company in less than 30 minutes.
* * *
Pentesters are ethical hackers, hired by a company, who mimic the actions of criminal hackers, and look for and find the areas of vulnerability within the company's security. Given the assignment, it's best served when the client has a security system already in place.
Testing an external network, such as the internet, is called an external pentest. Pentesters try to find as many ways as they can to penetrate the local network, and the combination of external-and-internal network breaches represent 58% of hacks, and external alone, 19%.
In case you are keeping track:
The future of hacking: COVID-19 shifting the way hackers work and who they target | 2020-08-14 |
Over the past few months, millions of workers have turned their homes into their new, remote office, including state government employees, which brought a host of risks through use of unsecured Wi-Fi and poor access controls. This shift toward home as well as the underlying panic brought on by COVID-19 altered hackers’ focus and targets aimed at the remote worker.
* * *
For example, for people in high-value positions such as politicians or lawyers on important cases, information about that person’s movements and meetings is valuable to opponents and easily sold by bad actors. Many of these apps lacked encrypted source code, and many did not have intrusion detection when hackers accessed restricted mobile data.
North Korean Hacking Group Attacks Israeli Defense Industry - The New York Times
The Defense Ministry said the attack was deflected "in real time" and that there was no "harm or disruption" to its computer systems.
However, security researchers at ClearSky, the international cybersecurity firm that first exposed the attack, said the North Korean hackers penetrated the computer systems and were likely to have stolen a large amount of classified data. Israeli officials fear the data could be shared with North Korea's ally, Iran.
The episode adds Israel to the list of countries and companies that have been targeted by North Korea 's hacking unit, known to private security analysts as the Lazarus Group. American and Israeli officials have said the Lazarus Group, also known as Hidden Cobra, is backed by Pyongyang.
CactusPete hackers go on European rampage with Bisonal backdoor upgrade | ZDNet
An advanced persistent threat (APT) group has evolved the Bisonal new backdoor for use in attacks against financial and military organizations across Europe.
Cisco Talos researchers say that the group, named internally as Tonto Team, is likely a state-sponsored APT belonging to the Chinese military focused on intelligence-gathering and espionage.
Kasperksy Labs researchers are of the same opinion when it comes to spying activities. Adding that CactusPete has also been known to strike diplomatic and infrastructure organizations, the team says that the group appears to be after "very sensitive" information.
Incident Of The Week: Garmin Pays $10 Million To Ransomware Hackers Who Rendered Systems Useless
On July 23, Garmin users went to Twitter to express their concern over inaccessible website features. Four days later, Garmin released an official statement confirming that a cyber attack had taken place. Garmin assured its users that no PII (personal identifying information) was compromised.
Garmin is most commonly known for its fitness tracking capabilities in the form of GPS wearables, but the corporation also operates in the aviation space. Consequently, some planes whose aviation infrastructure relies on Garmin technology were also affected by the hack.
Happening on Twitter
An Alexa bug could have exposed your voice history to hackers https://t.co/kGYcvFoFXg by @wired arstechnica (from NYC - Boston - Chicago - SF) Sat Aug 15 11:44:02 +0000 2020
No comments:
Post a Comment