Around 5,300 gas stations in the United States could be vulnerable to a remote cyberattack on the automated tank gauges, causing the pumps to flag alerts or even shut down
The post Over 5,000 US gas stations vulnerable to remote hacks appeared first on We Live Security.
In turn, app developers eager to earn revenues from their hard work find it lucrative to collect as much data from their users as possible in order to offer more ad targeting data, and they can find many convenient ‘mobile monetizing kits’ to handle all the in-app ad publishing details for them.
Unfortunately, both of these practices can cause app developers unwittingly to become a mule for corrupt ad networks and privacy exploits.
Collecting more information from users than is necessary just to have more data to offer to advertisers is not necessarily a good strategy. A recent study published by the Information Commissioner’s Office (ICO) in the UK found that 49% of app users decided not to download an app due to privacy concerns.
If scaring off half of your potential downloads isn’t reason enough to reconsider your app privacy policies, consider the privacy risks and negative publicity. The ICO study was part of a global survey of 1,211 mobile apps, sponsored by the Global Privacy Enforcement Network (GPEN), which enlisted 26 privacy regulators from around the world. The much-publicized conclusion of the survey was that 85% of all apps fail to properly explain what data they are collecting and how they are using it, and that 31% of apps request an “excessive number of permissions to access personal information.”
The numbers and negative attention will only get worse, as privacy groups and media continue to increase their scrutiny of data collection practices.
Unbeknownst to many mobile app developers, their ad networks may be engaging in aggressive practices with their users and where the network has been compromised, even installing malware on their phones. Examples include:
Other technical deficiencies in your mobile app code – such as failing to properly check SSL / TLS certificates or inter-app injection flaws – let hackers exploit your users directly.
With ad-funded mobile apps, the ad network is the data controller technically responsible for stopping malvertisments and other corruptions. But the app developer carries the responsibility to collect only as much user data as needed, to protect that data from exfiltration, and to do background checks of the ad publishing networks being used. Otherwise the mobile app developer may become an unwitting aid to criminals.
The post Mobile App Developers Unwittingly Aid Criminals appeared first on Avira Blog.
Marriott International has fixed an exploit in their Android app, that could expose personal details for customers of the hotel chain, highlighted by a security researcher.
The post Marriott fixes Android app exploit that could expose personal data appeared first on We Live Security.
A zero day vulnerability in Flash is being actively used by cybercriminals, according to Forbes.
The post Zero-day vulnerability in Flash Player exploited by attackers appeared first on We Live Security.
Earlier this January, the Charlie Hebdo attacks in Paris shocked millions across the globe. News channels brought us almost 24 hour coverage of events and are still analyzing the effects, some weeks later.
However, there’s more to the aftermath than first meets the eye. France has received a massive spike in detected cyber-attacks, reporting over 19,000 attacks since events unfolded in the capital.
This cyber-terrorism represents an often ‘hidden’ side to politically motivated conflict and are neither new nor unique.
For many years, we have witnessed a close correlation between tensions in the middle-east and the number of cyber-attacks detected in conflict zones.
Political conflicts between Turkey, Syria, Lebanon, Israel, Egypt and Palestine regularly trigger waves of cyber-attacks such as website defacements and Denial of Service attacks (DDoS).
Here are just a few examples of this cyber-terrorism:
Just as street-level conflict can be a way to express opinion and get your voice heard; for others, cyber-attacks are the most powerful protest tool available.
“these attacks are usually unsophisticated and are not motivated by theft of data or money”.
In my experience, these attacks are usually unsophisticated and are not motivated by theft of data or money. Instead, they are brought about simply by an individual or group’s need to voice their opinions.
So as Europe experiences a wave of terror attacks, what can it learn from the middle-east and its longstanding tensions?
For one, there is a very real correlation between civil conflicts and attacks in cyberspace, although thankfully not visa-versa.
Second, consumers and businesses should make sure they protect themselves in cyberspace once terror or political conflicts hit the streets.
Visit our AVG Academy on YouTube for helpful tips on protecting yourself online.
The World Economic Forum’s annual Global Risks report has highlighted risks inherent with Internet of Things style connected devices.
The post Internet of Things hacking: World Economic Forum warns of “global threat” appeared first on We Live Security.
Bluetooth dongles provided to drivers by insurance companies to track driving habits are poorly secured, and could be hacked to hijack cars, reports The Register.
The post Bluetooth fob used in 2 millions American cars vulnerable to exploit appeared first on We Live Security.
Australian travel insurance company Aussie Travel Cover has been breached in a hack that has seen ‘hundreds of thousands’ of travel records stolen, reports Yahoo News Australia.
The post Aussie Travel Cover breached in December hack appeared first on We Live Security.
A recent report from Piper Jaffray found that 75% of companies expected to increase their IT security spending in 2015, following a year of high-profile hacks and data breaches in 2014.
The post How can businesses save money on internet security in 2015? appeared first on We Live Security.
Two thoughts come to mind when I read reports about data security and the protection of personal data: the responsibility of those who collect and store our data but also everyone’s duty to handle their own data responsibly.
Let’s start with the first thought:
Anyone storing someone else’s data must ensure that this data is protected against unauthorized access and that the owner of the data knows what is happening to it. In plain English: Why and for what purpose is data being stored and used? Technical countermeasures can be taken against many of the threats mentioned above. Among them, companies can ensure servers, networks, and data are reliably protected. While no security solution will ever be perfect, options and technologies exist which make it extremely difficult for hackers to achieve their objective.
To me, however, the second thought is the more fascinating of the two as the media pay considerably less attention to it than the first one. Many people now protect their devices by using antimalware software and keeping their apps and programs updated on all their devices. It’s a good start, but is it enough?
How responsibly do we handle our own sensitive data?
This question alone is so fascinating as everyone has his or her own take on where the boundaries lie between private and public data. While some people won’t even allow their name to be listed in a telephone directory, others put their whole lives on show for all to see on social networks. In addition, when it comes to protecting their own data the majority of people only think about the data stored someplace else other than on their devices. But just how carelessly do we give away our information?
I witnessed something interesting a few days back. On a regular flight I had chance of being allocated the middle seat of the row. The biggest disadvantage of the middle seat is that you sit squashed between two other travelers. That being said, the seat also has also a really entertaining plus-point: you can easily see what the travelers are reading to the left and right of you in the row in front. They often read the usual magazines and newspapers – in other words, completely harmless reading matter. However, this time, I saw the person to my left in the row in front going through emails on a notebook. Normally an incredibly boring activity to strangers were it not for a few key terms in an email that grabbed my attention. What I saw caused my eyes to momentarily stay glued to the email. How should I put it: I now know who this person is, which company the person works for, the person’s position there, that the person is advising a major German corporation on behalf of this company, who the person’s points of contact are at this corporation, that the person is working on a still secret project with this German corporation, and what this project is about. I gathered this huge amount of information all within 30 seconds at most. It’s a good thing I’m not interested in using such information and that I had forgotten most of it by next day anyway.
Things got even more astonishing on the return flight. I saw the person to my right checking recent bank balances. The statements had been downloaded to a notebook and the person spent the entire flight going through each account and transaction. Without any effort at all I could not only see the names of his contacts, but also the names of the banks, sort codes, account numbers, account balances, and additional payment details. This is nothing short of sheer carelessness!
On the one hand, there are now infinite options for users to publish, view, and manipulate data on a wide range of devices. On the other hand, there are countless, smart options to protect devices, networks, and data. Certainly, some allegations levied at companies and organizations which handle our data carelessly are completely justified. But nobody can absolve us of our obligation to handle our own data responsibly.
Think about this the next time you’re sitting in an airplane reading highly confidential emails or checking your bank statements. Or at least make sure nobody’s sitting in the middle seat of the row behind you.
The post The easiest way to get your hands on sensitive data appeared first on Avira Blog.
