Recent Security News
-
FTC bans one more data broker from selling your location info
January 19, 2024 at 12:14PM The FTC settled with InMarket, prohibiting it from selling Americans’ location data. The company collects data from its own and third-party apps, creating detailed advertising profiles without users’ consent. The FTC found InMarket’s data retention policy excessive and proposed measures including data deletion and consent enforcement. This is the FTC’s…
-
Missing the Cybersecurity Mark With the Essential Eight
January 19, 2024 at 12:08PM Australia made significant investments in cybersecurity, but still faces challenges, with numerous cyber incidents affecting key sectors. The Essential Eight, a cybersecurity framework, is outdated and fails to address modern threats like cloud and SaaS applications. An update is necessary to include directives for configuration management, identity security, third-party app…
-
iPhone, Android Ambient Light Sensors Allow Stealthy Spying
January 19, 2024 at 11:46AM Researchers at MIT have discovered that ambient light sensors in smart devices, usually used for adjusting screen brightness, can covertly capture images of user gestures without requiring permission, posing a privacy threat. The team highlighted the potential risk and suggested measures like restricting information rates and adding permission controls to…
-
Chinese hackers exploit VMware bug as zero-day for two years
January 19, 2024 at 11:38AM Summary: A Chinese hacking group exploited a vCenter Server vulnerability (CVE-2023-34048) as a zero-day since late 2021, using it to breach targets’ servers, escalate privileges, and exfiltrate files. The group, UNC3886, also targeted Fortinet firewall devices with a zero-day. Its preferred targets include defense, government, telecom, and tech sectors in…
-
CISA’s Road Map: Charting a Course for Trustworthy AI Development
January 19, 2024 at 10:05AM The Cybersecurity and Infrastructure Agency (CISA) has released a 2023–2024 “CISA Roadmap for Artificial Intelligence” to ensure secure and trustworthy development and use of AI, aligned with the White House Executive Order 14110. The road map focuses on four goals including cyber defense, risk reduction, operational collaboration, and agency unification.…