After Google it is Apple - Apple contractors 'regularly hear confidential details' on Siri recordings

Apple Watch and the HomePod smart speaker as the most frequent sources of mistaken recordings.

Sometimes, “you can definitely hear a doctor and patient, talking about the medical history of the patient.

A whistleblower , who asked to remain anonymous, expressed concerns about this lack of disclosure, particularly given the frequency with which accidental activation pick up extremely sensitive personal information.

The contractor said staff were encouraged to report accidental activation “but only as a technical problem”, with no specific procedures to deal with sensitive recordings

“There’s not much vetting of who works there, and the amount of data that we’re free to look through seems quite broad. It wouldn’t be difficult to identify the person that you’re listening to, especially with accidental triggers – addresses, names and so on.

https://www.theguardian.com/technology/2019/jul/26/apple-contractors-regularly-hear-confidential-details-on-siri-recordings

Equifax Data Breach - Find out if you are affected and file a claim - a one-time $125 payout, or 10 years of free credit reporting

Follow this link


https://www.vice.com/en_us/article/evyye7/equifax-owes-you-money-for-failing-to-protect-your-privacy-heres-how-to-get-it

Logic Bomb incident (Real and Not funny) - David Tinley was indicted in May 2019 and just last week pledged guilty to one count of intentional damage to a protected computer. He is now facing up to 10 years imprisonment along with a fine of up to $ 250,000

Tinley intentionally and without the company's knowledge or authorization inserted "logic bombs" into computer programs that caused glitches in the spreadsheet after the expiration of a certain date.

Tinley would just fix the issue by resetting the clock, invoice for his time, and then wait for the program to go wrong again, Law360 reports.

https://thehackernews.com/2019/07/siemens-logic-bomb.html

(From Twitter)For Infosec Pros who blame users -

Users: you gave us USB ports, but told us not to plug anything into them.

You tell us "Don't open links." But let's be real: if it was easy to spot a malicious link, you'd have already blocked it.

You tell us "don't open attachments" but it's something we HAVE to do for our jobs. Again, if spotting the malicious attachment was easy, why did you, the professionals, let it get to my inbox?

We watch TV , ever wonder what could happen if if TV is watching us

Guy finds  a video of himself and his wife on an X-rated website.Later , “cybersecurity experts” discovered that a hacker had hijacked control of the camera in his smart TV and captured footage of him as he “canoodled” with his wife on the sofa.

https://www.grahamcluley.com/did-a-hacked-smart-tv-upload-footage-of-couple-having-sofa-sex-to-a-porn-website/

Spearphone Attack - New Attack Lets Android Apps Capture Loudspeaker Data Without Any Permission

A separate team of cybersecurity researchers has successfully demonstrated a new side-channel attack that could allow malicious apps to eavesdrop on the voice coming out of your smartphone's loudspeakers without requiring any device permission.

Dubbed Spearphone, the newly demonstrated attack takes advantage of a hardware-based motion sensor, called an accelerometer, which comes built into most Android devices and can be unrestrictedly accessed by any app installed on a device even with zero permissions.


https://thehackernews.com/2019/07/android-side-channel-attacks.html

Insider Threat - Forget DLP, how many of us block USB or Cloud Storage?

- A newly unsealed federal indictment charges a software engineer for stealing proprietary information from his workplace and bringing it to China,
Within two weeks of his hiring date, Yao downloaded more than 3,000 files containing proprietary and trade secret data related to the system that runs the company's locomotives. Over the following six months he continued to download electronic files containing technical documents and software source code.


https://www.darkreading.com/risk/software-engineer-charged-for-taking-stolen-trade-secrets-to-china/d/d-id/1335224

Attention please !! - Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram

Dubbed "Media File Jacking," the attack leverages an already known fact that any app installed on a device can access and rewrite files saved in the external storage, including files saved by other apps installed on the same device.

Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against WhatsApp and Telegram Android apps, which could allow malicious actors to spread fake news or scam users into sending payments to wrong accounts.

https://thehackernews.com/2019/07/media-files-whatsapp-telegram.html