Uber’s iOS App was given Secret Permissions by Apple That Allowed It to Record Your Phone Screen

To improve functionality between Uber’s app and the Apple Watch, Apple allowed Uber to use a powerful tool that could record a user’s iPhone screen, even if Uber’s app was only running in the background, security researchers told Gizmodo. After the researchers discovered the tool, Uber said it is no longer in use and will Read more about Uber’s iOS App was given Secret Permissions by Apple That Allowed It to Record Your Phone Screen[…]

Equifax operates site to access salary and employer history using an SSN + DoB (which you can find in the Equifax dump)

Incredibly, this same division makes it simple to access detailed salary and employment history on a large portion of Americans using little more than someone’s Social Security number and date of birth — both data elements that were stolen in the recent breach at Equifax. At issue is a service provided by Equifax’s TALX division Read more about Equifax operates site to access salary and employer history using an SSN + DoB (which you can find in the Equifax dump)[…]

Warning: Microsoft is using Cortana to read your private Skype conversations

Cortana is a decent voice assistant. Hell, “she” is probably better than Apple’s woefully disappointing Siri, but that isn’t saying very much. Still, Microsoft’s assistant very much annoys me on Windows 10. I don’t necessarily want to use my desktop PC like my phone, and sometimes I feel like she is intruding on my computer. Read more about Warning: Microsoft is using Cortana to read your private Skype conversations[…]

T-Mobile Website Allowed Hackers to Access Your Account Data With Just Your Phone Number

Until last week, a bug on a T-Mobile website let hackers access personal data such as email address, a customer’s T-Mobile account number, and the phone’s IMSI, a standardized unique number that identifies subscribers. On Friday, a day after Motherboard asked T-Mobile about the issue, the company fixed the bug. The flaw, which was discovered Read more about T-Mobile Website Allowed Hackers to Access Your Account Data With Just Your Phone Number[…]

Equifax hackers targeted 15.2 million UK records – a lot more than the 400k they originally said

Equifax has admitted that almost double the number of UK customers had their information stolen in a major data breach earlier this year than it originally thought, and that millions more could have had their details compromised. The credit rating firm said it is contacting nearly 700,000 customers in the UK to alert them that Read more about Equifax hackers targeted 15.2 million UK records – a lot more than the 400k they originally said[…]

Equifax breach included 10 million US driving licenses

10.9 million US driver’s licenses were stolen in the massive breach that Equifax suffered in mid-May, according to a new report by The Wall Street Journal. In addition, WSJ has revealed that the attackers got a hold of 15.2 million UK customers’ records, though only 693,665 among them had enough info in the system for Read more about Equifax breach included 10 million US driving licenses[…]

Hackers nick $60m from Taiwanese bank in tailored SWIFT attack

Hackers managed to pinch $60m from the Far Eastern International Bank in Taiwan by infiltrating its computers last week. Now, most of the money has been recovered, and two arrests have been made in connection with the cyber-heist. On Friday, the bank admitted the cyber-crooks planted malware on its PCs and servers in order to Read more about Hackers nick $60m from Taiwanese bank in tailored SWIFT attack[…]

If you don’t want Sonos to have your personal data, they will brick your players for you

Sonos’ policy change, outlined by chief legal officer Craig Shelburne, allows the gizmo manufacturer to slurp personal information about each owner, such as email addresses and locations, and system telemetry – collectively referred to as functional data – in order to implement third-party services, specifically voice control through Amazon’s Alexa software, and for its own Read more about If you don’t want Sonos to have your personal data, they will brick your players for you[…]

Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack | why it’s a great idea to entrust personal data to governments (not)

In November 2016, the Australian Signals Directorate (ASD) was alerted by a “partner organisation” that an attacker had gained access to the network of a 50-person aerospace engineering firm that subcontracts to the Department of Defence. Restricted technical information on the F-35 Joint Strike Fighter, the P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft, Read more about Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack | why it’s a great idea to entrust personal data to governments (not)[…]

Companies overlook risks in open source software: compliance and policy

Open source code helps software suppliers to be nimble and build products faster, but a new report reveals hidden software supply chain risks of open source that all software suppliers and IoT manufacturers should know about. […] “We can’t lose sight that open source is indeed a clear win. Ready-to-go code gets products out the Read more about Companies overlook risks in open source software: compliance and policy[…]