The passwords of some people using sites monitored by popular analytics provider Mixpanel were mistakenly pulled into its software. Until experts’ inquiry, Mixpanel had made no public announcement about the embarrassing error beyond quietly emailing clients about the problem. Yet some need to update to a fixed Mixpanel SDK to prevent an ongoing privacy breach.
It’s unclear which clients were impacted due to confidentiality agreements, but Mixpanel lists Samsung, BMW, Intuit, US Bank and Fitbit as some of the companies it works with. “We can tell you that less than 25 percent of our customers were impacted,” the company’s spokesperson told.Read more
The two people who hacked ride-hailing firm Uber’s data in 2016 were in Canada and Florida at the time, a company security executive told a U.S. congressional committee on Tuesday.
About 25 million people whose data was compromised in the breach live in the United States, Uber Technologies Inc chief information security officer John Flynn said in written testimony to a Senate Commerce Committee panel. Of those, 4.1 million were drivers, said Flynn, whose testimony described new details about the hack, the handling of which prompted newly appointed Uber Chief Executive Officer Dara Khosrowshahi to fire two top security officials.Read more
A security researcher has found a way to identify users of Hotspot Shield, a popular free virtual private network service that promises its users anonymity and privacy.
Hotspot Shield, developed by AnchorFree, has an estimated 500 million users around the world relying on its privacy service. By bouncing a user's internet and browsing traffic through its own encrypted pipes, the service makes it harder for others to identify individual users and eavesdrop on their browsing habits. But an information disclosure bug in the privacy service results in a leak of user data, such as which country the user is located, and the user's Wi-Fi network name, if connected.Read more
Security researchers have uncovered 89 malicious Google Chrome extensions on the official Chrome store that can inject ads, code to secretly mine cryptocurrency, and load a tool to record and replay a person's browsing activities. This collection of extensions affected over 423,000 users and was used to form a new botnet called "Droidclub."
In November 2017, Princeton's Center for Information Technology highlighted the use of legitimate session-replay scripts on popular, high-traffic websites by third-party analytics firms. These scripts are used to record and replay a user's visit to a website, allowing the site owner to figure out what the user saw.Read more
A group of Silicon Valley technologists who were early employees at Facebook and Google, alarmed over the ill effects of social networks and smartphones, are banding together to challenge the companies they helped build.
The cohort is creating a union of concerned experts called the Center for Humane Technology. Along with the nonprofit media watchdog group Common Sense Media, it also plans an anti-tech addiction lobbying effort and an ad campaign at 55,000 public schools in the United States. The campaign, titled The Truth About Tech, will be funded with $7 million from Common Sense and capital raised by the Center for Humane Technology.Read more
You are probably familiar with browser extensions, which most of us use on a daily basis. They add a lot of useful features to browsers, but at the same time, they pose threats to both privacy and security.
Let’s discuss what’s wrong with browser extensions and how you can minimize the chances of one of them running amok on you. But first let’s go through what exactly a browser extension is. What are browser extensions, and why do you need them? A browser extension is something like a plugin for your browser that adds certain functions and features to it. Extensions can modify the user interface or add some Web service functionality to your browser.Read more
Hackers could seize control of home appliances fitted with new smart technology and force them to mine Bitcoin without the owner's knowledge, security experts have warned.
High-tech fridges, ovens and washing machines powered by computer processors and linked to home assistant devices and smart phones are all vulnerable to attack from cyber criminals, specialists from geopolitics consultancy Stratfor said. And, if hackers manage to hijack the software controlling them, they could use the appliance’s computing power to mine cryptocurrency such as Bitcoin, then funnel off the proceeds into their own digital wallets.Read more
Owl hopes to do for the dashboard-camera market what the iPod did for portable audio players. That might seem like a tall order for a fledgling startup, but the ambition makes sense for a company led by Andy Hodge, who served as the iPod product lead at Apple for a decade.
After a stint at Dropcam, he realized that there's another area where a smart security camera could be useful: inside your car. Given the ever-present threat of accidents, break-ins and mysterious parking lot dings, a cloud-connected dashcam seems like something every driver would want.Read more
Cybersecurity researchers at Ben-Gurion University of the Negev say that medical imaging devices, such as CT scans, are vulnerable to cyber-threats, and manufacturers and healthcare providers must therefore be more diligent in protecting them.
During the years it takes to get MID machines from development to market, cyber-threats can change significantly, leaving the devices exposed, the researchers said. In their paper, “Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices,” the researchers show how easy it is to exploit unprotected medical devices.Read more
A family of malicious Firefox addons have been discovered being pushed by sites pretending to be a manual update for Firefox.