A selection of this week’s more interesting vulnerability disclosures and cyber security news. While not as main stream as Skype, Matrix has certainly gained a good following (one I’ve been personally watching for a few years myself). The announcement of a major breach via vulnerabilities in it’s Jenkins CI system do highlight that any door in will be taken and used to pivot into where the jewels really are:
Slightly embarrassing news for Alexa, where they previously claimed that no voice recordings are kept…
- Amazon Auditors Listen to Echo Recordings, Report Says Amazon is under fire for its privacy policies after a Bloomberg report revealed that the company hires auditors to listen to Echo recordings.
And to round off with a swipe at consumer tech… The ever popular GPS tracking IoT market. Seems to be an endless stream of fails in a rush to market:
- TicTocTrack Smartwatch Flaws Can Be Abused to Track Kids A popular Australian smartwatch’s tracking capabilities expose its user’s locations, personal data and more.
Lots of more news here!
- Fake Instagram Apps on Google Play Harvest User Logins The apps, which claim to help users rack up followers, are well-rated and have been downloaded tens of thousands of times.
- TP-Link Routers Vulnerable to Zero-Day Buffer Overflow Attack Consumer router models allowed authenticated users to take unrestricted remote control over TL-WR940N and TL-WR941ND routers.
- Bayrob malware gang convicted of infecting over 400,000 computers worldwide, stealing millions through online auction fraud
- Insane in the domain: Sea Turtle hackers pwn DNS orgs to dash web surfers on the rocks of phishing pages
- Samsung Galaxy S10 Fingerprint Sensor Duped With 3D Print The Samsung Galaxy S10 fingerprint sensor can be fooled in a hack that takes a mere 13 minutes and involves a 3D printed fingerprint.