#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Privacy | Breaking Cybersecurity News | The Hacker News

Heat Map Released by Fitness Tracker Reveals Location of Secret Military Bases

Heat Map Released by Fitness Tracker Reveals Location of Secret Military Bases

Jan 29, 2018
Every one of us now has at least one internet-connected smart device, which makes this question even more prominent —how much does your smart device know about you? Over the weekend, the popular fitness tracking app Strava proudly published a " 2017 heat map " showing activities from its users around the world, but unfortunately, the map revealed what it shouldn't—locations of the United States military bases worldwide. Strava which markets itself as a "social-networking app for athletes" publicly made available the global heat map, showing the location of all the rides, runs, swims, and downhills taken by its users, as collected by their smartphones and wearable devices like Fitbit. Since Strava has been designed to track users' routes and locations, IUCA analyst Nathan Ruser revealed that the app might have unintentionally mapped out the location of some of the military forces around the world, especially some secret ones from the United States. Wi
Is Your DJI Drone a Chinese Spy? Leaked DHS Memo Suggests

Is Your DJI Drone a Chinese Spy? Leaked DHS Memo Suggests

Dec 04, 2017
The United States Department of Homeland Security (DHS) has recently accused Da-Jiang Innovations (DJI), one of the largest drone manufacturers, of sending sensitive information about U.S. infrastructure to China through its commercial drones and software. A copy memo from the Los Angeles office of the Immigration and Customs Enforcement bureau (ICE) has begun circulating online more recently, alleging "with moderate confidence" that DJI drones may be sending US critical infrastructure and law enforcement data back to China. However, the bureau accessed "with high confidence" that this critical data collected by the DJI systems could then be used by the Chinese government to conduct physical or cyber attacks against the U.S. critical infrastructure and its population. The memo goes on to specify the targets the Chinese Government has been attempting to spy on, which includes rail systems, water systems, hazardous material storage facilities, and constructio
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
HP Silently Installs Telemetry Bloatware On Your PC—Here's How to Remove It

HP Silently Installs Telemetry Bloatware On Your PC—Here's How to Remove It

Nov 30, 2017
Do you own a Hewlett-Packard (HP) Windows PC or laptop? Multiple HP customers from around the world are reporting that HP has started deploying a "spyware" onto their laptops—without informing them or asking their permission. The application being branded as spyware is actually a Windows Telemetry service deployed by HP, called "HP Touchpoint Analytics Client," which was first identified on November 15. According to reports on several online forums, the telemetry software—which the HP customers said they never opted to have installed and had no idea was continually running in the background—was pushed out in a recent update. However, it's not yet clear whether the software has come with the latest Microsoft's Windows updates, or via HP's support assistant processes. An official description of the software says that the program "harvests telemetry information that is used by HP Touchpoint's analytical services." HP Touchpoint
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
iPhone Apps With Camera Permissions Can Secretly Take Your Photos Without You Noticing

iPhone Apps With Camera Permissions Can Secretly Take Your Photos Without You Noticing

Oct 30, 2017
Are you a proud iPhone owner? If yes, this could freak you up. Trust me! Your iPhone has a serious privacy concern that allows iOS app developers to take your photographs and record your live video using both front and back camera—all without any notification or your consent. This alarming privacy concern in Apple's mobile operating system was highlighted by an Austrian developer and Google engineer, Felix Krause, who detailed the issue in his blog post published Wednesday. The issue, Krause noted, is in the way Apple's software handles camera access. Apparently, there is a legitimate reason for many apps, such as Facebook, WhatsApp, and Snapchat, to request access to your camera, in an effort to take a photo within the app. So, this permissions system is not a bug or a flaw instead it is a feature, and it works exactly in the way Apple has designed it, but Krause said any malicious app could take advantage of this feature to silently record users activities. iPhon
OnePlus Secretly Collects Way More Data Than It Should — Here’s How to Disable It

OnePlus Secretly Collects Way More Data Than It Should — Here's How to Disable It

Oct 10, 2017
There is terrible news for all OnePlus lovers. Your OnePlus handset, running OxygenOS—the company's custom version of the Android operating system, is collecting way more data on its users than it requires. A recent blog post published today by security researcher Christopher Moore on his website detailed the data collection practice by the Shenzhen-based Chinese smartphone maker, revealing that OxygenOS built-in analytics is regularly sending users' telemetry data to OnePlus' servers. Collecting basic telemetry device data is a usual practice that every software maker and device manufacturers do to identify, analyse and fix software issues and help improve the quality of their products, but OnePlus found collecting user identification information as well. Moore simply started intercepting the network traffic to analyse what data his OnePlus device sends to its servers, and found that the data collected by the company included: User' phone number MAC addresse
 Microsoft Cortana Can Now Read Your Skype Messages to Make Chat Smarter

Microsoft Cortana Can Now Read Your Skype Messages to Make Chat Smarter

Oct 10, 2017
Microsoft today announced built-in support for Cortana—an artificial intelligence-powered smart assistant—in Skype messenger on Android as well as iOS devices. What purpose does it serve? Microsoft wants its AI-based smart assistance to understand your conversations and help you with quick suggestions, ideas and information right inside your chat window. "Cortana can also help you organize your day—no need to leave your conversations. Cortana can detect when you're talking about scheduling events or things you have to do and will recommend setting up a reminder, which you will receive on all your devices that have Cortana enabled," Skype said in a blog post . In other words, it typically means — Microsoft's Cortana can now read your private Skype conversations. Should You Worry About Your Privacy? Yes, Cortana needs continuous monitoring of your private chats in order to come up with useful suggestions such as movie bookings, travel plans, nearby restaura
China Bans WhatsApp Messenger

China Bans WhatsApp Messenger

Sep 26, 2017
Popular instant messaging app WhatsApp has already been struggling for its existence in China ever since July when Chinese government blocked its users from sending photos and videos over the app. Now, it appears that China has largely blocked Facebook-owned WhatsApp in its latest step to tighten censorship as the country prepares for a major Communist Party gathering next month. Yes, WhatsApp no longer works in the country at all. China has a long history of blocking and limiting access to web services, especially social networks and Western-owned sites through its Great Firewall . The service currently blocks some 171 out of the world's leading websites, including Wikipedia, Twitter, Facebook, Instagram, and many Google services in mainland China. And now, it is WhatsApp. Although it's unclear how long the messaging app may remain inaccessible in the country, according to Symbolic Software, a Paris-based research firm that monitors WhatsApp's situation in Chi
75,000 Turks Arrested So Far for Downloading Encrypted Messaging App

75,000 Turks Arrested So Far for Downloading Encrypted Messaging App

Sep 15, 2017
WARNING: If you are Turkish and using or have installed ByLock —a little-known encrypted messaging app—you could be detained by Turkish authorities. You might be thinking why??? Because using this app in Turkish is illegal since last year. The background story begins here... Remember the deadliest Turkey's failed coup attempt? In July 2016, a section of the Turkish military launched a coordinated operation—by deploying soldiers, tanks on the streets of major Turkish cities—to topple the government and unseat President Recep Tayyip Erdogan . The Turkish government blamed Muhammed Fethullah Gülen, a Turkish preacher who lives in the United States, for leading the July 15-16 attempted coup , though Gülen denied any involvement. In the aftermath of the coup attempt, Milli İstihbarat Teşkilatı (MİT), the Turkish intelligence agency investigated and found that the ByLock messaging app was used as a communication tool by tens of thousands of Gülen movement followers to c
China Enforces Real-Name Policy to Regulate Online Comments

China Enforces Real-Name Policy to Regulate Online Comments

Aug 29, 2017
If you reside in China, your Internet life within the borders will soon be even more challenging. Last Friday, China's top Internet regulator announced a new set of rules that would force citizens to post comments using their real-world identities on Internet forums and other web platforms. Yes, you heard that right. Anonymity is about to die in the country. The Cyberspace Administration of China (CAC) will start officially enforcing the new rules starting from October 1, 2017, requiring websites operators and service providers of online forums to request and verify real names and other personal information from users when they register and must immediately report illegal content to the authorities. According to the CAC, the following content would be considered unlawful and forbidden from being published online: Opposing the basic principles as defined in the Constitution Endangering national security Damaging nation's honor and interests Inciting national ha
Beware! Viral Sarahah App Secretly Steals Your Entire Contact List

Beware! Viral Sarahah App Secretly Steals Your Entire Contact List

Aug 28, 2017
Are you also one of those 18 Million users using SARAHAH? You should beware of this app because the anonymous feedback application may not be as private as it really sounds. Sarahah is a newly launched app that has become one of the hottest iPhone and Android apps in the past couple of weeks, allowing its users to sign up to receive anonymised, candid messages from other Sarahah users. However, it turns out that the app silently uploads users' phone contacts to the company's servers for no good reason, spotted by security analyst Zachary Julian. When an Android or iOS user downloads and installs the app for the first time, the app immediately harvests and uploads all phone numbers and email addresses from the user's address book, according to The Intercept . While an app requesting access to the user's phonebook is quite common if the app provides any feature that works with contacts, no such functionality in Sarahah is available right now. "The pri
Hotspot Shield VPN Accused of Spying On Its Users' Web Traffic

Hotspot Shield VPN Accused of Spying On Its Users' Web Traffic

Aug 08, 2017
" Privacy " is a bit of an Internet buzzword nowadays as the business model of the Internet has now shifted towards data collection. Although Virtual Private Network (VPN) is one of the best solutions to protect your privacy and data on the Internet, you should be more vigilant while choosing a VPN service which actually respects your privacy. If you are using popular free virtual private networking service Hotspot Shield , your data could be at a significant risk. A privacy advocacy group has filed a complaint with the Federal Trade Commission (FTC) against virtual private networking provider Hotspot Shield for reportedly violating its own privacy policy of "complete anonymity" promised to its users. The 14-page-long complaint filed Monday morning by the Centre for Democracy and Technology (CDT), a US non-profit advocacy group for digital rights, accused Hotspot Shield of allegedly tracking, intercepting and collecting its customers' data. Develo
Smart Vacuum Cleaners Making Map Of Your Home — And Wants to Sell It

Smart Vacuum Cleaners Making Map Of Your Home — And Wants to Sell It

Jul 26, 2017
What if I say that your cute, smart robotic vacuum cleaner is collecting data than just dirt? During an interview with Reuters, the CEO of iRobot, the company which manufactured Roomba device, has revealed that the robotic vacuum cleaner also builds a map of your home while cleaning — and is now planning to sell this data to third-party companies. I know it sounds really creepy, but this is what the iRobot company has planned with the home mapping data its Roomba robots collect on its users. What is Roomba? Manufactured by Massachusetts-based firm iRobot, Roomba is a cute little robotic vacuum cleaner — which ranges in price from $375 to $899 — that has been vacuuming up household dirt since 2002. Early versions of Roomba used IR or laser sensors to avoid obstacles in their way, but the company began distributing high-end Wi-Fi-connected Roomba models from 2015, such as the Roomba 980, which includes a camera and Simultaneous Localisation And Mapping (SLAM) technology tha
China Shuts Down Popular VPN Services to Make Great Firewall Stronger

China Shuts Down Popular VPN Services to Make Great Firewall Stronger

Jul 04, 2017
Online Privacy has been one of the biggest challenges in today's interconnected world, as the governments across the world have been found censoring the Internet, stealing information and conducting mass surveillance on innocent people. China is one such nation which always wanted to have a tight hold on its citizen and has long been known for its strict Internet censorship laws through the Great Firewall of China. The Great Firewall of China is the nation's Golden Shield project that employs a variety of tricks to censor Internet and block access to various foreign news and social media sites, including Google, Facebook, Twitter, Tumblr, Dropbox, and The Pirate Bay. So, in order to thwart these restrictions and access blocked websites, hundreds of millions of Chinese citizens rely on virtual private networks (VPNs) which route their traffic to servers overseas free of the Great Firewall filters, but this may not be an option soon. For those unfamiliar, Virtual P
Telegram Agrees to Register With Russia to Avoid Ban, But Won't Share User Data

Telegram Agrees to Register With Russia to Avoid Ban, But Won't Share User Data

Jun 29, 2017
After being threatened with a ban in Russia , end-to-end encrypted Telegram messaging app has finally agreed to register with new Russian Data Protection Laws, but its founder has assured that the company will not comply to share users' confidential data at any cost. Russia's communications watchdog Roskomnadzor had recently threatened to block Telegram if the service did not hand over information required to put the app on an official government list of information distributors. The Russian government requirement came following terrorists' suicide bombings that killed 15 people in Saint Petersburg in April in which terrorists allegedly used the Telegram 's app to communicate and plot attacks. "There is one demand, and it is simple: to fill in a form with information on the company that controls Telegram," said Alexander Zharov, head of Roskomnadzor.  "And to officially send it to Roskomnadzor to include this data in the registry of organizers
WebSites Found Collecting Data from Online Forms Even Before You Click Submit

WebSites Found Collecting Data from Online Forms Even Before You Click Submit

Jun 21, 2017
'Do I really need to give this website so much about me?' That's exactly what I usually think after filling but before submitting a web form online asking for my personal details to continue. I am sure most of you would either close the whole tab or would edit already typed details (or filled up by browser's auto-fill feature) before clicking 'Submit' — Isn't it? But closing the tab or editing your information hardly makes any difference because as soon as you have typed or auto-filled anything into the online form, the website captures it automatically in the background using JavaScript, even if you haven't clicked the Submit button. During an investigation, Gizmodo has discovered that code from NaviStone used by hundreds of websites, invisibly grabs each piece of information as you fill it out in a web form before you could hit 'Send' or 'Submit.' NaviStone is an Ohio-based startup that advertises itself as a service to u
Netgear Now Collects Router 'Analytics Data' — Here’s How to Disable It

Netgear Now Collects Router 'Analytics Data' — Here's How to Disable It

May 22, 2017
Is your router collects data on your network? Netgear last week pushed out a firmware update for its wireless router model NightHawk R7000 with a remote data collection feature that collects router's analytics data and sends it to the company's server. For now, the company has rolled out the firmware update for its NightHawk R7000, but probably other router models would receive the update in upcoming days. The Netgear's alleged router analytics data collects information regarding: Total number of devices connected to the router IP address MAC addresses Serial number Router's running status Types of connections LAN/WAN status Wi-Fi bands and channels Technical details about the use and functioning of the router and the WiFi network. The company said it is collecting the data for routine diagnostic to know how its products are used and how its routers behave. "Technical data about the functioning and use of our routers and their WiFi network
Save the Internet: FCC Unveils Plan to Rollback Net-Neutrality Rules

Save the Internet: FCC Unveils Plan to Rollback Net-Neutrality Rules

Apr 27, 2017
After crushing a set of privacy rules on ISPs that restrict them from sharing your online data with third parties without your consent, President Donald Trump's newly appointed FCC chairman Ajit Pai has announced the first move in its efforts to kill off Net Neutrality. The US Federal Communications Commission (FCC) has announced that it will roll back net neutrality rules that require Internet service providers (ISPs) to treat all services and websites on the Internet equally. Before moving forward, let's first understand What does Net Neutrality mean? What is Net Neutrality And Why It's Important? Net Neutrality is simply the Internet Freedom — Free, Fast and Open Internet for all. Net Neutrality is the principle that ISPs should give consumers access to all and every contents and application on an equal basis, treating all Internet traffic equally. Today, if there is something that makes everyone across the world 'Equal,' it's the Internet. Equality over
Trump's New FCC Chairman Lets ISPs Sell Your Private Data Without Your Consent

Trump's New FCC Chairman Lets ISPs Sell Your Private Data Without Your Consent

Mar 02, 2017
Bad News for privacy concerned people! It will be once again easier for Internet Service Providers (ISPs) to sell your personal data for marketing or advertisement purposes without taking your permission. Last October, the United States Federal Communications Commission (FCC) passed a set of privacy rules on ISPs that restrict them from sharing your online data with third parties without your consent and require them to adopt "reasonable measures" to protect consumers' data from hackers. However, now the FCC suspended privacy rules before they came into effect. The reason? President Donald Trump's newly appointed FCC chairman Ajit Pai, a Republican and ex-Verizon lawyer. Ajit Pai, who has openly expressed his views against net neutrality in the past, just last week said during a speech at Mobile World Congress that Net Neutrality was "a mistake" and indicated that the Commission is now moving back to internet regulations. Now, Pai suspends p
Signal Messaging App Rolls Out Encrypted Video Calling

Signal Messaging App Rolls Out Encrypted Video Calling

Feb 15, 2017
WhatsApp and Facebook have so far the largest end-to-end encrypted video calling network of all, but now another popular end-to-end encrypted messaging app recommended by whistleblower Edward Snowden is ready to give them a really tough competition. The Signal app, which is widely considered the most secure of all other encrypted messaging apps, released video calling feature on Tuesday for both Android and iOS in a new update. Developed by open source software group Open Whisper System, Signal is a free and open source messaging application specially designed for Android and iOS users to make secure and encrypted messages and voice calls. Even the Signal Protocol powers the end-to-end encryption built into WhatsApp, Facebook Messenger, and Google Allo's Incognito mode as well. Signal has already been providing fully end-to-end encrypted chat and voice calling features, but the newly added feature will make it even easier for privacy conscious people to convey their inf
Cybersecurity Resources