The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

What if the tech intended to ensure that your kids, senior citizens, and pets are safe even when they're out of sight inadvertently expose them to stalkers? An estimated 600,000 GPS tracking devices for sale on Amazon and other large online merchants for $25–$50 have been found vulnerable to a handful of dangerous vulnerabilities that may have exposed user's real-time locations, security researchers have claimed. Cybersecurity researchers from Avast discovered that 29 models of GPS trackers made by Chinese technology company Shenzhen i365 for keeping tabs on young children, elderly relatives, and pets contain a number of security vulnerabilities. Moreover, all over half a million tracking devices were shipped with the same default password of "123456," leaving an opportunity for attackers to easily access tracking information for those who never changed the default password. Vulnerabilities in GPS Tracking Devices The reported GPS tracking device vulnerabili...

Google has finally agreed to pay $170 million fine to settle allegations by the Federal Trade Commission and the New York attorney general that its YouTube service earned millions by illegally harvesting personal information from children without their parents' consent. The settlement requires Google to pay $136 million to the FTC and an additional $34 million fine to New York state for allegedly violating the Children's Online Privacy Protection Act (COPPA) Rule. The COPPA rule requires child-directed websites and online services to explicitly obtain parental consent before collecting personal information from children under the age of 13 and then using it for targeted advertising. However, an FTC investigation [ PDF ] against Google's video service for children, called YouTube Kids, revealed that it had illegally gathered kids' data under 13. The data also includes children' persistent identification codes used to track a user's Internet browsing hab...

Twitter today finally decided to temporarily disable a feature, called ' Tweeting via SMS ,' after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey last week and sent a series of racist and offensive tweets to Dorsey's followers. Dorsey's Twitter account was compromised last week when a hacker group calling itself "Chuckling Squad" replicated a mobile phone number associated with the CEO account and abused this particular feature to post racist, offensive messages and bomb threats from it via SMS. Replicating a mobile phone number associated with someone else is a technique known as " SIM swapping ," where attackers social engineer a victim's mobile phone provider and trick the telecom company to transfer target's phone number to their own SIM card. Once they social engineered an AT&T employee and gained access to Dorsey's phone number, the Chuckling Squad hackers used the 'Tweeting via SMS' feat...

Beware! Billion of Android users can easily be tricked into changing their devices' critical network settings with just an SMS-based phishing attack. Whenever you insert a new SIM in your phone and connects to your cellular network for the very first time, your carrier service automatically configures or sends you a message containing network-specific settings required to connect to data services. While manually installing it on your device, have you ever noticed what configurations these messages, technically known as OMA CP messages, include? Well, believe me, most users never bother about it if their mobile Internet services work smoothly. But you should worry about these settings, as installing untrusted settings can put your data privacy at risk, allowing remote attackers to spy on your data communications, a team of cybersecurity researchers told The Hacker News. Mobile carriers send OMA CP (Open Mobile Alliance Client Provisioning) messages containing APN settin...

Mozilla has finally enabled the "Enhanced Tracking Protection" feature for all of its web browser users worldwide by default with the official launch of Firefox 69 for Windows, Mac, Linux, and Android. The company enabled the " Enhanced Tracking Protection " setting by default for its browser in June this year, but only for new users who downloaded and installed a fresh copy of Firefox. Remaining users were left with options to either enable the feature manually or wait for the company to activate it for all users. Now, the wait is over. With Firefox 69, Enhanced Tracking Protection will automatically be turned on by default for all users as part of the "Standard" setting in the Firefox browser, blocking known "third-party tracking cookies" and web-based cryptocurrency mining scripts. Firefox 69 By Default Blocks Known Third-Party Tracking Cookies Cookies are created by a web browser when a user loads a specific website, which helps...