On Zoom conference calls across the US this week, brows grooved as the news broke that the video discussion fellowship had a flaw in its backend that have been able to utter intruders access to people’s webcams. Worse, Zoom seemed at first unwilling to fix the problem. Thankfully, hours after the initial reports, Zoom backtracked and issued a reparation to solve underlying vulnerability. You can go back to Zooming your brilliant brainstorms in treaty, everyone.
According to a new report this week, a Magecart hacking group has been breaking into misconfigured Amazon Web Services pails, checking the content of 17,000 regions, and stealing any goodies–like credit card multitudes spend on some ecommerce sites.
Also this week, we explained how to keep your kids’ data safe online and took a closer look at the scourge of credential dumping. We too reported that the window to rein in the risks of facial identification is closing, so something needs to be done fast. Oh, and we “ve brought you” the story of teens taking to TikTok to make fun of the surveillance app that &# x27; s devastating their summers.
But that’s not all. Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but which we think you should know about nonetheless. Click on the headlines to read them, and abide safe out there.
Few Silicon Valley companies are more secretive than surveillance application provider Palantir, cofounded by Peter Thiel. Exactly what the company does, how it spawns so much better much money, and what it’s working on next is often shrouded in whodunit. What is known is that Palantir’s surveillance software has become a backbone of US law enforcement, particularly Migration and Customs Enforcement, which since 2014 has reportedly had contracts arraying from $41 million to $51 million per year with Palantir for access to the company’s moving database and control software. Now, through a Freedom of Information Act request, Vice has come its pass on one of Palantir’s secret user manuals for law enforcement. The manual had indicated that with simply the identify of a person, law enforcement can use Palantir’s software to map that target &# x27; s family relationships, get their Social Security number, address, phone number, height, force, and eye emblazon. Add a license plate number, and Palantir’s system can often allow law enforcement to move where people have been during any given time period. Though much of this kind of information is available to law enforcement via separate signifies, Vice reports that Palantir’s system “aggregates and synthesizes” it in such a way as to give “law enforcement nearly omniscient acquaintance over any accused they decide to surveil.” As ICE readies massive attacks “of migrants ” kinfolks this weekend, the revealed Palantir system removes light on how the government tracks and acquires beings to arrest and deport.
No one has there actively craved a whisker straightening iron that connects to the internet of things, but that didn’t stop UK-based companionship Glamoriser from making one. If you happened to buy the company &# x27; s Blue Smart hair straightener–perhaps not even realizing it had Bluetooth capability, because why would it ?– then TechCrunch is sorry to report but intruders could totally impound your device, and well, change the temperature of the hot iron remotely, if they wanted to. Would they want to? Probably not. But then again, why would you ever want to control the temperature of the straightener from your phone, rather than the maneuver itself? Who knows! It’s a whodunit!
Apple announced this week that it was disabling the push-to-talk Apple Watch Walkie-Talkie app after the company learned it cause parties spy on other people’s phones without dispensation. The tip-off came in through Apple’s bug-reporting portal, and Apple says it has no evidence that anyone actually took advantage of the vulnerability. Apple rationalized for the defect and promised to “quickly fix the issue, ” according to a statement reported by TechCrunch.
The Washington Post reports that DC &# x27; s local government paid $1.7 million to secure Donald Trump’s Fourth of July armed procession and fireworks display. That sum, DC mayor Muriel E. Bowser said, has left the district’s special security fund empty. That note is intended for security measures for phenomena, revivals, and to protect against terrorism. In 2017, Trump’s inauguration reportedly cost different districts $ 7.3 million in certificate overheads, which were also drawn from that same store and never reimbursed. The mayor is requesting the White House refill the District’s security coffers, arguing that it’s unprecedented and unjust for the DC to pay for federal certificate with neighbourhood tax fund meant to protect residents of the District of Columbia.