100071436
submission
lod123 writes:
Nearly a half-million pacemakers are up for a firmware update, to address potentially life-threatening vulnerabilities.
Abbott (formerly St. Jude Medical) has released another upgrade to the firmware installed on certain implantable cardioverter defibrillator (ICD) or cardiac resynchronization therapy defibrillator (CRT-D) devices – a.k.a., pacemakers. About 465,000 patients are affected. The update will strengthen the devices’ protection against unauthorized access, as the provider said in a statement on its website: “It is intended to prevent anyone other than your doctor from changing your device settings.”Link to Original Source
100051440
submission
lod123 writes:
Android phone-maker BLU Products agreed to a proposed settlement on Tuesday with the Federal Trade Commission, over allegations it allowed the third-party firm Adups Technology to collect detailed consumer data from users without their consent.
In an administrative complaint filed earlier this week against BLU and the company’s co-owner and president Samuel Ohev-Zion, the FTC accused the firm of sharing with China-based Adups the full contents of their users’ text messages, real-time cell tower location data, call and text-message logs, contact lists, and applications used and installed on devices.Link to Original Source
100011388
submission
lod123 writes:
As Georgia Governor Nathan Deal considers whether to sign a controversial piece of legislation that would allow companies to “hack back” with offensive initiatives in the face of a cyberattack, companies from across the tech spectrum are lining up to protest the measure.
Also, a hacktivist group has targeted Georgia Southern University, two restaurants and a church to protest the bill.Link to Original Source
99982675
submission
lod123 writes:
At least 25,936 malicious apps are currently using one of Facebook’s APIs, such as a login API or messaging API. These allow apps to access a range of information from Facebook profiles, like name, location and email address.
Trustlook discovered the malicious apps using a formula, which created a risk score for apps based on more than 80 pieces of information for each app, including permissions, libraries, risky API calls and network activity.Link to Original Source
99918655
submission
lod123 writes:
Uber is tightening policies around its bug-bounty program after a 2016 data breach exposed deep flaws in its policies around handling extortion. With the updates, Uber’s HackerOne bug bounty policies more thoroughly outline “good-faith vulnerability research and disclosure,” and contain language defining what constitutes unacceptable behavior, stating that the company wants researchers “to hunt for bugs, not user data.”
99879843
submission
lod123 writes:
Scoop: A leaky Mongo database exposed personal information, including scanned passports and driver’s licenses, of 25,000 investors and potential investors tied to the Bezop cryptocurrency, according to researchers.
99877389
submission
lod123 writes:
A malicious proof-of-concept Amazon Echo Skill shows how attackers can abuse the Alexa virtual assistant to eavesdrop on consumers with smart devices – and automatically transcribe every word said.
