Geeks for your information
Avast_Security_News: Lawsuit accuses Instagram of spying on users - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: Security (https://www.geeks.fyi/forumdisplay.php?fid=68)
+--- Forum: Security Vendors (https://www.geeks.fyi/forumdisplay.php?fid=87)
+---- Forum: Avast (https://www.geeks.fyi/forumdisplay.php?fid=88)
+----- Forum: Avast Blog News and Info (https://www.geeks.fyi/forumdisplay.php?fid=128)
+----- Thread: Avast_Security_News: Lawsuit accuses Instagram of spying on users (/showthread.php?tid=12960)



Avast_Security_News: Lawsuit accuses Instagram of spying on users - harlan4096 - 28 September 20

Quote:
[Image: TVDumYE.png]

Plus, more newsbytes of the week including a ransomware attack on a hospital and half a million possibly-hacked Call of Duty accounts

Last week, lawyers for Instagram user Brittany Conditi filed a lawsuit in San Francisco against the social platform’s parent company Facebook for allegedly spying on Instagram users in the interest of market research.

The accusation stems in large part to the release of iOS 14, which added features to Apple products that alert users when their devices’ cameras or microphones are being used by apps. Noticing that the green dot signifying camera usage was on without her permission, Conditi and her team concluded that the app was collecting “valuable insights and market research” by “obtaining extremely private and intimate personal data on their users, including in the privacy of their own homes,” according to The Independent.

A spokesperson for Facebook said that the issue was caused by a bug in the app, stating, “We found and are fixing a bug in iOS 14 Beta that mistakenly indicates that some people are using the camera when they aren’t.” The spokesperson added that no user content is ever recorded by the app. Avast Security Evangelist Luis Corrons sees this user awareness of privacy issues as a good thing. “Companies have to be held accountable,” he commented, “especially those in the social media industry that have access to all kinds of information on their users. Some companies, like Facebook, have misused personal data in the past – giving access to third parties, for example. In this particular case, Facebook claims that the problem is a software bug and that Instagram is not using the camera when it shouldn’t. That should be easy to both prove and fix.”

CISA issues national alert on LokiBot malware

The United States Cybersecurity and Infrastructure Security Agency (CISA) released an alert this week to warn the nation about a notable increase in LokiBot malware attacks since July. Attackers use the malware to steal sensitive information such as login credentials and to create backdoors in the victims’ systems for future malware payloads. LokiBot is a simple, user-friendly malware and therefore a favorite choice of bad actors new to cybercrime. Since its discovery in 2015, the malware has been used for multiple types of attacks, including major phishing campaigns, ransomware, and impersonating a Fortnite launcher. The CISA alert provides recommendations to mitigate and avoid LokiBot attacks. 

Ransomware attack results in hospital patient’s death

A cyberattack that was probably intended for German institution Heinrich Heine University Düsseldorf, according to an extortion note and other evidence, instead hit University Hospital Düsseldorf, causing system outages that prevented the facility from offering emergency care and leading to the death of one patient who was turned away from the hospital and forced to seek treatment at a facility 20 miles away. A criminal case was launched and is still ongoing. Read more on this story at Newsweek. For more information on the dangers of hospital hacks, as well as some tips to become more resilient, see our blog post on the topic. 

Attackers take advantage of Google App Engine feature

A researcher has found a way that Google App Engine domains can be used to both host phishing sites and to create multiple paths to those phishing sites, all while evading security measures. The flaw is inherent in the naming protocol of the subdomain generator, which allows any number of multiple domains with the same group of suffixes to direct users to one main page. Bleeping Computer reported that upon discovery of the flaw, attention quickly shifted from the potential of the system being abused to the actual bad actors who were abusing the system. Another researcher revealed malicious manipulation of the app engine’s domains by pulling together a list of over 2,000 subdomains all leading to the same phishing page. 
...
Continue Reading