Advertising and confidentiality. The sextortion comes to the ransomware. Patient data at risk. Vulnerability of the supply chain for security and surveillance cameras.


In one look.

  • An Irish privacy group is suing a New York advertising store for real-time auctions.
  • The sextortion comes to the ransomware.
  • Medical data at risk from unpatched VMware instances.
  • Supply chain issue for network security and surveillance cameras.

Irish privacy advocates are suing IAB over real-time auction.

BBC News reports that the Irish Civil Liberties Council (ICCL) is suing the Interactive Advertising Bureau (IAB) over alleged privacy breaches resulting from real-time advertising auctions. The IAB is a New York-based agency that develops standards for the digital advertising industry, and tech giants like Google, Facebook, and Amazon are among its members. In real-time auctions, during the short time it takes for a website to load, the digital ad space on that site is auctioned off to advertisers. User data – information about their interests based on browser history, as well as device details – is shared between ad brokers and buyers. “Every time we load a page on a commercial website or use an app, the website or app tells dozens or hundreds of businesses about us, so their customers can decide whether to bid on us. the opportunity to show you an ad, ”says Johnny Ryan of ICCL. Although the data is anonymized using Audience Taxonomy, a publicly accessible coding system designed by IAB Tech Lab, opponents argue that the large amount of data being exchanged without user consent represents the biggest data breach in the world. Ryan lodged a similar complaint with the Irish Data Protection Commissioner’s office in 2018, when the General Data Protection Regulation was established, but this investigation is still ongoing.

The sextortion comes to the ransomware.

A ransomware gang has disclosed nude images of a victim as an extortion tactic, Motherboard reports. Details of the incident are sparse as the identity of the victim, the name of the target company, and the threat group are withheld in order to avoid inadvertently assisting the efforts of cybercriminals. After exfiltrating the data from the target’s system, the gang slowly started posting the data on their extortion website in order to pressure the target to pay, eventually posting the personal photos. Although posting explicit images is not a typical approach for attackers, in 2017 a group of threats stole explicit images from a plastic surgery clinic and threatened to post them, although they did not. never acted on. (It’s not exactly “revenge porn,” as it’s not about revenge, but it can be pretty close to the title Motherboard.)

VMware vulnerabilities potentially threaten medical data.

JDSupra explains that critical vulnerabilities in software created by cloud computing company VMware have forced the U.S. Department of Health and Human Services’ Office of Civil Rights to issue a warning about potential exploitation. As Trustwave reports, VMware released fixes to fix the issues in May, and the advisory, from the Cybersecurity and Infrastructure Security Agency (CISA), urges organizations using VMware vCenter Server and VMware Cloud Foundation to install the updates. day needed as soon as possible. possible. As the software is widely used in the healthcare industry, CISA advises healthcare providers to take the necessary precautions to protect sensitive medical data.

Risk of unauthorized access to network camera streams.

CISA, the US agency for cybersecurity and infrastructure security, yesterday issued an alert regarding a vulnerability in ThroughTech’s P2P SDK, a supply chain risk for network camera vendors that use the SDK P2P. The issue is tracked as CVE-2021-32934; it has a CVSS v3 base score of 9.1. The problem arises in the supply chain of security cameras and baby (and pet) monitors.

The risk posed by the vulnerability is unauthorized viewing of the video. Security firm Nozomi published an account of the problem. They point out that it is difficult for network camera users to identify the provenance of the peer-to-peer functionality or the security of the software that provides it, and therefore recommend that “the best way to prevent the audio / video captured content to be seen by strangers on the Internet is to disable P2P functionality.

We heard from James McQuiggan, security awareness advocate at KnowBe4, who warns against rejecting this type of security issue as old news:

“While it is not new that Internet of Things (IoT) devices are susceptible to various attacks based on their vulnerabilities, it is critical to understand that they need to be protected and updated when patches are available from the manufacturer.

“In this particular case, users and organizations will be relying on the developers of this third-party IoT camera to update it with the appropriate software and firmware, and make it available to customers.

“Organizations need to mitigate the risk of attack from these cameras, which are subject to network attacks. Isolating devices on a segmented network and not allowing internet access can reduce the likelihood of data exfiltration via the available exploit. “


About Deborah Wilson

Check Also

UK CBD claims attract attention from advertising regulator

A UK CBD seller has received a warning from the Advertising Standards Authority (ASA) over …

Leave a Reply

Your email address will not be published.