NSO Group’s Pegasus crashes as Apple initiates Dignity and Justice Fund

Read Time:55 Second

Much has been written about NSO Group’s collision with government reality when the Israeli firm found itself on the wrong side of a business decision to sell their technologies to entities that used it to target human rights activists, political leaders, journalists, and a bevy of U.S. persons. The collision came in the form of the U.S. government blacklisting the company, effectively drying up a great percentage of their clients to the point where bankruptcy was seen on the horizon.

White House nixes L3Harris interest in NSO

Then, according to a recent New York Times expose, U.S. defense contractor/supplier L3Harris allegedly attempted a Phoenix-like save and raise the charred NSO from the ashes, with the sub rosa assistance of the U.S. intelligence community. Apparently, L3Harris had its eye on the “zero-click” exploit provided by NSO’s Pegasus for resale or exploitation by the U.S. To those not well versed in the government supply and contract world, L3Harris has expertise in the exploitation of cellphones.

To read this article in full, please click here

Read More

Security risks with using Free Step Tracking apps

Read Time:2 Minute, 49 Second

This blog was written by an independent guest blogger.

Move to Earn (M2E) industry growing:

Currently, Move to Earn or free step tracking apps seek to improve the health of the users with innovative methods to earn money. Free step tracking apps are now mostly related to the blockchain industry aka “Move to Earn” technology. There are now hundreds of M2E apps in development. The idea is simple. You sign up in the app (using your email & full name), turn on location tracking & you’re good to go jogging , running & walking. Users get Coins for the effort, which one can sell on the open Crypto market for Fiat money. Remember, to earn you always need to have the internet access as well as location turned on. Otherwise, you will not be able to gain anything.

This may seem like not a big deal for many people who don’t know about the security & privacy risks attached to the app.  Surely, these are not the first apps which have asked location to be turned on. Many fitness trackers also require the location information to be available online.

Are step tracking apps safe?

Step tracking apps can pose serious security & privacy threats to the millions of users using M2E apps. When you run, the tracker monitors your location all the time. Also, most of these apps are not tested against security & privacy issues. They don’t have Responsible Disclosure programs where security researchers can report security issues. Oftentimes , we saw developers of these apps ignoring the reports by security researchers about the security risks attached with them.

Data can be shared or sold to third parties

Well, no one reads the lengthy privacy policy of the services. Meanwhile, advertisers & insurance companies really need the information related to your daily number of footsteps (which discloses some aspects of your health) and location. The US Health privacy Law HIPAA excludes these step tracking and fitness tracker apps. So, these step tracking (M2E) companies can share data with anyone they want.

Tough choice – Trade offs?

If we look at M2E , these apps have helped a lot of families around the world to earn a livelihood when there were no jobs due to the pandemic. During the pandemic, many companies have cut off their employees & people have limited choices to earn a livelihood.

So, it’s a tough choice for many. Personally, I would never sign up for these apps as most of them are unsecured.

Poll Results:

Kate Brew, editor of the AT&T Cybersecurity blog, recently conducted poll on Twitter on whether people would use a step tracking app. Here are the final results:

Would you add a free app to your smart phone that allows you to track your number of steps per day for health reasons? Or advise friends and family to do so?

— Kate Brew (@securitybrew) June 30, 2022

 

Tips for users to ensure their privacy and security:

1. Always read the complete and critical points of privacy policy before you hit the sign-up button.
2. Check if the app requires 2FA Setup or not
3. Check where data is being stored. You can ask the developers about that.
4. Protect your anonymity with VPN
5. Turn off location tracking when the app is not in use
6. Avoid using public & unsecured Wi-Fi networks.

Read More

Cybersecurity is a constant fire drill—that’s not just bad, it’s dangerous

Read Time:36 Second

As part of my job as an industry analyst, I do lots of quantitative research with security professionals.  One question we often pose to security professionals is around their biggest challenges.  The research results often include issues like coping with alert storms, addressing the dangerous threat landscape, managing a multitude of point tools, scaling manual processes, and staffing shortages, along with one other challenge that comes up on nearly every survey, often with the highest percentage of responses:  Security professionals report that they are challenged because the cybersecurity team at their organization spends most of its time addressing high-priority/emergency issues and not enough time on strategy and process improvement.

To read this article in full, please click here

Read More