Roughly 60 percent of the top free mobile VPN apps returned by Google Play Store and Apple Play Store searches are from developers based in China or with Chinese ownership, raising serious concerns about data privacy, a study published today has revealed.
"Our investigation uncovered that over half of the top free VPN apps either had Chinese ownership or were actually based in China, which has aggressively clamped down on VPN services over the past year and maintains an iron grip on the internet within its borders," said Simon Migliano, Head of Research at Metric Labs, a company that runs the Top10VPN portal.
"Furthermore, we found the majority of free VPN apps had
little-to-no formal privacy protections and non-existent user support,"
Migliano said.
The expert says that 86 percent of the apps he
analyzed had "unacceptable privacy policies." For example, some apps
didn't say if they logged traffic, some apps appeared to use generic
privacy policies that didn't even mention the term VPN, while some apps
didn't feature a privacy policy at all. On top of this, other apps
admitted in their policies to sharing data with third-parties, tracking
users, and sending and sharing data with Chinese third-parties. more
Kevin's Spybuster Tip # 724 - Check out Outline.
Monday, November 26, 2018
IT Director Alert - Patch Those Printers... now
Despite copious warnings and efforts by the security community to harden the defenses of printers, they continue to represent a ripe target for attackers.
Just this past summer researchers at Check Point found a vulnerability that allowed an attacker to compromise a multi-function printer with fax capabilities simply by sending a fax.
In July, Positive Technology shared a proof-of-concept attack that shows how attackers can compromise a corporate network via installing a customized Xerox printer firmware on a targeted printer.
In August, HP Inc. patched hundreds of inkjet models vulnerable to two vulnerable remote code execution flaws (CVE-2018-5924, CVE-2018-5925).
Printers, security researchers say, are the Achilles Heel for network management. They sit on the network like a PC and need regular updating like any other network endpoint – but often don't. more
Just this past summer researchers at Check Point found a vulnerability that allowed an attacker to compromise a multi-function printer with fax capabilities simply by sending a fax.
In July, Positive Technology shared a proof-of-concept attack that shows how attackers can compromise a corporate network via installing a customized Xerox printer firmware on a targeted printer.
In August, HP Inc. patched hundreds of inkjet models vulnerable to two vulnerable remote code execution flaws (CVE-2018-5924, CVE-2018-5925).
Printers, security researchers say, are the Achilles Heel for network management. They sit on the network like a PC and need regular updating like any other network endpoint – but often don't. more
Labels:
#espionage,
#hack,
#IoT,
advice,
cybersecurity,
photocopier
Tuesday, November 20, 2018
From the Don't Poop Where You are Going to Eat Files
For a century, Vienna has been the world capital of espionage.
It’s a city of world-class mystery and intrigue, as depicted in countless spy novels and films. Vienna has it all: lovely vistas, great food and wine, affordable prices, and an extraordinarily permissive environment for espionage.
In Austria, you’re free to spy on nearly whomever you want, and there are plenty of targets. Everybody has an embassy in Vienna, plus it’s the second city of the United Nations. When it comes to espionage, the only way to get in trouble in Vienna is by spying on your hosts—and that’s just what the Russians got caught doing. more
It’s a city of world-class mystery and intrigue, as depicted in countless spy novels and films. Vienna has it all: lovely vistas, great food and wine, affordable prices, and an extraordinarily permissive environment for espionage.
In Austria, you’re free to spy on nearly whomever you want, and there are plenty of targets. Everybody has an embassy in Vienna, plus it’s the second city of the United Nations. When it comes to espionage, the only way to get in trouble in Vienna is by spying on your hosts—and that’s just what the Russians got caught doing. more
Spy Rule #629 - Don't Order Bugs Using Company Email
Eavesdropping charges have been filed against a central Illinois schools administrator who allegedly planned to secretly record a closed session of the school board.
The News-Gazette reports Champaign County State's Attorney Julia Rietz alleged Thursday that Samuel Byndom used a device disguised as a pen to record an Oct. 28 closed session of the school board. The 35-year-old Byndom is Urbana District 116's assistant superintendent of learning and instruction.
Rietz said Urbana police have been investigating Byndom since a school district employee found an email order confirmation on a school district computer for a voice-activated recorder pen from a company called "SpyGuy."
Members of the school board members went forward with the closed session after learning about the recording device order, but searched the room before starting. They found the device and removed it. more
The News-Gazette reports Champaign County State's Attorney Julia Rietz alleged Thursday that Samuel Byndom used a device disguised as a pen to record an Oct. 28 closed session of the school board. The 35-year-old Byndom is Urbana District 116's assistant superintendent of learning and instruction.
Click to enlarge. |
Members of the school board members went forward with the closed session after learning about the recording device order, but searched the room before starting. They found the device and removed it. more
A New EU Spy School... with some possible strings attached.
The defense ministers of 25 EU member countries agreed Monday on a joint EU intelligence school, along with 16 other new projects, as part of their military pact...
The establishment of a joint EU spy school would be a big step forward for the bloc’s intelligence community. Until recently, a significant deepening of intelligence cooperation in the Union was blocked by the U.K., which viewed it as unwelcome competition to the Five Eyes intelligence alliance... With Brexit approaching, London no longer stands in the way.
However, eyebrows will be raised by the proposal to have Greece lead the academy, with help from Cyprus, meaning two of the EU’s members with the closest ties to Moscow would run the project. more
The establishment of a joint EU spy school would be a big step forward for the bloc’s intelligence community. Until recently, a significant deepening of intelligence cooperation in the Union was blocked by the U.K., which viewed it as unwelcome competition to the Five Eyes intelligence alliance... With Brexit approaching, London no longer stands in the way.
However, eyebrows will be raised by the proposal to have Greece lead the academy, with help from Cyprus, meaning two of the EU’s members with the closest ties to Moscow would run the project. more
"So, uh, what's your Social Security number, kid?"
It's the cute toy tipped to be a Christmas hit, but there are fears ‘Dino’ the dinosaur may be vulnerable to hackers who could steal information about its young owners.
The ‘smart toy’, which is able to ‘learn’, answer questions and read bedtime stories, is among a series of technology gifts that have failed to win approval from the Mozilla Foundation...said it had been unable to determine if Dino – an internet-connected toy...uses sufficient encryption to guard against hackers.
It was also critical of the complexity of its privacy policy which includes an admission in the small print that, when a child plays with Dino, it automatically collects information about a child’s ‘likes and dislikes, interests, and other educational metrics’. more
The ‘smart toy’, which is able to ‘learn’, answer questions and read bedtime stories, is among a series of technology gifts that have failed to win approval from the Mozilla Foundation...said it had been unable to determine if Dino – an internet-connected toy...uses sufficient encryption to guard against hackers.
It was also critical of the complexity of its privacy policy which includes an admission in the small print that, when a child plays with Dino, it automatically collects information about a child’s ‘likes and dislikes, interests, and other educational metrics’. more
Labels:
cautionary tale,
cybersecurity,
Internet,
IoT,
Santa,
toy
Spybuster Tip #720 - iPhone Knows What You Did Last Summer... and how to stop it.
Your iPhone knows where you go and how often.
The feature is called Significant Locations, and it is buried deep within iPhone's reptilian brain.
Want a peak?
Significant Locations may include the locations of, and frequency of visits to, significant others, whom you would rather not have your other significant others know about.
Or, if you are an investigator, it just might help you crack a case!
~Kevin
The feature is called Significant Locations, and it is buried deep within iPhone's reptilian brain.
Want a peak?
- Open Settings
- Open Privacy
- Open Location Services
- Scroll to the very end and open System Services
- Keep scrolling until you hit Significant Locations
- At this point, you will need to sign in again.
Significant Locations may include the locations of, and frequency of visits to, significant others, whom you would rather not have your other significant others know about.
Or, if you are an investigator, it just might help you crack a case!
~Kevin
Monday, November 19, 2018
Renters: Beware of Creepy Landlords and their Alarm Clocks - Part II
WA - A former South Seattle College employee is in jail after allegedly putting a spy camera in an exchange student’s bedroom.
The 52-year-old man is being held in King County Jail in lieu of a $500,000 bond on suspicion of voyeurism. Q13 News is not naming the suspect because he has not yet been charged.
According to Seattle police: On Nov. 11, a foreign exchange student from South Seattle College contacted police. She said she is one of five women renting a house in the 5000 block of 16th Ave SW. The home is owned by a 52-year-old college employee who lives there. All of the renters are young women who attend the college.
The victim told police she moved into the home in September. When she moved in the suspect offered her an alarm clock. The victim accepted it. more
The 52-year-old man is being held in King County Jail in lieu of a $500,000 bond on suspicion of voyeurism. Q13 News is not naming the suspect because he has not yet been charged.
According to Seattle police: On Nov. 11, a foreign exchange student from South Seattle College contacted police. She said she is one of five women renting a house in the 5000 block of 16th Ave SW. The home is owned by a 52-year-old college employee who lives there. All of the renters are young women who attend the college.
The victim told police she moved into the home in September. When she moved in the suspect offered her an alarm clock. The victim accepted it. more
Note to Spies: Get a retainer.
A former employee at UBS Group AG’s French unit whose spying helped build a $6 billion tax case against the bank found the value of her work after she lost her job: 3,000 euros ($3,400).
The relatively paltry sum is all Stephanie Gibaud -- who organized events for wealthy UBS France clients before she was fired in 2012 -- got from a lawsuit she filed last year against the government to obtain 3.5 million euros. The court made its decision Thursday.
The Paris administrative court acknowledged her contribution and recognized the “stress” she suffered for it. Gibaud, 53, was also given an official status as “an occasional assistant to the public service” seven years after she aided investigators during a surveillance mission of UBS bankers and clients at an event organized around the 2011 Roland-Garros tennis tournament. more
The Gloves are off in Thefts of U.S. Technology Secrets
It was the great microchip heist — a stunning Chinese-backed effort that pilfered as much as $8.75 billion in patented American technology.
U.S. officials say the theft took a year to pull off and involved commercial spies, a Chinese-backed company, a Taiwanese chipmaker and employees affiliated with Micron Technology, a U.S.-based microchip behemoth.
Yet what Micron called “one of the boldest schemes of commercial espionage in recent times” is most notable because it’s not unusual. more
U.S. officials say the theft took a year to pull off and involved commercial spies, a Chinese-backed company, a Taiwanese chipmaker and employees affiliated with Micron Technology, a U.S.-based microchip behemoth.
Yet what Micron called “one of the boldest schemes of commercial espionage in recent times” is most notable because it’s not unusual. more
Renters: Beware of Creepy Landlords and their Alarm Clocks - Part I
UK - An apartment unit manager was arrested on Friday after a tenant found a secret camera hidden in their bathroom.
Police found two more hidden cameras after they detained a 49-year-old man, who works at the unit.
The resident, who is one of ten occupants living in the apartment building, called police after finding the camera in their digital alarm clock.
Police executed a search warrant and located a hidden camera, hard drive and other devices, they said on Saturday.
The man allegedly had more than 50 intimate videos of the occupants of the two units. more
Police found two more hidden cameras after they detained a 49-year-old man, who works at the unit.
The resident, who is one of ten occupants living in the apartment building, called police after finding the camera in their digital alarm clock.
Police executed a search warrant and located a hidden camera, hard drive and other devices, they said on Saturday.
The man allegedly had more than 50 intimate videos of the occupants of the two units. more
Monday, November 5, 2018
Business Espionage: Ex-Employees Allegedly Steal Trade Secrets Valued At Over $400 Million
Three individuals who worked for DRAM maker's Taiwan subsidiary stole Micron IP to benefit company controlled by China's government, US says in indictment.
Like many other businesses, semiconductor manufacturer Micron Technology employs a range of physical, electronic, and policy measures to protect its trade secrets. Yet all it took for the company to allegedly lose intellectual property worth at least $400 million to a Chinese competitor was two employees with legitimate access to the data.
A federal indictment unsealed this week in the US District Court for the Northern District of California described Micron as the victim of economic espionage involving a Taiwanese semiconductor company, a state-owned company in China, and three individuals who previously worked for Micron. more
Friday, November 2, 2018
This Fortnight in Spycam News
WA - A pastor and teacher at a Christian school in Washington state was
arrested earlier this week and charged with filming hundreds of
voyeurism videos of female staff and students. more
UK - A voyeur was locked up after being caught with 169 video clips taken by a spy camera set up to film an unsuspecting woman. The penalties were imposed when he appeared before magistrates in the city. They were told the offence came to light when the camera was discovered and police were alerted. more
ID - A Ketchum man has been charged with one felony count of video voyeurism. A recording device found in the bathroom of a residence at the Wildwood condominium complex. The recording device was found by a guest who was staying at the residence at points between April and June, with her daughter. The woman told Lundergreen that the device was located in the bathroom wall outlet and disguised as a USB charger. more
Japan - The secretary general of a local assembly in Yamagata Prefecture, northwest Japan is fired for voyeurism in a women's bathroom at town hall. more
PA - A West Chester University student was arrested after police said he hid a cellphone in public bathrooms in several locations, including one at West Chester University, and recorded women in various stages of undress. more
LA - A former WAFB employee who secretly recorded two female station employees using the restroom in 2017 was sentenced to four months in prison Tuesday. He was immediately handcuffed and led to prison. more
New Zealand - The man who filmed women using the shower in his Airbnb homestay then uploaded the videos to a porn site has lost name suppression and has been sent to prison for four years and four months. more
CT - A man who entered a neighbor's home through an unlocked door and
allegedly installed video cameras in four spots in the home has been
arrested by police. An investigation revealed that Pelgrift had entered the home and
installed the videos cameras while the woman was not home. She happened
to notice a camera and called the police, state police said. more
FL - Investigators say they have uncovered an extensive amount of videos and images of under-age students secretly filmed while undressing by a Bloomingdale High School teacher who was arrested last month on a video voyeurism charge. Mark Ackett, 50, who resigned as a fashion design teacher, now faces an additional 353 charges. He was first arrested on Sept. 11 — the same day a 17-year-old student in his class discovered two cell phones hidden in the classroom changing area where she and her classmates disrobed for fashion assignments. more
ND - James O'Keefe's Project Veritas released a new undercover video on Tuesday night showing vulnerable Sen. Heidi Heitkamp's (D-ND) campaign staff exposing her as being a far-left candidate while she has tried to portray herself as being centrist, saying, "when she gets elected she's going to be super liberal." more
VA - A conservative group that creates undercover “sting” videos infiltrated the campaign of Abigail Spanberger, a Democrat in a tight race with Rep. Dave Brat in Virginia’s 7th District. more
AZ - A right-wing operation that creates secretly recorded videos targeted Democratic U.S. Rep. Kyrsten Sinema, who's running a tight race for U.S. Senate, releasing a video Monday with several clips of the representative and her campaign workers making candid off-the-cuff comments. more
MO - An undercover video exposed a Democrat senator's re-election campaign for secretly taking donations from Planned Parenthood. The video, from conservative activist group Project Veritas, shows campaign workers for Democrat Sen. Claire McCaskill of Missouri talking about how Planned Parenthood funnels money to McCaskill's campaign through other organizations. more
CA - New undercover video appears to show signature gatherers pitching falsehoods to voters get them to sign petitions that would force the massive Newland Sierra development to a public vote. more
Thanks for subscribing to Kevin's Security Scrapbook (see top right column). ~Kevin
UK - A voyeur was locked up after being caught with 169 video clips taken by a spy camera set up to film an unsuspecting woman. The penalties were imposed when he appeared before magistrates in the city. They were told the offence came to light when the camera was discovered and police were alerted. more
ID - A Ketchum man has been charged with one felony count of video voyeurism. A recording device found in the bathroom of a residence at the Wildwood condominium complex. The recording device was found by a guest who was staying at the residence at points between April and June, with her daughter. The woman told Lundergreen that the device was located in the bathroom wall outlet and disguised as a USB charger. more
Japan - The secretary general of a local assembly in Yamagata Prefecture, northwest Japan is fired for voyeurism in a women's bathroom at town hall. more
PA - A West Chester University student was arrested after police said he hid a cellphone in public bathrooms in several locations, including one at West Chester University, and recorded women in various stages of undress. more
LA - A former WAFB employee who secretly recorded two female station employees using the restroom in 2017 was sentenced to four months in prison Tuesday. He was immediately handcuffed and led to prison. more
New Zealand - The man who filmed women using the shower in his Airbnb homestay then uploaded the videos to a porn site has lost name suppression and has been sent to prison for four years and four months. more
New Zealand - A
home handyman who used his position of trust to spy on a female friend
in her bedroom has been sentenced to three months of community
detention. The offending...involved Williamson hiding a camera inside a toolbox that he left in the
woman's bedroom, which he left there after performing maintenance
duties in her home. The device was discovered by the woman, who contacted the police. more
FL - In a case involving allegations that a man placed hidden cameras in his
adult stepdaughter’s bedroom, an appeals court Friday overturned a
conviction on video-voyeurism charges because police improperly obtained
evidence from a laptop computer. more
FL - Investigators say they have uncovered an extensive amount of videos and images of under-age students secretly filmed while undressing by a Bloomingdale High School teacher who was arrested last month on a video voyeurism charge. Mark Ackett, 50, who resigned as a fashion design teacher, now faces an additional 353 charges. He was first arrested on Sept. 11 — the same day a 17-year-old student in his class discovered two cell phones hidden in the classroom changing area where she and her classmates disrobed for fashion assignments. more
S. Korea - South Korea is in the grip of a 'spycam'
epidemic, with covert footage of sex, nudity and urination posted online
in what amounts to a "social death penalty" for thousands of women
forced to live with a pornographic shadow. The
footage may be taken surreptitiously by boyfriends or captured on
covert devices as small as car keys. Daily camera checks are now part of
life for cleaners in many public toilets. more
FL - A massage therapist was arrested over the weekend and charged with video
recording a female customer disrobing prior to an appointment. ... Further investigation indicates that Scott had placed a cellphone in the
massage room to video record the customer while she was undressing. more
NM - A Dona Ana County man is facing time behind bars for hiding video
cameras in bathrooms and capturing video of victims using the restroom,
showering, and changing clothes. ... Police say Ikard's face was even seen on some of the videos as he worked to set up the cameras. more
UK - A retired company director who covertly
filmed a young woman getting changed at his luxury home has been jailed
for eight months. Allan Austin, 66, installed a hidden spy camera at his home in Cheshire because he 'liked the figure' of the victim. When officers searched Austin's £500,000 detached house in the village
of High Legh, near Knutsford, Cheshire they found the hidden camera
which was linked to his computer and iPad. more
The above cases represent only the failures, the ones that got caught. The problem is much larger. Learn how to protect yourself and your children.
A video spycam (with audio recording) we found last Friday at a corporate location...
Now, on to the Extortionography cases. Hey, the elections are here, and the tech fists are flying.
ND - James O'Keefe's Project Veritas released a new undercover video on Tuesday night showing vulnerable Sen. Heidi Heitkamp's (D-ND) campaign staff exposing her as being a far-left candidate while she has tried to portray herself as being centrist, saying, "when she gets elected she's going to be super liberal." more
VA - A conservative group that creates undercover “sting” videos infiltrated the campaign of Abigail Spanberger, a Democrat in a tight race with Rep. Dave Brat in Virginia’s 7th District. more
AZ - A right-wing operation that creates secretly recorded videos targeted Democratic U.S. Rep. Kyrsten Sinema, who's running a tight race for U.S. Senate, releasing a video Monday with several clips of the representative and her campaign workers making candid off-the-cuff comments. more
MO - An undercover video exposed a Democrat senator's re-election campaign for secretly taking donations from Planned Parenthood. The video, from conservative activist group Project Veritas, shows campaign workers for Democrat Sen. Claire McCaskill of Missouri talking about how Planned Parenthood funnels money to McCaskill's campaign through other organizations. more
CA - New undercover video appears to show signature gatherers pitching falsehoods to voters get them to sign petitions that would force the massive Newland Sierra development to a public vote. more
Thanks for subscribing to Kevin's Security Scrapbook (see top right column). ~Kevin
Security Director IT Alert: New Corporate Network Attack Vulnerability
Called BleedingBit, this vulnerability impacts wireless networks used in a large percentage of enterprise companies.
Two zero-day vulnerabilities in Bluetooth Low-Energy chips made by Texas Instruments (and used in millions of wireless access points) open corporate networks to crippling stealth attacks.
Adversaries can exploit the bugs by simply being approximately 100 to 300 feet from the vulnerable devices. A compromised access point can then lead to an attacker taking control of the access point, capturing all traffic, and then using the compromised device as a springboard for further internal attacks.
The issue impacts Wi-Fi access points made by Cisco, Cisco Meraki and Hewlett-Packard Enterprise’s Aruba, accounting for a large percentage of hardware used in corporations, according to researchers at Israeli security firm Armis. The firm discovered the two bugs earlier this year and publicly disclosed them on Thursday.
“Attacks can be devastating and carried out by unauthenticated users who can exploit these bugs and break into enterprise networks undetected while sitting in the company’s lobby,” said Ben Seri, head of research at Armis.
...there is concern that the BleedingBit vulnerabilities could impact a larger universe of BLE devices, such as smart locks used in hotel chains and point-of-sale hardware.
Last year, Armis discovered a nine zero-day Bluetooth-related vulnerabilities, dubbed BlueBorne, in Bluetooth chips used in smartphones, TVs, laptops and car audio systems. The scale of affected devices was massive, estimated to impact billions of Bluetooth devices. more
Recommendation: If your company uses devices made by the manufacturers mentioned, contact them for software patches. ~Kevin
Two zero-day vulnerabilities in Bluetooth Low-Energy chips made by Texas Instruments (and used in millions of wireless access points) open corporate networks to crippling stealth attacks.
Adversaries can exploit the bugs by simply being approximately 100 to 300 feet from the vulnerable devices. A compromised access point can then lead to an attacker taking control of the access point, capturing all traffic, and then using the compromised device as a springboard for further internal attacks.
The issue impacts Wi-Fi access points made by Cisco, Cisco Meraki and Hewlett-Packard Enterprise’s Aruba, accounting for a large percentage of hardware used in corporations, according to researchers at Israeli security firm Armis. The firm discovered the two bugs earlier this year and publicly disclosed them on Thursday.
“Attacks can be devastating and carried out by unauthenticated users who can exploit these bugs and break into enterprise networks undetected while sitting in the company’s lobby,” said Ben Seri, head of research at Armis.
...there is concern that the BleedingBit vulnerabilities could impact a larger universe of BLE devices, such as smart locks used in hotel chains and point-of-sale hardware.
Last year, Armis discovered a nine zero-day Bluetooth-related vulnerabilities, dubbed BlueBorne, in Bluetooth chips used in smartphones, TVs, laptops and car audio systems. The scale of affected devices was massive, estimated to impact billions of Bluetooth devices. more
Recommendation: If your company uses devices made by the manufacturers mentioned, contact them for software patches. ~Kevin
Labels:
#espionage,
#hack,
advice,
Bluetooth,
business,
cybersecurity,
Wi-Fi
Thursday, November 1, 2018
Spy Shop Bat Man Shows No Brotherly Love
NJ/PA - The superintendent of a Cumberland County school district is facing criminal charges after allegedly attacking a Philadelphia surveillance equipment store employee with a baseball bat.
Michael Knox, the superintendent of the Fairfield Township School District, faces charges of aggravated assault, possessing an instrument of crime, making terroristic threats and simple assault, court records show.
According to NBC 10 Philadelphia, Knox allegedly had a business arrangement with the shop to spy on his wife for an unknown matter. He thought the store was doing a bad job with the surveillance, NBC reported, leading him to attack an employee inside the store. more
Michael Knox, the superintendent of the Fairfield Township School District, faces charges of aggravated assault, possessing an instrument of crime, making terroristic threats and simple assault, court records show.
According to NBC 10 Philadelphia, Knox allegedly had a business arrangement with the shop to spy on his wife for an unknown matter. He thought the store was doing a bad job with the surveillance, NBC reported, leading him to attack an employee inside the store. more
Subscribe to:
Posts (Atom)