This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes.
The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.
The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand.
Few episodes ago we covered the popular products of amazon called RING,
it had multiple cyber security flaws that resulted in hackers gaining unauthorized access to remote devices easily, now it seems that a different app is suffering from more security issues, a security flaw in Ring’s Neighbors app was exposing the precise locations and home addresses of users who had posted to the app.
Neighbors is one of several neighborhood watch apps, like Nextdoor and Citizen, that lets users anonymously alert nearby residents to crime and public-safety issues. While users’ posts are public, the app doesn’t display names or precise locations — though most include video taken by Ring doorbells and security cameras. The bug made it possible to retrieve the location data on users who posted to the app, including those who are reporting crimes.
The exposed data wasn’t visible to anyone using the app.
The bug was retrieving hidden data, including the user’s latitude and longitude and their home address, from Ring’s servers.
The Neighbors app appeared to have about 4 million posts by the end of 2020.
Ring said it had fixed the issue.
As we covered before, Ring is currently faces a class-action suit by dozens of people who say they were subjected to death threats and racial slurs after their Ring smart cameras were hacked.
Ring put much of the blame on users for not using “best practices” like two-factor authentication, which makes it harder for hackers to access a user’s account with the user’s password.
After over 1,500 user account passwords were found on the dark web, Ring made two-factor authentication mandatory for every user.
The Scottish Environment Protection Agency (SEPA) confirmed on Thursday that some of its contact center, internal systems, processes and internal communications were affected following a ransomware attack that took place on Christmas Eve.
SEPA added that, after isolating the compromised systems, recovery will probably take “a significant period” and some of the infected SEPA systems will have to be replaced with new ones. Email systems have also been impacted by the Xmas Eve ransomware attack and are still down, with some internal systems and external data products to be offline in the short term.
While SEPA didn’t attribute the attack to any specific ransomware operation, the Conti ransomware gang claims the attack and has already published 7% of the stolen data on its leak site. Roughly 1.2 GB of data was exfiltrated during the attack according to SEPA, with evidence showing that at least 4,000 files were probably accessed and stolen.
SEPA is currently working with cybersecurity specialists and experts from multi-agency partners including Police Scotland and the National Cyber Security Centre on eradication, remediation, and recovery tasks.
The information stolen by the Conti operators during the attack includes:
Information such as, publicly available regulated site permits, authorizations and enforcement notices.
Some information related to SEPA corporate plans, priorities and change programes.
Procurement information, project information and Personal information relating to SEPA staff.
if you are related to SEPA or been in contact with them you should make sure you are not exposed.
That’s it for this podcast, stay safe and see you in the next podcast.
Don’t forget to visit www.nucleon.sh for the latest podcasts on cyber intelligence.