Security & Privacy Weekly News Roundup, Vol. 1, Issue 6

Security & Privacy Weekly News Roundup, Vol. 1, Issue 6

No one will be watching you: When Sen. Rand Paul, R-Ky., announced plans to run for president in 2016, among the gadgets offered for sale to supporters is an “NSA spy cam blocker,” which retails for $15. “That little front-facing camera on your laptop or tablet can be a window for the world to see you—whether you know it or not!” the description reads. The item is advertised for use on laptops, smart TVs and the Xbox Kinect, and includes a plastic slider so users can make FaceTime calls. Source: Ars Technica

Drive (safely), they said: A Desjardins Insurance smartphone app tracks driver behavior in return for car insurance savings. The app will tell you how far you’ve traveled and whether you’ve been speeding. It also keeps track of trips in which the cellphone wasn’t used while driving. Some critics have questions: “Our location can (contain) incredibly personal information about us,” says Lori Andrews, a professor at Chicago Kent College of Law. The app must remain on in the background, even when users are not driving, she said. The company says information will only be used to reward good drivers with discounts. Source: CBC News

Free resource: Stay informed with a free subscription to SPWNR

Bank on it: Cyber threat warnings from the Federal Financial Institutions Examination Council are designed to push smaller banks and credit unions to mitigate ongoing threats, several financial security specialists say. Shirley Inscoe, a financial fraud expert and analyst for consultancy Aite Group, says the alerts could suggest that regulators are aware of new threats that have not yet been made public. “The federal government monitors a lot of chatter, and it makes me speculate that there could be some upcoming attacks financial institutions need to prepare for quickly,” she says. Source: Bank Info Security

Slow to act: Too many companies aren’t moving to set up formal incident response plans, a breach readiness survey published by RSA says. The survey compared the responses of 170 security officials in 30 countries, with feedback from the Security for Business Innovation Council. “Incident response” is defined as a “comprehensive, premeditated approach to protecting applications, data and information infrastructure from cyber attacks.” Source: SC magazine

They’re not playing: A group of consumer advocates says a YouTube Kids mobile app for young children has unfair and deceptive advertising and should be investigated. Google introduced the app as a “safer” place for kids because it was restricted to “family-focused content.” But in a letter to the Federal Trade Commission, the activists say the app is filled with ads and product placements, and that digital media should be subject to the same rules as TV, which limits commercial content on kids’ programming. YouTube says it consulted with child advocacy and privacy groups when creating the app, and, “We are always open to feedback.” Source: The Associated Press via The Denver Post

Always on watch: Insurance agents and brokers might consider the impact of private security forces’ use of body cameras. Among the issues: Cameras raise questions about privacy; if a company asks its security contractor to equip guards with cameras, the security firms might need to request third-party indemnification; footage can assist in claims handling, clearly depicting whether excessive force was used; and camera footage can be used in training, offering real-world demonstrations of best (and worst) practices. Source: PropertyCasualty360

Breaking our hearts: Research from cybersecurity company Venafi says most major businesses are still vulnerable to the Heartbleed virus, which was in the news a year ago. The code originally was introduced to the OpenSSL platform in 2012. An attacker could gain access to SSL private keys, user names and passwords. Venafi’s research says 76 percent of the Global 2000’s public-facing systems were still vulnerable to Heartbleed. Source: CSO

Uninvited guests: A report from security company Veracode found that devices in the Internet of Things often are not designed with data security in mind, putting consumers at risk. With about 4.9 billion connected devices in use now and an estimated 25 billion expected by 2021, the study found that the impact of vulnerabilities in these devices could be significant. For example, thieves could be notified when a garage door is open, giving them access to a home. Source: Market Wired

What’s the bad word? The FBI says hackers sympathetic to ISIS are defacing sites through vulnerabilities in WordPress, and issued an alert that criminals are hosting fraudulent government websites to get personal and financial information. The hackers are targeting news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments and a variety of sites by exploiting known flaws in WordPress plug-ins. Source: Krebs on Security

Seeing from the sea: Cisco’s Security Solutions team says new malware, nicknamed PoSeidon, targets point-of-sale (PoS) systems, infecting machines to gather credit card information. PoSeidon communicates with external servers, can update itself, and has defenses against reverse engineering. Source: The National Law Review

Tracking the president: Russian hackers penetrated sensitive parts of the White House computer system, say U.S. officials briefed on the investigation of the incident discovered in October. Hackers had access to information such as real-time non-public details of the president’s schedule. Such information is sought by foreign intelligence agencies, U.S. officials say. The FBI, Secret Service and intelligence agencies consider the breach among the most sophisticated attacks ever against U.S. government systems. Source: CNN via WXIN

Call me! Or, uh, don’t: The government kept secret records of Americans’ international phone calls in 1992 in an effort to fight drug trafficking, say current and former intelligence and law enforcement officials. Attorney General Eric Holder halted the program, run by the Justice Department and the Drug Enforcement Administration, in 2013. The DEA gathered logs of virtually all calls made from the United States to up to 116 countries linked to drug trafficking. Source: Reuters via The Huffington Post

This article originally appeared on