Vulnerability Note

  Smart-home devices can compromise your privacy. Former Amazon executive Robert Frederick even admits to turning Alexa off, due to concerns that the company was listening in. Need to regain some privacy in your home? For Amazon’s Alexa, follow these three tips: Turn-off the ‘drop-in’ app: Alexa’s ‘drop-in’ feature allows predetermined contacts to simply start speaking out of a device’s speaker. No need for the device-owner to “answer” a call. Despite the user-friendly functionality, someone who ‘drops-in’ can hear everything happening in your home. Because you may want to discuss private matters out of friends’ earshot, it’s best to turn off your ‘drop-in’ feature unless you specifically want to use it.To turn it off, open the Alexa app, tap ‘devices’, select the intended device, then tap ‘communications’. This will enable you to flip the ‘drop-in’ switch to ‘off’ or to limit it to specific home devices. Eliminate ‘Hunches’ from your suite of apps: The ‘Hunches’ tool allows the Alexa

  The coronavirus pandemic has transformed the world as we knew it, leading to profound changes in business operations and business cultures. Previously, working from home was often seen as a privilege or a luxury, while it’s now a part of the ‘new normal’. Among US companies,   84%   anticipate broader and sustained remote working opportunities post-pandemic. At this point in time, a significant challenge for organizations comes in the form of educating employees about cyber security hygiene and best practices. Be sure to provide your employees with the information that they need to keep your organization as safe and secure as possible. Check Point’s President of the Americas, Chris Scanlan, offers the following tips: Request for employees to pay special attention to unsolicited or suspicious emails.  “…the majority of cyberattacks I see are triggered by a phishing campaign,” he says. Verifying the legitimacy of emails is important, and employees may need coaching on how to do so effe

  Garmin, the maker of fitness trackers, smartwatches and GPS-based wearable devices, is currently dealing with a massive worldwide service interruption after getting hit by a targeted ransomware attack, an employee of the company told The News on condition of anonymity. The company's website and the  Twitter  account say, "We are currently experiencing an outage that affects Garmin.com and Garmin Connect." "This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience." As a result, the company yesterday was forced to temporarily shut down some of its connected services, including Garmin Express, Garmin Connect mobile, and the website—restricting millions of its users from accessing the cloud services or even syncing their watches locally to the app. Though not much information is available on technicalities of

  The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a new  report  warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. Dubbed ' BLINDINGCAN ,' the advanced remote access trojan acts as a backdoor when installed on compromised computers. According to the FBI and CISA, North Korean state-sponsored hackers  Lazarus Group , also known as  Hidden Cobra , are spreading BLINDINGCAN to "gather intelligence surrounding key military and energy technologies." To achieve this, attackers first identify high-value targets, perform extensive research on their social and professional networks, and then pose as recruiters to send malicious documents loaded with the malware, masquerading as job advertisements and offerings. However, such employment scams and social engineering strategies are not new and were recently  spotted  being used in ano

  An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate. The latest security issue—of which Google is aware but, unfortunately, left unpatched—resides in the " manage versions " functionality offered by Google Drive that allows users to upload and manage different versions of a file, as well as in the way its interface provides a new version of the files to the users. Logically, the manage versions functionally should allow Google Drive users to update an older version of a file with a new version having the same file extension, but it turns out that it's not the case. According to A. Nikoci, a system administrator by profession who reported the flaw to Google and later disclosed it to The Hacker News, the affected functionally allows users to upload a new version with any f

  Hackers always find a way in, even if there's no software vulnerability to exploit. The FBI has arrested a Russian national who recently traveled to the United States and offered $1 million in bribe to an employee of a targeted company for his help in installing malware into the company's computer network manually. Egor Igorevich Kriuchkov , 27-year-old, entered the United States as a tourist and was arrested in Los Angeles after meeting with the unnamed employee of an undisclosed Nevada-based company numerous times, between August 1 to August 21, to discuss the conspiracy. "On or about July 16, EGOR IGOREVICH KRIUCHKOV used his WhatsApp account to contact the employee of victim company and arranged to visit in person in the District of Nevada," the  court documents  say. "On or about July 28, EGOR IGOREVICH KRIUCHKOV entered the United States using his Russian Passport and a B1/B2 tourist visa." Kriuchkov also asked the employee to participate in developi