https://therecord.media/google-to-pay-nearly-400-million-over-deceptive-location-tracking-practices/
Google has agreed to pay a $391.5 million settlement with 40 states over revelations that it continued to track users’ locations even when told explicitly not to.
The AP found that Google misled users into believing they could turn location tracking off within their account settings when in fact the company continued to collect location information within its Web & App Activity feature, which is automatically turned on when a user creates a Google account or uses an Android phone.
https://www.datatilsynet.no/aktuelt/aktuelle-nyheter-2022/rad-til-deg-som-reiser-til-qatar-vm/
Alle som reiser til Qatar for å følge fotball-VM, kan bli bedt om å laste ned to qatarske apper. Appene kan potensielt brukes til å overvåke de tilreisende. Vi har laget noen råd om hva du kan gjøre i denne situasjonen.
https://www.politico.eu/article/cop-27-climate-change-app-cybersecurity-weapon-risks/
Western security advisers are warning delegates at the COP27 climate summit not to download the host Egyptian government’s official smartphone app, amid fears it could be used to hack their private emails, texts and even voice conversations.
https://www.theguardian.com/technology/2022/nov/02/tiktok-tells-european-users-its-staff-in-china-get-access-to-their-data
TikTok is spelling out to its European users that their data can be accessed by employees outside the continent, including in China, amid political and regulatory concerns about Chinese access to user information on the platform.
https://www.forbes.com/sites/emilybaker-white/2022/10/20/tiktok-bytedance-surveillance-american-user-data/
https://www.nrk.no/sport/alle-som-skal-til-vm-ma-ha-denne-appen-pa-mobilen-_-na-slar-eksperter-full-alarm-1.16131251
personlig hadde jeg aldri dratt til Qatar med mobiltelefonen min. Det sier NRKs sikkerhetssjef Øyvind Vasaasen etter en grundig gjennomgang av VM-appene.
– De kan rett og slett endre innholdet i hele telefonen din og ha fri kontroll på den informasjonen som er der, er konklusjonen til NRKs sikkerhetssjef.
https://www.theguardian.com/technology/2022/oct/11/iphones-calling-911-from-owners-pockets-on-rollercoasters
New iPhones which can detect car crashes and notify emergency services appear confused by thrill rides
https://www.ifixit.com/News/64865/iphone-14-teardown
Apple has completely redesigned the internals of the iPhone 14 to make it easier to repair.
https://www.nbcnews.com/tech/security/cyberattacks-us-hospitals-mean-higher-mortality-rates-study-finds-rcna46697
Two-thirds of respondents in the Ponemon study who had experienced ransomware attacks said they disrupted patient care, and 59% of them found they increased the length of patients’ stays, straining resources. Almost one-quarter said they led to increased mortality rates at their facilities.
https://apnews.com/article/nato-technology-iran-middle-east-6be153b291f42bd549d5ecce5941c32a
Albania cut diplomatic ties with Iran and expelled the country’s embassy staff over a major cyberattack nearly two months ago that was allegedly carried out by Tehran on Albanian government websites, the prime minister said Wednesday.
The move by NATO member Albania was the first known case of a country cutting diplomatic relations over a cyberattack.
https://www.anthropocenemagazine.org/2020/09/a-simple-paint-job-can-save-birds-from-wind-turbines/
A small study in Norway showed that painting one blade of a wind turbine black reduced bird mortality by over 70%.
https://www.bloomberg.com/news/articles/2022-08-23/heat-waves-drive-demand-for-air-conditioned-clothing
Jackets and vests with the cooling technology, used for years by Japanese construction workers, are being redesigned as casual wear and marketed to general consumers as heat waves grow more frequent and intense. Although often dubbed “air-conditioned clothing,” that’s something of a misnomer, because there’s usually only a fan and nothing to actually cool the air.
…
Fans work by accelerating airflow to dry perspiration
https://www.vice.com/en/article/bvmvqm/an-ai-generated-artwork-won-first-place-at-a-state-fair-fine-arts-competition-and-artists-are-pissed
https://arstechnica.com/information-technology/2022/08/north-korea-backed-hackers-have-a-clever-way-to-read-your-gmail/
The malware, dubbed SHARPEXT by researchers from security firm Volexity, uses clever means to install a browser extension for the Chrome and Edge browsers, Volexity reported in a blog post. The extension can’t be detected by the email services, and since the browser has already been authenticated using any multifactor authentication protections in place, this increasingly popular security measure plays no role in reining in the account compromise. The extension isn’t available in Google’s Chrome Web Store, Microsoft’s add-ons page, or any other known third-party source and doesn’t rely on flaws in Gmail or AOL Mail to get installed.
Volexity President Steven Adair said in an email that the extension gets installed “by way of spear phishing and social engineering where the victim is fooled into opening a malicious document.
https://therecord.media/microsoft-bug-in-janet-jacksons-rhythm-nation-could-crash-a-laptop/
the vulnerability comes from a phenomenon discovered by Microsoft where playing “Rhythm Nation” would cause any laptop with a certain hard drive to crash.
In its CVE page, the MITRE organization said the 5400 RPM OEM hard drives were shipped primarily with many laptop PCs around 2005. If played near these laptops, the song causes “a denial of service (device malfunction and system crash) via a resonant-frequency attack.”
https://www.cyberscoop.com/top-justice-official-paper-only/
Hickey said the takeaway for the court system is that sometimes the old-fashioned way of doing things is safer. He added that the paper-only system applies only to the most sensitive sealed documents as opposed to all of them.
“It’s a lesson, a fairly familiar adage, that going online is not always the best thing,” Hickey added. “Convenience is great, but security in any internet connected system is going to be different from what it would be on paper.”
https://www.bleepingcomputer.com/news/security/anonymous-poop-gifting-site-hacked-customers-exposed/
ShitExpress, a web service that lets you send a box of feces along with a personalized message to friends and enemies, has been breached
https://www.wired.com/story/john-deere-tractor-jailbreak-defcon-2022/
FARMERS AROUND THE world have turned to tractor hacking so they can bypass the digital locks that manufacturers impose on their vehicles. Like insulin pump “looping” and iPhone jailbreaking, this allows farmers to modify and repair the expensive equipment that’s vital to their work, the way they could with analog tractors. At the DefCon security conference in Las Vegas on Saturday, the hacker known as Sick Codes is presenting a new jailbreak for John Deere & Co. tractors that allows him to take control of multiple models through their touchscreens.
https://www.binance.com/en/blog/community/scammers-created-an-ai-hologram-of-me-to-scam-unsuspecting-projects-6406050849026267209
Over the past month, I’ve received several online messages thanking me for taking the time to meet with project teams regarding potential opportunities to list their assets on Binance.com. This was odd because I don’t have any oversight of or insight into Binance listings, nor had I met with any of these people before.
It turns out that a sophisticated hacking team used previous news interviews and TV appearances over the years to create a “deep fake” of me. Other than the 15 pounds that I gained during COVID being noticeably absent, this deep fake was refined enough to fool several highly intelligent crypto community members.
https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser