Dateline
Ukraine at D+462: Skirmishing in cyberspace. (CyberWire) As Russian missile strikes continue, some unusual criticism of President Putin appears on Russian TV. Ukrainian hacktivists count coup, tankers carrying Russian oil spoof their positions, and the FSB says Apple is in bed with NSA.
Russia-Ukraine war at a glance: what we know on day 463 of the invasion (the Guardian) Three people including child killed in early morning missile attack on Kyiv; eight wounded in shelling of Belgorod region in Russia
Three Killed Including A Child In Latest Russian Missile Strikes On Kyiv (RadioFreeEurope/RadioLiberty) An overnight Russian missile attack on Kyiv killed at least three people, including a 9-year-old girl and her mother, and wounded 10 others, city officials said on June 1. The casualty toll was the highest from one attack on the nation's capital in the past month.
Kyiv strikes: three die in early morning attack by Russia (the Guardian) Girl and her mother reportedly among the dead from falling debris after short-range missiles intercepted
Russia’s Month of Missile Madness: 90% of Projectiles Failed, $1.7 Billion Spent (KyivPost) Kyiv Post analyzed Ukraine air force data on Russia’s May missile campaign which shows that although on a huge scale was highly ineffective, costly and wasteful.
Russian missiles and drones had a 90% failure rate in May and that cost the Kremlin $1.7 billion, Ukraine says (Business Insider) Russia deployed 563 missiles and kamikaze drones in May, and 533 were destroyed by Ukrainian air defense systems, the Kyiv Post reported.
Drones Hit Russian Oil Refineries as Moscow Shores Up Front Line (Wall Street Journal) Such attacks come as Russia loses the initiative in the conflict, say Western officials, with Moscow increasingly reacting to Ukrainian offensives that are setting the agenda on the battlefield.
Ukraine war: Russia 'destroys Ukraine's last warship' (The Telegraph) Russia said it had destroyed Ukraine’s “last warship” two days ago in a missile strike.
Russia may be devoured by its neighbours (The Telegraph) Japan, China, Turkey and even Ukraine could lay claim to Moscow’s territories. Putin may reap what he has sown
DOD Announces New Security Assistance Package for Ukraine (U.S. Department of Defense) The Defense Department announced an additional security assistance package for Ukraine today that contains key capabilities to arm against Russian airstrikes targeting critical infrastructure across the country.
US announces $300m arms package for Ukraine – with a caveat (the Guardian) The shipment comes with a warning that the weaponry should not be used to attack within Russia
Equipment for Ukraine drawn from Kuwait wasn’t combat-ready, IG says (Defense News) If poorly maintained howitzers from Kuwait stock were sent directly to Ukraine, it "would have killed somebody," a DoD inspector general report found.
Zelenskiy pleads for ‘security guarantees’ for Ukraine and Moldova (the Guardian) Ukrainian president tells summit of European leaders in Moldova that countries need protection from Russia
Macron Will Push NATO For ‘Concrete’ Security Guarantee for Ukraine (Defense One) With alliance membership still unsure, French president wants the next best thing.
NATO Monitors Moldova's Skies As European Leaders Gather (RadioFreeEurope/RadioLiberty) NATO will monitor the skies over Moldova as more than 40 European leaders attend a summit close to Ukraine's borders to show support for both countries as Kyiv prepares a counteroffensive against Russia's invasion.
Russia’s ‘Silicon Valley’ hit by cyberattack; Ukrainian group claims deep access (Record) The Skolkovo Foundation said attackers gained limited access to its systems. A group of Ukrainian hackers said they had done major damage to the Russian tech organization.
An In-Depth Look at Cuba Ransomware (Avertium) Cuba ransomware first appeared in 2019 but remained nearly unnoticed until November 2021. Let's take a look at their recent attacks, tactics, & techniques.
Fake Signals and American Insurance: How a Dark Fleet Moves Russian Oil (New York Times) The New York Times tracked several oil tankers faking their locations while transporting Russian oil currently under Western sanctions, in an apparent effort to deceive their American insurer.
Russia says U.S. accessed thousands of Apple phones in spy plot (Reuters) Russia's Federal Security Service (FSB) said on Thursday it had uncovered a U.S. National Security Agency (NSA) plot using previously unknown malware to access specially made so-called backdoor vulnerabilities in Apple phones.
Unlawful Transfer: Inside The Russian System To Take Ukraine's Children (RadioFreeEurope/RadioLiberty) Moscow is making it easier to send children taken from Ukraine to orphanages and families in Russia -- and harder for their real families to bring them home. An RFE/RL investigation reveals details about the process that has earned President Vladimir Putin an arrest warrant for war crimes.
U.S. Lawmakers Support International Tribunal To Prosecute Crimes Of Aggression In Ukraine (RadioFreeEurope/RadioLiberty) U.S. lawmakers and a top U.S. diplomat expressed support on May 31 for the creation of an international tribunal separate from the International Criminal Court (ICC) to try crimes of aggression that have taken place during the war in Ukraine.
Attacks, Threats, and Vulnerabilities
Iranian dissidents' claim of presidential hack likely legitimate, experts say (CyberScoop) The hack and leak operation revealed Monday includes a trove of files related to Iranian President Ebrahim Raisi.
Southeast Asian hacking crew racks up victims, rapidly expands criminal campaign (CyberScoop) A group called "Dark Pink" is likely based in Southeast Asia and shows signs of ongoing development and recent activity, researchers say.
Suspected State-Backed Hackers Hit Series of New Targets in Europe, SE Asia (Insurance Journal) A hacking group suspected of ties to an Asian government has broadened its targets to government agencies in countries including Indonesia and Thailand,
Supply Chain Risk from Gigabyte App Center Backdoor (Eclypsium) Recently, the Eclypsium platform began detecting suspected backdoor-like behavior within Gigabyte systems in the wild. These detections were driven by heuristic detection methods, which play an important role in detecting new, previously-unknown supply chain threats, where legitimate third-party technology products or updates have been compromised. Our follow-up analysis discovered that firmware in Gigabyte systems is […]
Experts warn of backdoor-like behavior within Gigabyte systems (Security Affairs) Researchers discovered a suspected backdoor-like behavior within Gigabyte systems that exposes devices to compromise. Researchers from firmware security firm Eclypsium have discovered a suspected backdoor-like behavior within Gigabyte systems. The experts discovered that the firmware in Gigabyte systems drops and executes a Windows native executable during the system startup process. The executable is utilized for insecure […]
Millions of PC Motherboards Were Sold With a Firmware Backdoor (WIRED) Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.
Gigabyte motherboards shipped with hidden firmware backdoor (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.
2023-05-31 // SITUATIONAL AWARENESS // Spyboy Defense Evasion Tool Advertised Online (r/crowdstrike) On May 21, 2023, an online persona named spyboy began advertising an endpoint defense evasion tool for the Windows operating system via the Russian-language forum Ramp. The author claims that the software — seen in a demonstration video as being titled “Terminator” — can bypass twenty three (23) EDR and AV controls. At time of writing, spyboy is pricing the software from $300 USD (single bypass) to $3,000 USD (all-in-one bypass).
Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery (SecurityWeek) Recently discovered Barracuda zero-day vulnerability CVE-2023-2868 has been exploited to deliver malware and steal data since October 2022.
Chinese-speaking phishing ring behind latest fake fee scam targeting UAE; another campaign exposed (Group-IB) Group-IB, a global cybersecurity leader headquartered in Singapore, has attributed a recent wave of scams impersonating UAE public bodies to a Chinese-speaking phishing gang, codenamed PostalFurious.
Mitiga Security Advisory: Lack of Forensic Visibility with the Basic License in Google Drive (Mitiga) After gaining initial access to any platform, data theft (exfiltration) is one of the most common attack vectors used by threat actors.
Ado-be-gone: Armorblox Stops Adobe Impersonation Attack (Armorblox) Today, we shed light on an email attack that impersonated Adobe, with a focus on Adobe Acrobat. This attack bypassed native Microsoft 365 email security, and would have landed in the inboxes of more than 2,300 end users if not successfully detected and stopped by Armorblox.
The Picture in Picture Attack (Avanan) Hackers are hiding malicious links within pictures.
Hackers hunting for exposed Apache NiFi, warns SANS Institute (IT World Canada News) Threat actors are scouring the internet for unprotected instances of Apache NiFi, to steal server credentials and install cryptominers, warns the SANS Institute. "An attacker for such a misconfigured system can access all the data processed by NiFi and read/modify/delete the NiFi configuration," Johannes Ullrich, the cyber training organization's director of research, said today in
Your Business Data and Machine Learning at Risk: Attacks Against Apache NiFi (SANS Internet Storm Center) Apache NiFi describes itself as “an easy-to-use, powerful, and reliable system to process and distribute data.” [1] In simple terms, NiFi implements a web-based interface to define how data is moved from a source to a destination. Users may define various “processors” to manipulate data along the way. This is often needed when processing business data or preparing data for machine learning. A dataset used for machine learning may arrive in one format (let's say JSON), but to conveniently use it for training, it must be converted to JSON or inserted into a database. The features are not just attractive to machine learning, but many business processes require similar functionality.
DNS Snooping on Apple iOS 14 Zero-Click Spyware KingsPawn (CircleID) Last year, several governments reportedly used the NSO Group's spyware Pegasus to exploit a zero-day vulnerability in WhatsApp to spy on journalists, opposition politicians, and dissidents via their mobile devices. Apple quickly addressed the issue by launching more powerful data protection features.
Apology and Notice Concerning Newly Discovered Potential Data Leakage of Customer Information Due to Cloud Settings (Toyota Motor Corporation Official Global Website) On May 12, Toyota Motor Corporation (TMC) announced "Apology and Notice Concerning Potential Data Leakage of of Customer Information Due to Misconfiguration of Cloud Environment (Japanese only)" Subsequently, we conducted an investigation for all cloud environments managed by TOYOTA Connected Corporation (TC). It was further discovered that a part of the data containing customer information had been potentially accessible externally. We would like to inform you of the incident that has been identified as of today.
Toyota finds more misconfigured servers leaking customer info (BleepingComputer) Toyota Motor Corporation has discovered two additional misconfigured cloud services that leaked car owners' personal information for over seven years.
Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers (Dark Reading) The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.
Molly White Tracks Crypto Scams. It's Going Just Great (WIRED) In 2021, software engineer Molly White launched a cautionary Web3 blog to pour cold water on cryptocurrency's dumpster fires
BREAKING: New data breach affects over 1,000 patients throughout UL Hospitals Group (Limerick Post Newspaper) A SPOKESMAN for University Hospital Limerick Group has confirmed that there has been a fresh data breach affecting more than 1,000 patients.
MCNA Notifies 8.9M Individuals of Healthcare Data Breach (Health IT Security) An internal investigation revealed that the breach exposed the personal information of nearly 9M patients, marking the year's largest healthcare data breach so far.
IL Hospital Suffers Cybersecurity Incident (Health IT Security) Illinois-based Morris Hospital & Healthcare Centers is investigating a cybersecurity incident that occurred when the organization discovered unusual activity within its network.
Cleveland Clinic suffers patient data breach (Becker's ASC Review) Cleveland Clinic has filed a notice of data breach with the Attorney General of Massachusetts after an unauthorized user accessed confidential patient informati
Cleveland Clinic patients caught up in medical billing data breach (Becker's Hospital Review) Data breach at MedInform affects Cleveland Clinic patients, potentially including names, addresses, Social Security numbers, and financial information.
Clinical test data of 2.5 million people stolen from biotech company Enzo Biochem (Record) An April ransomware attack on a biotech company resulted in the compromise of test information and personal data of nearly 2.5 million people, according to regulatory filings.
Dallas Animal Services Still Recovering From City Ransomware Attack (NBC 5 Dallas-Fort Worth) Staff have been working hard to overcome challenges and operate one of the largest shelters in the country, despite the impact on its computer system
Hillsborough County voter system breach exposes 58,000 people's information (WTSP) Officials believe the unauthorized user accessed Hillsborough County voters' social security or driver's license numbers.
Hillsborough election hack exposed 58,000 voters’ private information (Tampa Bay Times) A criminal investigation into the cyberattack continues.
Cyberattack forces Idaho hospital to send ambulances elsewhere (CNN Politics) A hospital in Idaho has been diverting ambulances to other hospitals for more than 24 hours because of a cyberattack, a hospital spokesperson confirmed to CNN on Wednesday in the latest example of a hacking incident complicating health care in the US.
Ransomware resurgence underscores the dynamic nature of cyber risk (Advisen) The cybersecurity threat landscape is dynamic and rapidly evolving. On any given day, a hacker’s preferred attack method can change. Businesses should be mindful of this shifting landscape and take proactive steps to mitigate potential losses from various cyber threats rather than focusing on preventing a particular attack method that is making headlines.
Vulnerability Summary for the Week of May 22, 2023 (Cybersecurity and Infrastructure Security Agency CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Information Warfare in the Depths: An Analysis of Global Undersea Cable Networks (U.S. Naval Institute) The world increasingly relies on undersea cables for economic viability. Their security is at risk.
Security Patches, Mitigations, and Software Updates
Chrome 114 Released With 18 Security Fixes (SecurityWeek) Chrome 114 stable brings 18 security fixes, including 13 for vulnerabilities reported by external researchers.
Zyxel security advisory for post-authentication command injection vulnerability in NAS products (Zyxel Community) CVE: CVE-2023-27988 SummaryZyxel has released patches addressing a post-authentication command injection vulnerability in some NAS versions.
Trends
CISOs Plan to Increase Cybersecurity Spending Despite Economic Concerns, Study Says (PR Newswire) Nuspire, a leading managed security services provider (MSSP), announced findings from its second annual research study, revealing current...
Second Annual CISO Research Report on Challenges and Buying Trends: A Focus on Optimization (Nuspire) Understanding the challenges faced by chief information security officers (CISOs) and IT decision-makers (ITDMs) is critical for businesses looking to strengthen their cybersecurity posture, stay competitive and ensure regulatory compliance.
Research Report Shows the US is Leading Adoption of New Digital Identi (PRWeb) US organizations are leading the adoption of digital identity solutions — well ahead of their UK counterparts, according to a new report from Curity, an API-focused
Marketplace
Cisco Buys Armorblox to Bring Generative AI to Its Portfolio (Gov Info Security) Cisco plans to make its third tuck-in cybersecurity acquisition of 2023 to protect email, cloud office applications and enterprise communications through natural
Acquisition of Men&Mice to Expand BlueCat's Services (CIOReview) Acquisition of Men&Mice to Expand BlueCat's Services By CIOReview - The acquisition of Men&Miceadvances BlueCat's strategy to position itself as an industry leader in DNS, DHCP, and IP...
Dig Security Secures Strategic Investment from Samsung Ventures for Cloud Data Security Posture Management (DSPM) (PR Newswire) Dig Security, the cloud data security leader, announced a new investment from Samsung Ventures today. The investment will accelerate Dig's...
IBM to Retrench About 8,000 Jobs to Move Toward AI Automation (Zacks Investment Research) IBM recently announced a halt in the hiring process as it's aiming to replace around 8000 jobs with AI technology.
PCI Security Standards Council Announces 2023-2025 Advisory Board (PCI Security Standards Council) The PCI Security Standards Council (PCI SSC) announced the newly elected 2023-2025 Board of Advisors. The Board of Advisors represents the Council’s Participating Organizations (POs) worldwide to ensure global industry involvement in the development of PCI standards […]
Bishop Fox Names Kevin Tonkin First CPO (SecurityBrief Asia) Cybersecurity firm Bishop Fox appoints Kevin Tonkin as its first ever Chief Product Officer to lead expansion of its continuous offensive security platform.
Products, Services, and Solutions
Infosec products of the month: May 2023 (Help Net Security) The featured infosec products this month are from: Aqua Security, Axiado, Bitwarden, Cloudflare, ComplyAdvantage, Dashlane, and more.
HYAS Infosec Wins 2023 Fortress Cybersecurity Award (Business Wire) HYAS Insight Selected in Threat Intelligence Category for “Always Staying One Step Ahead” In Cybersecurity
ConnectWise Recognized for Exceptional Innovation and Successful Deployment Through The Channel (ConnectWise) ConnectWise, the world’s leading software company dedicated to the success of IT solution providers, announced today that TMC, a global, integrated media company helping clients build communities in print, in person and online, has named ConnectWise RMM as a 2023 MSP Today Product of the Year Award winner.
Company Recognized for Second Year in Categories for Leadership, Endpoint Detection, Incident Response and Network Security (ConnectWise) ConnectWise won in four categories and was named a finalist in the training category for the 2023 Fortress Cybersecurity Awards. Read...
Testlio and Bugcrowd Join Forces to Deliver Comprehensive Quality and Security with Crowdsourced Testing for More Cost Efficient DevSecOps (Bugcrowd) Alliance combines experts across quality and security domains to give product teams exceptional value on end-to-end software testing coverage
Cipherpoint Signs Agreement with Trend Micro (Australian Cyber Security Magazine) Cipherpoint has announced that Excite IT, its recently acquired wholly owned subsidiary, has entered into an agreement with Trend Micro Australia to provide security operations services to support Trend’s managed detection and response service in Australia.
LogRhythm snaps up SIEM Computer Software accolade yet again (SecurityBrief Australia) LogRhythm, the cybersecurity company, has been recognised with the SIEM Computer Software accolade at the 2023 SBR Technology Excellence Awards.
ID Quantique joins EAGLE-1, Europe's pioneering quantum key distribution initiative (PR Newswire APAC) The ESA- and EC-supported EAGLE-1 LEO satellite will be equipped with innovative security features developed by ID Quantique and TESAT, Europe's leading laser communication technology company
Novel ‘Automated Program Analysis’ Technique Drastically Improves Internet of Things and Embedded Systems Security (GlobeNewswire News Room) Resulting Cybersecurity Tech More Accurately Detects Exploitable Vulnerabilities...
OccamSec Launches New Platform to Manage Cyber Threat Exposures Across Mobile, API, and Cloud Environments (PR Newswire) OccamSec today launched its market-defining Continuous Threat Exposure Management (CTEM) platform with the major expansion of Incenter. With...
Tel Aviv Stock Exchange Selects CardinalOps to Reduce Risk of Breaches Due to Undetected Attacks (PR Newswire) CardinalOps, the detection posture management company, today announced that the Tel Aviv Stock Exchange (TASE) has deployed the CardinalOps...
FortMesa Joins CompTIA in Effort to Strengthen the Cybersecurity Culture throughout the Global MSP Community (FortMesa) Leader in security enablement tools for IT service providers will supply critical component for CompTIA Cybersecurity Trustmark
BigID Revolutionizes Auto-Classification with Classifier Tuning (PR Newswire) BigID, the leading data intelligence platform that enables organizations to know their enterprise data and take action for Data Security,...
Technologies, Techniques, and Standards
9 smart contract vulnerabilities and how to mitigate them (Security | TechTarget) Smart contracts are increasingly popular targets for attackers, so knowing how to mitigate the top smart contract vulnerabilities is critical. Learn how.
5 free OSINT tools for social media | WeLiveSecurity (WeLiveSecurity) A roundup of some of the handiest tools for the collection and analysis of publicly available data from Twitter, Facebook and other social media platforms.
Top 9 Reasons Why Cybersecurity Should be a Priority for Small Business Owners (Techshali) In today’s digital age, cybersecurity has become more important than ever. Small business owners are often vulnerable to cyber attacks due to their lack of resources and expertise in this area. The consequences of a cyber attack can be devastating, ranging from financial losses to reputational damage. That’s why it’s crucial for small business owners …
Design and Innovation
Thinking straight in the SoC: How AI erases cognitive bias (Register) The whispering voice presents an alternative point of view to steer cyber security pros in the right direction
ChatGPT Is Cutting Non-English Languages Out of the AI Revolution (WIRED) AI chatbots are less fluent in languages other than English, threatening to amplify existing bias in global commerce and innovation.
Why an Octopus-like Creature Has Come to Symbolize the State of A.I. (New York Times) The Shoggoth, a character from a science fiction story, captures the essential weirdness of the A.I. moment.
Security Think Tank: A brief history of (secure) coding (Computer Weekly) From controlling who was allowed to work with IBM mainframes to present-day DevSecOps techniques, the concept of secure coding has a longer history than you might think
Legislation, Policy, and Regulation
China Investing in Open-Source Intelligence Collection on the U.S. (New York Times) A new report outlines Chinese efforts to mine public information from the Pentagon, think tanks and private companies to gain insight on the American military.
'US is the empire of hacking': China just hit back at Microsoft's accusations that it attacked critical American infrastructure. Is there a cause for concern as tensions heat up? (Yahoo Finance) Microsoft has 'moderate confidence' that Chinese cyberattack tools have been created.
Canada to set up cyber security certification for defence contractors (Reuters) Canada will work with the United States to draft a cyber security certification framework for defence contractors that will be identical for both countries as incidents of malicious hacking increase, the defence minister said on Wednesday.
New bill aims to boost cybersecurity cooperation between U.S., Abraham Accords nations (Axios) A bipartisan group of senators is introducing a bill to enhance cybersecurity cooperation between the Department of Homeland Security and Abraham Accords countries — Israel, the United Arab Emirates, Bahrain and Morocco, according to a statement shared with Axios.
ChatGPT Risks Divide Biden Administration Over EU’s AI Rules (Bloomberg) Some officials fear tough regulation will give China an edge. US and EU are discussing AI regulation this week in Sweden.
Key US Official Calls for Tech Companies to 'Do Something' About AI (VOA) Director of lead US cybersecurity agency says it is not enough for tech executives, scientists involved with artificial intelligence to issue warnings, a day after more than 350 sign statement about human extinction
AI and China are ‘defining challenges of our time,’ CISA director says (FCW) Artificial intelligence’s potential as an “extinction event” for humanity prompted CISA Director Jen Easterly to advise companies to “think about self-regulation” for product security and safety.
US Army may ask defense industry to disclose AI algorithms (Federal Times) "It's not to get at vendor IP," Young Bang said. "It's really about, how do we manage the cyber risks and the vulnerabilities?"
CISA Chief Confident on Agency’s Budget Trajectory (Meritalk) Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said today she is confident that Congress will give CISA the funding it needs to execute on its mission even in times of skinnier Federal budgets, and emphasized her belief that cybersecurity is an issue with substantial bipartisan support among lawmakers.
Will the debt ceiling deal mean less for homeland security? (Atlantic Council) Congress needs to ensure that the Department of Homeland Security has the resources it needs to defend the nation against nonmilitary threats.
DHS Asked to Replace Aging Technology to Plug Security Risks (Bloomberg Law) The Department of Homeland Security needs to replace aging technology systems to prevent security breaches, Sen. Maggie Hassan (D-N.H.) said at a hearing Wednesday.
DHS likely needs more funding for IT modernization, says watchdog official (FedScoop) GAO Director of IT and Cybersecurity Kevin Walsh told lawmakers on Wednesday that IT modernization "may not be a cost saving endeavor".
UALR: Grant will enhance fighting attacks on utilities (Arkansas Online) The Emerging Threat Information Sharing and Analysis Center -- of which the University of Arkansas at Little Rock is a key member -- is expanding, thanks to a $1 million grant from the U.S. Department of Energy.
White House to choose Army general to be new No. 2 at Cyber Command (Record) Maj. Gen. William Hartman is the president's pick to be the next deputy of U.S. Cyber Command as the organization's leadership transitions into a new era.
Litigation, Investigation, and Law Enforcement
Shopee Taiwan fined NT$200,000 for customer data breaches (Taiwan News) MODA says country's largest e-commerce site failed to protect data | 2023-05-30 20:48:00
US court finds that border phone searches need a warrant (Register) Here's a story with a twist
Jack Teixeira Should Have Been Stopped Again and Again (The Atlantic) How did the worst leak in a decade take almost a year to be detected?
Has loneliness become a national security issue? (Military Times) Recent revelations about the prevalence of mental health issues in America present challenges, including questioning how security clearances are vetted.
FTC Says Ring Employees Illegally Surveilled Customers, Failed to Stop Hackers from Taking Control of Users' Cameras (Federal Trade Commission) The Federal Trade Commission charged home security camera company Ring with compromising its customers’ privacy by allowing any employee or contractor to access consumers’ private
Amazon to Pay $25 Million to Settle Children’s Privacy Charges (New York Times) Regulators said the tech giant kept children’s Alexa voice recordings “forever,” violating a children’s privacy law.