At a glance.
- D-Link router vulnerabilities found.
- COVID-19 vaccine phishbait.
- Apple's store makes privacy features transparent.
- Ad tracking is everywhere.
- People's Energy breached.
D-Link router bugs leave it wide open to hackers.
Researchers at cybersecurity firm Trustwave report they’ve discovered five vulnerabilities on the D-Link DSL-2888A router that, when exploited properly, could allow a threat actor to hack the device. Insufficient authentication on the router’s web portal means a bad actor could infiltrate the administrative interface even without a valid password. Once connected to the network, the hacker can obtain login credentials in plaintext and execute system commands. D-Link has notified the public of the security flaws and released firmware updates to patch them.
Phishers put COVID-19 vaccine on the hook.
Analysts at email security provider Avanan report that yet another phishing scam is capitalizing on the COVID-19 pandemic, this time a little more convincingly than most. Victims are receiving what appears to be a letter from BioNTech, one of the distributors of the recently approved Pfizer vaccine, giving the recipient instructions for preordering the vaccine. Cleverly, the email contains no malicious link, which would normally tip off phishing scanners, instead directing the interested victims to email a specified address. The domain name mentioned actually belongs to a fully functional yet fraudulent website that is nearly identical to the real BioNTech website. The phishers worked fast here, as they registered the domain for the fake website just two days after BioNTech announced the vaccine, and started targeting victims just days later.
Apple’s app store makes privacy info public.
ZDNet reports that a new feature of Apple’s app store will supply users with privacy information for any available iOS app, making it simpler for users to instantly see what user data the app will gather and how it will be used. Each app’s privacy policies are displayed in the “App Privacy” section of its listing on the app store, and depending on the app, the details can be as lengthy as the side effects list in a pharmaceutical commercial. While some apps have yet to supply the app store with the info, every new app is being asked to submit it before being added to the store’s inventory.
Survey says ad tracking is omnipresent.
Businesswire reports that a recent survey conducted by CRM Essentials and commissioned by global technology company Zoho has found that while 100% of the US and Canadian businesses surveyed allow third-party ad tracking, 62% do not inform their customers about it. Of the more than 1,400 organizations surveyed, B2B companies are most likely to keep customers in the dark about tracking. Ironically, more than half of the company leaders interviewed believe that their company’s privacy policies are clearly communicated to users. Zoho Chief Evangelist Raju Vegesna stated, “User tracking to serve ads has turned into adjunct surveillance, a term we use at Zoho when companies collect data without consumer knowledge.”
People's Energy breached.
People's Energy, a British firm that describes itself as not having been "set up for profit," and which offers power from sustainable sources, was breached, the BBC reports. All 270,000 customers were affected. The data lost includes "names, addresses, dates of birth, phone numbers, tariff and energy meter IDs." Chris Clements, VP of Solutions Architecture at Cerberus Sentinel, emailed a call for a change in "mindset" with respect to information security: "Risks from cyber-attack need to be taken with the same seriousness as risks from fire or flooding. The reality is that most security compromises are simple attacks of opportunity and every organization is a viable target for cyber criminals. The same way organizations invest in fire suppression and alarm systems they also must consider cyber security protection and monitoring as part of the cost of doing business. It’s critical that this start with adopting a culture of security from executive management to individual line of business contributors."