Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Home Security. Show all posts
Personal Information
ADT data breach Customer Data Cyberattack Data Breach impact data privacy. Home Security Personal Information

ADT Data Breach: Millions of Customers Potentially Exposed

Home security behemoth ADT has confirmed a substantial data breach affecting an undisclosed number of its six million customers. The incident, which remains shrouded in mystery due to the company's reluctance to provide specifics, involved unauthorized access to sensitive customer information stored within ADT's databases.

Hackers successfully infiltrated the company's systems, exfiltrating data that included customers' home addresses, email addresses, and phone numbers. While ADT has categorically denied any compromise of home security systems, the company has been notably reticent about disclosing the methods used to reach this conclusion. The lack of transparency has raised concerns among customers and cybersecurity experts alike.

The breach came to light following allegations from an anonymous online figure who claimed to have acquired over 30,000 ADT customer records. Although the authenticity of these claims has yet to be independently verified, ADT's admission of a data breach lends credence to the hacker's assertions.

The incident underscores the growing vulnerability of even the most established companies to cyberattacks. As a major player in the home security industry, ADT's breach has far-reaching implications for the broader cybersecurity landscape. Customers are now left grappling with the potential misuse of their personal information, while the company faces mounting pressure to provide a comprehensive and transparent account of the incident.

The breach also highlights the complex web of corporate ownership in today's digital age. ADT's parent company, Apollo Global Management, is a significant player in the financial industry and also owns TechCrunch, a leading technology news outlet. This interconnectedness raises questions about potential conflicts of interest and the extent to which such relationships might influence the handling of cybersecurity incidents.

As the investigation unfolds, industry experts and consumers will be watching closely to see how ADT responds to the crisis. The company's ability to regain customer trust and strengthen its security posture will be crucial in determining the long-term impact of this breach.
Read more »
Threat Management
Cyber Security Home Security Smart Devices Threat Management

Here's How to Safeguard Your Smart Home Connected Devices

 

In a time where digital devices influence our daily lives, it is normal for households to have multiple smart home devices. Statistics show that each person owns at least three devices, with North Americans owning an average of nine. It is critical to understand that having a large number of devices and users on a single network could present serious issues. If a single device becomes infected, the entire network can be compromised. Certain measures must be taken to limit the implications and reduce the likelihood of cyberattacks. 

Here are three essential cybersecurity tips for securing smart home devices and safeguarding your network. 

Update software: It's critical for security that you keep the firmware and software on your smart devices updated. Updates are released by manufacturers to address vulnerabilities, fix issues, and occasionally add new features. If you don't update your devices, hackers may be able to take advantage of known vulnerabilities on them. 

Automatic update features are available on many devices; if they are, you should activate them. Without the need for human interaction, automatic updates make sure that your devices get the most recent security fixes as soon as they are made available. Updates can also improve your devices' general operation and performance, making them more dependable, efficient, and safe. 

Change default password: Devices from manufacturers typically come with default credentials that are public knowledge and easy to get hold of. Because these default passwords—like "admin" or "password123"—are often weak and predictable, brute-force assaults target them frequently. Thus, the first step is to make sure you secure the security of your smart gadgets and change them. 

A password manager may be useful for generating and storing complex passwords, making sure that each device has a unique password. Furthermore, ensure that you periodically update your passwords and avoid reusing old ones. 

Monitor devices: Regular monitoring of your connected smart devices is critical for detecting any strange or unauthorised behaviour early. Use network monitoring software to keep track of any devices that are linked to your home network. Applications such as Fing or built-in router tools can give you insight into your network. 

Make sure you set up alerts for new device connections and suspicious activity. Many modern routers include this feature, which notifies you of any new devices joining your network. This allows you to quickly discover and address any unwanted connections.
Read more »
U.S. Patent and Trademark Office
Cyber Security Cyber Trust Mark FCC Federal Communications Commission Home Security Joe Biden NIST U.S. government U.S. Patent and Trademark Office

Cyber Trust Mark: U.S. Administration Introduces Program to Boost Home Security


This Tuesday, Joe Biden’s government announced a ‘U.S. Cyber Trust Mark’ program that will focus on cybersecurity certification and product labels of smart home tech, as a step to help consumers choose products that provide better protection against cyber activities.

The new program was proposed by the Federal Communications Commission Chairwoman Chairperson Jessica Rosenworcel. The program apparently aims at helping consumers make well-informed decisions over purchasing products, like identifying the marketplace with advance cybersecurity standards.

"The goal of the program is to provide tools for consumers to make informed decisions about the relative security of products they choose to bring into their homes," the administration said.

U.S. Cyber Trust Mark

Under the proposed programs, consumers are likely to see a newly formed “U.S. Cyber Trust Mark” label, that will serve as a shield logo, distinguishing the products that satisfies the established cybersecurity criteria. Apparently, these criteria will be decided by the National Institute of Standards and Technology (NIST), which will include criteria like unique and strong default passwords, data protection, software updates and incident detection capabilities.

According to the administration, a number of significant retailers, trade groups, and manufacturers of consumer goods such electronics, appliances, and consumer goods have made voluntarily commitments to improve cybersecurity for the products they sell. Amazon, Best Buy, Google, LG Electronics USA, Logitech, and Samsung Electronics are among the participants.

Plans for the program was prior discussed by the Biden administration in late 2022 to establish a voluntary initiative with internet of things makers to help ensure products meet minimum security standards.

Reportedly, the FCC, which is responsible for regulating wireless communication devices is set to seek public comment regarding the labeling program by 2024.

According to the administration, the FCC is applying for registration to the U.S. Patent and Trademark Office to register a national trademark that would be used on products that satisfy the predetermined standards. 

"The proposal seeks input on issues including the scope of devices for sale in the U.S. that should be eligible for inclusion in the labeling program, who should oversee and manage the program, how to develop the security standards that could apply to different types of devices, how to demonstrate compliance with those security standards, how to safeguard the cybersecurity label against unauthorized use, and how to educate consumers about the program," the FCC notice says.

The proposal highlights inclusion of a QR code to products that will provide consumers with information, pending a certification mark approval by the U.S. Patent and Trademark Office.

Read more »
Vulnerabilites and Exploits.
CISA Home Security Malicious actor Patch Fix Smart Devices Software Vulnerabilites and Exploits.

Nexx Garage Door Cyber Vulnerabilities: Risks in Smart Home Security

Smart home devices have become increasingly popular in recent years, promising convenience, efficiency, and security. However, recent cyber security vulnerabilities in the Nexx Garage Door Opener have highlighted the risks of relying too heavily on technology without considering the potential consequences.

The Nexx Garage Door Opener is a smart home device that allows homeowners to open and close their garage doors remotely using their smartphones. However, security researchers have discovered that the device is vulnerable to hacking, allowing unauthorized access to the garage and potentially the entire home network.

According to a report by Bleeping Computer, hackers can easily exploit the vulnerabilities in the device's software and gain access to the device's firmware, allowing them to take control of the device remotely. There is currently no fix for this vulnerability, leaving homeowners vulnerable to potential cyber-attacks.

This is not the first time the Nexx Garage Door Opener has been found to be vulnerable to cyber-attacks. In 2019, security researchers discovered that the device was susceptible to a brute force attack, allowing hackers to access the garage door opener by guessing the password. The manufacturer released a patch to fix the vulnerability, but the recent discovery of the new vulnerability suggests that more work needs to be done to improve the security of smart home devices.

The vulnerability in the Nexx Garage Door Opener is just one example of the risks associated with smart home devices. As more and more devices are connected to the internet, the risk of cyber-attacks increases. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about the vulnerability and urged users to take immediate action to secure their devices.

In light of these vulnerabilities, it is crucial for homeowners to take a proactive approach to smart home security. This includes choosing devices from reputable manufacturers, keeping software and firmware up to date, and regularly changing passwords. Additionally, it is essential to monitor devices for any suspicious activity and be aware of the potential risks associated with using smart home devices.

In conclusion, the Nexx Garage Door Opener cyber vulnerabilities are a stark reminder of the importance of cyber security in smart homes. While the convenience and efficiency of smart home devices are appealing, it is essential to take precautions to protect against potential cyber-attacks. Homeowners must be proactive in their approach to smart home security, and manufacturers must take responsibility for improving the security of their devices.

Read more »
Ring Home Security
Android Central Cyber Safety Cyber Security Data Stolen Eufy Home Security Home Surveillance Ransomware attack Ring Home Security

Home Security: Breaches and Ransomware Making it Impossible to Review Firms and Their Security


The recent Ring home security ransomware incident and Eufy's insecure network has left numerous researchers and users wondering about the cyber safety these home security and surveillance firms possess. 

Product reviewers and tech journalists are even left with a sense of perplexity on what security camera, or security product must they recommend to potential users, knowing for a fact that the backend could or could not be secure. 

According to Michael Hicks, senior editor at Android Central “When I review a product, I try to be as nitpicky as possible. Not because I want to give a bad review, but because it's my job to go past the idealized press releases and spec sheets to see the cracks beneath the surface.” 

While it is possible to cite certain problems pertaining to a security camera, like the video quality or an unreliable AI detection. However, there is always the possibility of some undiscovered breach, even with the some of the best cameras around, that are tested and appreciated. 

Hicks says, this is not something most tech journalists are qualified to detect. With a smartphone, one can examine most software and security for themselves, and users too have almost complete control to block or enable apps from tracking them. The entire data security for a security camera is managed remotely, therefore we can only trust the company to protect ones data safely. 

The issue is that, if ever, we really can trust a security business to provide an honest assessment of its cybersecurity. 

Companies like LastPass or Eufy, whether they specialize in hardware or software, frequently conceal any ongoing breaches for months until they become public, at which point they play down their seriousness with technical jargons and mitigating factors. 

Some Recent Unsettling Incidents 

According to a report Vice published this past week regarding a third-party associated with Ring being infected by BlackCat ransomware, Ring employees have been instructed to “anything about this,” and that they are unsure yet what user data is at risk if Amazon does not pay. 

Prior to this incident, security researcher Paul Moore found that Eufy cameras were sending users' images and facial recognition data to the cloud without them knowing or consent, that one could stream anyone's private camera feeds from a web browser, and that Eufy's AES 128 encryption was easily cracked due to the use of simple keys. 

In response, Eufy patched some issues and edited its privacy guidelines to provide fewer protections for its users. 

Accepting the Unknown 

The bottom line is: even the renowned security firms with encryption that seems impenetrable can make choices that expose your personal information or home feeds, or they can recruit someone who unethically abuses their position of authority. And even if someone blows the whistle or a security expert notices the error, there is absolutely no guarantee that you will learn about it after that corporation learns about it. 

In an environment like this, casually reviewing any company's security camera on the basis of its merits and recommending online readers seems like an irresponsible take. Michael Hicks in his article wrote “It's my job to do so, and I will write about the Blink Indoor and Blink Mini once it's clear how its parent company handles the Ring ransomware attack.” 

However, in doing so, Michael Hicks adds he will have to include certain big disclaimers that he “just don't know what Blink's (or any company's) weakest link is.” There is a possibility that it could be a dishonest employee, an unreliable third-party team, shoddy encryption, or something else. 

In the meantime, he advises individuals to use security cams with local storage in order to avoid storing their private footages and information on company servers. However, there is no guarantee of security, considering the fact that firms like Eufy was well received and trusted as a local storage option before its numerous problems were revealed.  

Read more »
Ring LLC
ALPHV ALPHV ransomware gang Amazon Data Breach Data Stolen Home Security ransomware attacks Ring Ring LLC

Ring Data Breach: What you Need to Know About the Home Security Company Attack


With innovative doorbells and security cameras making a huge breakthrough for home security across the world, Ring now stores a great amount of data. Although the company has recently been facing ransomware gang threats to expose the data online. 

About Ring LLC 

Ring LLC is a home security and smart home company owned by Tech-giant Amazon. The firm creates home security systems with exterior cameras, such as the Ring Video Doorbell smart doorbell, and runs the Neighbors app, which allows users to share video footage with each other online in a communal setting. 

Ring Data Breach 

According to a report by Motherboard, the ALPHV ransomware gang has claimed to have acquired access to Amazon-owned Ring’s systems and its data. Despite the fact that there is no proof of a system breach, Ring did indicate as much in a statement to the news organization. But, it is well known to them that a ransomware assault has affected one of its third-party providers. 

In a response to Ring, ALPHV shares a post on Twitter saying “There’s always an option to let us leak your data”. The ransomware group has not yet made any of the data it is said to have stolen from the business available. But, there is still cause for alarm when Motherboard discovered a Ring listing on ALPHV's data dump website. 

Ransomware groups like ALPHV have evolved into using data dump sites to entice victims into paying ransoms in order to regain access to their data. In an effort to persuade businesses to cooperate with the hackers holding their data hostage, a tiny percentage of the stolen data from those businesses is frequently posted publicly. 

ALPHV Ransomware Gang 

The ALPHV ransomware gang has attacked companies in the US, Europe, and Asia. The group has also been referred to as BlackCat, named after the malware it deploys. In the past, ALPHV has taken credit for hacking hospitality firms like the Westmont Hospitality Group, which manages IHG and Hilton hotels around the world, as well as leaking medical data from the Lehigh Valley Health Network. 

ALPHV's data dump site, where it posts stolen data in collections referred to as "Collections," is another feature that sets it distinct from other ransomware organizations. Other ransomware organizations may have comparable websites, but ALPHV's is renowned for being indexed and simpler to search. 

Should you be Worried About Your Ring Data? 

Currently, Amazon is looking into a third-party vendor's data breach that ALPHV has claimed responsibility for. We are unlikely to hear anything more until this investigation is over. Ring's products are widely utilized in homes all over the world since they are among the best video doorbells and home security cameras today. 

However, the firm employs end-to-end encryption (E2EE) in the majority of nations to prevent governments and other parties from accessing the data from your cameras and snooping on them. If the ALPHV ransomware gang did end up infiltrating Ring’s third-party vendors, it is possible that the group has also managed to steal corporate or customer data in the attack. 

If you are concerned about your Ring data or even the fact that the firm is charging for features that were previously free, it is a good time to consider some alternatives instead. In any case, we will probably soon learn whether or not the ALPHV ransomware gang managed to steal client data.  

Read more »
Subscribe to: Posts (Atom)