Adobe patched 35 security vulnerabilities across a range of its products, including Acrobat, Reader, Illustrator, Substance 3D Painter, Aero, Animate, FrameMaker, and Dreamweaver.
Cyware News – Latest Cyber News – Read More
Cybersecurity researchers have discovered a concerning trend of PDF exploitation targeting users of Foxit Reader, a popular PDF software, with sophisticated attack chains and malware families being utilized in real-world scenarios.
Cyware News – Latest Cyber News – Read More
LogRhythm, a leading SIEM (Security Information and Event Management) company, is merging with Exabeam, another prominent SIEM player, in a move that aims to create a stronger, AI-driven security operations leader in the market.
Cyware News – Latest Cyber News – Read More
Cybersecurity professionals face a dilemma: sharing information after an attack can prevent future incidents, but businesses often hesitate due to fears of litigation, customer inquiries, and reputational harm.
Cyware News – Latest Cyber News – Read More
Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.
The post Third Chrome Zero-Day Patched by Google Within One Week appeared first on SecurityWeek.
SecurityWeek – Read More
The FBI and the DOJ have seized control of the BreachForums hacking forum, which was a marketplace for cybercriminals to buy, sell, and trade stolen data and other illegal services, and are now investigating the forum and its admins.
Cyware News – Latest Cyber News – Read More
Early in the movie “The Fifth Element”, there is a sequence that shows the dystopian nature of the future world: Korben Dallas’s smart taxi fines him for a traffic violation and revokes his license. Back in 1997, this seemed like science fiction – and it was. Today it’s turning into reality. But first things first.
Not so long ago, we looked at the potential dangers associated with the amount of data modern vehicles collect about their owners. Then, even more recently, an investigation revealed what this might mean in practice for drivers.
It turns out that carmakers, through specialized data brokers, are already selling telematics data to insurance companies, who are using it to raise the cost of insurance for careless drivers. Most alarming of all, however, is that car owners are often kept in the dark about all of this. Let’s investigate further.
It all started in the US when owners of General Motors vehicles (parent company of the Chevrolet, Cadillac, GMC, and Buick brands) noticed a sharp rise in their auto insurance premiums compared to the previous period. The reason, it transpired, was the practice of risk profiling by data broker LexisNexis. LexisNexis works with auto insurers to supply them with driver information, usually about accidents and traffic fines. But vehicle owners hit by the premium hike had no history of accidents or dangerous driving!
The profiles compiled by LexisNexis were found to contain detailed data on all trips made in the insured vehicle, including start and end times, duration, distance and, crucially, all instances of hard acceleration and braking. And it was this data that insurers were using to increase insurance premiums for less-than-perfect drivers. Where did the data broker get such detailed information?
From General Motors’ OnStar Smart Driver. That is the name of the “safe driving gamification” feature built into General Motors vehicles and the myChevrolet, myCadillac, myGMC, and myBuick mobile apps. The feature tracks hard acceleration and braking, speeding, and other dangerous events, and rewards “good” driving with virtual awards.
The OnStar Smart Driver safe driving gamification feature is built into myChevrolet, myCadillac, myGMC, and myBuick mobile apps by General Motors. Source
What’s more, according to some car owners, they didn’t enable the feature themselves – the car dealer did it for them. Crucially, neither General Motors’ apps nor the terms of use explicitly warned users that OnStar Smart Driver data would be shared with insurance-related data brokers.
This lack of transparency extended to the privacy statement on the OnStar website. While the statement mentions the possibility of sharing collected data with third parties, insurers are not specifically listed, and the text generally aims for maximum vagueness.
Along the way, LexisNexis was discovered to be working with three other automakers besides General Motors – Kia, Mitsubishi, and Subaru – all of which have similar safe driving gamification programs under names like “Driving Score” or “Driver Feedback”.
According to the LexisNexis website, the companies that work with the data broker include General Motors, Kia, Mitsubishi, and Subaru. Source
At the same time, another data broker – Verisk – was found to be providing telematics data to car insurers. Its automotive clients include General Motors, Honda, Hyundai, and Ford.
Another broker, Verisk, lists General Motors, Honda, Hyundai, and Ford in its telematics sales service description. Source
As a result, many drivers found themselves, in effect, locked into a car insurance policy with costs based on driving habits. It’s just that such programs used to be voluntary, offering a basic discount for participation – and even then, most drivers opted out. Now it appears that carmakers are enrolling customers not only without their consent, but without their knowledge.
According to available information, this is currently only happening to drivers in the US. But what starts in the States usually migrates, so similar practices may soon appear in other regions.
Unfortunately, there is no silver bullet to stop your automobile from harvesting data. Most new vehicles already come with built-in telematics collection as standard. And the number is only going to grow so that in a year or two these cars will make up more than 90% of the market. Naturally, the maker of your car won’t make it easy or even possible to turn off telematics.
If you’re ready to consider the factor of your car collecting data on you for third parties (or, in simple words, spying), then read our post with detailed tips on how you can try to get rid of surveillance by carmakers. Spoiler alert: it’s not easy and requires careful study of the documentation, as well as sacrificing some of the benefits of connected cars, so these tips won’t work for everyone.
As for the scenario described in this post of selling driver data to insurers, our advice is to search the in-vehicle menu and mobile app for a safe driving gamification feature and disable it. It may be called “Smart Driver”, “Driving Score”, “Driver Feedback”, or something similar. US-based drivers are also advised to request their data from LexisNexis and Verisk to be prepared for nasty surprises, and to see if it’s possible to delete information that has already been collected.
Kaspersky official blog – Read More
Scammers exploit Instagram’s influencer program to hijack users’ accounts by hacking into them, posting about cryptocurrencies, and then tricking victims into providing their login credentials to “vote” for the scammer’s fake influencer contest.
Cyware News – Latest Cyber News – Read More
In the midst of an economy struggling with soaring inflation, the Nigerian government paused plans to place a levy on domestic transactions that was aimed at enhancing cybersecurity.
darkreading – Read More
The hacking forum BreachForums is displaying a notice claiming that the website is under the control of the FBI.
The post BreachForums Shut Down in Apparent Law Enforcement Operation appeared first on SecurityWeek.
SecurityWeek – Read More
