Security Leftovers
-
-
Lawsuit Claims Microsoft Tracked Sex Toy Shoppers With 'Recording in Real Time' Software
In a complaint filed on June 25 in the Northern District of California, San Francisco resident Stella Tatola claims that Babeland and Good Vibrations—both owned by Barnaby Ltd., LLC—allowed Microsoft to see what visitors to their websites searched for and bought.
“Unbeknownst to Plaintiff and other Barnaby website users, and constituting the ultimate violation of privacy, Barnaby allows an undisclosed third-party, Microsoft, to intercept, read, and utilize for commercial gain consumers’ private information about their sexual practices and preferences, gleaned from their activity on Barnaby’s websites,” the complaint states. “This information includes but is not limited to product searches and purchase initiations, as well as the consumer’s unique Microsoft identifier.”
-
US businesses struggle to obtain cyber insurance, lawmakers are told [Ed: Windows TCO]
Experts and industry representatives told lawmakers at a Thursday hearing that U.S. businesses face obstacles in obtaining the cybersecurity insurance they need to hedge against the impact of breaches.
At the hearing before the House Homeland Security Committee’s cyber-focused subcommittee, Kimberly Denbow, the vice president of security and operations at the American Gas Association, said that cyber insurers willing to write policies for natural gas utilities are limited and that when policies are available their terms are difficult to understand.
-
Security updates for Friday
Security updates have been issued by AlmaLinux (pki-core), Debian (dlt-daemon and plasma-workspace), Fedora (emacs and kernel), Mageia (erofs-utils, libheif, libopenmpt, and wget), Red Hat (pki-core and python3), SUSE (frr), and Ubuntu (fontforge, sqlite3, and squid3).
-
Microsoft Alerts More Customers to Email Theft in Expanding Midnight Blizzard Hack
Shockwaves from the Russian government's hack of Microsoft's corporate infrastructure continue to spread as the victim pool widens.
-
Russian APT Reportedly Behind New TeamViewer Hack
TeamViewer’s corporate network was hacked and some reports say the Russian group APT29 is behind the attack.
-
Remote access provider TeamViewer discloses breach attributed to Russian hackers
TeamViewer SE, the developer of a widely-used application for remotely accessing computers, has experienced a network breach. The company disclosed the incident on Thursday. In a follow-up update published today, TeamViewer attributed the cyberattack to APT29, a Russian state-backed hacking group. -
Spotify Reportedly Removes Russian Pro-War Artists, Raising Takedown Policy Questions
Music streaming service Spotify has confirmed that it has removed the songs and profiles of pro-war Russian artists from its service. The removals come after Spotify suspended service in Russia and is focused on artists who are sanctioned by the West.
-
[Repeat] Stephen Smoogen: What happens to EPEL-7 when EL-7 goes EOL.
On June 30, 2024, Red Bait will stop doing general maintenance support of RHEL-7 and no more updates to that operating system will be available without purchasing ‘Extended Life-cycle Support’ contracts from Red Hat or similar contracts from SuSE’s Liberty Linux, Perforce’s OpenLogic, or various other consultants and companies offering [...]
-
In Other News: Malware Delivered by ISP, Temu Spying, Critical Dataverse Vulnerability
Noteworthy stories that might have slipped under the radar: Korean ISP delivers malware to customers, Temu sued for allegedly spying on users, Abusive Monopolist Microsoft patches a critical Dataverse vulnerability.
-
Steinar H. Gunderson: This is how people think about security
I borrowed a 3D printer with Octoprint set up, and happened to access it from work, whereupon I was greeted with a big scary message and a link to this blog post. Even though it is from 2018, there seems to be no retraction, so I figured it's an interesting insight in how people seem to think about security: [...]
-