{"id":26992,"date":"2022-08-17T08:17:10","date_gmt":"2022-08-17T12:17:10","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=498479"},"modified":"2022-08-17T12:16:58","modified_gmt":"2022-08-17T16:16:58","slug":"cyber-security-today-august-17-2022-warnings-to-data-collectors-users-of-remote-access-technologies-and-firms-with-wireless-device-location-systems","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-august-17-2022-warnings-to-data-collectors-users-of-remote-access-technologies-and-firms-with-wireless-device-location-systems\/","title":{"rendered":"Cyber Security Today, August 17, 2022 \u2013 Warnings to data collectors, users of remote access technologies and firms with wireless device location systems"},"content":{"rendered":"<p data-ar-index=\"0\">Warnings to data collectors, an alert on remote access technologies and a caution to those using wireless device location systems.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Wednesday, August 17th, 2022. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.<\/p>\n<p data-ar-index=\"2\"><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/24077436\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"3\">\n<p data-ar-index=\"4\">Businesses love collecting data that tells them about customers. But I have two pieces of recent news about consumer data collection that serve as warnings to corporate data privacy officers.<\/p>\n<p data-ar-index=\"5\"><strong>First,<\/strong> researchers this week <a href=\"https:\/\/www.cell.com\/patterns\/fulltext\/S2666-3899(22)00172-6#relatedArticles\" rel=\"noopener\">published a report<\/a> that raised questions about data collected online by medical-related companies and shared with Facebook for advertising and product lead generation. The report comes from a data science journal called Patterns. It suggests common marketing tools used by health or pharmaceutical companies may be sharing sensitive health data of people with Facebook without their consent for advertising. This is important, researchers say, because Facebook groups are places where many people go for support from their peers and for health information. But, the report says, the browsing data of people who go to the websites of some health companies, who sign up for digital health apps or give data by filling in online surveys might identify those who thought they were anonymous. That raises worries about the impact of data theft and the resulting targeting of misleading health-related ads by scammers to people. Researchers also pointed out that three of the five cancer-related health companies they studied using cross-site browser tracking tools didn\u2019t comply with their own privacy policies.<\/p>\n<p data-ar-index=\"6\"><strong>The second item<\/strong> is the announcement last week that the U.S. Federal Trade Commission <a href=\"https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2022\/08\/ftc-explores-rules-cracking-down-commercial-surveillance-lax-data-security-practices\" rel=\"noopener\">is thinking about creating regulations<\/a> to crack down on what it calls harmful online commercial surveillance of people and lax data security of companies that collect data. Firms collect personal data on a massive scale, said commission chair Lina Khan. Businesses that hoover up sensitive user data may unlawfully handle that data, she said. The FTC also worries about the processing of data through machine learning algorithms that could discriminate against consumers based on race, gender, religion and age. That could be used against them when they look for jobs or want to get loans. Americans interested in letting the FTC know if it should \u2014 or shouldn\u2019t \u2014 get into this area have until mid-October to file a brief. There will also be an online public forum for Americans to discuss the issue on September 8th.<\/p>\n<p data-ar-index=\"7\">Privacy experts say businesses need to think carefully about what personal data they collect, whether they need to collect as much as they do, whether it should be anonymized, how personal data is stored, how long it should be held until it is destroyed, whether it will be sold to third parties \u2014 and, most importantly, how to be upfront to the public about all of this.<\/p>\n<p data-ar-index=\"8\"><strong>Attention IT, OT and security leaders:<\/strong> There are thousands of vulnerable internet-facing virtual network computing endpoints out there. And they are vulnerable because they don\u2019t require authentication to log in. <a href=\"https:\/\/blog.cyble.com\/2022\/08\/12\/exposed-vnc-a-major-threat-to-critical-infrastructure-sectors\/\" rel=\"noopener\">According to researchers at Cyble<\/a>, hackers are exploiting these remote access endpoints to get into organizations\u2019 networks. Alarmingly, some of that access connects to industrial devices in water treatment plants, manufacturing plants and research facilities. Virtual network computing, or VNC, is a graphical desktop sharing system. Ideally, systems and applications using VNC shouldn\u2019t be linked to the internet. If they are they should be secured with strong passwords, multifactor authentication and limited access. For best security, any critical asset like a server or machine should be behind a firewall.<\/p>\n<p data-ar-index=\"9\"><strong>Here\u2019s another warning<\/strong>, this time to organizations using ultra-wideband real-time locating wireless systems. These systems use tags or other technologies to help find devices in hospitals, factories, buildings, components in a factory assembly line or in smart cards employees carry. <a href=\"https:\/\/www.nozominetworks.com\/downloads\/US\/Nozomi-Networks-WP-UWB-Real-Time-Locating-Systems.pdf\" rel=\"noopener\">What researchers at Nozomi Networks found<\/a> are vulnerabilities in products made by two solution manufacturers that allow an attacker to access sensitive location data over the air. Organizations using real-time wireless locating systems should segregate systems on their networks, put them behind firewalls and make sure their data is encrypted.<\/p>\n<p data-ar-index=\"10\"><strong>Finally,<\/strong> I\u2019ve quoted experts before warning internet users of the dangers of installing untested extensions to their browsers. These utilities are supposed to help you by doing everything from checking spelling and blocking ads \u2014 but they\u2019re helpful only if they aren\u2019t malicious. In a report issued yesterday <a href=\"https:\/\/securelist.com\/threat-in-your-browser-extensions\/107181\/\" rel=\"noopener\">researchers at Kaspersky noted<\/a> bad extensions even get into legitimate places. For example, Google had to remove 106 bad extensions from its Chrome Web Store in 2020. Kaspersky estimates over 1.3 million of its subscribers tried to download malicious or unwanted extensions at least once in the first six months of this year. More than 4.3 million users were attacked by adware hiding in browser extensions. It helps \u2014 but not all the time \u2014 to only download extensions from trusted web stores. Whenever you do, check the access to resources an extension asks for. Be suspicious of extensions that want to access a device\u2019s camera, contact list, microphone and data if it logically doesn\u2019t need to. Why does an antivirus app need to access your microphone? The best defence is to limit the extensions you have and regularly review them to see if they are really needed.<\/p>\n<p data-ar-index=\"11\">That\u2019s it for now. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"12\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-august-17-2022-warnings-to-data-collectors-users-of-remote-access-technologies-and-firms-with-wireless-device-location-systems\/498479\">Cyber Security Today, August 17, 2022 \u2013 Warnings to data collectors, users of remote access technologies and firms with wireless device location systems<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Reports the possible abuse of data collection by medical companies, a U.S. regulator looking at mass data collection by companies and a caution to organizations using ultra-wideband real-time locating wirele<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-26992","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/26992","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=26992"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/26992\/revisions"}],"predecessor-version":[{"id":27005,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/26992\/revisions\/27005"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=26992"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=26992"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=26992"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}