You are currently viewing Cyber ​​Security Today, August 17, 2022 – Warnings to data collectors, users of remote access technologies and companies with wireless device tracking systems

Cyber ​​Security Today, August 17, 2022 – Warnings to data collectors, users of remote access technologies and companies with wireless device tracking systems

Warnings to data collectors, an alert on remote access technologies and a caution to those using wireless device tracking systems.

Welcome to Cyber ​​Security Today. Today is Wednesday, August 17, 2022. I’m Howard Solomon, contributing cybersecurity reporter for

Businesses love collecting data that tells them about their customers. But I have two recent news stories about consumer data collection that serve as warnings to corporate data privacy managers.

First, Researchers released a report this week that raised questions about data collected online by medical companies and shared with Facebook for advertising and lead generation. The report comes from a data science journal called Patterns. This suggests that common marketing tools used by healthcare or pharmaceutical companies may share people’s sensitive health data with Facebook without their consent for advertising purposes. That’s important, the researchers say, because Facebook groups are places many people go to for peer support and health information. But, according to the report, the browsing data of people visiting the websites of some health companies, signing up for digital health apps or providing data by completing online surveys could identify those who thought that they were anonymous. This raises concerns about the impact of data theft and the resulting targeting of misleading health-related advertisements by scammers. The researchers also pointed out that three of the five cancer-related healthcare companies they studied using cross-site browser tracking tools did not follow their own privacy policies.

The second item is the announcement last week that the US Federal Trade Commission is considering creating regulations to crack down on what it calls harmful online commercial surveillance of people and lax data security of companies that collect data. Companies are collecting personal data on a massive scale, said commission chair Lina Khan. Companies that collect sensitive user data may unlawfully process that data, she said. The FTC is also concerned about data processing through machine learning algorithms that could discriminate against consumers based on race, gender, religion and age. It could be used against them when they are looking for a job or want to get loans. Americans interested in letting the FTC know whether or not it should enter this area have until mid-October to file a brief. There will also be an online public forum for Americans to discuss the issue on September 8.

Privacy experts say companies need to think carefully about the personal data they collect, whether they should collect as much as they do, whether they should be anonymized, how personal data is stored, how much how long they should be kept until they are destroyed, whether it will be sold to third parties – and, more importantly, how to be upfront with the public about all of this.

For IT, OT and Security Managers: There are thousands of vulnerable virtual network computer terminals accessible on the Internet. And they are vulnerable because they do not require authentication to connect. According to Cyble researchers, hackers exploit these remote access terminals to gain access to organizations’ networks. Alarmingly, some of this access connects to industrial devices in water treatment plants, manufacturing plants and research facilities. Virtual Network Computing, or VNC, is a graphical desktop sharing system. Ideally, systems and applications using VNC should not be tied to the Internet. If they are, they should be secured with strong passwords, multi-factor authentication, and limited access. For better security, any critical asset like a server or machine should be behind a firewall.

Here’s another warning, this time to organizations using ultra-wideband real-time location wireless systems. These systems use tags or other technologies to help find devices in hospitals, factories, buildings, components on a factory assembly line, or in smart cards that employees carry. What Nozomi Networks researchers discovered were vulnerabilities in products made by two solution makers that allow an attacker to access sensitive location data over the air. Organizations using real-time wireless location systems must separate the systems on their networks, place them behind firewalls, and ensure that their data is encrypted.

To finish, I quoted experts before warning people about the dangers of installing untested extensions on their browsers. These utilities are supposed to help you with everything from checking spelling to blocking ads, but they’re only useful if they’re not malicious. In a report published yesterday, Kaspersky researchers noted that bad extensions penetrate even legitimate places. For example, Google had to remove 106 bad extensions from its Chrome Web Store in 2020. Kaspersky estimates that more than 1.3 million of its subscribers tried to download malicious or unwanted extensions at least once in the first six months of This year. Over 4.3 million users have been attacked by adware hidden in browser extensions. It is useful, but not always, to only download extensions from trusted online stores. Each time you do so, verify access to resources requested by an extension. Beware of extensions that want to access a device’s camera, contact list, microphone, and data if it’s not logically necessary. Why does an antivirus application need access to your microphone? The best defense is to limit the extensions you have and review them regularly to see if they are really necessary.

That’s all for the moment. Follow Cyber ​​Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Leave a Reply