Ransomware attacks are on the rise globally, and the UK is no exception, according to new data from Avast. Infosecurity Magazine reports that the security vendor surveyed 1000 IT departments of small and medium-sized businesses (SMBs) in October 2022, aiming to determine the cybersecurity risks they faced over the previous 12 months.
In “how the heck did that happen” news, German security researchers got more than they bargained for after purchasing a biometric capture device off eBay. The device, which was created to capture fingerprints and perform iris scans, was initially listed on the e-commerce auction website eBay for $149.95. But security researcher Matthias Marx managed to wrangle it for the lower price of $68.
Being secure online often requires putting some amount of trust into companies that claim to have our best interests at heart. While these security companies may indeed have their users’ best interests at heart, that’s not enough to prevent security breaches. When a breach then occurs, it can shake people’s trust in what was once considered a foolproof element of security.
Mozilla, Microsoft, and Google have removed certificates and root certificates by TrustCor Systems’ from their trust stores following an investigation from The Washington Post revealing the company’s apparent links to companies within the US intelligence community. While there has been no concrete evidence of wrongdoing, many points raised worried users and tech companies alike.
A group of anonymous plaintiffs has filed a class action lawsuit against Meta for violating user trust and expectation of privacy, as well as breaking some state and federal laws.
Accusations about Eufy security cameras have come to light in recent days. The first is related to data from cameras being sent to the cloud, even when local-only storage settings are turned on, and cloud storage is disabled. The second relates to how it’s possible to stream camera footage using VLC media player. This is all despite the fact the company seems to pride itself on its privacy commitments, claiming to use local storage only and have end-to-end encryption implemented for all its products.
The Australian government plans to overhaul its rules regarding disclosure of cyberattacks following an extensive attack on its second-largest telecoms firm Optus. The current law does not allow companies to share information about their customers with third-parties, such as banks, making it difficult to notify banks of users who may have been affected to minimize fraud.