Scammers are preying on people who use voice assistant technology apps like Siri, Google Assistant, and Alexa to look up customer service phone numbers.Cybercriminals are aware of users’ reliance on these features and have devised ways to trick them into paying fees for services they didn’t expect to be charged for, the Michigan Attorney General’s office said yesterday. If the fake phone number appears in the top search results, the voice assistants will choose it.

Increasingly, scammers are targeting cord cutters by putting fake customer service phone numbers online. Cord cutters searching for how to call popular services like Netflix, for example, are not finding the phone number to the service but a scammer’s number. From there, the scammers try to charge them for customer service or get them to sign up for services they don’t need. The Federal Communications Commission estimated that cybercriminals schemes have cost consumers upwards of $330 million last year.

In the meantime, understanding the tactics scammers use is a good way to protect yourself. Bad actors often use phishing scams — email or text messages with cleverly worded requests designed to get you to respond with your personal information. These messages often try to convince you that your payment method failed or your account is compromised — an ask you to click a link to fix it. Do not click the link — even if it sounds urgent.

A rare bipartisan coalition of lawmakers has teamed up to propose major privacy reforms that could fundamentally reign in the US government’s most powerful domestic surveillance tools.If passed, the newly proposed Government Surveillance Reform Act (GSRA) would force law enforcement agencies to obtain a legal warrant before conducting searches as part of Section 702 of the Foreign Intelligence Surveillance Act (FISA). Critics say the current lack of a warrant requirement for accessing the 702 database serves as an unconditional end-run around Americans’ Fourth Amendment protections. The proposed legislation comes towards the tail end of a tense, year-long battle over the future of highly controversial surveillance, which is set to expire at the end of this year.

Section 702, enacted back in 2008, was initially sold as a foreign surveillance tool used to target terrorists. But outdated and under-developed language in the policy has granted intelligence agents and law enforcement with a sneaky back door to harvest vast troves of US communications. Those private communications are then regularly surveilled without a warrant and, in some cases, used to prosecute people in criminal court.

California is the first state to allow residents to request that data brokers delete their personal data, but some worry it will be difficult to implement and enforce.

Known as the DELETE Act, the law signed last month by Gov. Gavin Newsom requires data brokers to register with the California Privacy Protection Agency and disclose the types of personal information they collect. It also mandates that the CPPA create a free and simple way for state residents to direct all data brokers to delete any personal information they hold on them, and imposes civil penalties and fines on brokers that do not follow the law.

This month, researchers at Duke University’s Sanford School of Public Policy found that it is “not difficult” to obtain sensitive data about active-duty military members, their families and veterans, with those records available for purchase for as low as 12 cents each.

…

Login requests that are considered suspicious won’t trigger the notifications anymore. Threat actors would bombard users with notification requests in the past, in the hope that users would approve sign-ins eventually to get rid of the notifications. For this, it was necessary to have the correct username and password of the account.

Requests that have potential risks will be suppressed now by Microsoft Authenticator. Factors such as the location of the request or anomalies play a role in the assessment.

Closing Words

The new protective system blocks notifications of suspicious authentication requests now. This should reduce the number of unintentional confirmations by users of Microsoft Authenticator.

Filed: https://ghacks.net/category/software/security/

RSS: https://ghacks.net/category/software/security/feed/

The proposed revisions will ideally serve as a “balanced, strong starting point” for agencies and contractors that deal with sensitive information, a NIST official said.The National Institute of Standards and Technology on Thursday released draft guidance for protecting sensitive unclassified information, outlining revised cybersecurity requirements for federal agencies and government contractors to take when it comes to safeguarding government data.

The proposed guidelines are the third iteration of NIST’s standards and practices for protecting controlled unclassified information — or CUI — which refers to government-owned or created data that is not classified but still requires security controls.

The updates to NIST special publication 800-171 that were released on Thursday include drafts of both the security requirements and assessment procedures for evaluating threats to CUI. A public comment period for both draft publications will be open until Jan. 12, 2024, and the agency is planning to publish its final rule some time in early 2024.

…

The latest release of NIST’s proposed revisions to 800-171 comes as the Defense Department continues to finalize enhanced cyber requirements for the defense industrial base, known as the Cybersecurity Maturity Model Certification. The certification program requires defense firms to be in compliance with NIST’s standards for safeguarding CUI.

Filed in:

• NIST
• Data Governance
• Cyber Defense

Mozilla recently reported that of the car brands it reviewed, all 25 failed its privacy tests. While all, in Mozilla’s estimation, overreached in their policies around data collection and use, some even included caveats about obtaining highly invasive types of information, like your sexual history and genetic information. As it turns out, this isn’t just hypothetical: The technology in today’s cars has the ability to collect these kinds of personal information, and the fine print of user agreements describes how manufacturers get you to consent every time you put the keys in the ignition.

So, it makes sense that a car manufacturer would include every type of data imaginable in its privacy policy to cover the company legally if it stumbled into certain data collection territory. Nissan’s privacy policy, for example, covers broad and frankly irrelevant classes of user information, such as “sexual orientation, sexual activity, precise geolocation, health diagnosis data, and genetic information” under types of personal data collected.

And in much the same way a “dumb” tv is considerably harder to find these days, most consumers would be hard pressed to find a new vehicle option that doesn’t include some level of onboard tech with the capacity to record their data. A study commissioned by Senator Ed Markey nearly a decade ago found all modern cars had some form of wireless technology included.

Ford’s privacy policy explicitly states that the owners of its vehicles “must inform others who drive the vehicle, and passengers who connect their mobile devices to the vehicle, about the information in this Notice.” That’s about 60 pages of information to relay, if you’re printing it directly from Ford’s website — just for the company and not even the specific car.

According to Privacy4Cars founder Andrea Amico, be sure to get it in writing from the dealer how they plan to delete your data from the vehicle before reselling it. “There’s a lot of things that consumers can do to actually start to protect themselves, and it’s not going to be perfect, but it’s going to make a meaningful difference in their lives,” Amico said.

Site RSS feed: https://www.engadget.com/rss.xml