Big updates coming for Google Chrome's Incognito Mode, Amazon's Alexa is secretly recording kids conversations, Microsoft Windows Patch Tuesday updates, and more in This Week in Cyber Security: where we highlight select top cyber security stories from each week and share them here. Don't forget to follow our daily blog for more in-depth cyber security and technology news.
The Week of June 14th, 2019:
- “Patch Tuesday” is a familiar term for most Microsoft users. Whether the updates are for Windows OS updates or their Xbox gaming consoles, we expect a slew of upgrades to come from them every Tuesday. Their latest patch for Tuesday, June 12th, was a more urgent one, as it was to fix over 80 security vulnerabilities. Four of these flaws were already found to have exploit code available and Microsoft has not explained the details fully, though many of the critical flaws seem to be within Microsoft Word, Internet Explorer and Microsoft Edge. Be sure to contact your IT service provider (such as neoRhino!) to ensure the updates are tested and deployed properly on your workstations. (Krebs on Security)
- Android device manufacturer Huawei (pronounced “wha-way”) has been under scrutiny for several instances but users of their Android smartphones are now noticing ads appearing on their lock screens without any warning or consent. A reddit user reported that their Huawei smartphone sneakily inserted an ad for booking.com into their wallpaper lock screen rotation. Even worse, the ads can disable certain functionality as it can override a user’s customized features. You can get around the ads by disabling the “Magazine” lock screen option or by manually deleting the ad, but it is possible that Huawei may insert another advertisement in its place. This type of intrusion can open the flood gates for more malicious intrusion attempts in the future. (Digital Trends)
- “Alexa, what are you recording from my kids without my permission?” Users of the vibrantly colored Kids version of Amazon’s Echo smart home device are filing lawsuits against Amazon for failing to receive consent from kids when capturing their voice commands. Amazon gives users the ability to delete their stored audio recordings but could still reside on the company’s servers after deletion. The lawsuit claims that the practice violates the Children’s Online Privacy Protection Act, though Amazon has stated that their Echo devices comply with COPPA requirements. (CNET Security)
- A Chrome extension for the popular note-taking app, Evernote, has been discovered to contain a major vulnerability that can allow an intruder to gain access into their system. The extension, Web Clipper, contains a coding error that could allow an attacker to perform actions on the user’s behalf and grant access to sensitive user information on affected third-party web pages and services. This includes login credentials, private conversations, and more. Evernote has deployed a complete fix for the error so if you are a user of this extension, we highly recommend updating it now. (InfoSec Magazine)
- Google recently released Chrome 75, the newest version of their web browser, but their plans for Chrome 76 has people talking as it looks to beef up their Incognito mode. Currently, if you are web browsing in Chrome and using Incognito Mode, you would be detected by certain websites that hide their content behind a paywall such as The Boston Globe or The New York Times. In the Chrome 76 update, websites will be unable to use their trackers to detect when a visitor is in Incognito mode. Most likely the sites will find ways to reinforce their systems to track how much free content you consume, but it’s still a strong message to those sites. Chrome 76 will also officially disable Flash by default, serving as a reminder that Google is removing the plug-in entirely from its Chrome browser in 2020. (The Next Web)
neoRhino’s Remote Managed Services and Advanced Security Packages are here so you can focus on your daily duties. You can relax knowing that we are here to protect you. Call us at (281) 779-4850 for a FREE consultation and we can help your business today.