Legal troubles for Vimeo and CafePress regarding weak cybersecurity practices, Twitter's 2FA advertising snafu, a new Zero-Day Android flaw is discovered, and more in This Week in CyberSecurity: where we highlight select top cybersecurity stories from each week and share them here. Don't forget to follow our daily blog for more in-depth cybersecurity and technology news.

If you would like to be the first to know about our Week in Cybersecurity reports and receive a FREE Webcam Cover, sign up here.

The Week of October 11th, 2019:

  • Popular YouTube alternative video platform, Vimeo, has potentially been caught storing user facial biometrics without their permission or knowledge. This was caught wind after Vimeo purchased Magisto, a video editing program that was the catalyst to the claim. Magisto allegedly uses advanced A.I. technology to scan user-uploaded pictures and videos for biometrics. According to the claim, these were stored in a database, as well as capturing the user’s gender, age, and location. (ArsTechnica)
  • Speaking of lawsuits and customer data, CafePress is also facing a lawsuit for breach of customer data and the lack of alertness to its customer base. We reported on the CafePress data breach in our RhinoBlog before, but additional information provided from third-party sites such as haveibeenpwned (.com) and weleakinfo (.com) prove that the early warnings about the breach came from those sites and not directly from CafePress. Nearly 23 million customers have potentially been affected by the data breach that they were not alerted about from the company until nearly 8 months after it took place. If you have a CafePress account, change your password ASAP. (InfoSec Magazine)
  • Providing a phone number to use for two-factor authentication (2FA) is a solid strategy for keeping your logins safe, but for Twitter users it may have been used for advertising. According to Twitter, the social networking juggernaut may have “matched people on Twitter to an advertiser’s uploaded marketing list based on the email or phone number the Twitter account holder provided for security purposes.” The company apologized for their error but having the number that you are using to keep yourself safe through 2FA potentially in the hands of someone else doesn’t do the security method any favors in the eyes of the skeptical. (CNET Security)
  • A Zero-Day vulnerability that affects various Android phones has been discovered by Google. Their Project Zero team stated that the bug affects devices running Android 8.x and above, which include these devices:
    • Google Pixel 1 & 2
    • Huawei P20
    • Samsung Galaxy S7, S8, S9 and more.
    • Google mentioned the vulnerability must be triggered by an additional malicious application installed on the device. If you are using one of these Android devices, be sure to check for any security updates that may not have been installed to keep yourself safe. (ZDNet)
  • Using HTTPS on your website has now become the standard for a safer web experience and greater ease of access to your favorite content. However, do you know what “mixed content” is? It’s the mixing of media on HTTPS websites that use HTTP sub-resources, bypassing the extra security within HTTPS. This could include images, video, and even advertisements that could put you at risk. Google has announced that in the Chrome 79 browser update, it will then block all HTTP sub-resourced content from loading on HTTPS sites, and in the future Chrome 80 update will auto-update all mixed images to HTTPs. (Engadget)

neoRhino’s Remote Managed Services and Advanced Security Packages are here so you can focus on your business needs. You can relax knowing that we are here to protect you. Call us at (281) 779-4850 for a FREE consultation and we can help your business today.