The team at the newly popular Twitter alternative Hive is in over its head. The company has now taken the fairly radical step of fully shutting down its servers for a couple of days in response to concerns raised by security researchers who discovered a number of critical vulnerabilities on Hive, several of which they say remain unfixed. The issues they found would allow attackers access to all data, including private posts and messages, shared media and even deleted direct messages, as well as the ability to edit other people’s Hive posts.https://techcrunch.com/2022/12/01/twitter-alternative-hive-shuts-down-its-app-to-fix-critical-security-issues/
Overwatch 2 will no longer require legacy players to verify their phone number
“Blizzard originally made SMS Protect, which requires players to link a phone number to their Battle.net accounts, a requirement to access Overwatch as a way to make it harder for people to cheat or to troll others. It doesn’t always work with numbers associated with prepaid plans, though, and therein lies the problem. While some Mint customers were able able to link their numbers to SMS Protect just fine, players on Cricket seem to be completely locked out of the game. As Kotaku reports, fans feel like they’re being punished or shamed for ‘being poor.'”https://www.engadget.com/overwatch-2-no-longer-requires-legacy-players-verify-phone-number-114017280.html
Rockstar Games confirms GTA 6 footage leak
Rockstar Games has confirmed that it recently “suffered a network intrusion” that resulted in the massive leak of 90 videos of early development versions of Grand Theft Auto 6. The company said in an official statement on Monday morning that the intrusion resulted in “an unauthorized third party illegally” accessing and downloading “confidential information from our systems,” though it adds that they don’t anticipate this will have any effect on its ongoing live game services or development timeline.https://techcrunch.com/2022/09/19/rockstar-games-confirms-gta-6-footage-leak/
Careless Errors in Hundreds of Apps Could Expose Troves of Data
These login credentials are often meant to give the app access to a single file or service, like a mechanism for an app to display public images from a company’s website or run text through a translation service at a user’s request. But in practice, the researchers found, these same credentials often grant access to all files stored in a cloud service, like company data, database backups, and system control components.https://www.wired.com/story/mobile-apps-cloud-credentials-exposed/
Mailchimp says an internal tool was used to breach hundreds of accounts
Log4j Software Vulnerability Expected to Persist, Possibly for Months
A flaw in a widely used piece of free internet software is prompting companies to rush to update their systems and prevent cyberattacks, but the technology’s ubiquity means the threat could affect businesses for months, security researchers say.
Corporate security executives say they hurried over the weekend to assess whether and how their computer networks use the software, Log4j, while waiting for vendors to disclose the risk to their own technologies and issue software updates to mitigate the threat. The bug was disclosed Thursday.
Log4j is used on computer servers to keep records of users’ activities so they can be reviewed later by security or software development teams. The nonprofit Apache Software Foundation, a group that distributes the open-source tool at no cost, has said it has been downloaded millions of times.https://www.wsj.com/articles/log4j-software-vulnerability-expected-to-persist-possibly-for-months-11639436434
Is your Christmas present spying on you? How to assess gifts’ privacy risks
Interactive toys and gadgets often collect a boatload of data about their users and their surroundings. Device manufacturers may convert the information into dollars by selling it to advertisers or data brokers. And even manufacturers that pledge never to share what they collect can’t guarantee that hackers won’t grab the data anyway.
Jen Caltrider, lead author of the Mozilla Foundation’s Privacy Not Included guide, said the privacy issues raised by smart devices range from the annoyance of targeted ads shadowing you around the web to the physical threat of someone stalking you with the help of a poorly designed Bluetooth tagger. There’s also the chance that weak data security by the manufacturer could allow criminals to steal your personal information or hack into the stream of information sent to and from the device.
Internet-connected devices that can see and hear come with the risk that they could snoop on their owners. That threat was one of the reasons Mattel discontinued its interactive “Hello Barbie” doll not long after it was released in 2015, in the wake of an outcry from security researchers and consumer advocates.https://www.latimes.com/business/technology/story/2021-11-23/christmas-gifts-privacy-risks