The Register: Rock-a-byte, baby: IoT tot-monitoring camera lets miscreants watch 10,000s of kids online. “More than 52,000 internet-connected Mi-Cam baby monitors are broadcasting sound and video to whoever comes looking, researchers have claimed. These Wi-Fi gizmos, built by Chinese biz MiSafes, stream 720p video and two-way audio in real-time to apps running on parents’ smartphones, via Amazon cloud servers.”
Global News: Researchers examine the use of Twitter in the Christopher Garnier trial. “Were you one of the thousands of people who followed every moment of Christopher Garnier’s second-degree murder trial on Twitter? If so, researchers are looking for your feedback.”
SC Magazine: Researchers find free ransomware variant being distributed on the Dark Web. “Security researchers have identified a ransomware variant that is available for free on the Dark Web and is even unregistered. The discovery comes at a time when the ransomware trade is running on handsome commissions.”
CBR: Over half of Brits aged 18-25 use same password across all accounts. “Research has revealed that young Brits are among the many that lack cyber security awareness, despite the continuing push to boost skills. The surveys of 2,261 respondents revealed that more than 52% of Britons aged 18-25 are using the same password for a number of different online services. Additionally, 27% of respondents admitted to using the same key identifier to unlock their account across all platforms.” Oh boy. Please don’t do this.
This is just weird. From Krebs on Security: Money Laundering Via Author Impersonation on Amazon?. “Patrick Reames had no idea why Amazon.com sent him a 1099 form saying he’d made almost $24,000 selling books via Createspace, the company’s on-demand publishing arm. That is, until he searched the site for his name and discovered someone has been using it to peddle a $555 book that’s full of nothing but gibberish.”
Phys .org: Mobile health applications put the personal data of millions of users at risk. “80 percent of the most popular health applications available on Android do not comply with standards intended to prevent the misuse and dissemination of user data. This is the finding of a European study started in 2016 involving Agusti Solanas and Constantinos Patsakis. The research has brought to light evidence of serious security problems regarding the 20 most popular applications on the internet. The research consisted of analysing the security problems, communicating them to the software developers and then checking them to see if they had been resolved.”
Ars Technica: uTorrent bugs let websites control your computer and steal your downloads. “Two versions of uTorrent, one of the Internet’s most widely used BitTorrent apps, are vulnerable to a host of easy-to-exploit vulnerabilities that allow attackers to execute code, access downloaded files, and snoop on download histories, a Google Project Zero researcher said. uTorrent developers are in the process of rolling out fixes for both the uTorrent desktop app for Windows and the newer uTorrent Web product.”