Twitter has patched its app from a vulnerability within Android that could let a malicious app siphon users' private date — including their direct messages — while bypassing system permissions. Every Twitter for Android user was notified about the security hole which affects users on versions 8 Oreo and 9 Pie.
Google is teaming up with security provider ADT to better promote its Nest smart displays and security cameras. In a $450 million deal that gives the big G around 6.6% of ADT's stock (with some caveats), ADT customers will get access to Google's Nest Aware subscription service, and ADT will be able to sell and install Nest gadgets.
Three individuals have been charged with carrying out a debilitating security breach on Twitter 2 weeks ago that saw high-profile verified accounts hijacked for the purposes of a Bitcoin scam. In perpetrating the scheme, the team allegedly gained privileged tools by connecting with an employee who was selling access to them.
If you tried to sync your Garmin fitness band or smartwatch to the company's servers over the last few days, you may have noticed that something's awry. After initial reports pointed to a ransomware attack (via ZDNet), Garmin has now publicly confirmed that it's been hit by a cyber attack and that it's working to bring its servers back online over the next few days.
T-Mobile is bundling a number of a scam protection measures — some of them have been active for years while a couple are new — and is distributing them to every customer under its own and the Sprint banners in an Un-carrier move called Scam Shield. The news belies a key integration for the company that's coming in a couple of weeks.
OnePlus has now suffered two security snafus in just a month. Today's news is a bit less serious, but given the company's history, it's indicative of a clear trend. OnePlus blasted out a mass mailer for a research study earlier today, and someone seems to forgotten what BCC means, giving everyone in the chain access to hundreds of customer emails. Whoops.
Samsung is working on making online identity verification easier by creating a framework that lets you store your ID securely on the Galaxy S20's embedded secure element (eSE) chip. The API will be available later this year, and is deemed safe enough by German and European authorities — the country will be among the first to let citizens store their IDs on the Galaxy S20 and use the eIDs to identify themselves online.
Android TV is an open ecosystem with a lot of moving pieces, and that means sometimes bugs show up in unexpected places. Recently, some TiVo customers received startling security warnings about a company called SEI Robotics being granted full access to their Google accounts. Worse, revoking that access (as the notification recommended customers to do) could fully wipe out your smart home setup, removing smart speakers, Nest devices, and other Assistant-compatible hardware and services from your account. Google has since resolved the security warnings, but it sounds like customers that had their smart home setups wiped clean will need to rebuild them.
Google has put in place new security measures across Gmail, Chat, and Meet that will protect users from forgers, spammers, and rabble-rousers looking to disrupt their communications. Most of these changes will take effect for G Suite users first, though consumer Google accounts do have at least one takeaway as well.
When you use a VPN service, you're trusting it with the same data that your internet service provider would typically collect. That's why it's crucial to properly research any VPNs you use, even if they claim to not collect any logs. Case in point: seven VPN services using the same white-label provider were found leaking a lot of user data.