Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Security and privacy ...

 Privacy

In a previous post about the privacy of running apps in general, we explained why these apps are a goldmine of personal data for scammers and criminals of all kinds: unfortunately, by default they share sensitive data — including ones precise location — with virtually anyone. As we mentioned, the consequences can   show more ...

be dire — from leaking the locations of secret facilities, to stalking and even assassination attempts. In the mentioned previous we also shared detailed instructions on general smartphone settings to minimize these risks. In this and subsequent posts, we discuss specific privacy settings for the most popular running apps. Lets start with Strava. Strava (available for Android and iOS) is arguably the most popular app for tracking running, cycling, and hiking workouts. And its also the only one that has remained independent: all other major running apps have already been acquired by sportswear giants. Incidentally, Strava has been at the center of several data privacy controversies — including the famous heatmap incident that exposed the location of numerous secret military facilities. Strava is also often criticized whenever questions arise about how users can track each other through fitness apps. Frankly, these criticisms are still valid: Stravas default settings are far from private — the app actively encourages you to share your data with the entire internet. Thankfully, this can be fixed: Strava offers a decent range of privacy settings. To access them, tap You in the bottom-right corner of the screen, then tap the gear icon in the top right corner, and in the window that opens, select Privacy Controls. Where to find privacy settings in the Strava app: You -> Settings -> Privacy Controls First, make your profile private by selecting Profile Page and changing its visibility to Followers. Next, go through the options Activities, Group Activities, Flybys, Local Legends, and Mentions — and set them all to either Followers or — even better — Only You or No One. Now, we recommend going to Map Visibility and selecting one of the ways the app will hide your run/ride maps: Hide the start and end points of activities that happen at specific address. This feature allows you to use an address and a radius around it in meters to define an area where your movements will be hidden. This way, you can mask your regular start and finish locations — such as your home address. Hide the start and end points of activities no matter where they happen. Simply select a radius in meters, and any start and end points will automatically be hidden. This option is more convenient than the first one — and you wont have to share your address with the app. Hide your activity maps from others completely. If you choose this option, all location data from your future (but not past) workouts will only be visible to you. How to hide your activity location data in the Strava app: You -> Settings -> Privacy Controls -> Map Visibility Keep in mind that, if you use Strava frequently, hiding only the start and end points might not be enough. A study published in late 2022 demonstrates a method for pinpointing hidden locations with 85% accuracy. Therefore, we recommend choosing the third option: Map Visibility -> Hide your activity maps from others completely -> Hide All Maps. Note that the privacy settings in Strava arent retroactive. If youve previously recorded some workouts in the app, the hiding features wont apply to them. To fix this, go to the Edit Past Activities section, tap Get Started, select Activity Visibility, and tap Next. In the next window, choose either Followers or Only You and tap Next again. After a while (not instantly), your past activities will be hidden. How to hide past activities in the Strava app: You -> Settings -> Privacy Controls -> Edit Past Activities The next tip is for those who regularly exercise at sensitive locations and dont want to accidentally expose them. Go to Aggregated Data Usage and toggle off Contribute your activity data to de-identified, aggregate data sets. After this, your runs wont appear in places like Strava Metro, the Global Heatmap (the one that leaked the military base locations), Points of Interest, Start Points, or Community Generated Routes. Go to Public Photos on Routes and disable Share photos with the community. If your profile is private and your activities are hidden from the public, photos you add to your runs shouldnt be visible anyway. But just in case Strava decides to change things, its best to disable this feature explicitly. Finally, go to Do Not Share My Personal Information and toggle on the switch. This will prevent Strava from selling your data to third parties for targeted advertising (or whatever else those parties might be up to). Congratulations, youve now properly set up your privacy in Strava! You can learn how to set up privacy in other apps — from social media to browsers — on our website Privacy Checker. And Kaspersky Premium will maximize your privacy and protect you from digital identity theft on all your devices. Dont forget to subscribe to our blog for more how-to guides and helpful articles to always stay one step ahead of scammers.

image for How to properly conf ...

 Privacy

Fitness apps, by their very nature, have access to a wealth of personal data, especially data that tracks outdoor activities — primarily running. During tracking, they collect a ton of data — heart rate and other physical activity metrics, step count, distance covered, elevation changes, and, of course,   show more ...

geolocation — to give you a detailed analysis of your workout. And people rarely jog in random locations; their routes usually repeat and are often close to home, work, school, military base Essentially, places they go to often and, most likely, at regular times. What happens if this information falls into the wrong hands? The consequences can be catastrophic. For instance, a few years ago, a map published by a certain running app revealed the locations of several secret military facilities. And in the summer of 2023, a hitman allegedly used this data to shoot to death Russian submarine commander Stanislav Rzhitsky during his run. Of course, the leakage of geolocation data can be dangerous not only for military personnel. Its easy to imagine scenarios where it could lead to trouble not only for obvious targets — such as celebrities, political figures, or top company executives — but for ordinary people too. Once theyve got their hands on your movement data, attackers can readily use it for blackmail and intimidation. If the victim hears that the criminal knows all their movements and where they live, theyre significantly more likely to get scared and comply with any demands. In addition to direct threats, geolocation info complements perfectly data leaked from other apps, or collected through doxing — making targeted attacks much more potent. Dont think that youre not important enough for scammers to prepare a complex attack: anyone can become a victim, and the criminals end goal isnt always financial gain. But its not just geolocation data that running apps collect and analyze. Like all fitness apps, they monitor activity and physical condition, which can reveal a lot about a persons health. This information can also be used in a social engineering attack — because the more an attacker knows about their victim, the more sophisticated and effective their actions can be. So, its essential to take due care when choosing your running app and setting up its privacy — and our tips will help you do just that. General tips for choosing a running app and configuring its privacy The first thing you absolutely shouldnt do is install every running tracker in existence and then choose the one you like best. This way, youll hand over your personal data to everyone, significantly increasing the risk of it falling into the wrong hands. The fewer apps you use, the lower the risk of a data leak — but remember, no company can guarantee 100% data security. Some companies invest more in the security of their users than others, and preference should be given to those who take data protection and anonymization seriously. To ensure this, carefully read the privacy policy of your chosen app: responsible developers will specify what data the app collects, for what purpose, which data might be shared with third parties, and what rights users have regarding their personal data. Its also worth searching online or asking an AI assistant if the app youre interested in has been involved in any data leaks — simply type the apps name plus data breaches or data leak into a search engine. And, of course, checking user reviews is also a must. Once youve chosen and installed an app, the next thing to do is configure its privacy settings. Unfortunately, many running apps share collected data — including your geolocation — with the entire internet by default. Youll find links to detailed instructions on how to set up privacy for the most popular running apps — Strava, Nike Run Club, MapMyRun, adidas Running, and ASICS Runkeeper — at the end of this post. As with any other app, its a good idea to use your smartphones operating system features to minimize tracking. For example, on iOS, when you first launch the app, you can block it from tracking your activity in other apps. Dont ignore this option. In addition, dont grant the running app access to data that it doesnt need to function — such as photos, calls, messages, or contacts. To reduce the amount of location data collected, dont allow fitness trackers (or most other apps, for that matter) to monitor your geolocation continuously — choose the Only while using the app option, available on iOS and the latest versions of Android. You can set this when you first launch the app, or later by reviewing all the apps permissions in your smartphones settings or, for Android devices, in Kaspersky for Android. In general, its a good idea to regularly check your smartphones privacy and security settings to see which apps have access to which data. Keep in mind that privacy settings wont protect you from being tracked if someone guesses your account password. Unfortunately, none of the most popular running apps currently support two-factor authentication — although they really should. Therefore, the best thing you can do to protect your account is to create a long and complex password — preferably at least 16 characters long. Of course, it should be unique. To ensure you dont forget this combination of characters, save it in a password manager — which, by the way, can also generate a highly secure random password for you. Privacy settings for popular running apps Weve selected the most popular jogging apps and prepared recommendations on how to set up privacy in each of them. Subscribe to our blog to make sure you dont miss the instructions for your running tracker. As we publish the privacy setup guides, well be updating this post with the relevant links. The following apps will be covered: Strava Nike Run Club MapMyRun adidas Running (formerly Runtastic) ASICS Runkeeper To learn how to set up privacy for other apps — from browsers and social networks to operating systems — visit our website Privacy Checker.

 Feed

ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper authentication, potentially enabling unauthorized access or stop and deny service access.

 Feed

Debian Linux Security Advisory 5788-1 - Damien Schaeffer discovered a use-after-free in the Mozilla Firefox web browser, which could result in the execution of arbitrary code.

 Feed

Ubuntu Security Notice 7062-1 - It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary code.

 Feed

Red Hat Security Advisory 2024-7972-03 - An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product   show more ...

Security has rated this update as having a security impact of Critical. Issues addressed include a code execution vulnerability.

 Feed

The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world's largest and longest-running dark web market for illegal goods, drugs, and cybercrime services. The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the Politie said. The marketplace

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who

 Feed

GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10. "An issue was discovered in GitLab EE

 Feed

Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process.  In this post, we’ll explore hybrid attacks — what they are

 Feed

A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and InlandRevenue were

2024-10
Aggregator history
Friday, October 11
TUE
WED
THU
FRI
SAT
SUN
MON
OctoberNovemberDecember