Security News > 2020

NVIDIA addressed the bugs in GPU Display Driver version 442.50, version 432.28, version 426.50, and version 392.59. For Tesla products running R418 versions, GPU Display Driver version 426.50 addresses the flaws.

Dubbed SurfingAttack by a US-Chinese university team, this is no parlor trick and is based on the ability to remotely control voice assistants using inaudible ultrasonic waves. Voice assistants - the demo targeted Siri, Google Assistant, and Bixby - are designed to respond when they detect the owner's voice after noticing a trigger phrase such as 'Ok, Google'.

Last week was a big one for non-profit digital certificate project Let's Encrypt - it issued its billionth certificate. Publicly announced in November 2014, Let's Encrypt offers TLS certificates for free.

Pharmacy store chain Walgreens has started informing some users of its mobile application that their personal and health-related information may have been seen by other customers. The Walgreens mobile application allows users to shop, refill their prescriptions, get pill reminders, consult a doctor or pharmacist via a live chat feature, print photos in stores, obtain rewards, and store coupons.

According to its maker, Trifo, the Ironpie home surveillance robot vacuum isn't just your dust bunnies' worst nightmare. It's true, the artificial intelligence -enhanced internet of things robot vacuum can indeed be connected to the internet via Wi-Fi, can be controlled remotely for vacuuming, and can remotely stream out video showing its surroundings, given that - like other IoT gadgets - it comes equipped with a video camera.

US regulators moved to impose fines Friday against the nation's four major wireless carriers for selling location data of customers without their consent. The wireless firms were accused of having disclosed mobile network user location data to a third party without authorization from customers, the FCC said.

Despite Facebook claim, "Download Your Information" doesn't provide users with a list of all advertisers who uploaded a list with their personal data. As a user this means you can't exercise your rights under GDPR because you don't know which companies have uploaded data to Facebook.

For anyone who is a Stripe user - even if they haven't logged in for a while - the email seems pretty genuine. OK, the button didn't head to a Stripe domain, but the link didn't look particularly out of place, either - it was an HTTPS link to a regular-looking.com domain.

Seemingly everywhere you turn these days there is some announcement about 5G and the benefits it will bring, like greater speeds, increased efficiencies, and support for up to one million device connections on a private 5G network. Using IoT devices without a private 5G network or adequate technical knowledge could put organizations' and their employees' privacy at risk.

Facebook is suing the data analytics firm OneAudience for allegedly developing a malicious, social-media-profile-grabbing software development kit and then paying app developers to embed it in their apps. According to the complaint, OneAudience's malicious SDK swiped the data that Facebook users had agreed to share with the app - data that may have included their name, email address, the country where they logged in from, time zone, Facebook ID, and, sometimes, gender.