TSEC NEWS: 06.05.21 Cron-Job Fehlerhaft nach PHP Update + PWA mobile + Desktop / 04.05.21 - Android App von TSECURITY 28.04.21 - NEUER SERVER // 26.04.21 ++ Download the Electron-App für tsecurity.de // Über 550 Feed-Quellen


❈ Chinese TV Maker Skyworth Under Fire For Excessive Data Collection That Users Call Spying

IT Security Nachrichten yro.slashdot.org

Chinese television maker Skyworth has issued an apology after a consumer found that his set was quietly collecting a wide range of private data and sending it to a Beijing-based analytics company without his consent. From a report: A network traffic analysis revealed that a Skyworth smart TV scanned for other devices connected to the same local network every 10 minutes and gathered data that included device names, IP addresses, network latency and even the names of other Wi-Fi networks within range, according to a post last week on the Chinese developer forum V2EX. The data was sent to the Beijing-based firm Gozen Data, the forum user said. Gozen is a data analytics company that specialises in targeted advertising on smart TVs, and it calls itself Chinaâs first "home marketing company empowered by big data centred on family data." The user did not identify himself, and efforts to contact the person received no reply. However, the post quickly picked up steam, touching a nerve among Chinese consumers and prompting angry comments. "Isn't this already the criminal offence of spying on people?" asked one user on Sina.com, a Chinese financial news portal. "Whom will the collected data be sold to, and who is the end user of this data?"

Read more of this story at Slashdot.

...


Kompletten Artikel lesen (externe Quelle: https://yro.slashdot.org/story/21/05/11/2033221/chinese-tv-maker-skyworth-under-fire-for-excessive-data-collection-that-users-call-spying?utm_source=rss1.0mainlinkanon&utm_medium=feed)

Zur Startseite

➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

Reference: TaoSecurity Press

vom 527.7 Punkte
I started appearing in media reports in 2000. I used to provide this information on my Web site, but since I don't keep that page up-to-date anymore, I decided to publish it here. As of 2017, Mr. Bejtlich generally declines press inquiries on cybersecurity m

Diving Deep Into a Pwn2Own Winning WebKit Bug

vom 439.83 Punkte
Pwn2Own Tokyo just completed, and it got me thinking about a WebKit bug used by the team of Fluoroacetate (Amat Cama and Richard Zhu) at this year’s Pwn2Own in Vancouver. It was a part of the chain that earned them $55,000 and was a nifty piece of

Chinese TV Maker Skyworth Under Fire For Excessive Data Collection That Users Call Spying

vom 411.74 Punkte
Chinese television maker Skyworth has issued an apology after a consumer found that his set was quietly collecting a wide range of private data and sending it to a Beijing-based analytics company without his consent. From a report: A network traffic analysis

How Password Hashing Algorithms Work and Why You Never Ever Write Your Own

vom 357 Punkte
Are you fascinated with cryptography? You're not alone: a lot of engineers are. Occasionally, some of them decide to go as far as to write their own custom cryptographic hash functions and use them in real-world applications. While understandably enticing, doi

Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes

vom 352.7 Punkte
This is the second in our series of Top 5 interesting cases from 2019. Each of these bugs has some element that sets them apart from the more than 1,000 advisories released by the program this year. Today’s blog looks a local privilege escalation in t

CVE-2020-0932: Remote Code Execution on Microsoft SharePoint Using TypeConverters

vom 342.72 Punkte
In April 2020, Microsoft released four Critical and two Important-rated patches to fix remote code execution bugs in Microsoft SharePoint. All these are deserialization bugs. Two came through the ZDI program from an anonymous researcher: CVE-2020-0931

DumpsterFire - "Security Incidents In A Box!" A Modular, Menu-Driven, Cross-Platform Tool For Building Customized, Time-Delayed, Distributed Security Events

vom 339.35 Punkte
DumpsterFire Toolset - "Security Incidents In A Box!"The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert map

Another country-sponsored #malware: Vietnam APT Campaign

vom 317.69 Punkte
The background This is a team work analysis, we have at least 5 (five) members involved with this investigation. The case that is about to be explained here is an APT case. Until now, we were (actually) avoiding APT cases for publicity in Malware Must Die

Another country-sponsored #malware: Vietnam APT Campaign

vom 317.69 Punkte
The background This is a team work analysis, we have at least 5 (five) members involved with this investigation. The case that is about to be explained here is an APT case. Until now, we were (actually) avoiding APT cases for publicity in Malware Must Die

Veracode Hacker Games: The Results Are In!

vom 297.63 Punkte
The first everツ?Veracode Hacker Gamesツ?competition hasツ?come to a close, but were the flaws inツ?favor of our brave competitors? Read on to find out.ツ? Over the course of the two-weekツ?challenge, students from several universities in the U.S. and the U.K. came together to explore vulne

CVE-2020-0729: Remote Code Execution Through .LNK Files

vom 291.91 Punkte
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, John Simpson and Pengsu Cheng of the Trend Micro Research Team detail a recent remote code execution bug in Microsoft Windows .LNK files. The following is a portion of

AA20-275A: Potential for China Cyber Response to Heightened U.S.–China Tensions

vom 280.46 Punkte
Original release date: October 1, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. In light of heightened

Team Security Diskussion über Chinese TV Maker Skyworth Under Fire For Excessive Data Collection That Users Call Spying