2025-01-12 10:40:04 Pacfic
Apple Settles Siri Privacy Eavesdropping Lawsuit - 6d
Apple is facing a class-action lawsuit over its Siri voice assistant due to privacy concerns. The lawsuit claims Siri was eavesdropping and recording users without their consent. Apple has agreed to a $95 million settlement to resolve the issue. The settlement impacts millions of users who might have been affected. Some of the recordings have been shared with third parties. Users can disable Siri to avoid being recorded. This settlement highlights the importance of user data privacy and transparency, and it has also resulted in Apple making changes to its Siri privacy policy and functionality.
Gravy Analytics Massive Location Data Breach - 2d
Location data seller Gravy Analytics suffered a major data breach, potentially exposing the personal information of millions of users. The attackers claim to have stolen 17TB of data, including customer lists and location data. The breach highlights the risks associated with data brokers and their collection of sensitive consumer information. The stolen data includes precise location data from mobile phones showing people’s movements and the names of 3455 apps that leaked the location data.
OpenVPN Vulnerabilities Expose Private Keys - 4d
A critical vulnerability, identified as CVE-2024-8474, exists in OpenVPN Connect prior to version 3.5.0. This flaw can expose users’ private keys by logging them in clear text within the application logs. Attackers with unauthorized access to these logs could decrypt VPN traffic, thereby compromising user confidentiality. Additionally, a separate vulnerability (CVE-2024-5594) in OpenVPN before 2.6.11 allows malicious peers to inject arbitrary data through improperly sanitized PUSH_REPLY messages, leading to potential exploitation of third-party plugins or executables. Both vulnerabilities pose serious risks to the security of OpenVPN users.
VW EV Location Data Exposed by Cloud Misconfig - 12d
A significant data leak exposed the location data of approximately 800,000 Volkswagen electric vehicles (EVs), encompassing models from VW, Audi, Seat, and Skoda. The leak, caused by a cloud misconfiguration, revealed real-time GPS locations of the vehicles, along with other sensitive data. This incident raises serious privacy concerns, particularly as the exposed data could be linked to vehicle owners, including sensitive individuals.
The data leak allowed unauthorized access to vehicle locations, potentially enabling surveillance and tracking of individuals. The incident highlights the critical importance of robust cloud security practices and the need for stringent data protection measures by automotive manufacturers and their software subsidiaries. The incident was brought to light by a whistleblower and security researchers.