Home security solutions provider Virtavo has been accused of harvesting and exposing sensitive data on (possibly) hundreds of thousands of users.
Cybersecurity researchers from Cybernewsfound an exposed data server with 3GB of personal information and telemetry from iPhones. in the summer of 2023
All the information had one thing in common - it was generated from an app called Home V, which manages Virtavo security cameras. These cameras allow video streaming, playback, two-way communication, motion alerts, and more.
Hundreds of thousands of usersThe database included people’s phone numbers, device identifiers, IP addresses, firmware versions, and other device, network, and user information. The researchers said the data could be used to identify camera owners, which is particularly concerning. Furthermore, the data was updated in real-time, which is the Holy Grail of data for all cybercriminals.
In total, the server held more than 8.7 million records. Not all of them were unique, and some identifiers appeared up to 50 times. This led the researchers to speculate that at least 100,000 users are affected by the leak.
Most are located in China, but there are plenty of users from other parts of the globe, as well.
“The detailed device identifiers, IP addresses, user phone numbers, and other personal information can be exploited by malicious actors for various purposes, including targeted attacks, unauthorized access, identity theft, and surveillance,” the researchers said. “Updates in real-time exacerbate the issue, as it allows for continuous collection of fresh data.”
The researchers reported their findings to both the company and the Chinese Computer Emergency Response Team (CERT), and the server was subsequently shut down. However, it remains unclear if any malicious actors found it before.
Via Cybernews
You might also likeCongress has until midnight tonight to avoid a government shutdown after House Republicans were unable to pass a stop-gap funding bill yesterday. And, tips to improve your dance moves.
(Image credit: Brandon Bell)
New research from IBM has claimed open source software could help fuel innovation and increase ROI when it comes to AI tools, helping companies to get the most out of their artificial intelligence projects.
Until now, some companies have been throwing money at the problem to no avail, but while three in five (62%) are set to continue increasing their AI investments next year and a quarter (27%) will maintain investments, more businesses are beginning to recognize open source’s role.
Investments aren’t fizzling out, either, with two-fifths (39%) of those planning to increase investments planning to do so by 25-50%.
Open source and AI is a match made in heavenThe good news is that businesses are finally beginning to consider other aspects and organizational changes in a bid to maximize their outlay – using managed cloud services (51%), hiring specialized talent (48%) and utilizing open source (48%) were at the top of IT decision-makers’ agendas.
It’s not a case of talking the talk without walking the walk, either, with six in 10 already using open-source ecosystems as an AI tool source. Four in five also noted that at least a quarter of their AI solutions or platforms were based on open source.
Lopez Research’s Maribel Lopez commented: “Companies now recognize the value of defining specific use cases and optimizing AI projects. They are leveraging hybrid cloud strategies and open source to drive AI innovation and deliver financial returns.”
Looking ahead, IBM revealed that traditional cash-based ROI metrics are becoming less important to companies as they explore other measurements of success, such as the speed at which AI projects transition from pilot to full deployment, productivity time savings and faster software development.
You might also likeStarbucks and Starbucks Workers United said in February they had come to common ground in moving forward for the rest of the year. But the union says Starbucks has not kept its end of the commitment.
Google is seemingly testing a new feature for the Google Photos app called Quick Edit, which allows users to apply a last-minute touch-up to images before sharing them with family, friends, and other contacts.
Android Authority reports that a user named Alex – who was using version 7.10.0 of the Google Photos app on a Google Pixel 6 Pro handset – noticed a new screen on their Google Photos app, suggesting Google may be A/B testing the new feature with a limited number of users. We don’t know how these users would have been selected.
Though developed by Google and included with Android, Google Photos is available on a wide range of devices – so this new feature could prove useful whether you're rocking a Google Pixel 9, Samsung Galaxy S24, or iPhone 16.
At the moment, it seems the screen only appears when selecting a single image. However, those hoping for deep image editing before sending their snaps may want to defer to another app, as the Quick Edit screen seems to only offer, well, very quick and light-touch edits.
The Quick Edit interface on a Google Pixel 6 Pro (Image credit: Android Authority)According to screenshots shared by the Android Authority tipster (above), users are only able to use Quick Edit to apply a one-and-done enhancement to the image or apply a crop to the photo. This appears to be the same enhancement available in the app’s existing Edit screen.
Limited... but better than nothingThe editing options coming to Google Photos might seem a tad limited, but I’m personally happy to see this feature being trialed, given the amount of time I spend cropping screenshots and document scans to send to others.
However, it would be nice to at least see basic brightness, contrast, and saturation controls added to the Quick Edit screen by release, as I find one-shot ‘enhancements’ can have unpredictable effects on colors and lighting.
There’s a balance to be struck here, as speed is the name of the game, but I can’t see myself needing to enhance screenshots, document scans, or purely informational images like photos of signs.
And as for pics of friends and family, I’m unlikely to just throw on a blanket enhancement filter and call it a day – though if the touch-ups are subtle enough, I can see this being useful for people who are less bothered or less experienced with editing photos on a smartphone.
In any case, this is a feature I could see myself using, and I’m a fan of anything that gives users more options to use their device how they like. Google hasn’t issued a release date for this new feature yet, so be sure to keep up with our Android coverage for the latest updates.
You might also likeVPNs (Virtual Private Networks) have been around for ages – or at least… they’ve been the go-to for secure remote access since the early days of the internet. The problem is however, the world has changed, and unfortunately, VPNs haven’t kept up – not even a little. They are simply not built for the way we work today. With cloud computing, a distributed workforce, and cyber threats evolving more and more every day, VPNs have grown increasingly outdated.
Here’s where Software-Defined Perimeters, or SDPs, come into play. Designed from the ground up for how we work and live today, SDPs bring a fresh approach to network security that’s more flexible, secure, and user-friendly than VPNs could ever be.
VPNs are reliable but outdatedFor years, VPNs were a solid choice. Connecting users to a network by creating an encrypted “tunnel” to keep information safe. But the way they do it leaves something to be desired. With VPNs, once a user is in, they’re usually given access to the entire network – even parts they don’t need. In today’s security landscape, that’s a problem, and a rather serious one at that.
This is because, VPNs come in two main flavors:
So yes, these setups may work well in very simple situations. But as companies adopt more mobile and cloud resources, VPNs are struggling to keep up.
SDPs are the smarter alternative for modern needsInstead of just verifying a user’s location, SDPs focus on who the user is. They make sure each person (and their device) has specific access to only the resources they need – and nothing more. You could think of it like a “need-to-know” approach, where only precise access is granted thereby reducing the risks of overexposure to sensitive and/or confidential data.
SDPs operate by splitting up the control plane (where access rules live) from the data plane (where data actually flows). When a user tries to connect, the SDP checks who they are, verifies their device, and then and only then, connects them to specific resources.
Why SDPs are outpacing VPNsThere’s a reason why more and more companies are turning to SDPs. They’re simply better suited for today’s requirements. Let’s look at some of the main advantages SDPs have over VPNs:
Security, the “Zero Trust” Way: SDPs are based on “zero trust,” which means everyone has to verify their identity and device before getting access – no one is automatically trusted. On top of that, SDPs “hide” resources behind an invisible layer (often called the “black cloud”) that blocks hackers from even seeing the network.
Pinpointed Access and Control: VPNs often give users more access than they need, but SDPs limit access strictly to what’s necessary. This not only makes the network safer but also limits any damage if a user’s credentials are compromised.
Scale Without the Headaches: VPNs can become clunky and expensive as an organization grows, especially in cloud environments. SDPs, however, are cloud-native and scale easily across different environments. Whether your resources are in private data centers, public clouds, or both, SDPs can handle it without requiring costly hardware or endless reconfigurations.
Easy Management with Fewer Hassles: VPNs are notorious for their ongoing maintenance. You’ve got hardware to deal with, configurations to set up, and frequent updates. SDPs, being software-driven, eliminate much of that hassle.
More Affordable, Greater ROI: VPNs require dedicated appliances and continuous upkeep, making them a costly choice as the user base grows. SDPs, in contrast, don’t need the same physical infrastructure, so they end up being more affordable – especially for companies that are scaling fast.
SDP in actionCompanies with remote teams can finally take control with SDPs. No more worrying about users accessing sensitive parts of the network they shouldn’t touch. SDPs allow specific permissions for each user, letting them access only their designated apps and files. In highly regulated industries like finance and healthcare, SDPs are proving essential to meeting strict data protection laws that VPNs alone can’t satisfy.
Another plus? SDPs allow organizations to respond quickly to new security threats, without the need to reconfigure networks or hardware. They offer a faster, more flexible way to adapt to emerging risks – something VPNs struggle to keep up with.
SDPs lead the way for modern securityIf there’s one thing to remember, it’s this: SDP provides an efficient and secure approach -- letting organizations control access, based on identity and device -- enhancing security in ways that VPNs just can't match.
By switching from VPNs to SDP, organizations can stay ahead of current challenges, not to mention, stay prepared for the future... with the utmost confidence.
We've featured the best business VPN.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Are you holding on to an old phone because you’re worried about the data it stores? A new report from the Information Commissioner’s Office shows you’re not alone, as one in five Brits reported they avoided selling on their old phones due to concerns about personal data being leaked.
The study found three-quarters of us (75%) are holding on to old devices, and most (71%) believe deleting your personal information is important, but almost a quarter of people believe it's too difficult to do (24%).
Many lucky people will be treating themselves to a new device this Christmas, so if you’re one of the 29% who don’t know how to wipe their personal information from their old device, then we have some tricks for you.
How to be sureThere are a few ways to erase the information on your device, including physical destruction, secure deletion software, and restoring to factory settings. All of these have pros and cons, but can ultimately give you peace of mind.
You don’t need specialist equipment to physically destroy the media on a device, but if you want to keep using or sell on the phone, then this probably isn’t the best way forward, as removing the media may void the warranty, and you’ll have to replace the storage (and it isn’t a particularly sustainable option!).
Reverting to factory settings is easy and cheap, but might not be the most secure, depending on the manufacturer's process. Alternatively, we’ve listed the best data removal services, some of which have generous free trials that you can take advantage of.
"We’ve all got that drawer of doom or cluttered cupboard with unused electricals at home - in fact there are over 800 million items stashed in our homes,” said Scott Butler, Executive Director of Recycle Your Electricals.
“One of the benefits of taking the time to delete your data, means that you might be able to safely sell some of your tech and electricals and make a bit of cash after Christmas. Just make sure that you follow Recycle Your Electricals guidance to destroy any data on your devices and our tips to get the best sale price.“
You might also likeNew data from Gartner has claimed global overall cloud spend is set to continue growing into 2025, but reading between the lines makes the certainty of some areas is more questionable.
As 2024 draws to a close, Gartner predicts growth seen across four key categories – cloud application infrastructure services (Paas), cloud application services (SaaS), cloud desktop-as-a-service (Daas) and cloud system infrastructure services (Iaas) – will level out at 19.2%, a touch under the 19.9% saw in 2023.
That said, there are some omissions from the data indicating not all areas of cloud spend are set to be so successful.
Cloud spend could be slowingOverall cloud spend is predicted to rise dramatically, from $595.7 billion in 2024 to $723.4 billion in 2025, marking a healthy increase of 21.4% – more than what we've seen in the past two years.
However, the cloud market is so big that predicting accurately can be extremely difficult, and even minor trends could have a significant knock-on effect.
Key to the concern is Gartner has slowly been pulling categories from its predictions. In 2023, the firm took out cloud management and security services, and this year business process as a service (BPaaS) has been removed. Neither seem to have been packaged up into any of the remaining categories.
Of the remaining four categories, DaaS is predicted to see the smallest change in 2025, up just 0.5%. This year and last, the sector grew 0.6%. It might just be a tenth of a percentage point, but in terms of change, 0.5% is a 16.7% decrease over 0.6%.
The figures also reveal that IaaS compute, storage and networking capacity spend is set to be lower than previously anticipated earlier this year.
The news comes as many businesses consider reverting from the cloud to local infrastructure. Cloud used to be a cheaper and more flexible alternative, but the margin has decreased significantly.
Separately, Canalys Senior Director Rachel Brindley said that companies must “exercise caution to avoid overspending or inefficient resource allocation.”
Brindley added: “Ensuring the sustainability of these investments over time will be vital to maintaining long-term financial health and competitive advantage.”
You might also like