Educational

In its February 2019 iOS release (12.2), Apple introduced a toggle enabling users to control whether websites received motion and orientation data collected by the gyroscope and accelerometer inside the iPhone, iPad, and iPod touch. The change is believed to be in response to a 2018 report that

In February 2019, an anonymous tip-off to Computer Sweden revealed that a database containing recordings of 170,000 hours of calls made to the Vårdguiden 1177 non-emergency healthcare advice line was left without encryption or password protection on an open web server provided by Voice Integrate

In January 2019, researchers reported finding two huge data dumps. Collection #1 contained passwords and usernames relating to nearly 773 million email addresses spread across about 2.7 spreadsheet rows in 12,000 files. Collection #2.5 contained 845GB of data and more than 25 billion records that

In late 2018, researchers at SINTEF Digital Norway, ETH Zurich, and Berlin's Technical University discovered a new and serious vulnerability in several generations of the cellular mobile communications protocols: 3G, 4G, and the upcoming 5G. The flaw affected Authentication and Key Agreement, which

In January 2019 Apple briefly disabled the group functionality in its FaceTime video calling application after bug was discovered that allowed users to listen on the people they were calling when they did not pick up the call and also allowed some callers to see video of the person they were calling

As part of its planning for the 2020 Olympic Games, due to be held in Tokyo, Japan approved a law that would allow the government to conduct a survey to identify vulnerable Internet of Things devices. The National Institute of Information and Communications Technology staff who carry out the survey

In November 2018 the UK Information Commissioner's Office fined Uber's European operation £385,000 for inadequate security that permitted a November 2016 data breach affecting nearly 3 million British users and 82,000 drivers. In the 2016 breach, attackers obtained credentials that allowed them to

In January 2019 Twitter revealed that it had discovered a security flaw in that meant that Android users who updated the email address linked to their account between November 2014 and January 2019 had inadvertently turned off the "protected" setting on their accounts so that their tweets could have

It was already known that law enforcement agencies can track phones to within 500 metres if they show service providers a warrant, but in January 2019, it became clear that the same real-time location data was being sold to a wide range of third parties, including car salesmen, property managers

In November 2018, the criminal hacker group 3ve found a new way of exploiting security weaknesses in the Border Gateway Protocol that allowed them to take control of IP addresses belonging to the US Air Force and other reputable organisations; the result was to net them $29 million in fraudulent

A November 2018 breach of a government-funded resettlement agency's database in South Korea allowed hackers, believed to be North Korean state security officials, to copy the personal information belonging to 997 North Koreans living in South Korea. Escaping to South Korea is considered an act of

A vulnerability in Amadeus, the customer reservation system used by 144 of the world's airlines, was only superficially patched after a team reported the vulnerability in 2018. As a result, an attacker could alter online strangers' Passenger Name Records, which contain all the details of the

In January 2019, the security researcher Justin Paine discovered that the California-based voice over IP provider Voipo had left exposed an unprotected database containing tens of gigabytes of call logs, other internal documents, and customer text messages, including password resets and two-factor

In 2016, Jamie Siminoff, the CEO of the miniature security camera company Ring, emailed his employees information them that the company would adopt a new mission to fight crime by using consumer electronics. The company, which Amazon acquired in 2018, sells its cameras with a social app, "Neighbors"

The miniature security camera maker Ring, which was acquired by Amazon in 2017 for a reported $1 billion, has a history of inadequate oversight of the data collected by those cameras on behalf of its customers. In 2016, it reportedly granted virtually unlimited access to its Ukraine-based research

In December 2018, the security researchers at 0DayAllDay discovered that the encryption keys hard-coded into the firmware inside the Guardzilla indoor wireless security system were protected by a ten-year-old, easily cracked algorithm. Because all the devices used the same keys, anyone could use the