Plus, your car’s GPS might be compromised, and hospitals desperately need a tech upgrade.
Amazon is taking legal action against the administrators of more than 10,000 Facebook groups that generate fake reviews for Amazon products. The phony reviews appeared on Amazon marketplaces across the US, UK, Germany, France, Italy, Spain, and Japan. Positive reviews for a product will boost the sellers’ visibility and place the product higher up in search engine results. The illicit Facebook groups offered money or free goods in exchange for positive reviews. Amazon reported the groups to Meta, which took down half of them right away. “Proactive legal action targeting bad actors is one of many ways we protect customers by holding bad actors accountable,” said Dharmesh Mehta, an Amazon Vice President. The legal action has been filed at a court in Seattle. For more on this story, see BBC News.
Amazon shares Ring footage with police
According to a letter Amazon sent to Sen. Ed Markey (D-Mass) on July 1, Ring video surveillance footage has been shared with U.S. authorities 11 times so far this year without first securing the footage owners’ consent. Ring maintains that police can not view recordings unless clips are posted publicly or shared directly with police, but in the letter to the senator, the company wrote that it does share footage with police without a warrant under emergency circumstances involving imminent danger, serious physical harm, or death. Ring said that while it doesn’t require the owners’ consent in these situations, it does notify them that their footage is being shared. See Politico for more.
SATAn attack can target air-gapped systems
In a new research paper published by the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the Negev in Israel, Dr. Mordechai Guri wrote, “Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6GHz frequency band.” While air-gapped computers are physically isolated from other computers, Guri and his team found that an attacker could take advantage of the SATA cable by using it as a covert channel that emanates electromagnetic signals to transfer brief amounts of data. For more on this potential attack, see The Hacker News.
Critical flaws found in popular GPS vehicle tracker
Researchers have discovered six vulnerabilities in the Micodus MV720, a GPS tracker made by Chinese company Micodus, which has 1.5 million tracking devices deployed across 420,000 customers in 169 countries. The vulnerabilities make it possible for attackers to remotely disable cars, track location histories, disarm alarms, and cut off fuel. The researchers, as well as the U.S. Cybersecurity and Infrastructure Security Administration (CISA), have tried for months to engage with Micodus, but without success. All six flaws remain unmitigated and unpatched. These kinds of trackers are notoriously poorly protected, and anyone using them is advised to turn them off immediately until patches are developed. For more, see Ars Technica.
Healthcare industry needs cure for data analysis paralysis
In a new study by Syntellis Performance Solutions, 420 healthcare finance leaders were surveyed on their financial outlook and possible plans for adopting analytics tools and advanced technologies in order to overcome the outdated systems and untrustworthy data being used by most healthcare organizations today. The study found that 61% still rely on outdated tools like spreadsheets and inadequate systems for decision-making. The researchers behind the study suggest hospitals and healthcare organizations need to smartly invest in data analytics, artificial intelligence, and machine learning tools. For more on this study, see VentureBeat.
This week’s must-read on the Avast blog
The right program and partner can make it much easier for businesses to automate their patch management. Read more about the importance of patching.