We're just a few short months away from the California Consumer Privacy Act going into effect. The regulation brings privacy rights to residents in California and gives them control of their personal information and how companies can use it. Any business that sells to a California resident needs to be CCPA-compliant. Nearly every brick-and-mortar store nowadays has an e-commerce site.

University researchers have discovered a way to issue unauthorized commands to digital assistants like Alexa, Google Assistant, Facebook Portal and Siri via laser beams. The microphones in devices like smart speakers, mobile phones and tablets convert sound into electrical signals, but what the researchers found was that the mics react to light aimed directly at them, too.

Flaws in Amazon and Google smart speakers can expose users to eavesdropping and voice phishing. Researchers at Security Research Labs discovered that developers could create malicious apps for the Amazon and Google platforms to turn the smart speakers into smart spies. Using the standard development interfaces for the platforms, the researchers found a way to request and collect personal data.

As part of National Cyber Security Awareness Month, the National Cyber Security Alliance is advising all computer users to "Protect IT" by taking precautions such as updating to the latest security software, Web browser and OS. The nonprofit public-private partnership, which works with DHS and private sector sponsors, advised computer users on ways to protect their personal data.

Online tech support scams have been on the rise for the past decade, as hackers found new ways to trick consumers into providing remote access to their computers in order to steal information. This tried-and-true scam currently relies on sophisticated social engineering, fueled by detailed user information that creates enough credibility to dupe even the most savvy and skeptical users.

Since the dawn of the Internet age, criminals have looked for ways to profit on unsuspecting people while they browse the Web. Viruses, malware and other schemes were invented to infect and infiltrate systems, both at the enterprise and consumer levels. One of the most successful forms of cybercrime is social engineering, also known as the con man of the Internet.

Stopping cyberattacks requires diligent behavior. One of the themes of this year's National Cyber Security Awareness Month, or NCSAM, is that all computer users should take steps to Secure IT. That means shaking up the passphrase protocol by using not just strong passwords but strong and unique passphrases. Everyone should double login protection through multifactor authentication.

October is National Cyber Security Awareness Month, and one of the prongs in the three-part theme is for all computer users to "Own IT." This means staying safe on social media, updating privacy settings, and keeping tabs on apps. Simply put, users need to take better ownership of their data and their online presence as part of daily safe cyber practices.

Two eGobbler malvertising exploits impacted 1.16 billion programmatic ads between Aug. 1 and Sept. 23, according to Confiant, which has been tracking the threat. The first targeted versions of Chrome prior to Chrome 75 on iOS. The flaw was fixed in the Chrome 75 rollout June 4. he second exploit impacted WebKit-based browsers. Confiant reported it to the Chrome and Apple security teams Aug. 7.

Google's plans to test an encrypted Internet DNS protocol reportedly have spurred some members of Congress to consider opening an antitrust investigation. They are concerned that the new technology could give Google an edge over competitors by making it harder for them to access consumer data. Google is experimenting with new ways to enhance online privacy.

Cybersecurity should be a concern for all businesses -- large and small. Cybersecurity also should be a concern for consumers, government agencies, and basically anyone who relies on the Internet in our increasingly connected world. Among efforts to focus attention on the threatscape is designating October as National Cyber Security Awareness Month.

Amazon is testing scanners that can identify a human hand to use as a payment method for in-store purchases. The company plans to introduce "Orville" to some Whole Foods stores by the beginning of 2020, and later expand it to all locations in the United States. Employees at Amazon's New York offices are said to be using the technology to buy items from specially equipped vending machines.

Verizon, the No. 1 mobile carrier in the United States, this week introduced a free version of its robocall-blocking app, which will be standard on all new Android devices. The company further announced that it will auto-enroll eligible Android users to its Call Filter service and block what are seen as "high-risk" calls. This includes calls from numbers that have been reported as fraudulent.

Hackers affiliated with the Chinese government have been making a concerted effort to steal medical research, particularly cancer research, from U.S. institutions. The step-up in medical research theft by Chinese APT hacker groups appears to be linked to China's growing concern over cancer mortality rates and increasing healthcare costs. Cancer in the leading cause of death in China.

Owners of iPhones looking for an extra measure of protection when using applications and logging into websites can get it with a new dongle from Yubico. Its new YubiKey 5Ci, which retails for $70, supports both USB-C and Apple's Lightning connectors on a single device. The dual connectors can give security-conscious consumers and enterprise users strong hardware-backed authentication.

Numerous driver design flaws by 20 different hardware vendors expose Microsoft Windows users to widespread security compromises that can cause persistent malware attacks. A report titled "Screwed Drivers," which Eclypsium security researchers presented at DEF CON, urges Microsoft to support solutions to better protect against this class of vulnerabilities.

Researchers associated with vpnMentor, which provides virtual private network reviews, discovered a data breach involving nearly 28 million records in a BioStar 2 biometric security database belonging to Suprema. "BioStar 2's database was left open, unprotected and unencrypted," vpnMentor said. "After we reached out to them, they were able to close the leak."

Apple sent emails to a small number of customers last week, inviting them to apply for the company's new Apple Card, and a privileged few have become the first to enroll in the program. The rollout is limited to qualifying applicants in the U.S. The Apple Card, which is a virtual Mastercard issued by Goldman Sachs Bank USA's Salt Lake City branch, will roll out generally later this summer.

New personal identification and authentication technologies have the potential to transform the way entertainment services are delivered, accessed and experienced. These technologies offer a high level of security, often incorporating biometrics such as voice, fingerprint, iris or retinal features, and facial characteristics. Each type of authentication bears its own advantages and disadvantages.

Amazon, Google and Apple have suspended contractor review of consumer recordings following disclosures that the devices are nearly always listening and have captured personal, business and other delicate human interactions. Consumers using smart speakers and digital assistant apps from Amazon and Google can apply some control over their system settings.

United Airlines has announced plans to begin rolling out Clear's biometric prescreening at its hub airports. The system works by verifying a flier's fingerprints or eye scan. Clear already is available at about 60 locations throughout the United States. It offers a system that utilizes biometrics to speed preapproved travelers to the front of the security lane.

Capital One Financial Corporation has announced a data breach affecting some 100 million people in the U.S. and another 6 million in Canada. The FBI arrested the alleged perpetrator of the breach in Seattle. Capital One on July 19 discovered someone had accessed its data stored online and obtained personal information of credit card customers and people who had applied for credit card products.

The United States Federal Trade Commission announced that Equifax has agreed to pay a minimum of $575 million as part of a global settlement of claims against it arising from a 2017 data breach that affected 147 million Americans. The settlement with the FTC, the Consumer Financial Protection Bureau, and 50 states and territories potentially could reach $700 million.

Every day we read stories about data breaches and cyberattacks on business and government websites, and the resulting the loss of personally identifiable information. Cybercrime is on the rise, and given the ever-evolving methods of attack, meaningful relief and reliable measures to fend off cybercriminals are unlikely in the foreseeable future. Companies need to insure against cybertheft.

A security researcher has found a flaw in the popular video conferencing app Zoom that could be used to turn on the camera on a Macintosh computer without a user's permission. The vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without a user's permission, explained Jonathan Leitschuh, a senior software engineer at Gradle.

It is newly minted conventional wisdom that not a single information security conference goes by without a presentation about the abysmal state of IoT security. While this is a boon for researchers looking to make a name for themselves, this sorry state of affairs is definitely not beneficial for anyone who owns a connected device. IoT device owners aren't the only ones fed up, though.

An AI technology called "deepfake" may be the next big threat we face as a society. Consider a recent video clip of Facebook CEO Marc Zuckerberg saying some outlandish things. You might think it is real -- but it's a deepfake. It's his image, and it sure sounds like him, but he never actually made that speech. "Can't be," you might think. "That has to be Zuckerberg talking." Wrong.

Chinese hackers likely are responsible for a series of cyberattacks against telecommunications companies around the world, security researchers have reported. The campaign, dubbed "Operation Soft Cell," has been active since 2012, according to Cybereason. There is some evidence suggesting even earlier activity against the telecommunications providers, all of whom were outside North America.

Firefox users should update their browsers immediately to fix a critical zero-day vulnerability. Anyone using Firefox on a Windows, macOS or Linux desktop is at risk. Mozilla issued a patch Tuesday, but the vulnerability was discovered by Samuel Groß of Google Project Zero on April 15. Mozilla's fix came after Coinbase reported exploitation of the vulnerability for targeted spearphishing attacks.

Account hijacking has become a nettlesome problem at Instagram so it has decided to do something about it. The social media company has begun testing a simpler method for users to reclaim their compromised accounts. It allows users locked out of their hacked accounts to ask for a six-digit code to be sent to the email address or phone number originally used to open the account.