Ransomware trends are on the rise, even more so today than in the previous years. According to some estimates, by end of 2021, the number of ransomware attacks would have increased to 1 every 11 seconds, the outstanding record being one ransomware ever…
Read More Ransomware-as-a-Service (RaaS) – The Rising Threat to CybersecurityThe future ownership of an Israeli spyware company whose product has been used to hack into the cellphones of journalists, human rights workers and possibly even heads of state is up in the air.
read more
Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts.
Read More ‘I’m Calling About Your Car Warranty’, aka PII HijinxSilicon Valley venture capital firm Advanced Technology Ventures (ATV) this week announced that personal information of some of its private investors was stolen in a ransomware attack.
read more
Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks.
The latest Android update provides documentation on 33 security bugs, some serious …
Forbes has the story:
Read More Paragon: Yet Another Cyberweapons Arms ManufacturerParagon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get longer-lasting access to a device, even when it’s rebooted.
[…]
Two industry sources said they believed Paragon was trying to set itself apart further by promising to get access to the instant messaging applications on a device, rather than taking complete control of everything on a phone. One of the sources said they understood that Paragon’s spyware exploits the protocols of end-to-end encrypted apps, meaning it would hack into messages via vulnerabilities in the core ways in which the software operates…
Amazon was fined 746 million euros ($880 million) by Luxembourg authorities over allegations it flouted the EU’s data protection rules, the online retail giant said Friday.
read more
Zoom, the videoconferencing firm, has agreed to settle a class-action US privacy lawsuit for $85 million, it said Sunday.
The suit charged that Zoom’s sharing of users’ personal data with Facebook, Google and LinkedIn was a breach of privacy for millio…
This is a question we get asked a lot and one which is floating all over the internet too, especially on discussion forums where people can stay anonymous if they want: Is Pornhub safe? Is it a safe site to enter? We decided to address it here since we…
Read More Is Pornhub Safe? How to Browse Adult Websites SecurelyKubient conducted a survey of marketing and advertising professionals to provide a snapshot of industry perspectives on increasing privacy regulations, including the postponement and eventual elimination of cookies and how it affects the larger marketi…
Read More Most marketers support federal consumer privacy protectionsEmployee email takeover exposed personal, medical data of students, employees and patients.
Read More UC San Diego Health Breach Tied to Phishing AttackAuthorities opened an investigation into the secretive Israeli security firm.
Read More Israeli Government Agencies Visit NSO Group OfficesBlackCloak, a company that provides cyber protection services for corporate executives and high-profile individuals, on Thursday announced that it has raised $11 million in a Series A funding round.
read more
BlackCloak, a company that provides cyber protection services for corporate executives and high-profile individuals, on Thursday announced that it has raised $11 million in a Series A funding round.
read more
Google this week announced a series of updates to its Google Play policies that are meant to improve overall user privacy and security and provide more control over ads personalization.
read more
Google this week announced a series of updates to its Google Play policies that are meant to improve overall user privacy and security and provide more control over ads personalization.
read more
Do you want to know which are the best encrypted messaging apps out there and how it can protect your valuable data? This guide might be exactly what you’re looking for. Many of you could believe that all the private data shared via Facebook Messenger,…
Read More Best Encrypted Messaging Apps You Should Use TodayPathwire released the results of its Data Compliance Survey, a survey of 1,000 IT and marketing decision-makers across the globe on the most common data privacy and compliance trends and challenges. Comply with privacy laws The findings reveal 44.7% of…
Read More Lack of email validation and opt-in processes hinder organizations from achieving complianceSurvey by PwC Canada also shows 30 per cent believe the proposed changes will positively impact their firms’ bottom line
The post Many firms preparing for proposed changes to Canada’s privacy law: Survey first appeared on IT World Canada.
Read More Many firms preparing for proposed changes to Canada’s privacy law: SurveyThe U.S. government and its allies are pleading with defenders to pay attention to gaping holes in perimeter-type devices, warning that advanced threat actors are feasting on known security defects in VPN appliances, network product gateways and enterp…
Read More US Gov Warning: VPN, Network Perimeter Product Flaws Under Constant AttackThis is important:
Read More De-anonymization StoryMonsignor Jeffrey Burrill was general secretary of the US Conference of Catholic Bishops (USCCB), effectively the highest-ranking priest in the US who is not a bishop, before records of Grindr usage obtained from data brokers was correlated with his apartment, place of work, vacation home, family members’ addresses, and more.
[…]
The data that resulted in Burrill’s ouster was reportedly obtained through legal means. Mobile carriers sold — and still sell — location data to brokers who aggregate it and sell it to a range of buyers, including advertisers, …
Apple on Monday released a major security update with fixes for a security defect the company says “may have been actively exploited” to plant malware on macOS and iOS devices.
read more
NSO’s controversial Pegasus spyware has been used to surveil over 50,000 targets, including heads of state, journalists and human rights activists.
The post High Profile Incident: Pegasus Spyware Found on 50,000 Smartphones appeared first on Adam Levin.
Read More High Profile Incident: Pegasus Spyware Found on 50,000 SmartphonesMozilla has completely removed support for the File Transfer Protocol (FTP) from the latest release of its flagship Firefox web browser.
read more
To realize the full potential of online services, identity verification solutions are required to avoid fraud and boost trust in the systems, for both end users and organizations. In-person data verification can be performed by a service agent easily, …
Read More Verifiable credentials are key to the future of online privacyThe internet is heavily flooded with data. It could take a person several hours, or even days, and a considerable number of cups of coffee to sift through the data and ultimately reach actionable insights. For businesses leveraging a lot of data for market research, competitive price analysis, and other business applications, sifting through data […]
The post How Web Scraping Can Enhance Cyber Security appeared first on CyberDB.
Read More How Web Scraping Can Enhance Cyber SecurityThe Dutch Data Protection Authority (Autoriteit Persoonsgegevens – AP) announced Thursday that it has imposed a fine of €750,000 on TikTok “for violating the privacy of young children”. More specifically, TikTok failed to provide a privacy statement in…
Read More TikTok fined €750,000 for Violating Children’s PrivacyThe Dutch Data Protection Authority (Autoriteit Persoonsgegevens – AP) announced Thursday that it has imposed a fine of €750,000 on TikTok “for violating the privacy of young children”. More specifically, TikTok failed to provide a privacy statement in…
Read More TikTok fined €750,000 for Violating Children’s PrivacyA Catholic priest was outed through commercially available surveillance data. Vice has a good analysis:
Read More Commercial Location Data Used to Out PriestThe news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially any sort of disgruntled, unscrupulous, or dangerous individual. A growing market of data brokers that collect and sell data from countless apps has made it so that anyone with a bit of cash and effort can figure out which phone in a so-called anonymized dataset belongs to a target, and abuse that information…
The Pegasus project has raised new concerns about the Israeli firm, which is a world leader in the niche surveillance marketIn 2019, when NSO Group was facing intense scrutiny, new investors in the Israeli surveillance company were on a PR offensive to…
Read More How NSO became the company whose software can spy on the worldGuardian editor-in-chief Katharine Viner reflects on our recent investigation into NSO Group, which sells hacking spyware used by governments around the world, and explains why journalism like this is so vital When the Guardian’s head of investigations…
Read More The Pegasus project: why investigations like this are at the heart of the Guardian’s missionData privacy is an important topic in the digitalized economy. Recent policy changes have aimed to strengthen users’ control over their own data. Yet new research from Copenhagen Business School finds designers of cookie banners can affect users&…
Read More User data privacy decisions can be easily manipulatedSpy software known as Pegasus has been used to carry out surveillance on the smartphones of journalists, activists, and political leaders. Can a “Freedom Phone” be trusted? And a ransomware-hit law firm demonstrates how not to keep its cust…
Read More Smashing Security podcast #237: NuNa, NuNu, NaNaWhen the Ashley Madison data breach occurred in 2015, it made headline news around the world. Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read. What was deemed especially newsworthy was the presence of email addresses in
Read More Your Work Email Address is Your Work’s Email AddressA senior official of the US Catholic Church has resigned after a blog revealed it had cellphone data that showed he was a regular user of the gay dating app Grindr.
Read More No, your Grindr activity is not necessarily private – just ask the senior Catholic priest who was outed and lost his jobAfter years of mostly sitting on the sidelines, Microsoft is starting to be aggressive with cybersecurity acquisitions.
The world’s largest software company said Wednesday it would acquire CloudKnox, a Silicon Valley startup that sells tools to help co…
Google on Tuesday announced the release of Chrome 92 in the stable channel, with 35 security patches and with various other security improvements, such as better site isolation and phishing protection.
read more
The past decade has witnessed scandal after scandal over private images maliciously or accidentally made public. A study from computer scientists at Columbia Engineering reveals what may be the first way to encrypt personal images on popular cloud phot…
Read More Image encryption technique could keep photos safe on popular cloud photo servicesEight months ago the Liberal government announced an overhaul of PIPEDA. But if, as predicted, it is about to call a fall election the bill dies
The post Is Canada’s reform of privacy legislation dead? first appeared on IT World Canada.
Read More Is Canada’s reform of privacy legislation dead?As security & risk management (SRM) leaders globally adjust to a “new normal” brought about by the COVID-19 pandemic, businesses must adapt their privacy programs for better scale and performance on ever-tighter budgets. While juggling these compe…
Read More Is differential privacy the ideal privacy-enhancing computation technique for your business?Hackers are stealing the identities of those lost in the condo-collapse tragedy.
Read More Ruthless Attackers Target Florida Condo Collapse VictimsReports that Israel-made Pegasus spyware has been used to monitor activists, journalists and politicians around the world highlight the diplomatic risks of nurturing and exporting “oppressive technology”, experts warned Monday.
read more
Little will happen until and unless the European Data Protection Authorities begin to enforce Schrems II
read more
Microsoft’s problems with security defects in the Windows Print Spooler utility are getting worse by the week.
read more
The ICO, the UK’s data watchdog, has raided two properties while investigating the leak of CCTV footage from inside the Department of Health and Social Care.
Read More The Matt Hancock CCTV footage leak – why it’s right for the ICO to investigateThe trade-off between widespread technology adoption and responsible use often lies on the spectrum of privacy. When it comes to technologies fueled by data, such as artificial intelligence (AI), it’s even harder to strike the balance between equitable…
Read More How to strike the balance between privacy and personalization in healthcare and beyondA secretive Israeli commercial surveillance company named after a parasitic freshwater fish is being blamed for supplying Windows and Chrome zero-day exploits to nation-state APT actors.
read more
Case involves the so-called right to be forgotten
The post Canada’s privacy law applies to Google search, says judge in right to be forgotten case first appeared on IT World Canada.
Read More Canada’s privacy law applies to Google search, says judge in right to be forgotten caseHow did investigators ask a romance scammer out on a date, how are smart homes continuing to play dumb, and is it time for social media sites to do more about racist football fans?
All this and much more is discussed in the latest edition of the awa…
Read More Smashing Security podcast #236: Stingrays, soccer, and smart homesFirst California. Then Virginia. Now Colorado.
Here’s a good comparison of the three states’ laws.
First California. Then Virginia. Now Colorado.
Here’s a good comparison of the three states’ laws.
Cyber incidents continue to rise, ransomware accounts for nearly two-thirds of all malware attacks, and more cybercriminals are customizing malware for attacks on virtual infrastructure, Positive Technologies finds. According to the research, the numbe…
Read More Cybercriminals customizing malware for attacks on virtual infrastructureThe attackers have spruced up the ‘vncDll’ module used for spying on targets and stealing data.
Read More Trickbot Malware Rebounds with Virtual-Desktop Espionage ModuleWe’ve said it before, and we’ll say it again: don’t be in too much of a hurry for those home deliveries you’re expecting!
Read More Home delivery scams get smarter – don’t get caught outThe United States will seek global rules on how to prevent misuse of artificial intelligence, Secretary of State Antony Blinken said Tuesday, as he renewed warnings against Russia over hacking.
read more
Accelerated by the pandemic, health IT has continued to innovate at pace, while having to balance data protection and regulatory rules. However, critical transformations – like transitioning to the cloud – are a tougher challenge for this industry than…
Read More Ensuring HIPAA compliance when using the cloudNow everyone can learn what privacy means, how your privacy is impacted when using the web and mobile apps, and how to protect your privacy online thanks to a free course from Coventry University.The UK university has worked closely with experts includ…
Read More Free Coventry University Course to Help Everyone Protect their Online PrivacyNow everyone can learn what privacy means, how your privacy is impacted when using the web and mobile apps, and how to protect your privacy online thanks to a free course from Coventry University.The UK university has worked closely with experts includ…
Read More Free Coventry University Course to Help Everyone Protect their Online PrivacyNow everyone can learn what privacy means, how your privacy is impacted when using the web and mobile apps, and how to protect your privacy online thanks to a free course from Coventry University.The UK university has worked closely with experts includ…
Read More Free Coventry University Course to Help Everyone Protect their Online PrivacyMicrosoft’s Patch Tuesday bundle for July 2021 landed with a loud thud as the world’s largest software maker warns of a new wave of zero-day attacks hitting its flagship Windows operating system.
read more
Mozilla this week pushed Firefox 90 to the stable channel with several security improvements, including better protections against cross-origin threats and an advanced tracker blocking mechanism.
read more
Threats to your business data can be really damaging if you are not careful. But they are completely avoidable when you have the right safeguards in place. If you are wanting to ensure that you can conduct business without a lot of issues along the way, then investing in the right methods will help. There […]
The post Tips for Keeping Your Business Data Secure appeared first on CyberDB.
Read More Tips for Keeping Your Business Data SecureThe European Consumer Organisation announced Monday it had lodged a complaint with the European Commission against Facebook’s attempt to modify the terms of service for the WhatsApp messenging service.
read more
Emil Sayegh, president and CEO of Ntirety, unpacks the issue of inauthentic identities opening doors to untraceable, fake social accounts and the impact that it has on society. Emil is a cloud visionary and is known as one of the “fathers of Open…
Read More The False Identity Frenzy and the Need for AuthenticationThe U.S. health insurance industry is facing growing risks from cybersecurity threats due to the increasingly sophisticated techniques used by cybercriminals amid the expansion of remote healthcare delivery and growing digitization of insurance transac…
Read More Health insurers facing growing risk of customer data theftJust days after shipping an emergency Windows update to cover a dangerous code execution flaw (CVE-2021-1675) in the Print Spooler service, Microsoft is investigating a new set of claims that its so-called ‘PrintNightmare’ patch has not properly fixed …
Read More Did Microsoft Botch the PrintNightmare Patch?In this article, I’m going to offer you the best encrypted email services, alternatives to popular email services such as Gmail or Yahoo, which can also be secured to a certain degree, but, at the same time, mainstream providers are notorious for misha…
Read More The Best Encrypted Email Services You Need to Use in 2021Where does data live and who can access it? This seemingly simple question is, in fact, incredibly complex in the cloud era, as servers often reside abroad and regional data rights clash with international government surveillance efforts. This friction…
Read More What you need to know about transatlantic data transfersLatest episode – listen now!
Read More S3 Ep40: Kaseya breach, PrintNightmare 0-day, and hacking versus the law [Podcast]The Tor Project has brought major censorship circumvention and usability changes to the latest release of Tor Browser. The Tor team is on a mission to make Tor easier to use for everyone through user experience improvements based on research with users…
Read More Tor Browser 10.5 improves circumvention for Tor users in censored placesIt’s the central conundrum at the heart of telehealth: How can patients gain access to their most vital medical records without putting privacy at risk? The question is not just one of user activity – historically, healthcare providers have been …
Read More How health tech can secure patient data post-CURES ActA ransomware gang has exploited a security hole in software used by many businesses, and are demanding $70 million for a decryption tool. Plus we take a close look at TikTok, and a website which seems to have entirely ripped-off Twitter.
All this a…
Read More Smashing Security podcast #235: REvil returns, TikTok grows, and Gettr defacedBritish anti-malware powerhouse Sophos has acquired Capsule8 to beef up the Linux protection capabilities to its endpoint detection and response product stack.
Financial terms of the deal were not disclosed.
read more
Pro-Trump social media platform GETTR was targeted by hackers shortly after launch — accounts were apparently compromised and tens of thousands of users had their data scraped and leaked online.
read more
Even if we can consider the pretense ironic, the situation can be very risky as it can actually end up deploying infostealer malware on the victim machine. An infostealer is a type of malware focused on gathering sensitive and conditional information f…
Read More A New Threat Advertises Malicious Privacy Tools as Security EnhancersConsumers around the world fear that businesses are now compromising online security in their efforts to deliver seamless digital experiences. According to a research released by Trulioo, 71% of respondents living in China, the UK and the U.S. feel tha…
Read More Online brands prioritizing speed over securityData leaks happen once every few months at least. Millions of users can have their phone number, address, and Social Security Number smeared across the internet in a matter of seconds. Your online browsing behavior is also sold legally by tech companie…
Read More Protecting Your Online Privacy: Three Levels of SecurityIronNet Cybersecurity released a report assessing timely topics such as the estimated cost per enterprise of the SolarWinds cyberattack, executive-level engagement in attack responses, and the effect of information sharing on an organization’s overall …
Read More Cybersecurity posture confidence high, yet incidents are increasing tooCryptography, privacy, stalkerware and how infosec professionals relax. Listen, enjoy and learn!
Read More S3 Ep 39.5: A conversation with Eva Galperin [Podcast]LimeVPN has confirmed a data incident, and meanwhile its website has been knocked offline.
Read More Hacked Data for 69K LimeVPN Users Up for Sale on Dark WebSecure Access Service Edge (SASE) provider Versa Networks this week announced it raised $86 million in Series D funding. To date, the company has received $200 million in funding.
The funding round was led by Princeville Capital and RPS Ventures, with …
The enterprise asset management space just got a bit more crowded with the launch of Sevco Security, an early-stage startup selling a “cloud-native security asset intelligence platform.”
read more
A refined database of 88K U.S. business owners on LinkedIn has been posted in a hacker forum.
Read More LinkedIn’s 1.2B Data-Scrape Victims Already Being Targeted by AttackersMicrosoft warns about a hacking gang that is far from cuddly, algorithms rather than managers are firing people, and our guest receives a surprising email from “Amazon”…
And you will NOT want to miss checking out a very special “Pick of the week”!…
Read More Smashing Security podcast #234: Cozy Bear, dildo scams, and robo hires and firesFederal law enforcement agencies secretly seek the data of Microsoft customers thousands of times a year, according to congressional testimony Wednesday by a senior executive at the technology company.
read more
The central goal of cloud computing is to provide fast, easy-to-use computing and data storage services at a low cost. However, the cloud environment comes with data confidentiality risks attached. Cryptography is the primary tool used to enhance the s…
Read More Enhancing cloud security with a two-step cryptography techniqueIBM Corp. on Wednesday announced that it is contributing the Kestrel open-source programming language for threat hunting to the Open Cybersecurity Alliance (OCA).
read more
Police in the UK are warning WhatsApp users of a surge they have seen in attempts made by fraudsters to steal accounts.
Read more in my article on the Hot for Security blog.
Read More Received a WhatsApp verification code without requesting it? Beware – you might be about to have your account stolenA GAO report finds government agencies are using the technology regularly in criminal investigations and to identify travelers, but need stricter management to protect people’s privacy and avoid inaccurate identification
Read More Feds Told to Better Manage Facial Recognition, Amid Privacy ConcernsAs demands on the compliance function grow more intense, Chief Compliance Officers (CCOs) must proactively embrace new leadership responsibilities for their role and reposition how their function is thought of among stakeholders, according to Gartner. …
Read More Chief Compliance Officers must embrace new leadership responsibilitiesAnalysis: UK prides itself on GCHQ’s cyber capability – so availability of Raab’s number will have been embarrassing for himDominic Raab’s mobile number freely available online for last decadeFinding Dominic Raab’s mobile phone online is more than just…
Read More For UK foreign secretary, simply having a mobile represents a security risk – analysisExclusive: Finding raises questions for security services weeks after similar revelations about PM’s numberFor UK foreign secretary, simply having a mobile represents a security riskThe private mobile number of Dominic Raab, the UK foreign secretary, h…
Read More Dominic Raab’s mobile number freely available online for last decadeHealthcare data management provider HealthVerity this week announced that it has raised $100 million in Series D funding, which brings the total raised by the company to $142 million.
read more
These days, it’s not a matter if your password will be breached but when. Major websites experience massive data breaches at an alarming rate. Have I Been Pwned currently has records from 543 sites comprising 11.4 billion accounts. This includes well-k…
Read More Save the Embarrassment: The Value of Two-Factor Authentication on Social MediaOver the past year, consumers have adapted to many changes, including the rapid shift towards a digital-first lifestyle. This has led to an emphasis on consumers dependence on mobile devices, as they look to execute nearly all daily activities via devi…
Read More Consumers neglecting mobile security despite growing number of threatsAfter 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it’s happened again – with big security ramifications.
Read More Data for 700M LinkedIn Users Posted for Sale in Cyber-UndergroundMicrosoft is investigating an incident where a threat actor submitted malicious drivers for certification through the Windows Hardware Compatibility Program.
Built by a third-party, the drivers were designed to target gaming environments and could allo…
The justice secretary has signalled that ministerial security may have been compromised as he called for regular security sweeps for cameras in ministers’ offices after the Matt Hancock scandal. Hancock resigned as health secretary after CCTV foot…
Read More Buckland: ministerial offices should be swept for hidden cameras – videoThe justice secretary has signalled that ministerial security may have been compromised as he called for regular security sweeps for cameras in ministers’ offices after the Matt Hancock scandal. Hancock resigned as health secretary after CCTV foot…
Read More Buckland: ministerial offices should be swept for hidden cameras – videoJustice secretary Robert Buckland calls for regular sweeps for hidden cameras in government officesThe justice secretary, Robert Buckland, has signalled that ministerial security may have been compromised as he called for regular security sweeps for ca…
Read More Hancock CCTV footage: security may have been breached, minister says