fbpx

Homeland Security warns of a ‘critical’ security flaw in Windows servers

US Homeland Security has issued an emergency alert for a Windows security flaw, Zerologon, that allows attackers to compromise entire networks.

The flaw in the Netlogon Remote Protocol lets attackers with network access “completely compromise” Active Directory services on a network without using a sign-in —a hacker could run amok if they get through.

Source: Homeland Security warns of a ‘critical’ security flaw in Windows servers | Engadget

Republicans Introduce Privacy Bill That Would Override State Laws

Four Republican senators have introduced a privacy bill that would override state privacy laws, other than ones requiring notifications of data breaches.

The proposed law would require companies to obtain consumers’ affirmative consent before transferring their “sensitive” information — which the bill defines as including financial account numbers, persistent identifiers, precise geolocation data, and data revealing people’s race, ethnic origin, religion and sexual orientation.

The Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act (SAFE DATA Act) would also require companies to allow consumers to access, edit and delete data about them.

Source: Republicans Introduce Privacy Bill That Would Override State Laws 09/21/2020

Google will start removing stalkerware and ‘misleading’ apps from its Play Store from October 21

The tech giant will give app developers until October 1 to remove stalkerware code from their official online store.

Google has announced that it is clamping down on apps containing stalkerware capabilities, defined by the company as “code that transmits personal information off the device without adequate notice or consent and doesn’t display a persistent notification that this is happening.”

On September 16, the company updated its Developer Program Policy to state that any apps distributed on its store that monitors a user’s behaviour must include, “adequate notice or consent”; a “persistent notification” of background tracking; must not present their app as a “spying or secret surveillance solution”; or attempt to “hide” or “mislead” users of their surveillance purposes.

Source: Google will start removing stalkerware and ‘misleading’ apps from its Play Store from October 21

Privacy, effectiveness among concerns of robocall-blocking apps

If you’re one of many Canadians who’ve considered alternative measures to block robocalls to your smartphone, a consumer agency says you should be aware of the dangers.

Whether or not the apps are effective is another matter, as most services won’t be able to completely block out the calls. Other features that some apps offer, such as answering calls with nonsensical messages, may actually result in a number getting more scam calls than before.

There is also the concern that a blocking app may expose your personal information, especially when it comes to those that require access to your voicemail.

Source: Better Business Bureau says there are better ways to block auto-dialers than using an app | CTV News

Draft legislation would allow Australian personal data to be shared between government agencies

The Government wants to be able to share your personal information between its agencies. This is what you need to know about what data it plans to share and how.

The Data Availability and Transparency Bill would override the different laws and provisions covering data collected by government bodies. Instead, the National Data Commissioner would oversee a regime to allows data-sharing across the public sector, provided various protections are kept in place.

That would include the likes of Centrelink, the Australian Tax Office, the Department of Home Affairs Department and the Bureau of Statistics, as well as bodies such as the Australian Institute of Health and Welfare. But it could also see public sector information shared with other “accredited” bodies, including universities, think-tanks, businesses and not-for-profit groups.

Source: Draft legislation proposed by Federal Government would allow your personal data to be shared between government agencies – ABC News

Japan’s police introduce facial recognition system in criminal probes

About 10 million facial images are currently stored in the agency’s database, including those of suspects referred to prosecutors who have not been arrested.

Japanese police have been using a system that can match photos of people who have been previously arrested with images gathered by surveillance cameras and social media, police officials said Saturday, a move that could raise concerns about privacy violations.

The facial analysis system has been operated by police across the nation since March to identify criminal suspects more quickly and accurately, the officials said. But critics warn that the system could turn the country into a surveillance society unless it is operated under strict rules.

Source: Japan’s police introduce facial recognition system in criminal probes | The Japan Times

European Police Malware Could Harvest GPS, Messages, Passwords, More

The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest “all data stored within the device,” and was expected to include chat messages, geolocation data, usernames, passwords, and more.

As well as the geolocation, chat messages, and passwords, the law enforcement malware also told infected Encrochat devices to provide a list of WiFi access points near the device.

Organized crime groups across Europe and the rest of the world heavily used the network before its seizure, in many cases to facilitate large scale drug trafficking.

Source: European Police Malware Could Harvest GPS, Messages, Passwords, More

Cloud Industry Unites to Create Global Standard for Transfer of Personal Data following ‘Schrems II’ ruling

The creators of the data protection market standard for cloud, the EU Cloud Code of Conduct, announced work is underway on a proposed legal solution for the transfer of personal data outside the EU.

Once approved by data protection authorities, the solution could be an alternative to the recently annulled EU-U.S. Privacy Shield, previously relied on by thousands of businesses who now face disruption and uncertainty when transferring EU citizens’ data across the Atlantic.

Source: Cloud Industry Unites to Create Global Standard for Transfer of Personal Data following ‘Schrems II’ ruling: EU Cloud CoC

Data Privacy Increasingly a Focus of National Security Reviews

Oracle’s bid to partner with TikTok app may not be a standard-issue business deal, but it’s increasingly the sort of arrangement that undergoes a national security review.

Treasury Secretary Steven Mnuchin said Monday that the Oracle bid would be reviewed by the Committee on Foreign Investment in the U.S., a national security panel that is best known for reviewing outright foreign takeovers of U.S. companies.

The Oracle deal, by comparison, involves an arrangement with TikTok to move data on American users to Oracle’s cloud-computing infrastructure in the U.S. to prevent it from being shared with the Chinese government.

Source: Data Privacy Increasingly a Focus of National Security Reviews – WSJ

IoT Security Bill Passed in House of Representatives

The House of Representatives has passed a bill governing the security of the Internet of Things.

The “Internet of Things Cybersecurity Improvement Act of 2019” sets baseline cybersecurity standards for IoT devices purchased by the federal government.

The Senate Homeland Security Committee advanced a similar bill last year.

Source: EPIC – IoT Security Bill Passed in House of Representatives

>