Tag Archives for " cybersecurity "

No boundaries for Facebook data: third-party trackers abuse Facebook Login

So far in the No boundaries series, we’ve uncovered how web trackers exfiltrate identifying information from web pages, browser password managers, and form inputs .

Today we report yet another type of surreptitious data collection by third-party scripts that we discovered: the exfiltration of personal identifiers from websites through “login with Facebook” and other such social login APIs.

Source: No boundaries for Facebook data: third-party trackers abuse Facebook Login

NIST releases latest version of its Cybersecurity Framework

On April 16, 2018, the National Institute of Standards and Technology (NIST) unveiled Version 1.1 of its widely known Cybersecurity Framework, which incorporates changes based on feedback collected through comments, questions, and workshops held in 2016 and 2017.

The Cybersecurity Framework aims to focus on industries vital to national and economic security, including energy, banking, communications, and defense, and provides a universal structure that can be tailored to varied methods of cybersecurity by compiling effective standards, guidelines, and practices into one framework.

Source: NIST releases latest version of its Cybersecurity Framework

Privacy as an Afterthought: ICANN’s Response to the GDPR

Almost three years ago, the global domain name authority ICANN chartered a working group to consider how to build a replacement for the WHOIS database, a publicly-accessible record of registered domain names.

Because it includes the personal information of millions of domain name registrants with no built-in protections for their privacy, the legacy WHOIS system exposes registrants to the risk that their information will be misused by spammers, identity thieves, doxxers, and censors.

Source: Privacy as an Afterthought: ICANN’s Response to the GDPR

Cops Around the Country Can Now Unlock iPhones, Records Show

A Motherboard investigation has found that law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors.

Source: Cops Around the Country Can Now Unlock iPhones, Records Show – Motherboard

Russian cyber threat pushes UK to sign world’s largest digital security pact 

Theresa May will strengthen the UK’s digital defences through a £15m online security pact with Commonwealth allies amid warnings over the growing threat of cyber warfare from Russia.

Leaders from the 53-nation bloc are expected to sign the world’s largest cyber declaration, pledging to join forces to combat criminals and hostile actors engaged in potentially devastating cyber attacks, and to support smaller nations to raise their security standards by 2020.

Source: Russian cyber threat pushes UK to sign world’s largest digital security pact | The Independent

Far more than 87m Facebook users had data compromised

Far more than 87 million people may have had their Facebook data harvested by Cambridge Analytica, according to evidence from former employee Brittany Kaiser.

Speaking to the Commons digital, culture, media and sport select committee, Kaiser said Cambridge Analytica had a suite of personality quizzes designed to extract personal data from the social network, of which Aleksandr Kogan’s This Is Your Digital Life app was just one example.

Source: Far more than 87m Facebook users had data compromised, MPs told | UK news | The Guardian

EU to force tech firms to hand over terror suspects’ messages

The European commission is seeking to force technology companies wherever they are based in the EU to hand over emails, text messages and app communications of terror suspects within hours of a court order.

Under the plans, judges in one member state will be able to seize electronic evidence held on a service provider in another European country through a transnational European production order.

Source: EU to force tech firms to hand over terror suspects’ messages | World news | The Guardian

Advisory group releases IoT safety and design risk toolkit

Hundreds of initiatives have been launched over the past several years to tackle the issue of internet-of-things security in the design phase for devices. AgeLight Advisory Group Managing Director Craig Spiezle spent the time to review more than 1,500 documents to see what those initiatives hoped to achieve.

AgeLight has released the fruits of Spiezle’s work in the form of the IoT Safety and Trust Design Architecture and Risk Toolkit. The toolkit seeks to achieve three primary goals: to guide and drive industry into self-regulation, to promote high-value privacy and security practices, and to deliver trustworthy devices to the marketplace.

Source: Advisory group releases IoT safety and design risk toolkit

Take Action to Close the Largest Cause of Data Security Incidents – Your Employees

If you work at a typical company, employee actions and inadvertent present the greatest threat to the security of your data.

Therefore, providing proper training and technical safeguards is one of the most important means to enhance your company’s security profile.

Source: Deeper Dive: Take Action to Close the Largest Cause of Data Security Incidents – Your Employees

Google is testing self-destructing emails in new Gmail

Google is working on a brand new design for the web version of Gmail.

You can configure the expiration date so that your email disappears after 1 week, 1 month, multiple years, etc. You can also ask your recipient to confirm their identity with a passcode sent via text message. This sounds like a great way to associate email addresses with phone numbers and improve Google’s ads.

Source: Google is testing self-destructing emails in new Gmail | TechCrunch

1 2 3 59
>