fbpx

Download free GDPR compliance checklist!

Tag Archives for " cybersecurity "

Fitbit Spyware Steals Personal Data via Watch Face

Immersive Labs Researcher takes advantage of lax Fitbit privacy controls to build a malicious spyware watch face.

A wide-open app-building API would allow an attacker to build a malicious application that could access Fitbit user data, and send it to any server.

Kev Breen, director of cyber threat research for Immersive Labs, created a proof-of-concept for just that scenario, after realizing that Fitbit devices are loaded with sensitive personal data.

“Essentially, [the developer API] could send device type, location and user information including gender, age, height, heart rate and weight,” Breen explained. “It could also access calendar information. While this doesn’t include PII profile data, the calendar invites could expose additional information such as names and locations.”

Source: Fitbit Spyware Steals Personal Data via Watch Face | Threatpost

Twitter Data-Breach Case Won’t Be Resolved Before Year’s End

European privacy regulators are unlikely to issue a final ruling on Twitter’s handling of a 2019 data breach before the end of the year, Ireland’s data commissioner said.

Under the General Data Protection Regulation, the European Union’s 2018 data privacy law, Twitter faces a fine of up to 2% of its global revenue last year, or roughly $69 million, for failing to disclose the breach within 72 hours.

Helen Dixon, head of Ireland’s Data Protection Commission, in May submitted a draft decision to more than two dozen of the bloc’s privacy regulators for review, as required under the law. Eleven regulators objected to the proposed ruling, sparking a lengthy dispute-resolution mechanism, she said. The contents of the draft decision haven’t been disclosed.

Source: Twitter Data-Breach Case Won’t Be Resolved Before Year’s End, Ireland’s Regulator Says – WSJ

No GDPR damages after data breach, says German court

In a civil action following a personal data breach affecting a credit card bonus programme, the Regional Court (Landgericht) Frankfurt am Main rejected claims by a data subject who was affected by the breach for a cease-and-desist injunction and for compensation for non-material damage under Article 82(1) GDPR.

The decision is in line with the majority of similar restrictive interpretations of Article 82(1) GDPR by other German courts, requiring evidence of objective harm. Nevertheless, there are also a few more “generous” court decisions favoring a subjective test for proof of non-material damage.

Source: Germany: No GDPR damages after data breach – Privacy Matters

Five Eyes governments, India, and Japan make new call for encryption backdoors

Members of the intelligence-sharing alliance Five Eyes, along with government representatives for Japan and India, have published a statement over the weekend calling on tech companies to come up with a solution for law enforcement to access end-to-end encrypted communications.

The statement is the alliance’s latest effort to get tech companies to agree to encryption backdoors.

The Five Eyes alliance, comprised of the US, the UK, Canada, Australia, and New Zealand, have made similar calls to tech giants in 2018 and 2019, respectively.

Source: Five Eyes governments, India, and Japan make new call for encryption backdoors | ZDNet

Commission presses Zoom for security assurances but continues to use platform

The European Commission is looking for further assurances from US video conferencing platform Zoom regarding the security of its technology, after concerns emerged earlier this year over the company’s privacy protocols.

The Commission “has asked Zoom for its latest security audit reports and additional information, particularly relating to its encryption controls,” Human Resources Commissioner Johannes Hahn said on Tuesday (6 October), in response to a written question from Italian MEP Mara Bizzotto.

Source: Commission presses Zoom for security assurances but continues to use platform – EURACTIV.com

Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

On October 1, 2020, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published an advisory that highlights the risk of potential U.S. sanctions law violations if U.S. individuals and businesses comply with ransomware payment demands.

OFAC’s advisory neither describes new penalties for ransomware payments nor expands existing law or provides new authority for imposing sanctions. Rather, in releasing its advisory in conjunction with a similar advisory from the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), OFAC is sending a clear signal that making ransomware payments with a sanctions nexus threatens U.S. national security interests and that third-party service providers that facilitate ransomware payments on behalf of a victim must consider and ensure compliance with OFAC regulations.

Source: Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

FBI warns of risks of using wireless hotel networks

Wi-Fi networks in hotels typically favor guest convenience over strong security practices, says the FBI.

As the coronavirus pandemic and lockdown have forced a shift to remote work, many people are working not just from home but from public locations. The pitfall here is that a public location may not have the tight security measures required to protect sensitive data and other assets. That vulnerability holds true for libraries, coffee shops, and even hotels. In a new warning about hotel Wi-Fi, the FBI provides several tips on how to protect yourself when using such a public network.

Source: Wi-Fi security: FBI warns of risks of using wireless hotel networks – TechRepublic

Amazon aims to improve biometric features and privacy with new edge AI chip in Echo devices

A new processor in Amazon’s latest generation of Echo devices are giving the Alexa assistant intriguing capabilities that the company say offer consumers a more natural experience of speech-based interaction.

There’s also plenty of scientific research that’s gone into sound localization and computer vision to offer new features without creating new biometric data storage and privacy problems—and device edge processing is the key.

Source: Amazon aims to improve biometric features and privacy with new edge AI chip in Echo devices | Biometric Update

Half of All Organizations Experienced Cyber Security Incidents During the Remote Working Period

Study showed that 75% of IT decision-makers believed hybrid or remote working to be the future of the workplace, and most also believed that this has led to an increase in security incidents.

The “Securing the Future of Hybrid Working” report also found that phishing remained the most prevalent threat facing employees working remotely. While remote working was a predisposing factor for cyberattacks, most employees prefer hybrid working environments, with just 11% exclusively preferring office work.

The report recommended that businesses should adapt to their employees’ needs to guarantee the safety of the organizations’ systems.

Source: Half of All Organizations Experienced Cyber Security Incidents During the Remote Working Period – CPO Magazine

Half of Organizations Experienced Security Incidents While Working Remotely

As businesses try to deliver a seamless hybrid experience of work from home and office, Tessian’s Securing the Future of Hybrid Working report reveals the security risks they must overcome and the pressures on IT teams.

The majority of IT decision makers (82%) think that employees are at greater risk of phishing attacks when working remotely. Their concerns are valid; over three-quarters (78%) of employees said they received a phishing email while working on their personal laptop between March and July 2020, and 68% admitted to clicking a link or downloading an attachment within that email.

In fact, nearly half of companies surveyed experienced a data breach or security incident between March and July 2020, with half being caused by phishing attacks – making it the leading cause of security incidents during this period of remote working.

Source: Half of Organizations Experienced Security Incidents While Working Remotely, Reveals New Data – socPub

1 2 3 121
>