fbpx

Download free GDPR compliance checklist!

Tag Archives for " cybersecurity "

Google’s federated analytics method could analyze end user data without invading privacy

Google’s federated analytics techniques, which power features like Now Playing, could be used to analyze end user data without invading privacy.

It works by running local computations over a device’s data and making only the aggregated results — not the data from the particular device — available to authorized engineers.

Source: Google’s federated analytics method could analyze end user data without invading privacy | VentureBeat

Zoom plans to roll out strong encryption for paying customers

Video conferencing provider Zoom plans to strengthen encryption of video calls hosted by paying clients and institutions such as schools, but not by users of its free consumer accounts, a company official said on Friday.

A combination of technological, safety and business factors went into the plan, which drew mixed reactions from privacy advocates.

Source: Exclusive: Zoom plans to roll out strong encryption for paying customers – Reuters

Apple Pays Hacker $100,000 Bug Bounty for Finding Huge Apple Security Hole

A bug bounty hunter in India found an Apple security hole. Essentially, anyone could request a token for any email ID. Apple’s servers would then verify that token, so an attacker could gain access to any account you had linked to it.

‘Sign In With Apple’ is supposed to increase your online security and privacy by not revealing personal information when you sign up for accounts on websites or in apps. In fact, Apple requires that developers make it available as an option when they also include social sign-up capability from companies like Facebook or Google. Actually, however, it potentially opened up your online accounts to anyone who had your email address and was technical enough to post a simple request to the Apple ID servers.

Source: Hacker Finds Huge Apple Security Hole; Apple Pays $100,000 Bug Bounty

A Government Database of 20 Million+ Taiwanese Citizens Leaked in Darkweb

A government database of more than 20 million Taiwanese citizens was leaked on the dark web.

The 3.5 GB-database lists the names, addresses, genders, dates of birth, and other private information of more than 20 million citizens. According to Cyble, the “actor” claimed the leak is from 2019, though Cyble researchers have stated that it is difficult to confirm how recent it actually is.

Source: A Government Database of 20 Million+ Taiwanese Citizens Leaked in Darkweb – Cyble, Inc

26 million LiveJournal credentials leaked online, sold on the dark web

LiveJournal credentials were obtained in a 2014 hack, but leaked online earlier this month.

According to Have I Been Pwned (HIBP), the data contained the usernames, emails, and plaintext passwords of 26,372,781 LiveJournal users. LiveJournal users can visit the HIBP portal and check if their credentials have been included in the data trove stolen by hackers back in 2014. Even if the LiveJournal database is old, has circulated in private, and has been abused for years, this doesn’t mean users should slack on their personal security.

Source: 26 million LiveJournal credentials leaked online, sold on the dark web | ZDNet

In land of big data, China sets individual privacy rights

China is poised to enshrine individuals’ rights to privacy and personal data for the first time, a symbolic first step as more of the country of 1.4 billion people becomes digitised – and more vulnerable to leaks and hacks.

The legislation is part of China’s first civil code, a sweeping package of laws that is being deliberated during the annual meeting of parliament, which began on Friday after a delay of more than two months due to the coronavirus.

Source: In land of big data, China sets individual privacy rights – Reuters

Irish regulator reaches preliminary decision in Twitter privacy probe

Twitter may be the first big technology firm to face a fine by the EU’s lead regulator under the region’s tougher data protection rules after it submitted a preliminary decision in a probe into the social media firm to other member states.

The Twitter ruling relates to a 2019 probe into a bug in its Android app, where some users’ protected tweets were made public. Twitter is the subject of two of the 20 other inquiries the DPC had open into big tech firms at the end of 2019.

The DPC is not commenting on the substance of the preliminary Twitter decision at this point, Deputy Commissioner Graham Doyle told Reuters.

Source: Irish regulator reaches preliminary decision in Twitter privacy probe – EURACTIV.com

Equifax agrees to spend over $30 million to settle claims over 2017 data breach

Equifax has agreed to a proposed class action settlement with financial institutions over its 2017 data breach that affected roughly 147 million people in the U.S.

The company will pay up to $5.5 million for class members and commit to spending at least $25 million on data security measures over a two-year period under the proposed deal, according to the unopposed motion for preliminary approval of the settlement.

Source: IN BRIEF: Equifax agrees to settle financial institutions’ claims over 2017 data breach – Reuters

Internet giants are fighting to protect your private browsing history

Earlier this month, the Senate passed the USA FREEDOM Reauthorization Act to reinstate the expired powers of the PATRIOT Act. Absent from the new bill is a crucial amendment that would require law enforcement to obtain a warrant before accessing private browsing data recorded by internet service providers. As it stands, the bill grants agencies like the FBI complete access to the internet history of all Americans.

Subsequently, several tech companies including Mozilla, Reddit, Twitter, and Patreon have co-signed a letter asking the House of Representatives to tidy up this mess. The House still needs to pass the bill for it to become law, and they can force the inclusion of the amendment. They vote this week.

Source: Internet giants are fighting to protect your private browsing history – TechSpot

Hacker Selling 80,000 Users’ Data Stolen From Cryptocurrency Wallets

A hacker who was behind the cyber attack on Ethereum.org is now selling data tied to key cryptocurrency wallets like Keepkey, Trezor, Ledger and online investment platform Bnktothefuture. The hacker has three large databases with information pertaining to at least 80,000 customers. This includes the customer’s email address, name, phone number, residential address and other data.

“The hacker doesn’t seem to have any passwords, but is offering detailed information that was stolen from an alleged Shopify breach like email addresses, home addresses, and phone numbers,” reports Bitcoin News.

Source: Hacker Selling 80,000 Users’ Data Stolen From Cryptocurrency Wallets

1 2 3 113
>