fbpx

Download free GDPR compliance checklist!

Tag Archives for " cybersecurity "

German Federal Government Passed a Draft Law Amending Germany’s Information Technology Laws

On December 16, 2020, the German Federal Government passed a draft law that substantially amends some of Germany’s information technology laws.

These amendments aim to adapt the current legal framework to the increasing digitalization of products and services, the proliferation of IoT products, and the appearance of new cybersecurity threats. The draft law is expected to be enacted in the German Parliament in the first quarter of 2021.

Source: German Federal Government Passed a Draft Law Amending Germany’s Information Technology Laws | Inside Privacy

Experian warns of facial recognition, synthetic ID fraud

The widespread shift to e-commerce and touchless payments during the pandemic has escalated fraud risk in those channels, including the possibility of fraudsters combining altered photos with synthetic ID, Experian warns.

A trick Experian is calling “Frankenstein IDs” could see fraudsters this year using machine learning to invent fake facial images, which combined with fictional identities could add a new and more virulent edge to fast-growing synthetic ID fraud, the global information company said in a new forecast.

Full article: Experian warns of facial recognition, synthetic ID fraud | PaymentsSource

WhatsApp private chat groups get EXPOSED again on Google search

Just days after rolling out its new policy obliging users to share their data with Facebook, WhatsApp has suffered an embarrassing privacy breach, with its private chat groups being indexed on Google’s search engine.

The privacy breach was reported on Sunday. Invite links to private WhatsApp messaging groups as well as some user profiles were indexed by Google and appeared in search results, essentially meaning anyone was able to join supposedly secure chats and see both chats and related phone numbers.

Source: WhatsApp private chat groups get EXPOSED again on Google search — RT World News

Intel launches RealSense ID camera system for on-device facial recognition

Intel expanded its family of RealSense 3D cameras with an on-device system for facial recognition. Intel said its new RealSense ID camera system combines an active depth sensor with a specialized neural network designed to perform facial authentication on consumer-facing devices such as point-of-sale systems, ATMs and kiosks.

Intel’s RealSense 3D technology uses cameras to measure depth and enable computing systems to read facial expressions and gestures. This latest RealSense ID system takes that core technology and packages it in a way that makes it easier to use in retail and secure access control scenarios.

Source: Intel launches RealSense ID camera system for on-device facial recognition | ZDNet

Brazilians mostly unaware of data protection regulations

Despite concerns over potential misuse and lack of trust, research has found consumers are not questioning corporate practices around personal data handling.

The survey carried out by Brazilian credit intelligence company Boa Vista with over 500 consumers between August and September 2020 suggests that over 70% of those polled do not know what the General Data Protection Regulations are.

The vast majority of the consumers polled (90%) feel their personal information is not protected appropriately by the companies requesting them, while 77% have expressed concerns over potential misuse of their data. Of the Brazilian consumers surveyed, 40% said they have been victims of fraud.

Source: Brazilians mostly unaware of data protection regulations | ZDNet

Ticketmaster Pays $10 Million Criminal Fine for Intrusions into Competitor’s Computer Systems

Ticketmaster Used Passwords Unlawfully Retained by a Former Employee of a Competitor to Access Computer Systems in Scheme to “Choke Off” the Victim’s Business.

Ticketmaster agreed to pay a $10 million fine to resolve charges that it repeatedly accessed without authorization the computer systems of a competitor. The fine is part of a deferred prosecution agreement that Ticketmaster has entered with the United States Attorney’s Office for the Eastern District of New York to resolve a five-count criminal information filed today charging computer intrusion and fraud offenses.

Source: Ticketmaster Pays $10 Million Criminal Fine for Intrusions into Competitor’s Computer Systems

FBI Warn Hackers are Using Hijacked Home Security Devices for ‘Swatting’

Stolen email credentials are being used to hijack home surveillance devices, such as Ring, to call police with a fake emergency, then watch the chaos unfold.

By accessing a targeted home security device an attacker can initiate a call for help to authorities and watch remotely as the swat occurs. The FBI points out that by initiating a call for help from the actual security device lends authenticity and anonymity to the hacker.

Source: FBI Warn Hackers are Using Hijacked Home Security Devices for ‘Swatting’ | Threatpost

Microsoft Confirms Its Network Was Breached With Tainted SolarWinds Updates

Microsoft confirmed that its network was among the thousands infected with tainted software updates from SolarWinds, even as new data the company has released suggest the likely Russian actors behind the campaign were focused on a smaller set of targets than originally thought.

Microsoft on Friday said that it had detected malicious SolarWinds binaries in its environment, which the company isolated and removed. However, the software giant denied a Reuters report on Thursday that claimed Microsoft’s own products were then used to distribute malware to other organizations in much the same way SolarWinds’ Orion network product management technology was abused.

Source: Microsoft Confirms Its Network Was Breached With …

Nintendo Conducted Invasive Surveillance Operation Against Homebrew Hacker

Leaked Nintendo documents have revealed a frightening surveillance operation carried out against a hacker who was researching exploits for the 3DS handheld.

In addition to monitoring his private life, including aspects of his education, when he left the house and where he went, the company followed its target from his place of work in order to pressure him into stopping his activities.

Source: Nintendo Conducted Invasive Surveillance Operation Against Homebrew Hacker * TorrentFreak

The European Union Agency for Cybersecurity Publishes a Draft Certification Scheme for Cloud Services

On December 22, 2020, the European Union Agency for Cybersecurity (ENISA) published a draft scheme for cloud services. Cloud services that meet the security requirements of the scheme will be able to obtain a certification attesting their level of cybersecurity.

The draft scheme sets out criteria that apply to the design and implementation of cloud services, including their security features and the essential processes used throughout their lifecycle. It supports three assurance levels: “basic”, “substantial”, and “high”.

Source: The European Union Agency for Cybersecurity Publishes a Draft Certification Scheme for Cloud Services

>