fbpx

Download free GDPR compliance checklist!

Tag Archives for " cybersecurity "

Zoom Agrees to Step Up Security After New York Probe

New York state’s top prosecutor announces that the company Zoom would improve security measures, after flaws were detected as the video conferencing platform soared in popularity amid the coronavirus pandemic.

The agreement wraps an investigation launched in March by New York Attorney General Letitia James into vulnerabilities in the California-based company’s software. In a statement, James said Zoom would institute new security measures for the millions of users using the platform, including enhanced privacy controls.

Source: Zoom Agrees to Step Up Security After New York Probe | SecurityWeek.Com

Adult Cam Site Exposed 10.88 Billion Records Online

As part of a search on the Shodan engine for unsecured databases, security review site Safety Detectives found that CAM4 had misconfigured an ElasticSearch production database so that it was easy to find and view heaps of personally identifiable information, as well as corporate details like fraud and spam detection logs.

The site is CAM4, a popular adult platform that advertises “free live sex cams.” Leaked data comprises 7 terabytes of names, sexual orientations, payment logs, and email and chat transcripts—across 10.88 billion records.

Source: Adult Cam Site CAM4 Exposed 10.88 Billion Records Online | WIRED

UK racing to improve contact-tracing app’s privacy safeguards

NHS officials are racing to introduce greater privacy safeguards for the contact-tracing app at the centre of the government’s lockdown exit strategy amid mounting concern from security experts, MPs and users.

It plans to complete the appointment of an ethics board to improve oversight and publish the software source code in the next month, and has not ruled out “a sunset clause”, agreeing to delete all data collected once the country returns to normal.

Source: UK racing to improve contact-tracing app’s privacy safeguards | Technology | The Guardian

1 ‘No data, security breach’: Aarogya Setu says after hacker claims ‘privacy of 90 million Indians at stake’

Aarogya Setu was alerted “by an ethical hacker of a potential security issue in the app”, which they discussed with him, but “no personal information of any user has been proven to be at risk”.

Elliot Alderson, a French security researcher claimed claimed on Twitter that a security issue has been found in the app and the privacy of 90 million Indians is at stake.

The official Twitter handle of Aarogya Setu, the contact-tracing app developed by the National Informatics Centre (NIC) under the Ministry of Electronics and Information Technology, asserted late on Tuesday that “no data or security breach had been identified” in the app.

Source: ‘No data, security breach’: Aarogya Setu says after hacker claims ‘privacy of 90 million Indians at stake’

German Federal Agencies Publish Privacy and IT Security Requirements for Digital Health Applications

On April 21, 2020, the Regulation on the Requirements and Reimbursement Process for Digital Health Applications (DiGAV) entered into force in Germany.

Among other provisions, the DiGAV includes specific IT security and privacy requirements. Shortly after the law took effect, Germany’s Federal Medicines and Medical Devices Agency (“BfArM”) also released an extensive explanatory Guidance to the DiGAV.

While the scope of application of the DiGAV and the BSI draft guidance may be limited, the documents can serve to provide useful insights and benchmarks for health applications generally.

Full article: German Federal Agencies Publish Privacy and IT Security Requirements for Digital Health Applications

Google Play has been spreading advanced Android malware for years

Hackers have been using Google Play for years to distribute an unusually advanced backdoor capable of stealing a wide range of sensitive data, researchers said.

Researchers from security firm Kaspersky Lab have recovered at least eight Google Play apps that date back to 2018, a Kaspersky Lab representative said, but based on archive searches and other methods, the researchers believe malicious apps from the same advanced group seeded Google’s official market since at least 2016.

Source: Google Play has been spreading advanced Android malware for years | Ars Technica

Quibi, JetBlue, Wish, others accused of leaking millions of email addresses to ad orgs via HTTP referer headers

Short-video biz Quibi, airline JetBlue, shopping site Wish, and several other companies leaked million of people’s email addresses to ad-tracking and analytics firms through HTTP request headers, it is claimed.

According to findings published Wednesday by Zach Edwards, of digital strategy firm Victory Medium, these businesses have spilled these contact details to advertising networks and the like over the past few years. Among those websites identified by Edwards – a group that also includes Mailchimp, The Washington Post, NGPVan.com, KongHQ, and GrowingChild.com – some promptly altered their websites when notified of the issue, but others have not.

Source: Quibi, JetBlue, Wish, others accused of leaking millions of email addresses to ad orgs via HTTP referer headers • The Register

India requires all workers to use its COVID-19 tracking app

India is now mandating that all workers use its COVID-19 contact tracing app, even though there are concerns it violates policies. The country’s home ministry will require that all workers, public or private, use its Aarogya Setu app starting May 4th.

Although the app relies on anonymous device identities and stores encrypted records of Bluetooth interactions with other devices, the Internet Freedom Foundation said the app doesn’t meet data protection standards or provide enough transparency for algorithms.

Source: India requires all workers to use its COVID-19 tracking app | Engadget

Home affairs data breach may have exposed personal details of 700,000 migrants

Privacy experts have blasted the home affairs department for a data breach revealing the personal details of 774,000 migrants and people aspiring to migrate to Australia, including partial names and the outcome of applications.

At a time the federal government is asking Australians to trust the security of data collected by its Covid-Safe contact tracing app, privacy experts are appalled by the breach, which they say is just the latest in a long line of cybersecurity blunders.

Source: Home affairs data breach may have exposed personal details of 700,000 migrants | Data protection | The Guardian

The Swedish DPA issues 18,700 euro fine against the National Government Service Centre

The Swedish Data Protection Authority imposes an administrative fine of 200,000 Swedish kronor (approximately 18,700 euro) on the National Government Service Centre for failing to notify affected parties as well as the Data Protection Authority about a personal data breach in due time.

The DPA noted that it took almost five months for the NGSC to notify the concerned parties and close to three months before the DPA received a data breach notification.

Source: The Swedish Data Protection Authority issues fine against the National Government Service Centre

>