fbpx

Download free GDPR compliance checklist!

Tag Archives for " cybersecurity "

TikTok Will Never Hand Over Data to Chinese Govt, Says CEO

TikTok has claimed that the Chinese government has never requested for user data, nor would the company turn it over if asked.

TikTok has sought to distance itself from Beijing after it was banned in India earlier this week. In a letter to the Indian government dated June 28th, the company’s CEO, Kevin Mayer, said that the Chinese government has never asked for data of Indian users. He further claimed that the company wouldn’t comply with such an order even if Beijing asks for it.

Source: TikTok Will Never Hand Over Data to Chinese Govt, Says CEO | Beebom

More than half of organisations subject to GDPR collect more data than the regulation permits

A Data Risk and Security report released by the security software company Netwrix has revealed that companies are failing to follow GDPR and security best practices.

The survey of just over a thousand respondents revealed that security professionals are often bypassing many of the six stages of the data lifecycle. While security issues are mitigated at some stages, many important stages are being overlooked, resulting in vulnerable systems.

Source: More than half of organisations subject to GDPR collect more data than the regulation permits, a study has found

TikTok and 53 other iOS apps still snoop your sensitive clipboard data

Passwords, bitcoin addresses, and anything else in clipboards are free for the taking.

The privacy invasion is the result of the apps repeatedly reading any text that happens to reside in clipboards, which computers and other devices use to store data that has been cut or copied from things like password managers and email programs. With no clear reason for doing so the apps deliberately called an iOS programming interface that retrieves text from users’ clipboards.

Source: TikTok and 53 other iOS apps still snoop your sensitive clipboard data | Ars Technica

Demographic report on protests shows how much info our phones give away

Data analytics company Mobilewalla released a report detailing the race, age and gender breakdowns of individuals who participated in protests in select cities during the weekend of May 29th.

Mobilewalla “observed” a total of 16,902 devices. What is especially disturbing is that protestors likely had no idea that the tech company was using location data harvested from their devices.

Source: Demographic report on protests shows how much info our phones give away | Engadget

Hackers are hiding virtual credit card skimmers in image file metadata

Hackers put Magecart JavaScript code into the EXIF metadata of image files, which is then loaded and executed by compromised stores.

Hiding malicious code inside of images is nothing new, but it’s the first time security researchers have seen them used to obscure credit card skimmers.

Source: Hackers are hiding virtual credit card skimmers in image file metadata | Engadget

Chrome extensions with 33 million downloads slurped sensitive user data

Browser extensions downloaded almost 33 million times from Google’s Chrome Web Store covertly downloaded highly sensitive user information

The extensions, which Google removed only after being privately notified of them, actively siphoned data such as screenshots, contents in device clipboards, browser cookies used to log in to websites, and keystrokes such as passwords, researchers from security firm Awake told me. Many of the extensions were modular, meaning once installed, they updated themselves with executable files, which in many cases were specific to the operating system they ran on.

Source: Chrome extensions with 33 million downloads slurped sensitive user data | Ars Technica

UK launches new fake ad alert system to target online fraud

Fraudulent online advertising is being targeted via a new reporting system created by UK authorities.

The UK Scam Ad Alert, launched by The Advertising Standards Authority (ASA) and the Internet Advertising Bureau (IAB) allows people to report scam ads appearing in paid-for-spaces online to the ASA, who will then circulate details of the ads, remove them and suspend the advertiser’s account where possible.

Source: #Privacy: UK launches new fake ad alert system to target online fraud – PrivSec Report

iPhone spyware lets police log suspects’ passcodes when cracking doesn’t work

A tool, previously unknown to the public, doesn’t have to crack the code that people use to unlock their phones. It just has to log the code as the user types it in.

The spyware has been available for about a year but this is the first time details of its existence have been reported, in part because of the non-disclosure agreements police departments sign when they buy a device from Grayshift known as GrayKey.

Source: iPhone spyware lets police log suspects’ passcodes when cracking doesn’t work

Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More

The researchers found 845 gigabytes and close to 2.5 million records, likely representing data from hundreds of thousands of users.

The information was particularly sensitive and included sexually explicit photos and audio recordings. The researchers also found screenshots of private chats from other platforms and receipts for payments, sent between users within the app as part of the relationships they were building. And though the exposed data included limited “personally identifying information,” like real names, birthdays, or email addresses, the researchers warn that a motivated hacker could have used the photos and other miscellaneous information available to identify many users. The data may not have actually been breached, but the potential was there.

Source: Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More | WIRED

Zoom to exclude free calls from end-to-end encryption to allow FBI cooperation

Zoom, the popular video conferencing platform, has announced it will provide end-to-end encryption after facing a litany of privacy and security concerns – but only to users who pay for it.

Privacy advocates are concerned, saying basic security shouldn’t be a paid feature left open for the possibility of working with law enforcement.

Source: Zoom to exclude free calls from end-to-end encryption to allow FBI cooperation | Zoom | The Guardian

>