fbpx

Download free GDPR compliance checklist!

Category Archives for "Security"

Hackers are hijacking smart building access systems to launch DDoS attacks

More than 2,300 building access systems can be hijacked due to a severe vulnerability left without a fix.

Hackers are actively searching the internet and hijacking smart door/building access control systems, which they are using to launch DDoS attacks, according to firewall company SonicWall.

Source: Hackers are hijacking smart building access systems to launch DDoS attacks | ZDNet

Avast Is Going To Stop Selling Your Web Habits

Avast, one of the world’s biggest antivirus and security companies, announced plans to wind up its subsidiary Jumpshot after a privacy furor erupted over the last two months.

With 400 million users, the potential for privacy infringements was great. Data sold to companies like Google, Microsoft, Home Depot and many other companies included information about websites people visited, including porn sites and what specific videos they watched and more.

Source: Avast Is Going To Stop Selling Your Web Habits

Forensics detective says Android encryption now superior to iPhones

According to a forensics detective, Android encryption has made it harder to crack Android phones as compared to iPhones. This is a reversal from the norm.

Cellebrite — one of the most prominent companies that government agencies hire to crack smartphones — has a cracking tool that can break into any iPhone made up to and including the iPhone X. The tool pulls data such as GPS records, messages, call logs, contacts, and even data from specific apps such as Instagram, Twitter, LinkedIn, etc., all of which could be incredibly helpful in prosecuting criminals.

However, that same Cellebrite cracking tool is much less successful with Android encryption on prominent handsets.

Source: Forensics detective says Android encryption now superior to iPhones

52% of companies use cloud services that have experienced a breach

Use of personal devices when accessing cloud services and the sprawl of high-risk cloud services drive new areas of risk for companies using the cloud.

Seventy-nine percent of companies store sensitive data in the public cloud, according to a McAfee survey. While these companies approve an average of 41 cloud services each, up 33 percent from last year, thousands of other services are used ad-hoc without vetting. In addition, 52 percent of companies use cloud services that have had user data stolen in a breach.

Source: 52% of companies use cloud services that have experienced a breach – Help Net Security

Sen. Graham Draft Bill Would Ban Encryption, Undermine User Privacy, Security

Senator Lindsey Graham, a top Trump ally, is targeting giant internet platforms with a child protection measure that could threaten tech companies’ use of encryption and a liability exemption they prize.

Although the measure doesn’t directly mention encryption, it would require that companies work with law enforcement to identify, remove, report and preserve evidence related to child exploitation — which critics said would be impossible to do for services such as WhatsApp that are encrypted from end-to-end.

Source: Lindsey Graham Proposal Could Expose Apple, Facebook to Lawsuits – Bloomberg

Tinder’s Panic Button Partner, Noonlight, Shares Data With Third Parties

Tinder has a proven track record of providing a dating platform to some less-than-stellar men who have been accused of raping—and in one grisly case, dismembering—women they’ve met through the platform.

With the help of a company called Noonlight, Tinder users will be able to share the details of their date—and their given location—in the event that law enforcement needs to get involved. However, it turns out that the app sends data to handful of major names in the ad tech space—including Facebook and Google-owned YouTube—gleaning details about the app every minute.

Source: Tinder’s Panic Button Partner, Noonlight, Shares Data With Third Parties

Australian government secretly releasing sensitive medical records to police

The Australian government is releasing highly sensitive medical records to police through a secret regime that experts say contains fundamentally flawed privacy protections.

The Department of Human Services fields large volumes of requests for Pharmaceutical Benefits Scheme (PBS) and Medicare Benefits Schedule (MBS) data from state and federal policing agencies each year.

Source: Australian government secretly releasing sensitive medical records to police

3 biggest threats cybersecurity professionals are facing in 2020

Organizations are moving toward next-generation cybersecurity solutions this year, but security fragmentation is a looming threat.

The three threats that respondents cited as their biggest for 2020 are:

  1. Weaponized email attachments and links (74%)
  2. Ransomware (71%)
  3. Banking trojans and other browser-based password hijackers (67%)

Source: 3 biggest threats cybersecurity professionals are facing in 2020 – TechRepublic

€114 Million in Fines Imposed by EU Authorities Under GDPR

New findings from DLA Piper show that 160,000 data breach notifications reported across 28 European Union Member States and data protection authorities have imposed €114 million in monetary fines under the GDPR for a wide range of infringements. Not all fines were related to data breach infringements, however.

In terms of the total value of fines issued by geographical region, France (€51m), Germany (€24.5m) and Austria (€18m) topped the rankings, whilst the Netherlands (40,647), Germany (37,636) and the UK (22,181) had the highest number of data breaches notified to regulators.

Source: €114m in Fines Imposed by Euro Authorities Under GDPR – Infosecurity Magazine

Reflecting on APAC Data Protection and Cyber-security Highlights for 2019 (and what lies ahead!)

2019 saw continued growth and change in data protection and cyber-security across the Asia-Pacific. Following the implementation of the GDPR in May, 2018, many jurisdictions moved to review and strengthen existing data privacy and cyber-security laws.

In addition, 2019 saw regulators publishing findings in respect of some of the largest data incidents of 2018. We have set out below the key highlights of the year and what to look out for in 2020.

Full article: Reflecting on APAC Data Protection and Cyber-security Highlights for 2019 (and what lies ahead!)

>