fbpx

Download free GDPR compliance checklist!

Category Archives for "Security"

The Twitter hack shows a major cybersecurity vulnerability: employees

Attackers keep finding ways to leverage human weakness to get around security measures.

On Wednesday, Twitter fell victim to hackers who used a “coordinated social engineering attack” to compromise some of Twitter’s highest-profile accounts—including those belonging to Barack Obama, Elon Musk, Bill Gates, and Kanye West—to launch a crypto scam targeting those users’ followers.

While cybersecurity advances have hardened IT infrastructure and made it increasingly difficult to hack systems remotely, criminals have a logical way around these measures: targeting the employees who are already inside the systems.

Source: The Twitter hack shows a major cybersecurity vulnerability: employees.

Academic Project Used Marketing Data to Monitor Russian Military Sites

Cellphone location data purchased from marketers enabled researchers at Mississippi State to track the movements of Russian generals. The data have major implications for national-security and law-enforcement agencies, too.

At one of the locations, the Nyonoksa Missile Test Site in northern Russia, the group identified 48 mobile devices present on Aug. 9, one day after a mysterious radiation spike there generated international headlines and widespread speculation that a Russian missile test had gone wrong.

Source: Academic Project Used Marketing Data to Monitor Russian Military Sites – WSJ

UK Government admits breaking privacy law with NHS test and trace

Ministers accused of reckless behaviour over roll-out, with Guardian learning of data breaches.

The UK government broke the law in rolling out its test-and-trace programme without a full assessment of the privacy implications, the Department of Health and Social Care has admitted after a legal challenge.

Source: Government admits breaking privacy law with NHS test and trace

Seven ‘no log’ VPN providers accused of leaking user logs onto the internet

A string of “zero logging” VPN providers have some explaining to do after more than a terabyte of user logs were found on their servers unprotected and facing the public internet.

This data, we are told, included in at least some cases clear-text passwords, personal information, and lists of websites visited, all for anyone to stumble upon.

Source: Seven ‘no log’ VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet • The Register

UK government reported 500 personal data breaches to ICO in a year

Central government reported almost 500 personal data breaches to the Information Commissioner’s Office in the 2020 fiscal year, with one in ten requiring formal investigation and at least 10 incidents that have required the department in question to take remedial action.

During FY20, the regulator also received a collective tally of 1,006 data-breach reports from the local government sector. The overall number of reports filed across all sectors quadrupled following the introduction of GDPR, from 3,331 in 20178/18 to 13,840 the following year.

Source: EXCL: Whitehall departments reported 500 personal data breaches to ICO in FY20 | PublicTechnology.net

Germany proposes first-ever use of EU cyber sanctions over Russia hacking

Berlin has officially called for the use of a new EU sanctions framework to target Russian individuals following the 2015 hack attack against the German parliament’s IT system, an inquiry has revealed.

If agreed, the plan, which was recommended by Berlin last month, would be the first use of an EU cyber sanctions regime adopted in 2017.

Source: Germany proposes first-ever use of EU cyber sanctions over Russia hacking | News | DW | 12.07.2020

Republicans push bill requiring tech companies to help access encrypted data

A group of Senate Republicans is looking to force tech companies to comply with “lawful access” to encrypted information, potentially jeopardizing the technology’s security features.

The proposed legislation is Congress’ latest attempt to weaken encryption from tech giants.

Source: Republicans push bill requiring tech companies to help access encrypted data – CNET

Police Are Buying Access to Hacked Website Data

Hackers break into websites, steal information, and then publish that data all the time, with other hackers or scammers then using it for their own ends. But breached data now has another customer: law enforcement.

Some companies are selling government agencies access to data stolen from websites in the hope that it can generate investigative leads, with the data including passwords, email addresses, IP addresses, and more.

Source: Police Are Buying Access to Hacked Website Data

Privacy-preserving credentials for smartphones are coming

Mobile credentials for smartphones can help us securely and safely verify information about ourselves without revealing data unrelated to the question at hand.

Developers have been working for several years on a better way to design credentials. With COVID-19 and police surveillance now at the forefront of our political debates, it is time to bring this technology into the public conversation. The technology in question is privacy-preserving credentials hosted on smartphones, which have the potential to significantly improve privacy in cases where an individual needs to prove something like age or residence.

Source: Privacy-preserving credentials for smartphones are coming

Apple declined to implement 16 Web APIs in Safari due to privacy concerns

Apple said this week that it declined to implement 16 new web technologies (Web APIs) in Safari because they posed a threat to user privacy by opening new avenues for user fingerprinting.

Apple claims that the 16 Web APIs above would allow online advertisers and data analytics firms to create scripts that fingerprint users and their devices.

Source: Apple declined to implement 16 Web APIs in Safari due to privacy concerns | ZDNet

>