fbpx

Download free GDPR compliance checklist!

Category Archives for "Security"

Tiktok to transfer data control to UK arm ahead of Brexit

Tiktok has said it will be moving ownership of its users’ data in Europe to local subsidiaries, in a boost to its British arm as it prepares for Brexit.

The social media app’s US parent Tiktok Inc will no longer manage and safeguard data for users based in the UK and the European Union. Instead, from 29 July, Tiktok Ireland will control the data of all users in the European Economic Area and Switzerland, while Tiktok UK will do the same for Britons.

Source: Tiktok to transfer data control to UK arm ahead of Brexit – CityAM : CityAM

São Paulo subway facial recognition system slammed over user data security and privacy

A new surveillance system is deemed “inefficient and dangerous” as it fails to protect the personal information of 4 million daily users, associations say.

The current legacy system includes an estate of non-integrated 2200 cameras that will be replaced by 5200 digital high-definition cameras controlled centrally. But the company responsible for the operation of São Paulo’s subway system has failed to demonstrate sufficient evidence that it is ensuring the protection of user privacy in the implementation of a new platform that will use facial recognition technology.

Source: São Paulo subway facial recognition system slammed over user data security and privacy | ZDNet

TikTok Will Never Hand Over Data to Chinese Govt, Says CEO

TikTok has claimed that the Chinese government has never requested for user data, nor would the company turn it over if asked.

TikTok has sought to distance itself from Beijing after it was banned in India earlier this week. In a letter to the Indian government dated June 28th, the company’s CEO, Kevin Mayer, said that the Chinese government has never asked for data of Indian users. He further claimed that the company wouldn’t comply with such an order even if Beijing asks for it.

Source: TikTok Will Never Hand Over Data to Chinese Govt, Says CEO | Beebom

Microsoft’s Free Rein Over EU Staff Data Sparks Privacy Warning

Microsoft Corp.’s licensing agreements with European Union authorities gave the U.S. tech giant free rein to oversee data processing activities for more than 45,000 EU officials, the institution’s own privacy watchdog warned.

The EU’s in-house data protection regulator said in its findings of a probe that institutions’ lack of control “over which sub-processors Microsoft used and lack of meaningful audit rights also presented significant issues.”

Source: Microsoft’s Free Rein Over EU Staff Data Sparks Privacy Warning – Bloomberg

Facebook says 5,000 app developers got user data after cutoff date

A Facebook privacy mechanism blocks apps from receiving user data if users didn’t use an app for 90 days. Facebook said 5,000 apps continued to receive user data regardless.

The incident is related to a security control that Facebook added to its systems following the Cambridge Analytica scandal of early 2018.

Source: Facebook says 5,000 app developers got user data after cutoff date | ZDNet

TikTok and 53 other iOS apps still snoop your sensitive clipboard data

Passwords, bitcoin addresses, and anything else in clipboards are free for the taking.

The privacy invasion is the result of the apps repeatedly reading any text that happens to reside in clipboards, which computers and other devices use to store data that has been cut or copied from things like password managers and email programs. With no clear reason for doing so the apps deliberately called an iOS programming interface that retrieves text from users’ clipboards.

Source: TikTok and 53 other iOS apps still snoop your sensitive clipboard data | Ars Technica

Hackers are hiding virtual credit card skimmers in image file metadata

Hackers put Magecart JavaScript code into the EXIF metadata of image files, which is then loaded and executed by compromised stores.

Hiding malicious code inside of images is nothing new, but it’s the first time security researchers have seen them used to obscure credit card skimmers.

Source: Hackers are hiding virtual credit card skimmers in image file metadata | Engadget

Chrome extensions with 33 million downloads slurped sensitive user data

Browser extensions downloaded almost 33 million times from Google’s Chrome Web Store covertly downloaded highly sensitive user information

The extensions, which Google removed only after being privately notified of them, actively siphoned data such as screenshots, contents in device clipboards, browser cookies used to log in to websites, and keystrokes such as passwords, researchers from security firm Awake told me. Many of the extensions were modular, meaning once installed, they updated themselves with executable files, which in many cases were specific to the operating system they ran on.

Source: Chrome extensions with 33 million downloads slurped sensitive user data | Ars Technica

UK launches new fake ad alert system to target online fraud

Fraudulent online advertising is being targeted via a new reporting system created by UK authorities.

The UK Scam Ad Alert, launched by The Advertising Standards Authority (ASA) and the Internet Advertising Bureau (IAB) allows people to report scam ads appearing in paid-for-spaces online to the ASA, who will then circulate details of the ads, remove them and suspend the advertiser’s account where possible.

Source: #Privacy: UK launches new fake ad alert system to target online fraud – PrivSec Report

iPhone spyware lets police log suspects’ passcodes when cracking doesn’t work

A tool, previously unknown to the public, doesn’t have to crack the code that people use to unlock their phones. It just has to log the code as the user types it in.

The spyware has been available for about a year but this is the first time details of its existence have been reported, in part because of the non-disclosure agreements police departments sign when they buy a device from Grayshift known as GrayKey.

Source: iPhone spyware lets police log suspects’ passcodes when cracking doesn’t work

>