fbpx

Download free GDPR compliance checklist!

Category Archives for "Security"

Fake GDPR Compliance Reminders Being Shared by Phishers

A new phishing attack has been identified where cybercriminals are sharing a fake GDPR compliance reminder in a bid to try and fool those receiving the email into sharing their email log in details.

The phishing campaign involves hackers sending the warning to a list of company email that they have been able to previously get hold of.

The attacker lures targets under the pretense that their email security is not GDPR compliant and requires immediate action. For many who are not versed in GDPR regulations, this phish could be merely taken as more red tape to contend with rather than being identified as a malicious message.

Source: Fake GDPR Compliance Reminders Being Shared by Phishers – Compliance Junction

TikTok unclear on how old EU data will be transferred to new Irish data centre

TikTok has admitted that it will not retroactively transfer all EU personal data to its new data site in Ireland when the facility is completed next year, in a decision that could provoke concern among data protection activists in Europe.

The company currently stores EU personal data at sites in the United States and Singapore, but has plans to construct a €420 million site in Ireland in 2021, as a means to allay some of the worries related to the transmission of personal data from the EU, to countries with less stringent data protection regimes.

Source: TikTok unclear on how old EU data will be transferred to new Irish data centre – EURACTIV.com

US bans WeChat and TikTok

On September 18, 2020, the U.S. Department of Commerce announced detailed sanctions relating to the mobile applications WeChat and TikTok.

These prohibitions were issued in accordance with President Trump’s Executive Orders issued on August 6, 2020, imposing economic sanctions against the platforms. These orders, if they become fully effective, will (1) prohibit mobile app stores in the U.S. from permitting downloads or updates to the WeChat and TikTok mobile apps, (2) prohibit U.S. companies from providing Internet backbone services that enable the WeChat and TikTok mobile apps; and (3) prohibit U.S. companies from providing services through the WeChat mobile app for the purpose of transferring funds or processing payments to or from parties.

However, U.S. Department of Commerce has suspended its prohibitions relating to TikTok downloads and updates for seven days (until September 27).

Source: Department of Commerce Notices on Prohibited Transactions Relating to WeChat and TikTok

Shopify reports ‘rogue’ employees stole some customer data

The company’s software enables online shopping for other businesses, and in a blog post it revealed that two employees were caught “in a scheme to obtain customer transactional records of certain merchants.”

It’s unclear how much data they actually stole, which the blog post said came from fewer than 200 merchants. The information access included stuff like contact information as well as order details of what was purchased, but for now, the company says it did not include payment information like credit card or account numbers.

Source: Shopify reports ‘rogue’ employees stole some customer data | Engadget

Iranian hackers’ Android malware spies on dissidents by stealing 2FA codes

An Iranian hacking group made Android malware that appears built to spy on regime critics by stealing their two-factor codes.

The attackers first use a phishing trojan to collect login details, and then try those with the real site. If the victim has two-factor authentication turned on, the newly-reported malware intercepts the incoming SMS messages and quietly sends copies to the intruders.

Source: Iranian hackers’ Android malware spies on dissidents by stealing 2FA codes | Engadget

Woman dies during a ransomware attack on a German hospital

It could be the first death directly linked to a cybersecurity attack. Experts have been warning for years that this would happen.

A woman in Germany died during a ransomware attack on the Duesseldorf University Hospital, in what may be the first death directly linked to a cyberattack on a hospital. The hospital couldn’t accept emergency patients because of the attack, and the woman was sent to a health care facility around 20 miles away.

The cyberattack was not intended for the hospital. he ransom note was addressed to a nearby university. The attackers stopped the attack after authorities told them it had actually shut down a hospital.

Source: Woman dies during a ransomware attack on a German hospital – The Verge

Homeland Security warns of a ‘critical’ security flaw in Windows servers

US Homeland Security has issued an emergency alert for a Windows security flaw, Zerologon, that allows attackers to compromise entire networks.

The flaw in the Netlogon Remote Protocol lets attackers with network access “completely compromise” Active Directory services on a network without using a sign-in —a hacker could run amok if they get through.

Source: Homeland Security warns of a ‘critical’ security flaw in Windows servers | Engadget

Google will start removing stalkerware and ‘misleading’ apps from its Play Store from October 21

The tech giant will give app developers until October 1 to remove stalkerware code from their official online store.

Google has announced that it is clamping down on apps containing stalkerware capabilities, defined by the company as “code that transmits personal information off the device without adequate notice or consent and doesn’t display a persistent notification that this is happening.”

On September 16, the company updated its Developer Program Policy to state that any apps distributed on its store that monitors a user’s behaviour must include, “adequate notice or consent”; a “persistent notification” of background tracking; must not present their app as a “spying or secret surveillance solution”; or attempt to “hide” or “mislead” users of their surveillance purposes.

Source: Google will start removing stalkerware and ‘misleading’ apps from its Play Store from October 21

Privacy, effectiveness among concerns of robocall-blocking apps

If you’re one of many Canadians who’ve considered alternative measures to block robocalls to your smartphone, a consumer agency says you should be aware of the dangers.

Whether or not the apps are effective is another matter, as most services won’t be able to completely block out the calls. Other features that some apps offer, such as answering calls with nonsensical messages, may actually result in a number getting more scam calls than before.

There is also the concern that a blocking app may expose your personal information, especially when it comes to those that require access to your voicemail.

Source: Better Business Bureau says there are better ways to block auto-dialers than using an app | CTV News

European Police Malware Could Harvest GPS, Messages, Passwords, More

The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest “all data stored within the device,” and was expected to include chat messages, geolocation data, usernames, passwords, and more.

As well as the geolocation, chat messages, and passwords, the law enforcement malware also told infected Encrochat devices to provide a list of WiFi access points near the device.

Organized crime groups across Europe and the rest of the world heavily used the network before its seizure, in many cases to facilitate large scale drug trafficking.

Source: European Police Malware Could Harvest GPS, Messages, Passwords, More

>