fbpx

Download free GDPR compliance checklist!

Category Archives for "Security"

Court orders encrypted email biz Tutanota to build a backdoor in user’s mailbox

Tutanota has been served with a court order to backdoor its encrypted email service – a situation founder Matthias Pfau described to The Register as “absurd.”

Court in Germany last month ordered Tutanota to help investigators monitor the contents of a user’s encrypted mailbox. The site has until the end of the year to add functionality to perform this surveillance.

Source: Court orders encrypted email biz Tutanota to build a backdoor in user’s mailbox, founder says ‘this is absurd’ • The Register

US Congress passes new IoT cybersecurity law

In response to high-profile data breaches and security warnings from the technology industry and independent agencies alike, members of U.S. Congress have been working for years to address security concerns involving Internet-of-Things devices.

Congress recently made significant progress toward greater IoT security in the United States when it enacted the Internet of Things Cybersecurity Improvement Act of 2020, which entered into force Dec. 4, 2020. Although the new IoT cybersecurity law focuses primarily on the procurement of IoT technology and products by the federal government, it has the potential to create a more uniform IoT security standard across the private sector.

Source: US Congress passes new IoT cybersecurity law

Chinese embassy blames hackers for retweet of Trump’s claim that Democrats cheated in election

The Chinese embassy in the U.S. said its Twitter account was hacked after it retweeted a baseless claim from President Donald Trump that the Democrats cheated in the election.

“If somebody cheated in the Election, which the Democrats did, why wouldn’t the Election be immediately overturned? How can a Country be run like this?,” Trump tweeted on Wednesday, without any evidence.

The Chinese embassy then retweeted it in a moment captured by one Reuters reporter.

Source: Chinese embassy blames hackers for retweet of Trump’s claim that Democrats cheated in election

Premiere security firm FireEye says it was breached by nation-state hackers

FireEye, a $3.5 billion company that helps customers respond to some of the world’s most sophisticated cyberattacks, has itself been hacked, most likely by a well-endowed nation-state that made off with “red-team” attack tools used to pierce network defenses.

The hack also raises the specter that a group that was already capable of penetrating a company with FireEye’s security prowess and resources is now in possession of proprietary attack tools, a theft that could make the hackers an even greater threat to organizations all over the world. FireEye said the stolen tools didn’t included any zeroday exploits.

Source: Premiere security firm FireEye says it was breached by nation-state hackers | Ars Technica

Class action suit launched against Dell after data breach led to years of scam calls

A proposed class action suit has been launched against Dell Technologies on behalf of thousands of Canadians whose personal information was compromised in a data breach.

According to a claim filed in a Nova Scotia court, the suit’s proposed representative plaintiff is seeking compensation for two years of scam calls and emails he received after a 2017 data breach exposed information about him and more than 7,000 other Dell customers.

Source: Class action suit launched against Dell after data breach led to years of scam calls – National | Globalnews.ca

Trump admin mulls blocking cloud firms from countries like China

A proposed executive order that could keep American cloud computing companies out of certain foreign countries is being circulated within the Trump administration and to tech industry players.

Under the proposed order, the Commerce Department would under certain circumstances have the authority to ban U.S. cloud providers from doing business in certain countries and ban foreign cloud providers from doing business with U.S. customers.

Source: Scoop: Trump admin mulls blocking cloud firms from countries like China – Axios

Nation-state backed hackers going after COVID vaccine supply chain

Cyber attackers have targeted the cold supply chain needed to deliver COVID-19 vaccines, according to a report detailing a sophisticated operation likely backed by a nation-state.

The hackers appeared to be trying to disrupt or steal information about the vital processes to keep vaccines cold as they travel from factories to hospitals and doctors’ offices.

Source: Nation-state backed hackers going after COVID vaccine supply chain | Ars Technica

Twitter data breach decision due on December 17

Despite “very divergent views” between EU data protection authorities over a case of data breaches by Twitter, a final decision on the bloc’s first major cross-border online privacy case is due to be published on December 17th, it has been revealed.

Irish Data Commissioner Helen Dixon said on Thursday (3 December) that talks with fellow EU data protection regulators had been beset by “high levels of dispute” on a final decision as to Twitter’s punishment following a 2019 disclosure on a bug in its Android app. The bug had led to some Twitter users’ protected tweets being made public.

Source: Twitter data breach decision due on December 17: Irish data regulator – EURACTIV.com

Android apps with millions of downloads are vulnerable to serious attacks

Android apps with hundreds of millions of downloads are vulnerable to attacks that allow malicious apps to steal contacts, login credentials, private messages, and other sensitive information. Security firm Check Point said that the Edge Browser, the XRecorder video and screen recorder, and the PowerDirector video editor are among those affected.

The vulnerability actually resides in the Google Play Core Library, which is a collection of code made by Google. The library allows apps to streamline the update process by, for instance, receiving new versions during runtime and tailoring updates to an individual app’s specific configuration or a specific phone model the app is running on.

Source: Android apps with millions of downloads are vulnerable to serious attacks | Ars Technica

CBP proposes to require mug shots of all non-US citizen travelers

CBP issued a notice of proposed rulemaking that wouldn’t apply to US citizens, but would require all non-US citizens, including permanent US residents (green-card holders) to be photographed whenever they enter or leave the US by any means: air, land, or sea.

This proposed rule is for collection of biometrics from international travelers at airports, cruise ports, and land borders. There’s a separate pending proposal for collection of biometrics including fingerprints and DNA samples, in advance of travel, from visa applicants, other would-be US visitors, and their US sponsors.

Source: CBP proposes to require mug shots of all non-US citizen travelers – Papers, Please!

>