Privacy
May 13, 2025
Marbled Dust leverages zero-day in Output Messenger for regional espionage Full Text
Abstract
A Turkish-aligned cyber-espionage group known as Marbled Dust has exploited a zero-day vulnerability in Output Messenger to conduct surveillance on Kurdish military operations in Iraq.Microsoft
May 2, 2025
Apple notifies victims in 100 countries of likely spyware targeting Full Text
Abstract
Apple has issued threat notifications to users in 100 countries, warning of targeted spyware attacks likely involving advanced commercial surveillance tools such as Paragon. These attacks are part of a broader trend of mercenary spyware campaigns.The Record
February 22, 2025
Russian State Hackers Spy on Ukrainian Military Through Signal App Full Text
Abstract
Google’s security team said in a report on Wednesday that Signal’s popularity among military personnel, politicians, journalists and activists has made it a prime target for espionage operations.The Record
January 20, 2025
FTC Orders GM to Stop Collecting and Selling Driver’s Data Full Text
Abstract
The Federal Trade Commission (FTC) is taking action against General Motors (GM) and its subsidiary, OnStar, for unlawful collection and selling drivers' precise geolocation and driving behavior data from millions of vehicles.Bleeping Computer
January 20, 2025
Noyb Files GDPR Complaints Against TikTok and Five Chinese Tech Giants Full Text
Abstract
The accused firms include AliExpress, Shein, Temu, TikTok, WeChat and Xiaomi. The non-profit alleges these companies unlawfully send Europeans’ personal data outside of the EU, especially to China.Infosecurity Magazine
August 1, 2024
Insecure File-Sharing Practices in Healthcare Put Patient Privacy at Risk Full Text
Abstract
Healthcare organizations are jeopardizing patient privacy due to insecure file-sharing practices, according to a report by Metomic. The study found that 25% of publicly shared files in healthcare contain Personally Identifiable Information (PII).Help Net Security
July 29, 2024
Senators to FTC: Car Companies’ Data Privacy Practices Must be Investigated Full Text
Abstract
U.S. senators have raised concerns about how car companies handle consumer data, revealing that major automakers share and sell drivers' information without proper consent.The Record
July 10, 2024 – Phishing
Regional Transport Office Themed Phishing Campaign Targets Android Users In India Full Text
Abstract
Phishing messages impersonating the Regional Transport Office have been circulating since 2024, claiming traffic violations and prompting users to download a malicious APK named "VAHAN PARIVAHAN.apk".Cyble As CISOs Grapple with the C-Suite, Job Satisfaction Takes a Hit Full Text
Abstract
Research shows that 75% of CISOs are considering a job change due to various challenges and pressures. CISOs often face accountability for cyber incidents and compliance failures, leading to discontent.Cybersecurity Dive
May 22, 2024
Snapchat Revises AI Privacy Policy Following UK ICO Probe Full Text
Abstract
Instant messaging app Snapchat its artificial intelligence-powered tool under compliance after the U.K. data regulator said it violated the privacy rights of individual Snapchat users.Healthcare Info Security
May 21, 2024
The Mystery of the Targeted Ad and the Library Patron Full Text
Abstract
An attorney discovered that the mobile ads she saw were reflecting her recent library audiobook borrowing habits, raising concerns about the privacy of library patron data and the potential for targeted advertising based on that information.The Register
May 15, 2024
FTC Fires ‘Shot Across the Bow’ at Automakers Over Connected-Car Data Privacy Full Text
Abstract
The FTC issued a strong warning to automakers about their data collection and sharing practices, particularly regarding the sale of sensitive geolocation data, and emphasized that it will take enforcement action to protect consumer privacy.The Record
May 8, 2024
BetterHelp to Pay $7.8 Million to 800,000 in Health Data Sharing Settlement Full Text
Abstract
Following an investigation into BetterHelp's handling of customer data, the FTC revealed in March 2023 that the service collected data without consent from its app users or website visitors, even from people who had not signed up for counseling.Bleeping Computer
March 26, 2024
UK Privacy Watchdog Updates Guidance on Data Protection Fines Full Text
Abstract
After suffering a data breach, organizations in the United Kingdom that work closely and transparently with regulators and cybersecurity officials will be treated with greater leniency if their case results in penalties and a fine.Bank Info Security
March 13, 2024
Tor’s New WebTunnel Bridges Mimic HTTPS Traffic to Evade Censorship Full Text
Abstract
While some countries have found ways to detect and block traditional Tor connections, the Tor Project has developed WebTunnel to make it harder for censors to block connections by blending the traffic with HTTPS-encrypted web traffic.Cyware
March 11, 2024
Dozens of Data Brokers Disclose Selling Reproductive Healthcare Info, Precise Geolocation and Data Belonging to Minors Full Text
Abstract
New information from the state of California reveals that many data brokers collect and sell sensitive information, including data related to reproductive health, geolocation, and minors.Cyware
February 27, 2024
UK: Privacy Watchdog Cracks Down on Biometric Employee Tracking Full Text
Abstract
The British privacy watchdog has ordered a leisure center contractor, Serco Leisure, to stop using facial recognition and fingerprint scanning to track employees at 38 leisure facilities.Cyware
February 20, 2024
Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices Full Text
Abstract
The surveillance industry continues to evolve, with recent discoveries of new surveillance tools like Patternz and a previously unknown mobile network attack called MMS Fingerprint, raising concerns about privacy and security.Cyware
February 5, 2024
Report: Civil Society in Jordan Under Assault by NSO’s Pegasus Spyware Full Text
Abstract
An investigation revealed widespread use of Pegasus spyware on the phones of journalists, human rights advocates, and lawyers in Jordan, suggesting a targeted surveillance campaign by Jordanian authorities.Cyware
January 30, 2024
Italian Data Protection Watchdog Accuses ChatGPT of Privacy Violations Full Text
Abstract
Italy's data protection authority (DPA) has notified ChatGPT-maker OpenAI of supposedly violating privacy laws in the region. "The available evidence pointed to the existence of breaches of the provisions contained in the E.U. GDPR [General Data Protection Regulation]," the Garante per la protezione dei dati personali (aka the Garante) said in a statement on Monday. It also said it will "take account of the work in progress within the ad-hoc task force set up by the European Data Protection Framework (EDPB) in its final determination on the case." The development comes nearly 10 months after the watchdog imposed a temporary ban on ChatGPT in the country, weeks after which OpenAI announced a number of privacy controls, including an opt-out form to remove one's personal data from being processed by the large language model (LLM). Access to the tool was subsequently reinstated in late April 2023. The Italian DPA said the latest findings, which hThe Hacker News
January 29, 2024
NSA Admits Secretly Buying Your Internet Browsing Data without Warrants Full Text
Abstract
The U.S. National Security Agency (NSA) has admitted to buying internet browsing records from data brokers to identify the websites and apps Americans use that would otherwise require a court order, U.S. Senator Ron Wyden said last week. "The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans' privacy are not just unethical, but illegal," Wyden said in a letter to the Director of National Intelligence (DNI), Avril Haines, in addition to urging the government to take steps to "ensure that U.S. intelligence agencies only purchase data on Americans that has been obtained in a lawful manner." Metadata about users' browsing habits can pose a serious privacy risk, as the information could be used to glean personal details about an individual based on the websites they frequent. This could include websites that offer resources related to mental health, assistance for survivors of sexual assault or doThe Hacker News
January 27, 2024
Pegasus Spyware Targets Togolese Journalists’ Mobile Devices Full Text
Abstract
The spyware intrusions occurred on the phones of multiple journalists, including the publisher of an independent weekly paper, raising concerns about press freedom and privacy violations in the country.Cyware
January 17, 2024
New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone Full Text
Abstract
Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's Pegasus , QuaDream's Reign , and Intellexa's Predator . Kaspersky, which analyzed a set of iPhones that were compromised with Pegasus, said the infections left traces in a file named "Shutdown.log," a text-based system log file available on all iOS devices and which records every reboot event alongside its environment characteristics. "Compared to more time-consuming acquisition methods like forensic device imaging or a full iOS backup, retrieving the Shutdown.log file is rather straightforward," security researcher Maher Yamout said . "The log file is stored in a sysdiagnose (sysdiag) archive." The Russian cybersecurity firm said it identified entries in the log file that recorded instances where "sticky" processes, such asThe Hacker News
December 29, 2023
With Car Privacy Concerns Rising, Automakers May Be on Road to Regulation Full Text
Abstract
Regulators, particularly the California Privacy Protection Agency and the Federal Trade Commission, are starting to investigate and potentially take action against connected vehicle manufacturers for privacy violations.Cyware
December 21, 2023
Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware Full Text
Abstract
A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected Android system (it had it on iOS)," Cisco Talos researchers Mike Gentile, Asheer Malhotra, and Vitor Ventura said in a report shared with The Hacker News. "However, by April 2022, that capability was being offered to their customers." Predator is the product of a consortium called the Intellexa Alliance, which includes Cytrox (subsequently acquired by WiSpear), Nexa Technologies, and Senpai Technologies. Both Cytrox and Intellexa were added to the Entity List by the U.S. in July 2023 for "trafficking in cyber exploits used to gain access to information systems." The latest findings come more than six months after the cybersecurity vendor detaiThe Hacker News
December 15, 2023
Google’s New Tracking Protection in Chrome Blocks Third-Party Cookies Full Text
Abstract
Google on Thursday announced that it will start testing a new feature called "Tracking Protection" starting January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser. The setting is designed to limit "cross-site tracking by restricting website access to third-party cookies by default," Anthony Chavez, vice president of Privacy Sandbox at Google, said . The tech giant noted that participants for Tracking Protection will be selected at random and that chosen users will be notified upon opening Chrome on either a desktop or an Android device. The goal is to restrict third-party cookies (also called "non-essential cookies") by default, preventing them from being used to track users as they move from one website to the other for serving personalized ads. While several major browsers like Apple Safari and Mozilla Firefox have either already placed restrictions on third-party cookies via features lThe Hacker News
December 13, 2023
Congress Finds Pharmacies Give Patient Records to Law Enforcement Without Warrants Full Text
Abstract
A congressional review found that major pharmacy chains do not require a warrant before sharing customers' records with law enforcement, raising concerns about the privacy of Americans' pharmaceutical information.Cyware
December 07, 2023
Governments May Spy on You by Requesting Push Notifications from Apple and Google Full Text
Abstract
Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden. "Push notifications are alerts sent by phone apps to users' smartphones," Wyden said . "These alerts pass through a digital post office run by the phone operating system provider -- overwhelmingly Apple or Google. Because of that structure, the two companies have visibility into how their customers use apps and could be compelled to provide this information to U.S. or foreign governments." Wyden, in a letter to U.S. Attorney General Merrick Garland, said both Apple and Google confirmed receiving such requests but noted that information about the practice was restricted from public release by the U.S. government, raising questions about the transparency of legal demands they receive from governments. When mobile apps for Android and iOS send push notifications to users' devices, they are roThe Hacker News
November 08, 2023
WhatsApp Introduces New Privacy Feature to Protect IP Address in Calls Full Text
Abstract
Meta-owned WhatsApp is officially rolling out a new privacy feature in its messaging service called "Protect IP Address in Calls" that masks users' IP addresses to other parties by relaying the calls through its servers. "Calls are end-to-end encrypted, so even if a call is relayed through WhatsApp servers, WhatsApp cannot listen to your calls," the company said in a statement shared with The Hacker News. The core idea is to make it harder for bad actors in the call to infer a user's location by securely relaying the connection through WhatsApp servers. However, a tradeoff to enabling the privacy option is a slight dip in call quality. Viewed in that light, it's akin to Apple's iCloud Private Relay , which adds an anonymity layer by routing users' Safari browsing sessions through two secure internet relays. It's worth noting that the "Protect IP Address in Calls" feature has been under development since at least late AuguThe Hacker News
November 03, 2023
CanesSpy Spyware Discovered in Modified WhatsApp Versions Full Text
Abstract
Cybersecurity researchers have unearthed a number of WhatsApp mods for Android that come fitted with a spyware module dubbed CanesSpy . These modified versions of the instant messaging app have been observed propagated via sketchy websites advertising such modded software as well as Telegram channels used primarily by Arabic and Azerbaijani speakers, one of which boasts of two million users. "The trojanized client manifest contains suspicious components (a service and a broadcast receiver) that cannot be found in the original WhatsApp client," Kaspersky security researcher Dmitry Kalinin said . Specifically, the new additions are designed to activate the spyware module when the phone is switched on or starts charging. It subsequently proceeds to establish contact with a command-and-control (C2) server, followed by sending information about the compromised device, such as the IMEI, phone number, mobile country code, and mobile network code. CanesSpy also transmits detThe Hacker News
October 28, 2023
Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service Full Text
Abstract
New findings have shed light on what's said to be a lawful attempt to covertly intercept traffic originating from jabber[.]ru (aka xmpp[.]ru), an XMPP -based instant messaging service, via servers hosted on Hetzner and Linode (a subsidiary of Akamai) in Germany. "The attacker has issued several new TLS certificates using Let's Encrypt service which were used to hijack encrypted STARTTLS connections on port 5222 using transparent [man-in-the-middle] proxy," a security researcher who goes by the alias ValdikSS said earlier this week. "The attack was discovered due to the expiration of one of the MiTM certificates, which haven't been reissued." Evidence gathered so far points to the traffic redirection being configured on the hosting provider network, ruling out other possibilities, such as a server breach or a spoofing attack. The wiretapping is estimated to have lasted for as long as six months, from April 18 through to October 19, although it&The Hacker News
October 11, 2023
TikTok Chief Summoned by EU Lawmakers for Privacy Probe Full Text
Abstract
The letter from the lawmakers follows a recent fine of 345 million euros (~$366 million) imposed on TikTok by the Irish Data Protection Commissioner for failing to adequately protect children's privacy.Cyware
September 14, 2023
Privacy Concerns Cast a Shadow on AI’s Potential for Software Development Full Text
Abstract
Organizations prioritize privacy and protection of intellectual property when adopting AI tools, with concerns about AI-generated code introducing security vulnerabilities and lacking copyright protection, according to GitLab.Cyware
September 6, 2023
GhostSec Leaks Source Code of Alleged Iranian Surveillance Tool Full Text
Abstract
The first messages were posted on August 27, with GhostSec saying it had discovered facial recognition "and various other privacy invading features and tools" within the FANAP group's software.Cyware
September 04, 2023
X (Twitter) to Collect Biometric Data from Premium Users to Combat Impersonation Full Text
Abstract
X, the social media site formerly known as Twitter, has updated its privacy policy to collect users' biometric data to tackle fraud and impersonation on the platform. "Based on your consent, we may collect and use your biometric information for safety, security, and identification purposes," the company said . The revised policy is expected to go into effect on September 29, 2023. The social media behemoth told Bloomberg, which first reported the development, that the change is limited to premium users and that a biometric matching process "will also help X fight impersonation attempts and make the platform more secure." To that end, users will be given the option to provide government ID and a picture for identity matching or verification using biometric data, the company told the publication. However, there is currently no clarity on how it plans to collect it and for how long such information will be retained in its systems. The policy update is also expected to include a cThe Hacker News
September 1, 2023 – Breach
Data Breach Could Affect More Than 100,000 in Pima County Full Text
Abstract
More than 100,000 Pima County residents could be affected by a nationwide data breach that affected the company that handled COVID-19 case investigations and contact tracing here, officials say.Cyware
August 28, 2023
Uncovering a Privacy-Preserving Approach to Machine Learning Full Text
Abstract
In the era of data-driven decision making, businesses are harnessing the power of machine learning (ML) to unlock valuable insights, gain operational efficiencies, and solidify competitive advantage.Cyware
August 16, 2023
Automotive data privacy under scrutiny in California Full Text
Abstract
California regulators are examining how automakers and others handle data collected from internet-connected vehicles, the California Privacy Protection Agency said late last month.Cyware
August 7, 2023
Zoom trains its AI model with some user data, without giving them an opt-out option Full Text
Abstract
Zoom changed its terms of service requiring users to allow AI to train on all their data without giving them an opt-out option. Zoom updated its terms of service and informed users that it will train its artificial intelligence models using some...Security Affairs
July 24, 2023
Apple could opt to stop iMessage and FaceTime services due to the government’s surveillance demands Full Text
Abstract
Apple could opt to pull iMessage and FaceTime services in the U.K. in response to the government's surveillance demands. In light of the government's surveillance demands, Apple might consider withdrawing iMessage and FaceTime services from the U.K. The...Security Affairs
July 22, 2023
Apple Threatens to Pull iMessage and FaceTime from U.K. Amid Surveillance Demands Full Text
Abstract
Apple has warned that it would rather stop offering iMessage and FaceTime services in the U.K. than bowing down to government pressure in response to new proposals that seek to expand digital surveillance powers available to state intelligence agencies. The development, first reported by BBC News, makes the iPhone maker the latest to join the chorus of voices protesting against forthcoming legislative changes to the Investigatory Powers Act ( IPA ) 2016 in a manner that would effectively render encryption protections ineffective. Specifically, the Online Safety Bill requires companies to install technology to scan for child sex exploitation and abuse (CSEA) material and terrorism content in encrypted messaging apps and other services. It also mandates that messaging services clear security features with the Home Office before releasing them and take immediate action to disable them if required without informing the public. While the fact does not explicitly call out for the rThe Hacker News
July 19, 2023
U.S. Government Blacklists Cytrox and Intellexa Spyware Vendors for Cyber Espionage Full Text
Abstract
The U.S. government on Tuesday added two foreign commercial spyware vendors, Cytrox and Intellexa, to an economic blocklist for weaponizing cyber exploits to gain unauthorized access to devices and "threatening the privacy and security of individuals and organizations worldwide." This includes the companies' corporate holdings in Hungary (Cytrox Holdings Crt), North Macedonia (Cytrox AD), Greece (Intellexa S.A.), and Ireland (Intellexa Limited). By adding to the economic denylist, it prohibits U.S. companies from transacting with these businesses. "Recognizing the increasingly key role that surveillance technology plays in enabling campaigns of repression and other human rights abuses, the Commerce Department's action today targets these entities' ability to access commodities, software, and technology that could contribute to the development of surveillance tools that pose a risk of misuse in violations or abuses of human rights," the Bureau of IndusThe Hacker News
July 15, 2023
Three Tax Prep Firms Shared ‘Extraordinarily Sensitive’ Data About Taxpayers With Meta, Lawmakers Say Full Text
Abstract
A group of congressional Democrats reported that three large tax preparation firms sent “extraordinarily sensitive” information on tens of millions of taxpayers to Facebook parent company Meta over the course of at least two years.Cyware
July 10, 2023
France’s government is giving the police more surveillance power Full Text
Abstract
The French government is going to grant law enforcement the power to spy on suspects through smartphones and other devices. French legislators are going to approve a justice reform bill that also gives more power to law enforcement, allowing them...Security Affairs
July 08, 2023
Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China Full Text
Abstract
Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China. Pradeo, a leading mobile security company, has uncovered this alarming infiltration. The report shows that both spyware apps, namely File Recovery and Data Recovery (com.spot.music.filedate) with over 1 million installs, and File Manager (com.file.box.master.gkd) with over 500,000 installs, are developed by the same group. These seemingly harmless Android apps use similar malicious tactics and automatically launch when the device reboots without user input. Contrary to what they claim on the Google Play Store, where both apps assure users that no data is collected, Pradeo's analytics engine has found that various personal information is collected without users' knowledge. Stolen data includes contact listThe Hacker News
July 05, 2023
Instagram’s Twitter Alternative ‘Threads’ Launch Halted in Europe Over Privacy Concerns Full Text
Abstract
Instagram Threads, the upcoming Twitter competitor from Meta, will not be launched in the European Union due to privacy concerns, according to Ireland's Data Protection Commission (DPC). The development was reported by the Irish Independent, which said the watchdog has been in contact with the social media giant about the new product and confirmed the release won't extend to the E.U. "at this point." Threads is Meta's answer to Twitter that's set for launch on July 6, 2023. It's billed as a "text-based conversation app" that allows Instagram users to "discuss everything from the topics you care about today to what'll be trending tomorrow." It also enables users to follow the same accounts they already follow on Instagram. A listing for the app has already appeared in the Apple App Store and Google Play Store , although it's yet to be available for download. The " App Privacy " section on the App Store indicThe Hacker News
July 5, 2023
Swedish data protection authority rules against the use of Google Analytics Full Text
Abstract
Swedish data protection watchdog warns companies against using Google Analytics due to the risk of surveillance operated by the US government. The Swedish data protection watchdog warned businesses against using Google Analytics due to the risk of surveillance...Security Affairs
June 12, 2023
Apple’s Safari Private Browsing Now Automatically Removes Tracking Parameters in URLs Full Text
Abstract
Apple is introducing major updates to Safari Private Browsing , offering users better protections against third-party trackers as they browse the web. "Advanced tracking and fingerprinting protections go even further to help prevent websites from using the latest techniques to track or identify a user's device," the iPhone maker said . "Private Browsing now locks when not in use, allowing a user to keep tabs open even when stepping away from the device." The privacy improvements were previewed at Apple's annual Worldwide Developers Conference (WWDC) last week. They are expected to be rolled out to users as part of iOS 17, iPadOS 17, and macOS Sonoma later this year. Another key change includes Link Tracking Protection in Mail, Messages, and Safari's private mode to automatically remove tracking parameters in URLs, which are often used to track information about a click. "Safari has been a somewhat unheralded pioneer of private browsing, aThe Hacker News
June 6, 2023
Apple Unveils Upcoming Privacy and Security Features Full Text
Abstract
Apple’s Safari browser is getting an improved Private Browsing mode, which will lock when not in use, so that users can leave tabs open even if they need to step away from the device.Cyware
June 1, 2023
Apps with over 420 Million downloads from Google Play unveil the discovery of SpinOk spyware Full Text
Abstract
Researchers discovered spyware, dubbed SpinOk, hidden in 101 Android apps with over 400 million downloads in Google Play. The malicious module is distributed as a marketing SDK that developers behind the apps embedded in their applications and games,...Security Affairs
May 29, 2023
UK: 20 NHS trusts shared patient details with Facebook without consent Full Text
Abstract
The data includes granular details of pages viewed, buttons clicked and keywords searched. It is matched to the user’s IP address – an identifier linked to an individual or household – and, in many cases, details of their Facebook account.Cyware
May 25, 2023
Broad coalition of advocacy groups urges Slack to protect users’ messages from eavesdropping Full Text
Abstract
While there are no reported instances of Slack messages being weaponized, the trove of communications the platform collects from clients ranging from government agencies to activists has made user communications a target of both lawsuits and hackers.Cyware
May 19, 2023
Privacy Sandbox Initiative: Google to Phase Out Third-Party Cookies Starting 2024 Full Text
Abstract
Google has announced plans to officially flip the switch on its twice-delayed Privacy Sandbox initiatives as it slowly works its way to deprecate support for third-party cookies in Chrome browser. To that end, the search and advertising giant said it intends to phase out third-party cookies for 1% of Chrome users globally in the first quarter of 2024. "This will support developers in conducting real world experiments that assess the readiness and effectiveness of their products without third-party cookies," Anthony Chavez, vice president of Privacy Sandbox at Google, said . Prior to rolling this out, Google said it would introduce the ability for third-party developers to simulate the process for a configurable subset of their users (up to 10%) in Q4 2023. Google further emphasized that the plans have been designed and developed with regulatory oversight and input from the U.K.'s Competition and Markets Authority ( CMA ), which is overseeing the implementation toThe Hacker News
May 9, 2023
Nationwide push to require social media age verification raises questions about privacy, industry standards Full Text
Abstract
Lawmakers in Washington and in statehouses around the country are seeking to compel tech companies to prove the age of their users, part of a growing national effort to better protect young children from the harms of the internet.Cyware
May 03, 2023
Apple and Google Join Forces to Stop Unauthorized Location-Tracking Devices Full Text
Abstract
Apple and Google have teamed up to work on a draft industry-wide specification that's designed to tackle safety risks and alert users when they are being tracked without their knowledge or permission using devices like AirTags. "The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible with unauthorized tracking detection and alerts across Android and iOS platforms," the companies said in a joint statement. While these trackers are primarily designed to keep tabs on personal belongings like keys, wallets, luggage, and other items, such devices have also been abused by bad actors for criminal or nefarious purposes , including instances of stalking, harassment, and theft . The goal is to standardize the alerting mechanisms and minimize opportunities for misuse across Bluetooth location-tracking devices from different vendors. To that end, Samsung, Tile, Chipolo, eufy Security, and Pebblebee have all come on board. In doiThe Hacker News
May 2, 2023
UK locks horns with WhatsApp over threat to break encryption Full Text
Abstract
The Online Safety Bill, the United Kingdom’s landmark effort to regulate social media giants, gives regulator Ofcom the power to require tech companies to identify child sex abuse material in private messages.Cyware
April 29, 2023
ChatGPT is Back in Italy After Addressing Data Privacy Concerns Full Text
Abstract
OpenAI, the company behind ChatGPT, has officially made a return to Italy after the company met the data protection authority's demands ahead of April 30, 2023, deadline. The development was first reported by the Associated Press. OpenAI's CEO, Sam Altman, tweeted , "we're excited ChatGPT is available in [Italy] again!" The reinstatement comes following Garante's decision to temporarily block access to the popular AI chatbot service in Italy on March 31, 2023, over concerns that its practices are in violation of data protection laws in the region. Generative AI systems like ChatGPT and Google Bard primarily rely on huge amounts of information freely available on the internet as well as the data its users provide over the course of their interactions. OpenAI, which published a new FAQ , said it filters and removes information such as hate speech, adult content, sites that primarily aggregate personal information, and spam. It also emphasized thatThe Hacker News
April 20, 2023
NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders Full Text
Abstract
Israeli spyware maker NSO Group deployed at least three novel "zero-click" exploits against iPhones in 2022 to infiltrate defenses erected by Apple and deploy Pegasus, according to the latest findings from Citizen Lab. "NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets around the world," the interdisciplinary laboratory based at the University of Toronto said . NSO Group is the manufacturer of Pegasus , a sophisticated cyber weapon that's capable of extracting sensitive information stored in a device – e.g., messages, locations, photos, and call logs, among others — in real-time. It's typically delivered to targeted iPhones using zero-click and/or zero-day exploits. While it has been pitched as a tool for law enforcement agencies to combat serious crimes such as child sexual abuse and terrorism, it has also been deployed illegally by authoritarian governments to spy on human rigThe Hacker News
April 19, 2023
WhatsApp and Signal unite against online safety bill amid privacy concerns Full Text
Abstract
The rival chat apps WhatsApp and Signal have joined forces in a rare show of unity to protest against the online safety bill, which they say could undermine the UK’s privacy and safety.Cyware
April 19, 2023
PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022 Full Text
Abstract
Citizen Lab reported that Israeli surveillance firm NSO Group used at least three iOS zero-click exploits in 2022. A new report from Citizen Lab states that the Israeli surveillance firm NSO Group used at least three zero-click zero-day exploits...Security Affairs
April 12, 2023
QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit Full Text
Abstract
At least five members of civil society worldwide have been targeted with spyware and exploits developed by surveillance firm QuaDream. Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed...Security Affairs
April 5, 2023
Alcohol Recovery Startups Monument and Tempest Shared Patients’ Private Data With Advertisers Full Text
Abstract
In its disclosure, the companies confirmed their use of website trackers, which are small snippets of code that share with tech giants information about visitors to their websites and are often used for analytics and advertising.Cyware
April 4, 2023
ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications Full Text
Abstract
For AI, security is a two-way street: It can be used by malicious actors to abuse victims, while its own security can be abused by those same malicious actors. ChatGPT has already suffered at least one breach that is known.Cyware
April 3, 2023
Chinese E-Commerce Giant Pinduoduo Allegedly Spys on Users Full Text
Abstract
"E-commerce giant Pinduoduo has taken violations of privacy and data security to the next level," CNN reported, citing multiple cybersecurity experts from Asia, Europe, and the United States.Cyware
April 1, 2023
Italy Temporarily Blocks ChatGPT Over Privacy Concerns Full Text
Abstract
Italy is temporarily blocking the artificial intelligence software ChatGPT in the wake of a data breach as it investigates a possible violation of stringent European Union data protection rules, the government’s privacy watchdog said Friday.Cyware
March 29, 2023
Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices Full Text
Abstract
A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. "These vendors are enabling the proliferation of dangerous hacking tools, arming governments that would not be able to develop these capabilities in-house," TAG's Clement Lecigne said in a new report. "While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments to target dissidents, journalists, human rights workers, and opposition party politicians." The first of the two operations took place in November 2022 and involved sending shortened links over SMS messages to users located in Italy, MalaysThe Hacker News
March 29, 2023
Google TAG shares details about exploit chains used to install commercial spyware Full Text
Abstract
Google's Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google's Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits...Security Affairs
March 29, 2023
Google finds more Android, iOS zero-days used to install spyware Full Text
Abstract
Google's Threat Analysis Group (TAG) discovered several exploit chains using Android, iOS, and Chrome zero-day and n-day vulnerabilities to install commercial spyware and malicious apps on targets' devices.BleepingComputer
March 3, 2023
Pegasus spyware used to spy on a Polish mayor Full Text
Abstract
The phone of an opposition-linked Polish mayor was infected with the powerful Pegasus spyware, local media reported. Reuters reported that the phone of an opposition-linked Polish mayor was infected with the Pegasus spyware. According to rumors, the Polish...Security Affairs
January 13,2023
Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware Full Text
Abstract
Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign that started in May 2022. It uses "components of SecondEye – a legitimate monitoring application – to spy on users of 20Speed VPN, an Iranian-based VPN service, via trojanized installers," Bitdefender said in an analysis. A majority of the infections are said to originate in Iran, with smaller detections in Germany and the U.S., the Romanian cybersecurity firm added. SecondEye, according to snapshots captured via the Internet Archive, claims to be a commercial monitoring software that can work as a "parental control system or as an online watchdog." As of November 2021, it's offered for sale anywhere between $99 to $200. It comes with a wide range of features that allows it to take screenshots, record microphone, log keystrokes, gather files and saved passwords from web browsers, and remotely control the machines to run arbitrary cThe Hacker News
January 13, 2023
Long data privacy notices on social media sites Full Text
Abstract
Lengthy privacy notices included in a social media platform's terms of service can do little to help it comply with transparency requirements under European law, according to recently revealed case documents in which Meta was fined $414 million.Cyware
January 2, 2023
Google to Pay $29.5 Million to Settle Lawsuits Over User Location Tracking Full Text
Abstract
Google has agreed to pay a total of $29.5 million to settle two different lawsuits brought by Indiana and Washington, D.C., over its "deceptive" location tracking practices. The search and advertising giant is required to pay $9.5 million to D.C. and $20 million to Indiana after the states sued the company for charges that the company tracked users' locations without their express consent. The settlement adds to the $391.5 million Google agreed to pay to 40 states over similar allegations last month. The company is still facing two more location-tracking lawsuits in Texas and Washington . The lawsuits came in response to revelations in 2018 that the internet company continued to track users' whereabouts on Android and iOS through a setting called Web & App Activity despite turning Location History options off. Google was also accused of employing dark patterns , which refer to design choices intended to deceive users into carrying out actions tThe Hacker News
December 23, 2022
TikTok parent company ByteDance revealed the use of TikTok data to track journalists Full Text
Abstract
ByteDance admitted that its employees accessed TikTok data to track journalists to identify the source of leaks to the media. TikTok parent company ByteDance revealed that several employees accessed the TikTok data of two journalists to investigate...Security Affairs
December 4, 2022
Law enforcement agencies can extract data from thousands of cars’ infotainment systems Full Text
Abstract
Law enforcement agencies can extract data from the infotainment systems of thousands of different car models. Data managed by infotainment systems in modern vehicles are a valuable source of information for the investigation of law enforcement agencies. Modern...Security Affairs
November 30, 2022
Google discovers Windows exploit framework used to deploy spyware Full Text
Abstract
Google's Threat Analysis Group (TAG) has linked an exploit framework that targets now-patched vulnerabilities in the Chrome and Firefox web browsers and the Microsoft Defender security app to a Spanish software company.BleepingComputer
November 23, 2022
Experts claim that iPhone’s analytics data is not anonymous Full Text
Abstract
Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users. Researchers at software company Mysk discovered that analytics data collected by iPhone include the Directory...Security Affairs
November 16, 2022
Beginning 2023 Google plans to rollout the initial Privacy Sandbox Beta Full Text
Abstract
Google announced it will roll out the Privacy Sandbox system for Android in beta to a limited number of Android 13 devices in early 2023. Google announced it will roll out the Privacy Sandbox for Android in beta to mobile devices running Android...Security Affairs
November 11, 2022
Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware Full Text
Abstract
Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat...Security Affairs
November 08, 2022
Enhance your privacy with this second phone number app deal Full Text
Abstract
Protecting your privacy while staying in touch can be a difficult problem to solve. This second-phone app helps you solve it with a lifetime subscription for $24.99, 83% off the $150 MSRP.BleepingComputer
November 3, 2022
Updated TikTok Privacy Policy confirms that Chinese staff can access European users’ data Full Text
Abstract
TikTok updated its privacy policy for European Economic Area (“EEA”) and confirmed that its Chinese staff can access their users' data. The short-form video-sharing service TikTok updated its privacy policy for European Economic Area...Security Affairs
October 20, 2022
Smartphones of Iranian Protesters Targeted with Spyware Full Text
Abstract
Voice of America has obtained a copy of the spyware. In its report, the agency noted that the malware was previously distributed on different forums and titles such as Telegram with Free Internet.Hackread
October 05, 2022
Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices Full Text
Abstract
A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app. The mobile trojan functions as advanced spyware with capabilities that receives and executes commands to collect and exfiltrate a wide variety of data from the infected mobile endpoint, Zimperium said in a report shared with The Hacker News. Evidence gathered by the mobile security company shows that the malicious app is distributed through links on social media and communication tools like Telegram, tricking unsuspecting users into sideloading the app and granting it extensive permissions. The idea behind embedding the malware within a fake VPN and phone number spoofing service is also clever in that the app claims to enable users to verify social media accounts via phone, a technique popular in countries where access is restricted. "Once installed and in control, the attackers could access the camera toThe Hacker News
September 22, 2022
Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs Full Text
Abstract
A new wave of a mobile surveillance campaign has been observed targeting the Uyghur community as part of a long-standing spyware operation active since at least 2015, cybersecurity researchers disclosed Thursday. The intrusions, originally attributed to a threat actor named Scarlet Mimic back in January 2016, is said to have encompassed 20 different variants of the Android malware, which were disguised as book, pictures, and an audio version of the Quran. The malware, while relatively unsophisticated from a technical standpoint, comes with extensive capabilities to steal sensitive data from an infected device, send SMS messages on the victim's behalf, make phone calls, and track their locations. Additionally, it allows the recording of incoming and outgoing phone calls as well as surrounding audio. "All this makes it a powerful and dangerous surveillance tool," Israeli cybersecurity firm Check Point said in a technical deepdive, calling the spyware MobileOrderThe Hacker News
September 19, 2022
EU moves to protect journalists from spyware Full Text
Abstract
Alongside measures promoting ownership transparency and editorial independence, the European Media Freedom Act (EMFA) proposed on Friday will introduce “strong safeguards against the use of spyware against media, journalists and their families.”The Record
September 17, 2022
Google, Microsoft can get your passwords via web browser’s spellcheck Full Text
Abstract
Enhanced Spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information (PII) and in some cases, passwords, to Google and Microsoft respectively.BleepingComputer
September 13, 2022
Cyber espionage campaign targets Asian countries since 2021 Full Text
Abstract
A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage...Security Affairs
September 13, 2022
Cyberspies drop new infostealer malware on govt networks in Asia Full Text
Abstract
Security researchers have identified new cyber-espionage activity focusing on government entities in Asia, as well as state-owned aerospace and defense firms, telecom companies, and IT organizations.BleepingComputer
September 06, 2022
Researchers Find New Android Spyware Campaign Targeting Uyghur Community Full Text
Abstract
A previously undocumented strain of Android spyware with extensive information gathering capabilities has been found disguised as a book likely designed to target the Uyghur community in China. The malware comes under the guise of a book titled " The China Freedom Trap ," a biography written by the exiled Uyghur leader Dolkun Isa. "In light of the ongoing conflict between the Government of the People's Republic of China and the Uyghur community, the malware disguised as the book is a lucrative bait employed by threat actors (TAs) to spread malicious infection in the targeted community," cybersecurity firm Cyble said in a report published Monday. The existence of the malware samples, which come with the package name " com.emc.pdf ," was first disclosed by researchers from the MalwareHunterTeam late last month. Distributed outside of the official Google Play Store, the app, once installed and opened, displays a few pages of the book, includiThe Hacker News
August 31, 2022
AdGuard’s new ad blocker struggles with Google’s Manifest v3 rules Full Text
Abstract
AdGuard has published the first ad blocker extension for Chrome that is compatible with Manifest V3, Google's newest extension platform protocol for the world's most popular web browser.BleepingComputer
August 28, 2022
Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit Full Text
Abstract
Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an Israeli surveillance firm founded by Israeli entrepreneur Tal Dilian, it offers surveillance and hacking solution to law enforcement...Security Affairs
August 24, 2022
Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies Full Text
Abstract
The disclosure also alleges that some of the company's senior-most executives have been trying to cover up Twitter's serious vulnerabilities, and that one or more current employees may be working for a foreign intelligence service.CNN Money
August 20, 2022
TikTok Browser Can Track Users’ Keystrokes, According to New Research Full Text
Abstract
The web browser used within the TikTok app can track every keystroke made by its users, according to new research that is surfacing as the Chinese-owned video app grapples with U.S. lawmakers’ concerns over its data practices.New York Times
August 19, 2022
New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings Full Text
Abstract
Retail giant Amazon patched a high-severity security issue in its Ring app for Android in May that could have enabled a rogue application installed on a user's device to access sensitive information and camera recordings. The Ring app for Android has over 10 million downloads and enables users to monitor video feeds from smart home devices such as video doorbells, security cameras, and alarm systems. Amazon acquired the doorbell maker for about $1 billion in 2018. Application security firm Checkmarx explained it identified a cross-site scripting (XSS) flaw that it said could be weaponized as part of an attack chain to trick victims into installing a malicious app. The app can then be used to get hold of the user's Authorization Token, that can be subsequently leveraged to extract the session cookie by sending this information alongside the device's hardware ID, which is also encoded in the token, to the endpoint "ring[.]com/mobile/authorize." Armed with thThe Hacker News
August 16, 2022
Microsoft Shuts Down Accounts Linked to Russian Spies Full Text
Abstract
The criminals make contact with their targets via email, and for this, they register new accounts with different consumer email providers, and they use email addresses or alias designed to look like a legitimate person.The Register
August 11, 2022
GitHub’s new privacy policy sparks backlash over tracking cookies Full Text
Abstract
Developers are furious at GitHub's upcoming privacy policy changes that would allow GitHub to place tracking cookies on some of its subdomains. The Microsoft subsidiary announced this month, it would be adding "non-essential cookies" on some marketing web pages starting in September, and offered a 30-day "comment period."BleepingComputer
August 6, 2022
Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Full Text
Abstract
Greek intelligence admitted it had spied on a journalist, while citizens ask the government to reveal the use of surveillance malware. The head of the Greek intelligence told a parliamentary committee that they had spied on a journalist with surveillance...Security Affairs
August 2, 2022
Austria Probes Claim Spyware Targeted Law Firms, Banks Full Text
Abstract
Austria's interior ministry said it had not received reports of any incidents. "Of course, (intelligence agency) DSN checks the allegations. So far, there is no proof of the use of spy software from the company mentioned," it said in a statement.Security Week
July 31, 2022
North Korea-linked SharpTongue spies on email accounts with a malicious browser extension Full Text
Abstract
North Korea-linked threat actor SharpTongue is using a malicious extension on Chromium-based web browsers to spy on victims' email accounts. North Korea-linked actor SharpTongue has been using a malicious extension on Chromium-based web browsers to spy on victims'...Security Affairs
July 28, 2022
Google Delays Blocking 3rd-Party Cookies in Chrome Browser Until 2024 Full Text
Abstract
Google on Wednesday said it's once again delaying its plans to turn off third-party cookies in the Chrome web browser from late 2023 to the second half of 2024. "The most consistent feedback we've received is the need for more time to evaluate and test the new Privacy Sandbox technologies before deprecating third-party cookies in Chrome," Anthony Chavez, vice president of Privacy Sandbox, said . In keeping this in mind, the internet and ad tech giant said it's taking a "deliberate approach" and extending the testing window for its ongoing Privacy Sandbox initiatives prior to phasing out third-party cookies. Cookies are pieces of data planted on a user's computer or other device by the web browser as a website is accessed, with third-party cookies fueling much of the digital advertising ecosystem and its ability to track users across different sites to show targeted ads. Privacy Sandbox is Google's umbrella term for a set of technologiesThe Hacker News
July 27, 2022
European Lawmaker Targeted With Cytrox Predator Surveillance Spyware Full Text
Abstract
According to published reports out of Greece, the surveillance tool has been linked to an attempted hack of a phone belonging to Nikos Androulakis, a member of the European Parliament.Security Week
July 26, 2022
Chrome Zero-day Abused to Spread Spyware to Target Journalists Full Text
Abstract
Avast found DevilsTongue spyware, developed by an Israeli surveillance company, abusing a Chrome zero-day to attack journalists in the Middle East. Since the bug exists in WebRTC, it also impacts Safari browser but the exploit found only work on Windows. Always protect data with powerful encry ... Read MoreCyware Alerts - Hacker News
July 23, 2022
Chrome use subject to restrictions in Dutch schools over data security concerns Full Text
Abstract
The Ministry of Education in the Netherlands has decided to implement restrictions on the use of the Chrome OS and Chrome web browser until August 2023 over concerns about data privacy.BleepingComputer
July 22, 2022
Candiru surveillance spyware DevilsTongue exploited Chrome Zero-Day to target journalists Full Text
Abstract
The spyware developed by Israeli surveillance firm Candiru exploited recently fixed CVE-2022-2294 Chrome zero-day in attacks on journalists. Researchers from the antivirus firm Avast reported that the DevilsTongue spyware, developed, by Israeli surveillance...Security Affairs
July 21, 2022
Chrome zero-day used to infect journalists with Candiru spyware Full Text
Abstract
The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the 'DevilsTongue' spyware.BleepingComputer
July 20, 2022
Google boosts Android privacy with support for DNS-over-HTTP/3 Full Text
Abstract
Google has added support for the DNS-over-HTTP/3 (DoH3) protocol on Android 11 and later to increase the privacy of DNS queries while providing better performance.BleepingComputer
July 19, 2022
CloudMensis spyware went undetected for many years Full Text
Abstract
Researchers spotted previously undocumented spyware, dubbed CloudMensis, that targets the Apple macOS systems. Researchers from ESET discovered a previously undetected macOS backdoor, tracked as CloudMensis, that targets macOS systems and exclusively...Security Affairs
July 18, 2022
Pegasus Spyware Used to Hack Devices of Pro-Democracy Activists in Thailand Full Text
Abstract
Thai activists involved in the country's pro-democracy protests have had their smartphones infected with the infamous Pegasus government-sponsored spyware. At least 30 individuals, spanning activists, academics, lawyers, and NGO workers, are believed to have been infected between October 2020 and November 2021, many of whom have been previously detained, arrested and imprisoned for their political activities or criticism of the government. "The timing of the infections is highly relevant to specific political events in Thailand, as well as specific actions by the Thai justice system," the Citizen Lab said in a Sunday report. "In many cases, for example, infections occurred slightly before protests and other political activities by the victims." The findings are the result of threat notifications sent by Apple last November to alert users it believes have been targeted by state-sponsored attackers. The attacks entailed the use of two zero-click exploitsThe Hacker News
July 15, 2022
Tor Browser now bypasses internet censorship automatically Full Text
Abstract
The Tor Project team has announced the release of Tor Browser 11.5, a major release that brings new features to help users fight censorship easier.BleepingComputer
July 12, 2022
TikTok Postpones Privacy Policy Update in Europe After Italy Warns of GDPR Breach Full Text
Abstract
Popular video-sharing platform TikTok on Tuesday agreed to pause a controversial privacy policy update that could have allowed it to serve targeted ads based on users' activity on the social video platform without their permission to do so. The reversal, reported by TechCrunch , comes a day after the Italian data protection authority — the Garante per la Protezione dei Dati Personali — warned the company against the change, citing violations of data protection laws. "The personal data stored in users' devices may not be used to profile those users and send personalized ads without their explicit consent," the Garante said . The formal warning was in response to a privacy policy revision that noted it had historically asked users' "consent" to their on-TikTok activity and off-TikTok activity to serve personalized ads and that, therefore, it intends to stop asking users for their permission to profile their behavior and process personal data. "The Hacker News
July 03, 2022
Free smartphone stalkerware detection tool gets dedicated hub Full Text
Abstract
Kaspersky has launched a new information hub to help with their open-source stalkerware detection tool named TinyCheck, created in 2019 to help people detect if their devices are being monitored.BleepingComputer
July 01, 2022
TikTok Assures U.S. Lawmakers it’s Working to Safeguard User Data From Chinese Staff Full Text
Abstract
Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "strengthen data security." The admission that some China-based employees can access information from U.S. users came in a letter sent to nine senators, which further noted that the procedure requires the individuals to clear numerous internal security protocols. The contents of the letter, first reported by The New York Times, shares more details about TikTok's plans to address data security concerns through a multi-pronged initiative codenamed "Project Texas." "Employees outside the U.S., including China-based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team," TikTok CEO Shou Zi Chew wrote in the mThe Hacker News
June 26, 2022
Spyware Targets Android and iOS Users in Italy and Kazakhstan Full Text
Abstract
Google’s TAG reported that RCS Labs, an Italian surveillance firm, was aided by ISPs in Kazakhstan and Italy to compromise iOS and Android users with the Hermit spyware. The attackers provided a page in Italian language to download either Messenger, Instagram, or WhatsApp. For the iOS versio ... Read MoreCyware Alerts - Hacker News
June 25, 2022
Google details commercial spyware that targets both Android and iOS devices Full Text
Abstract
According to Google Threat Analysis Group (TAG) researchers Benoit Sevens and Clement Lecigne, as well as Project Zero, a distinct government and enterprise-grade iOS and Android spyware variant is now in active circulation.ZDNet
June 24, 2022
Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users Full Text
Abstract
Google's Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. Researchers from Google's Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some...Security Affairs
June 23, 2022
NSO Confirms Pegasus Spyware Used by at least 5 European Countries Full Text
Abstract
The beleaguered Israeli surveillanceware vendor NSO Group this week admitted to the European Union lawmakers that its Pegasus tool was used by at least five countries in the region. "We're trying to do the right thing and that's more than other companies working in the industry," Chaim Gelfand, the company's general counsel and chief compliance officer, said, according to a report from Politico. Acknowledging that it had "made mistakes," the company also stressed on the need for an international standard to regulate the government use of spyware. The disclosure comes as a special inquiry committee was launched in April 2022 to investigate alleged breaches of E.U. law following revelations that the company's Pegasus spyware is being used to snoop on phones belonging to politicians, diplomats, and civil society members. "The committee is going to look into existing national laws regulating surveillance, and whether Pegasus spyware was usThe Hacker News
June 23, 2022
Spyware vendor works with ISPs to infect iOS and Android users Full Text
Abstract
Google's Threat Analysis Group (TAG) revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools.BleepingComputer
June 21, 2022
Kazakh Govt. Used Spyware Against Protesters Full Text
Abstract
Researchers have discovered that a Kazakhstan government entity deployed sophisticated Italian spyware within its borders.Threatpost
June 19, 2022
Google Chrome extensions can be fingerprinted to track you online Full Text
Abstract
A researcher has discovered how to use your installed Google Chrome extensions to generate a fingerprint of your device that can be used to track you online.BleepingComputer
June 19, 2022
Kazakh People Targeted via Hermit Android Spyware Full Text
Abstract
Hermit, an enterprise-grade Android spyware, has been used by organizations in Kazakhstan, Italy, and Syria to exploit a rooted Android device and collect data. The website used to mask its malicious activity is an official Oppo support page in the Kazakh language. Users should stay cautious with f ... Read MoreCyware Alerts - Hacker News
June 17, 2022
Researchers Uncover ‘Hermit’ Android Spyware Used in Kazakhstan, Syria, and Italy Full Text
Abstract
An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed. Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company named RCS Lab S.p.A and Tykelab Srl, a telecom services provider which it suspects to be a front company. The San Francisco-based cybersecurity firm said it detected the campaign aimed at Kazakhstan in April 2022. Hermit is modular and comes with myriad capabilities that allow it to "exploit a rooted device, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages," Lookout researchers Justin Albrecht and Paul Shunk said in a new write-up. The spyware is believed to be distributed via SMS messages that trick users into installing what are seemingly innocuous apps from Samsung, Vivo, and Oppo, wThe Hacker News
June 16, 2022
Lookout Uncovers Android Spyware Deployed in Kazakhstan Full Text
Abstract
Based on Lookout's analysis, the spyware is likely developed by Italian spyware vendor RCS Lab S.p.A and Tykelab Srl, a telecommunications solutions company suspected to be operating as a front company.Lookout
June 13, 2022
Using WiFi connection probe requests to track users Full Text
Abstract
Researchers at the University of Hamburg demonstrated that WiFi connection probe requests expose users to track. A group of academics at the University of Hamburg (Germany) demonstrated that it is possible to use WiFi connection probe requests to identify...Security Affairs
June 12, 2022
New Vytal Chrome extension hides location info that your VPN can’t Full Text
Abstract
A new Google Chrome browser extension called Vytal prevents webpages from using programming APIs to find your geographic location leaked, even when using a VPN.BleepingComputer
June 11, 2022
WiFi probing exposes smartphone users to tracking, info leaks Full Text
Abstract
Researchers at the University of Hamburg in Germany have conducted a field experiment capturing hundreds of thousands of passersby's WiFi connection probe requests to determine the type of data transmitted without the device owners realizing it.BleepingComputer
June 09, 2022
New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing Full Text
Abstract
A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. Dubbed Peekaboo by researchers from Carnegie Mellon University, the system "leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before sending it to external cloud servers." Peekaboo operates on the principle of data minimization, which refers to the practice of limiting data collection to only what is required to fulfill a specific purpose. To achieve this the system requires developers to explicitly declare the relevant data collection behaviors in the form of a manifest file that's then fed into an in-home trusted hub to transmit sensitive data from smart home apps such as smart doorbells on a need-to-know basis. The hub not only functions as a mediator between raw data from IoT devices and the respecThe Hacker News
May 30, 2022
Vodafone plans carrier-level user tracking for targeted ads Full Text
Abstract
Vodafone is piloting a new advertising ID system called TrustPid, which will work as a persistent user tracker at the mobile Internet Service Provider (ISP) level.BleepingComputer
May 25, 2022
Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room Full Text
Abstract
A group of academics has devised a system that can be used on a phone or a laptop to identify and locate Wi-Fi-connected hidden IoT devices in unfamiliar physical spaces. With hidden cameras being increasingly used to snoop on individuals in hotel rooms and Airbnbs, the goal is to be able to pinpoint such rogue devices without much of a hassle. The system, dubbed Lumos , is designed with this intent in mind and to "visualize their presence using an augmented reality interface," said Rahul Anand Sharma, Elahe Soltanaghaei, Anthony Rowe, and Vyas Sekar of Carnegie Mellon University in a new paper. At its core, the platform works by snuffing and collecting encrypted wireless packets over the air to detect and identify concealed devices. Subsequently, it estimates the location of each identified device with respect to the user as they walk around the perimeter of the space. The localization module, for its part, combines signal strength measurements that are availThe Hacker News
May 24, 2022
DuckDuckGo browser allows Microsoft trackers due to search agreement Full Text
Abstract
The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies.BleepingComputer
May 23, 2022
Cytrox’s Predator spyware used zero-day exploits in 3 campaigns Full Text
Abstract
Google's Threat Analysis Group (TAG) uncovered campaigns targeting Android users with five zero-day vulnerabilities. Google's Threat Analysis Group (TAG) researchers discovered three campaigns, between August and October 2021, targeting Android users...Security Affairs
May 22, 2022
Google: Predator spyware infected Android devices using zero-days Full Text
Abstract
Google's Threat Analysis Group (TAG) says that state-backed threat actors used five zero-day vulnerabilities to install Predator spyware developed by commercial surveillance developer Cytrox.BleepingComputer
May 20, 2022
Cytrox’s Predator Spyware Targeted Android Users with Zero-Day Exploits Full Text
Abstract
Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched but not flagged as security issues and when these patches were fully deployed across the Android ecosystem," TAG researchers Clement Lecigne and Christian Resell said . Cytrox is alleged to have packaged the exploits and sold them to different government-backed actors located in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia, who, in turn, weaponized the bugs in at least three different campaigns. The commercial surveillance company is the maker of Predator , an implant analogous to that of NSO Group's Pegasus , and is known to havThe Hacker News
May 18, 2022
Web Trackers Caught Intercepting Online Forms Even Before Users Hit Submit Full Text
Abstract
A new research published by academics from KU Leuven, Radboud University, and the University of Lausanne has revealed that users' email addresses are exfiltrated to tracking, marketing, and analytics domains before such is submitted and without prior consent. The study involved crawling 2.8 million pages from the top 100 websites, and found that as many as 1,844 websites allowed trackers to capture email addresses before form submission in the European Union, a number that jumped to 2,950 when the same set of websites were visited from the U.S. "Emails (or their hashes) were sent to 174 distinct domains ( eTLD+1 ) in the U.S. crawl, and 157 distinct domains in the EU crawl," the researchers said . Furthermore, 52 websites were determined to be collecting passwords in the same manner, an issue that has since been addressed following responsible disclosure. LiveRamp, Taboola, Adobe, Verizon, Yandex, Meta Platforms, TikTok, Salesforce, Listrak, and Oracle accounted fThe Hacker News
May 16, 2022
Third-party web trackers log what you type before submitting Full Text
Abstract
An extensive study looking into the top 100k ranking websites has revealed that many are leaking information you enter in the site forms to third-party trackers before you even press submit.BleepingComputer
May 3, 2022
Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’ Full Text
Abstract
Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses.Threatpost
May 01, 2022
Google Releases First Developer Preview of Privacy Sandbox on Android 13 Full Text
Abstract
Google has officially released the first developer preview for the Privacy Sandbox on Android 13, offering an "early look" at the SDK Runtime and Topics API to boost users' privacy online. "The Privacy Sandbox on Android Developer Preview program will run over the course of 2022, with a beta release planned by the end of the year," the search giant said in an overview. A "multi-year effort," Privacy Sandbox on Android aims to create technologies that's both privacy-preserving as well as keep online content and services free without having to resort to opaque methods of digital advertising. The idea is to limit sharing of user data with third-parties and operate without cross-app identifiers, including advertising ID, a unique, user-resettable string of letters and digits that can be used to track users as they move between apps. Google originally announced its plans to bring Privacy Sandbox to Android earlier this February, followingThe Hacker News
April 28, 2022
Twitter’s New Owner Elon Musk Wants DMs to be End-to-End Encrypted like Signal Full Text
Abstract
Elon Musk, CEO of SpaceX and Tesla and Twitter's new owner, on Thursday called on adding support for end-to-end encryption (E2EE) to the platform's direct messages ( DM ) feature. "Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages," Musk said in a tweet. The statement comes days after the microblogging service announced it officially entered into an agreement to be acquired by an entity wholly owned by Elon Musk, with the transaction valued at approximately US$ 44 billion, or US$ 54.20 per share in cash. The deal, which is expected to be closed over the next six months, will see it becoming a privately held company. "Free speech is the bedrock of a functioning democracy, and Twitter is the digital town square where matters vital to the future of humanity are debated," Musk said in a statement. "I also want to make Twitter better than ever by enhancing the product with new features, making tThe Hacker News
April 27, 2022
Google’s New Safety Section Shows What Data Android Apps Collect About Users Full Text
Abstract
Google on Tuesday officially began rolling out a new "Data safety" section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. "Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties," Suzanne Frey, Vice President of product for Android security and privacy, said . "In addition, users want to understand how app developers are securing user data after an app is downloaded." The transparency measure, which is built along the lines of Apple's " Privacy Nutrition Labels ," was first announced by Google nearly a year ago in May 2021. The Data safety section, which will show up against every app listing on the digital storefront, presents a unified view of what data is being collected, for what purpose it's being used, and how it's handled, while also highlighting what data is being shared with thiThe Hacker News
April 26, 2022
Google Play Store now forces apps to disclose what data is collected Full Text
Abstract
Google is rolling out a new Data Safety section on the Play Store, Android's official app repository, where developers must declare what data their software collects from users of their apps.BleepingComputer
April 26, 2022
Anomaly Six, a US surveillance firm that tracks roughly 3 billion devices in real-time Full Text
Abstract
An interesting article published by The Intercept reveals the secretive business of a US surveillance firm named Anomaly Six. When we speak about the secretive business of surveillance businesses we often refer to the powerful tools developed by Israeli...Security Affairs
April 19, 2022
NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks Full Text
Abstract
Researchers reported that threat actors leveraged a new zero-click iMessage exploit to install NSO Group Pegasus on iPhones belonging to Catalans. Researchers from Citizen Lab have published a report detailing the use of a new zero-click iMessage...Security Affairs
April 19, 2022
Watchdog warned UK government of spyware infections inside 10 Downing Street Full Text
Abstract
"We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks," Citizen Lab said in a blog post.Reuters
April 15, 2022
‘Mute’ button in conferencing apps may not actually mute your mic Full Text
Abstract
A new study shows that pressing the mute button on popular video conferencing apps (VCA) may not actually work like you think it should, with apps still listening in on your microphone.BleepingComputer
April 13, 2022
EU officials were targeted with Israeli surveillance software Full Text
Abstract
According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. One of the officials targeted with the infamous spyware there is Didier Reynders, a senior Belgian statesman...Security Affairs
April 12, 2022
E.U. Officials Reportedly Targeted with Israeli Pegasus Spyware Full Text
Abstract
Senior officials in the European Union were allegedly targeted with NSO Group's infamous Pegasus surveillance tool, according to a new report from Reuters. At least five individuals, including European Justice Commissioner Didier Reynders, are said to have been singled out in total, the news agency said, citing documents and two unnamed E.U. officials. However, it's not clear who used the commercial spyware against them or what information was obtained following the attacks. NSO Group said in a statement shared with Reuters that it was not responsible for the hacking attempts, adding that the targeting "could not have happened with NSO's tools." The targeting is said to have come to light after Apple notified the victims of state-sponsored attacks last November as part of its efforts to stop the Israeli surveillance firm from targeting its customers. That same month, the iPhone maker filed a lawsuit against NSO Group, seeking a court-issued injunction aiThe Hacker News
April 7, 2022
New Spyware Actively Targets Android Users Full Text
Abstract
An Android spyware impersonates a process manager app to target users and steal their data. While analyzing the spyware, the research team discovered that it downloads additional payloads to compromised devices. Organizations and users are suggested to always monitor and review the app permiss ... Read MoreCyware Alerts - Hacker News
April 04, 2022
Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers Full Text
Abstract
An Android spyware application has been spotted masquerading as a "Process Manager" service to stealthily siphon sensitive information stored in the infected devices. Interestingly, the app — that has the package name " com.remote.app " — establishes contact with a remote command-and-control server, 82.146.35[.]240, which has been previously identified as infrastructure belonging to the Russia-based hacking group known as Turla . "When the application is run, a warning appears about the permissions granted to the application," Lab52 researchers said . "These include screen unlock attempts, lock the screen, set the device global proxy, set screen lock password expiration, set storage encryption and disable cameras." Once the app is "activated," the malware removes its gear-shaped icon from the home screen and runs in the background, abusing its wide permissions to access the device's contacts and call logs, track its location,The Hacker News
April 01, 2022
Russian-linked Android malware records audio, tracks your location Full Text
Abstract
A previously unknown Android malware has been linked to the Turla hacking group after discovering the app used infrastructure previously attributed to the threat actors.BleepingComputer
March 29, 2022
Privid: A Privacy-Preserving Surveillance Video Analytics System Full Text
Abstract
A group of academics has designed a new system known as " Privid " that enables video analytics in a privacy-preserving manner to combat concerns with invasive tracking. "We're at a stage right now where cameras are practically ubiquitous. If there's a camera on every street corner, every place you go, and if someone could actually process all of those videos in aggregate, you can imagine that entity building a very precise timeline of when and where a person has gone," Frank Cangialosi, the lead author of the study and a researcher at the MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL), said in a statement. "People are already worried about location privacy with GPS — video data in aggregate could capture not only your location history, but also moods, behaviors, and more at each location," Cangialosi added. Privid is built on the foundation of differential privacy , a statistical technique that makes it possiblThe Hacker News
March 21, 2022
Italy’s data privacy watchdog investigates how Kaspersky manages Italian users’ data Full Text
Abstract
Italy's data privacy watchdog launched an investigation into the "potential risks" associated with the use of Russian antivirus software Kaspersky. Italy's data privacy watchdog has launched an investigation into potential risks associated with the use of the Kaspersky...Security Affairs
March 07, 2022
Dozens of COVID passport apps put user’s privacy at risk Full Text
Abstract
Roughly two-thirds of test digital vaccination applications commonly used today as safe passes and travel passports exhibit behavior that may put users' privacy at risk.BleepingComputer
February 25, 2022
Visual Voice Mail on Android may be vulnerable to eavesdropping Full Text
Abstract
A security analyst has devised a way to capture Visual Voice Mail (VVM) credentials on Android devices and then remotely listen to voicemail messages without the victim's knowledge.BleepingComputer
February 18, 2022
Google Privacy Sandbox promises to protect user privacy online Full Text
Abstract
Google introduces Privacy Sandbox on Android aimed at leading to more private advertising solutions for mobile users. Google announced Privacy Sandbox on Android to limit user data sharing and prevent the use of cross-app identifiers. The company...Security Affairs
February 17, 2022
Google Bringing Privacy Sandbox to Android to Limit Sharing of User Data Full Text
Abstract
Google on Wednesday announced plans to bring its Privacy Sandbox initiatives to Android in a bid to expand its privacy-focused, but also less disruptive, advertising technology beyond the desktop web. To that end, the internet giant said it will work towards building solutions that prevent cross-app tracking à la Apple's App Tracking Transparency ( ATT ) framework, effectively limiting sharing of user data with third-parties as well as eliminating identifiers such as advertising IDs on mobile devices. "The Privacy Sandbox on Android builds on our existing efforts on the web, providing a clear path forward to improve user privacy without putting access to free content and services at risk," Anthony Chavez, vice president of product management for Android security and privacy, said . Privacy Sandbox , launched in 2019, is Google's umbrella term for a set of technologies that will phase out third-party cookies and curb covert tracking, like fingerprinting , by reduThe Hacker News
February 17, 2022
European Data Protection Supervisor call for bans on surveillance spyware like Pegasus Full Text
Abstract
The European Data Protection Supervisor authority called for a ban on the development and the use of Pegasus-like commercial spyware. The European Data Protection Supervisor (EDPS) authority this week called for a ban on the development and the use of surveillance...Security Affairs
February 16, 2022
EU Data Protection Watchdog Calls for Ban on Pegasus-like Commercial Spyware Full Text
Abstract
The European Union's data protection authority on Tuesday called for a ban on the development and the use of Pegasus-like commercial spyware in the region, calling out the technology's "unprecedented level of intrusiveness" that could endanger users' right to privacy. "Pegasus constitutes a paradigm shift in terms of access to private communications and devices, which is able to affect the very essence of our fundamental rights, in particular the right to privacy," the European Data Protection Supervisor (EDPS) said in its preliminary remarks. "This fact makes its use incompatible with our democratic values." Pegasus is a piece of highly advanced military-grade intrusion software developed by Israeli company NSO Group that's capable of breaking into smartphones running Android and iOS, turning the devices into a remote monitoring tool capable of extracting sensitive information, recording conversations, and tracking users' movemeThe Hacker News
February 15, 2022
Remote sex toys might spice up your love life – but crooks could also get a kick out of them Full Text
Abstract
A CyberNews investigation has revealed that Lovense remote sex toy users might be at risk from threat actors, due to poor security features. Original post: https://cybernews.com/privacy/remote-sex-toys-might-spice-up-your-love-life-but-crooks-could-also-get-a-kick-out-of-them/ Lovense...Security Affairs
February 7, 2022
QuaDream, 2nd Israeli Spyware Firm, Weaponizes iPhone Bug Full Text
Abstract
The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor.Threatpost
February 01, 2022
Israeli police: Evidence points to improper spyware use by investigators Full Text
Abstract
New evidence indicates that investigators with the Israeli police improperly used spyware to spy on citizens' phones, the national police force announced on Tuesday.The Hill
January 31, 2022
NSO Group Pegasus Spyware Aims at Finnish Diplomats Full Text
Abstract
Finland is weathering a bout of Pegasus infections, along with a Facebook Messenger phishing scam.Threatpost
January 31, 2022
DazzleSpy Backdoor Spies on Hong Kong Politicians Full Text
Abstract
A new malware dubbed DazzleSpy surfaced during the investigation of a watering hole attack targeting Windows and Android users. ESET researchers found that the attack also targeted macOS users and visitors of a pro-democracy radio station website in Hong Kong. To stay protected, deploy the right an ... Read MoreCyware Alerts - Hacker News
January 28, 2022
Finnish diplomats’ phones infected with NSO Group Pegasus spyware Full Text
Abstract
Finland's Ministry for Foreign Affairs says devices of Finnish diplomats have been hacked and infected with NSO Group's Pegasus spyware in a cyber-espionage campaign.BleepingComputer
January 25, 2022
Google Drops FLoC and Introduces Topics API to Replace Tracking Cookies for Ads Full Text
Abstract
Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics , which categorizes users' browsing habits into approximately 350 topics. The new mechanism , which takes the place of FLoC (short for Federated Learning of Cohorts), slots users' browsing history for a given week into a handful of top pre-designated interests (i.e., topics), which are retained only on the device for a revolving period of three weeks. Subsequently, when a user visits a participating site, the Topics API selects three of the interests — one topic from each of the past three weeks — to share with the site and its advertising partners. To give more control over the framework, users can not only see the topics but also remove topics or disable it altogether. By labeling each website with a recognizable, high-level topic and sharing the most frequent topics associated with the browsing history,The Hacker News
January 25, 2022
Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets Full Text
Abstract
Cybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia. The attack is unique as it leverages Microsoft OneDrive as a command-and-control (C2) server and is split into as many as six stages to stay as hidden as possible, Trellix — a new company created following the merger of security firms McAfee Enterprise and FireEye — said in a report shared with The Hacker News. "This type of communication allows the malware to go unnoticed in the victims' systems since it will only connect to legitimate Microsoft domains and won't show any suspicious network traffic," Trellix explained. First signs of activity associated with the covert operation are said to have commenced as early as June 18, 2021, with two victims reported on September 21 and 29, followed by 17 more in a short span of three days between OctoThe Hacker News
January 21, 2022
Experts warn of anomalous spyware campaigns targeting industrial firms Full Text
Abstract
Researchers spotted several spyware campaigns targeting industrial enterprises to steal credentials and conduct financial fraud. Researchers from Kaspersky Lab have uncovered multiple spyware campaigns that target industrial firms to steal email...Security Affairs
January 20, 2022
‘Anomalous’ spyware stealing credentials in industrial firms Full Text
Abstract
Researchers have uncovered several spyware campaigns that target industrial enterprises, aiming to steal email account credentials and conduct financial fraud or resell them to other actors.BleepingComputer
January 18, 2022
Beijing 2022 Winter Olympics app bursting with privacy risks Full Text
Abstract
The official app for Beijing 2022 Winter Olympics, 'My 2022,' was found to be insecure when it comes to protecting the sensitive data of its users.BleepingComputer
January 07, 2022
Facebook Launches ‘Privacy Center’ to Educate Users on Data Collection and Privacy Options Full Text
Abstract
Meta Platforms, the company formerly known as Facebook, on Friday announced the launch of a centralized Privacy Center that aims to "educate people" about its approach with regards to how it collects and processes personal information across its family of social media apps. "Privacy Center provides helpful information about five common privacy topics: sharing, security, data collection, data use and ads," the social technology firm said in a press release. The first module, Security, will offer easy access to common tools such as account security settings and two-factor authentication. Sharing will provide specifics about post visibility and settings to archive or trash old posts. Collection and Use will give users a quick glance into the type of data Meta harvests and learn how and why it's used, respectively. Lastly, the Ads section will furnish information regarding a user's ad preferences. The learning hub is expected to be initially limited to a sThe Hacker News
January 07, 2022
US counterintelligence shares tips to block spyware attacks Full Text
Abstract
The US National Counterintelligence and Security Center (NCSC) and the Department of State have jointly published guidance on defending against attacks using commercial surveillance tools.BleepingComputer
January 06, 2022
France Fines Google, Facebook €210 Million Over Privacy Violating Tracking Cookies Full Text
Abstract
The Commission nationale de l'informatique et des libertés (CNIL), France's data protection watchdog, has slapped Facebook (now Meta Platforms) and Google with fines of €150 million ($170 million) and €60 million ($68 million) for violating E.U. privacy rules by failing to provide users with an easy option to reject cookie tracking technology. "The websites facebook.com, google.fr and youtube.com offer a button allowing the user to immediately accept cookies," the authority said . "However, they do not provide an equivalent solution (button or other) enabling the Internet user to easily refuse the deposit of these cookies." Facebook told TechCrunch that it was reviewing the ruling, while Google said it's working to change its practices in response to the CNIL fines. HTTP cookies are small pieces of data created while a user is browsing a website and placed on the user's computer or other device by the user's web browser to track onlineThe Hacker News
December 28, 2021
That Toy You Got for Christmas Could Be Spying on You Full Text
Abstract
Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device.Threatpost
December 27, 2021
Experts found backdoors in a popular Auerswald VoIP appliance Full Text
Abstract
Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. Researchers from RedTeam Pentesting discovered multiple backdoors in a popular VoIP (voice over Internet protocol)...Security Affairs
December 27, 2021
Bluetooth reboot of pre-school play phone has privacy flaw Full Text
Abstract
Chatter uses Bluetooth classic without secure pairing, which means anyone nearby could therefore hook up a Bluetooth device, and tune in to whatever is said within range of the Chatter’s microphone.The Register
December 24, 2021
Fisher Price Chatter Bluetooth Telephone 60G LTE has serious privacy issues Full Text
Abstract
Experts found serious privacy issues affecting Fisher Price Chatter Bluetooth Telephone, a Bluetooth headset that appears like a classic kids toy. Fisher Price Chatter Bluetooth Telephone has the appearance of a classic kids toy, but it was designed...Security Affairs
December 20, 2021
Citizen Lab Exposes Cytrox as Vendor Behind ‘Predator’ iPhone Spyware Full Text
Abstract
The Citizen Lab has discovered another player in the private sector mobile spyware business, fingering a tiny North Macedonia company called Cytrox as the makers of high-end iPhone implants.Security Week
December 17, 2021
Facebook Bans 7 ‘Cyber Mercenary’ Companies for Spying on 50,000 Users Full Text
Abstract
Meta Platforms on Thursday revealed it took steps to deplatform seven cyber mercenaries that it said carried out "indiscriminate" targeting of journalists, dissidents, critics of authoritarian regimes, families of opposition, and human rights activists located in over 100 countries, amid mounting scrutiny of surveillance technologies. To that end, the company said it alerted 50,000 users of Facebook and Instagram that their accounts were spied on by the companies, who offer a variety of services that run the spyware gamut from hacking tools for infiltrating mobile phones to creating fake social media accounts to monitor targets. It also removed 1,500 Facebook and Instagram accounts linked to these firms. "The global surveillance-for-hire industry targets people across the internet to collect intelligence, manipulate them into revealing information and compromise their devices and accounts," Meta's David Agranovich and Mike Dvilyanski said. "These compaThe Hacker News
December 16, 2021
PseudoManuscrypt Spyware Campaign Targets Thousands of ICS Computers Worldwide Full Text
Abstract
This new malware contains advanced spying capabilities and has been seen targeting both government organizations and industrial control systems (ICS) across numerous industries.Yahoo! Finance
December 10, 2021
Russia Blocks Tor Privacy Service in Latest Censorship Move Full Text
Abstract
Russia has stepped up its censorship efforts in the country by fully blocking access to the Tor web anonymity service, coinciding with the ban of six virtual private network (VPN) operators, as the government continues its efforts to control the internet and crack down on attempts to circumvent locally imposed web restrictions. The Federal Service for Supervision of Communications, Information Technology and Mass Media, also known as Roskomnadzor, the watchdog responsible for monitoring, controlling and censoring Russian mass media, announced the block, accusing it of enabling access to illegal content, Reuters reported this week. Russia accounts for 15% of all Tor users, with more than 310,000 daily users, second only to the U.S. Tor, short for The Onion Router, enables users to automatically encrypt and reroute their web requests through a network of Tor relays for anonymizing network traffic, as well as help bypass censorship and protect their identities from the internThe Hacker News
December 08, 2021
Tor’s main site blocked in Russia as censorship widens Full Text
Abstract
The Tor Project's main website, torproject.org, is actively blocked by Russia's largest internet service providers, and sources from the country claim that the government is getting ready to conduct an extensive block of the project.BleepingComputer
December 6, 2021
Pegasus Spyware Infects U.S. State Department iPhones Full Text
Abstract
It’s unknown who’s behind the cyberattacks against at least nine employees’ iPhones, who are all involved in Ugandan diplomacy.Threatpost
December 06, 2021
France warns of Nobelium cyberspies attacking French orgs Full Text
Abstract
The French national cyber-security agency ANSSI said today that the Russian-backed Nobelium hacking group behind last year's SolarWinds hack has been targeting French organizations since February 2021.BleepingComputer
December 6, 2021
American diplomats’ iPhones reportedly compromised by NSO Group intrusion software Full Text
Abstract
The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.The Register
December 04, 2021
Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats Full Text
Abstract
Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post . At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues pertaining to the country are said to have singled out using iPhones registered to their overseas phone numbers, although the identity of the threat actors behind the intrusions, or the nature of the information sought, remains unknown as yet. The attacks, which were carried out in the last several months, mark the first known time the sophisticated surveillance software has been put to use against U.S. government employees. NSO Group is the maker of Pegasus , military-grade spyware that allows its government clients to stealthily plunder files and photos, eavesdrop on conversations, and track the whereabouThe Hacker News
December 3, 2021
NSO Group spyware used to compromise iPhones of 9 US State Dept officials Full Text
Abstract
Apple warns that the mobile devices of at least nine US Department of State employees were compromised with NSO Group 's Pegasus spyware. The iPhones of at least nine US state department officials were compromised with the NSO Group's spyware Pegasus. The...Security Affairs
December 2, 2021
Russian internet watchdog Roskomnadzor bans six more VPN services Full Text
Abstract
Russia’s internet watchdog, ‘Roskomnadzor’, has announced the ban of other VPN products, 15 VPN services are now illegal in Russia Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six more...Security Affairs
December 02, 2021
Facebook taking steps to secure accounts of activists, journalists, officials Full Text
Abstract
Facebook on Thursday rolled out a new set of measures designed to further protect accounts more often targeted by hackers, including those of human rights activists, journalists and government officials, among others.The Hill
December 1, 2021
FBI training document shows lawful access to multiple encrypted messaging apps Full Text
Abstract
Which are the most secure encrypted messaging apps? An FBI document shows what data can be obtained from them. The Record shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted...Security Affairs
November 30, 2021
Twitter Bans Users From Posting ‘Private Media’ Without a Person’s Consent Full Text
Abstract
Twitter on Tuesday announced an expansion to its private information policy to include private media, effectively prohibiting the sharing of photos and videos without express permission from the individuals depicted in them with an aim to curb doxxing and harassment. "Beginning today, we will not allow the sharing of private media, such as images or videos of private individuals without their consent. Publishing people's private info is also prohibited under the policy, as is threatening or incentivizing others to do so," the company's Safety team said in a tweet. To that end, the policy also discourages users from sharing information such as sign-in credentials that would enable malicious actors to gain access to a person's sensitive information without their authorization. It also forbids users from seeking financial compensation in exchange for posting (or not posting) another individual's private information as part of blackmail schemes. As part oThe Hacker News
November 30, 2021
Smartwatches for children are a privacy and security nightmare Full Text
Abstract
Researchers analyzed the security of four popular smartwatches for children and found pre-installed downloaders, weak passwords, and unencrypted data transmissions.BleepingComputer
November 29, 2021
Recent Additions to Entity List Part of Broader U.S. Effort Targeting Spyware Full Text
Abstract
The Commerce Department’s addition of four entities to the export control Entity List highlights accelerated efforts to target companies providing cyber services to certain foreign governments—especially when human rights are at stake.Lawfare
November 29, 2021
New Chinotto Spyware Targets North Korean Defectors, Human Rights Activists Full Text
Abstract
North Korean defectors, journalists who cover North Korea-related news, and entities in South Korea are being zeroed in on by a nation-state-sponsored advanced persistent threat (APT) as part of a new wave of highly-targeted surveillance attacks. Russian cybersecurity firm Kaspersky attributed the infiltrations to a North Korean hacker group tracked as ScarCruft , also known as APT37 , Reaper Group, InkySquid, and Ricochet Chollima. "The actor utilized three types of malware with similar functionalities: versions implemented in PowerShell, Windows executables and Android applications," the company's Global Research and Analysis Team (GReAT) said in a new report published today. "Although intended for different platforms, they share a similar command and control scheme based on HTTP communication. Therefore, the malware operators can control the whole malware family through one set of command and control scripts." Likely active since at least 2012, ScarCThe Hacker News
November 20, 2021
Tor Project calls to bring more than 200 obfs4 bridges online by December Full Text
Abstract
The Tor Project offers rewards to users who will set up a Tor server after observing a significant drop in the number of Tor relays and Tor bridges. Bridges are private Tor relays that allow users to circumvent censorship, their role is essential...Security Affairs
November 17, 2021
Israel’s Candiru Spyware Found Linked to Watering Hole Attacks in U.K and Middle East Full Text
Abstract
Israeli spyware vendor Candiru, which was added to an economic blocklist by the U.S. government this month, is said to have reportedly waged "watering hole" attacks against high-profile entities in the U.K. and the Middle East, new findings reveal. "The victimized websites belong to media outlets in the U.K., Yemen, and Saudi Arabia, as well as to Hezbollah; to government institutions in Iran (Ministry of Foreign Affairs), Syria (including the Ministry of Electricity), and Yemen (including the Ministries of Interior and Finance); to internet service providers in Yemen and Syria; and to aerospace/military technology companies in Italy and South Africa," ESET said in a new report. "The attackers also created a website mimicking a medical trade fair in Germany." The strategic web compromises are believed to have occurred in two waves, the first commencing as early as March 2020 before ending in August 2020, and the second string of attacks beginning inThe Hacker News
November 13, 2021
Fake end-to-end encrypted chat app distributes Android spyware Full Text
Abstract
The GravityRAT remote access trojan is being distributed in the wild again, this time under the guise of an end-to-end encrypted chat application called SoSafe Chat.BleepingComputer
November 11, 2021
Sophisticated Android spyware PhoneSpy infected thousands of Korean phones Full Text
Abstract
South Korean users have been targeted with a new sophisticated Android spyware, tracked as PhoneSpy, as part of an ongoing campaign. Researchers from Zimperium zLabs uncovered an ongoing campaign aimed at infecting the mobile phones of South Korean...Security Affairs
November 8, 2021
Hungarian official confirms Hungary used NSO Group Pegasus spyware Full Text
Abstract
A Hungarian government official confirmed that his government has bought and used the controversial NSO Group's Pegasus spyware. Lajos Kosa, chair of the Parliament’s Defense and Law Enforcement Committee, confirmed that Hungary is one of the clients...Security Affairs
November 03, 2021
Blacklisting of NSO Group shakes up spyware debate Full Text
Abstract
The Hill
November 03, 2021
Facebook to Shut Down Facial Recognition System and Delete Billions of Records Full Text
Abstract
Facebook's newly-rebranded parent company Meta on Tuesday announced plans to discontinue its decade-old "Face Recognition" system and delete a massive trove of more than a billion users' facial recognition templates as part of a wider initiative to limit the use of the technology across its products. The Menlo Park tech giant described the about-face as "one of the largest shifts in facial recognition usage in the technology's history." The shutdown, which is expected to take place over the coming weeks, will mean users who have previously opted into the setting will no longer be automatically recognized in Memories, photos and videos or see suggested tags with their name in photos and videos they may appear in. Furthermore, the company's Automatic Alt Text (AAT) tool, which creates image descriptions for visually impaired people, will no longer include the names of people identified in photos. Facebook's discontinuing of the program comThe Hacker News
November 02, 2021
Facebook deletes 1 billion faceprints in Face Recognition shutdown Full Text
Abstract
Facebook announced today that they will no longer use the Face Recognition system on their platform and will be deleting over 1 billion people's facial recognition profiles.BleepingComputer
November 2, 2021
Facebook is going to shut down Face Recognition system and data it collected Full Text
Abstract
Facebook announced to shut down its Face Recognition system and is going to delete over 1 billion people's facial recognition profiles. Facebook announced it will stop using the Face Recognition system on its platform and will delete over 1 billion...Security Affairs
October 28, 2021
Android spyware spreading as antivirus software in Japan Full Text
Abstract
A new variant of the Android info-stealer called FakeCop has been spotted by Japanese security researchers, who warn that the distribution of the malicious APK is picking up pace.BleepingComputer
October 27, 2021
Android spyware apps target Israel in three-year-long campaign Full Text
Abstract
A set of seemingly innocuous Android apps have been infecting Israeli users with spyware since 2018, and the campaign continues to this day.BleepingComputer
October 26, 2021
Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads Full Text
Abstract
UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.Threatpost
October 26, 2021
Australia drafts Online Privacy Bill to bolster data security Full Text
Abstract
Australia's Attorney-General has submitted the first draft of a new Online Privacy Bill that contains striking reforms over existing privacy laws.BleepingComputer
October 25, 2021
NYT Journalist’s iPhone infected twice with NSO Group’sPegasus spyware Full Text
Abstract
Threat actors infected the iPhone of New York Times journalist Ben Hubbard with NSO Group's Pegasus spyware between June 2018 to June 2021. The iPhone of New York Times journalist Ben Hubbard was repeatedly infected with NSO Group's Pegasus spyware....Security Affairs
October 23, 2021
FTC: ISPs collect and monetize far more user data than you’d think Full Text
Abstract
The Federal Trade Commission (FTC) found that six largest internet service providers (ISPs) in the U.S. collect and share customers' personal data without providing them with info on how it's used or meaningful ways to control this process.BleepingComputer
October 22, 2021
Microsoft Teams adds end-to-end encryption for one-to-one calls Full Text
Abstract
Microsoft has announced the public preview roll-out of end-to-end encryption (E2EE) support for one-to-one Microsoft Teams calls.BleepingComputer
October 15, 2021
Bugs in Our Pockets: The Risks of Client-Side Scanning Full Text
Abstract
Client-side scanning poses serious technical risks, and there is little that prevents such systems from being repurposed to scan for other types of targeted content.Lawfare
October 15, 2021
Cybersecurity Experts Sound Alarm on Apple and E.U. Phone Scanning Plans Full Text
Abstract
More than a dozen prominent cybersecurity experts raised concerns on plans by Apple and the EU to monitor people’s phones for illicit material, calling the efforts ineffective and dangerous strategies that would embolden government surveillance.New York Times
October 12, 2021
Office 365 Spy Campaign Targets US Military Defense Full Text
Abstract
An Iran-linked group is taking aim at makers of drones and satellites, Persian Gulf ports and maritime shipping companies, among others.Threatpost
October 12, 2021
Study reveals Android phones constantly snoop on their users Full Text
Abstract
A new study by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones.BleepingComputer
October 11, 2021
Indian-Made Mobile Spyware Targeted Human Rights Activist in Togo Full Text
Abstract
A prominent Togolese human rights defender has been targeted with spyware by a threat actor known for striking victims in South Asia, marking the hacking group's first foray into digital surveillance in Africa. Amnesty International tied the covert attack campaign to a collective tracked as " Donot Team " (aka APT-C-35), which has been linked to cyber offensives in India and Pakistan, while also identifying apparent evidence coupling the group's infrastructure to an Indian company called Innefu Labs. The unnamed activist is believed to have targeted over a period of two months starting in December 2019 with the help of fake Android applications and spyware-loaded emails. "The persistent attacks over WhatsApp and email tried to trick the victim into installing a malicious application that masqueraded as a secure chat application," Amnesty International said in a report published last week. "The application was in fact a piece of custom Android spywaThe Hacker News
October 11, 2021
Donot Team targets a Togo prominent activist with Indian-made spyware Full Text
Abstract
A Togolese human rights advocate was hit by mobile spyware that has been allegedly developed by an Indian firm called Innefu Labs. Researchers from Amnesty International have uncovered a cyberespionage campaign tracked as 'Donot Team' (aka APT-C-35)...Security Affairs
October 10, 2021
Amnesty International links cybersecurity firm to spyware operation Full Text
Abstract
A report by Amnesty International links an Indian cybersecurity company to an Android spyware program used to target prominent activists.BleepingComputer
October 1, 2021
‘Stalkerware’ Apps Are Proliferating. Protect Yourself. Full Text
Abstract
While these apps numbered in the hundreds a few years ago, they have since grown into the thousands. They are widely available on Google’s Play Store and to a lesser degree on Apple’s App Store.New York Times
September 30, 2021
Fake Amnesty International Pegasus scanner used to infect Windows Full Text
Abstract
Threat actors are trying to capitalize on the recent revelations on Pegasus spyware from Amnesty International to drop a less-known remote access tool called Sarwent.BleepingComputer
September 28, 2021
SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever Full Text
Abstract
A ‘nearly impossible to analyze’ version of the malware sports a bootkit and ‘steal-everything’ capabilities.Threatpost
September 24, 2021
Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses Full Text
Abstract
A new as-yet unpatched weakness in Apple's iCloud Private Relay feature could be circumvented to leak users' true IP addresses from iOS devices running the latest version of the operating system. Introduced with iOS 15, which was officially released this week, iCloud Private Relay aims to improve anonymity on the web by employing a dual-hop architecture that effectively shields users' IP address, location, and DNS requests from websites and network service providers. It achieves this by routing users' internet traffic on the Safari browser through two proxies in order to mask who's browsing and where that data is coming from in what could be viewed as a simplified version of Tor. However, the feature is available to iCloud+ subscribers running iOS 15 or macOS 12 Monterey and above. "If you read the IP address from an HTTP request received by your server, you'll get the IP address of the egress proxy," FingerprintJS researcher Sergey MostsevenkThe Hacker News
September 23, 2021
Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police Full Text
Abstract
Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause.Threatpost
September 19, 2021
Why Edward Snowden is urging users to stop using ExpressVPN? Full Text
Abstract
The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity firm Kape Technologies has acquired the industry's leading virtual private networks ExpressVPN, as part...Security Affairs
September 7, 2021
ProtonMail Forced to Log IP Address of French Activist Full Text
Abstract
The privacy-touting, end-to-end encrypted email provider erased its site’s “we don’t log your IP” boast after France sicced Swiss cops on it.Threatpost
September 7, 2021
ProtonMail logged IP address of French activist after foreign request approved by Swiss authorities Full Text
Abstract
A police report revealed that the popular encrypted email service provider ProtonMail shared the IP address of a French activist with the authorities. The privacy friendly end-to-end encrypted email service provider ProtonMail has shared the IP address...Security Affairs
September 06, 2021
ProtonMail Shares Activist’s IP Address With Authorities Despite Its “No Log” Claims Full Text
Abstract
End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France. The Switzerland-based company said it received a "legally binding order from the Swiss Federal Department of Justice" related to a collective called Youth for Climate, which it was "obligated to comply with," compelling it to handover the IP address and information related to the type of device used by the group to access the ProtonMail account. On its website, ProtonMail advertises that: "No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first." Despite its no IP logs claims, the company acknowledged that while it's illegal for the company to abide by requests from non-SwissThe Hacker News
September 4, 2021
Apple Client-Side Scanning Takes A Pause Full Text
Abstract
Late on Friday, Apple stated that it would postpone its plans to deploy a system that scanned images on iPhones for child sexual abuse material (CSAM).Lawfare
September 04, 2021
Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash Full Text
Abstract
Apple is temporarily hitting the pause button on its controversial plans to screen users' devices for child sexual abuse material (CSAM) after receiving sustained blowback over worries that the tool could be weaponized for mass surveillance and erode the privacy of users. "Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features," the iPhone maker said in a statement on its website. The changes were originally slated to go live with iOS 15 and macOS Monterey later this year. In August, Apple detailed several new features intended to help limit the spread of CSAM on its platform, including scanning users' iCloud Photos libraries for illicit content, Communication Safety in Messages app to warn children and their parents when receiving or sending sexually explicit photos, and eThe Hacker News
September 2, 2021
Google Play Sign-Ins Allow Covert Location-Tracking Full Text
Abstract
A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.Threatpost
September 2, 2021
WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted Full Text
Abstract
Users should be careful whose pics they view and should, of course, update their apps.Threatpost
September 2, 2021
Digital State IDs Start Rollouts Despite Privacy Concerns Full Text
Abstract
Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely.Threatpost
August 30, 2021
Normalizing Surveillance Full Text
Abstract
In developing a system for preventing the spread of child sexual abuse material that involves scanning the material of all those using certain apps, Apple is acclimatizing the idea of bulk surveillance.Lawfare
August 30, 2021
Army Testing Facial Recognition in Child-Care Centers Full Text
Abstract
Army looking for AI to layer over daycare CCTV to boost ‘family quality of life.’Threatpost
August 24, 2021
The Apple Client-Side Scanning System Full Text
Abstract
Apple’s efforts, though commendable, raise as many questions as they answer.Lawfare
August 24, 2021
Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group Full Text
Abstract
A previously undisclosed "zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists. "The hacked activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq (a Shiite Bahraini political society)," researchers from University of Toronto's Citizen Lab said in a report published today, with four of the targets hacked by an actor it tracks as LULU and believed to be the government of Bahrain. Citizen Lab called the new exploit chain "FORCEDENTRY." The development comes a little over a month after an extensive investigation undertaken by a consortium of 17 media organizations revealed the widespread use of NSO Group's Pegasus "military-grade spyware" by authoritarian regimes to facilitate huThe Hacker News
August 20, 2021
China passes strict data privacy law protecting personal data Full Text
Abstract
China’s top legislative body on Friday passed a new data privacy law that places limits on companies’ collection of personal user data, the latest action in the government’s ongoing efforts to tighten restrictions on tech giants operating in the country.The Hill
August 18, 2021
Hamburg’s data protection agency (DPA) states that using Zoom violates GDPR Full Text
Abstract
The German state's data protection agency (DPA) warns that the use of the videoconferencing platform Zoom violates the European Union's GDPR. The German state's data protection agency (DPA) warns that the Senate Chancellory's use of the popular...Security Affairs
August 09, 2021
Thousands sign open letter arguing against Apple plan to scan US iPhones for child sexual abuse images Full Text
Abstract
A group of security and privacy tech advocates are pushing back against Apple’s recently announced plan to scan iPhones and iPads for images of child sexual abuse stored in the cloud, citing concerns around privacy and surveillance.The Hill
August 06, 2021
Apple to Scan Every Device for Child Abuse Content — But Experts Fear for Privacy Full Text
Abstract
Apple on Thursday said it's introducing new child safety features in iOS, iPadOS, watchOS, and macOS as part of its efforts to limit the spread of Child Sexual Abuse Material (CSAM) in the U.S. To that effect, the iPhone maker said it intends to begin client-side scanning of images shared via every Apple device for known child abuse content as they are being uploaded into iCloud Photos, in addition to leveraging on-device machine learning to vet all iMessage images sent or received by minor accounts (aged under 13) to warn parents of sexually explicit photos shared over the messaging platform. Furthermore, Apple also plans to update Siri and Search to stage an intervention when users try to perform searches for CSAM-related topics, alerting that the "interest in this topic is harmful and problematic." "Messages uses on-device machine learning to analyze image attachments and determine if a photo is sexually explicit," Apple noted . "The feature is desiThe Hacker News
July 28, 2021
Google: Android apps must provide privacy information by April 2022 Full Text
Abstract
Google has announced today more details regarding their upcoming Google Play 'Safety section' feature that provides users information about the data collected and used by an Android app.BleepingComputer
July 23, 2021
User data privacy decisions can be easily manipulated Full Text
Abstract
Research from Copenhagen Business School finds designers of cookie banners can affect privacy choices by manipulating choice architecture and with simple changes can increase absolute consent by 17%.Help Net Security
July 21, 2021
XLoader, a $49 spyware that could target both Windows and macOS devices Full Text
Abstract
Check Point Research (CPR) experts have spotted a cheap malware, dubbed XLoader variant, which was upgraded to target both Windows and macOS PCs. XLoader is a very cheap malware strain that is based on the popular Formbook Windows malware. FormBook...Security Affairs
July 20, 2021
DuckDuckGo’s new email privacy service forwards tracker-free messages Full Text
Abstract
DuckDuckGo is rolling out an email privacy feature that strips incoming messages of trackers that can help profile you for better profiling and ad targeting.BleepingComputer
July 20, 2021
Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability Full Text
Abstract
Our roundtable of experts weighs in on implications for Apple and lawmakers in the wake of the bombshell report showing widespread surveillance of dissidents, journalists and others.Threatpost
July 20, 2021
13 Heads of State and Governments Including Emmanuel Macron, Imran Khan, and Cyril Ramaphosa Among Those Targeted with Pegasus Full Text
Abstract
As per The Guardian, the leaked database at the heart of the Pegasus project includes the mobile phone numbers of the French president, Emmanuel Macron, and 13 other heads of state and heads of government.The Guardian
July 19, 2021
Spyware targeted Khashoggi’s wife before his death: report Full Text
Abstract
Hanan Elatr, the wife of slain Saudi journalist Jamal Khashoggi, was targeted by the Israeli tech firm NSO Group’s Pegasus spyware just months before he was killed in 2018, The Washington Post reports.The Hill
July 19, 2021
Pegasus Project – how governments use Pegasus spyware against journalists Full Text
Abstract
Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group's spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential...Security Affairs
July 19, 2021
iPhones running latest iOS hacked to deploy NSO Group spyware Full Text
Abstract
Human rights non-governmental organization Amnesty International and non-profit project Forbidden Stories revealed in a recent report that they found spyware made by Israeli surveillance firm NSO Group deployed on iPhones running Apple's latest iOS release, hacked using zero-day zero-click iMessage exploits.BleepingComputer
July 16, 2021
Israeli Firm Helped Governments Target Journalists, Activists with 0-Days and Spyware Full Text
Abstract
Two of the zero-day Windows flaws patched by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of "precision attacks" to hack more than 100 journalists, academics, activists, and political dissidents globally. The spyware vendor was also formally identified as the commercial surveillance company that Google's Threat Analysis Group (TAG) revealed as exploiting multiple zero-day vulnerabilities in Chrome browser to target victims located in Armenia, according to a report published by the University of Toronto's Citizen Lab. " Candiru 's apparent widespread presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse," Citizen Lab researchers said . "This case demonstrates, yet again, that in the absence of any international safeguardThe Hacker News
July 15, 2021
Israeli surveillance firm Candiru used Windows zero-days to deploy spyware Full Text
Abstract
Experts said that Israeli surveillance firm Candiru, tracked as Sourgum, exploited zero-days to deliver a new Windows spyware. Microsoft and Citizen Lab believe that the secretive Israel-based Israeli surveillance firm Candiru, tracked as Sourgum,...Security Affairs
July 15, 2021
Microsoft disrupts products from Israeli tech firm used to hack journalists, activists Full Text
Abstract
Microsoft on Thursday announced that it had disrupted the use of what it described as “cyberweapons” manufactured and sold by an Israeli-based company to target victims worldwide including journalists and human rights activists.The Hill
July 13, 2021
Firefox 90 adds enhanced tracker blocking to private browsing Full Text
Abstract
Mozilla has introduced SmartBlock 2.0, the next version of its intelligent cross-site tracking blocking tech, with the release of Firefox 90.BleepingComputer
July 12, 2021
Colorado’s new law ups need for privacy awareness training Full Text
Abstract
We often hear about security awareness training’s role in maintaining proper cyber hygiene, but what about privacy awareness programs? Experts largely agree that such training is integral to ensuring employees don’t run afoul of a growing array of legislations.SCMagazine
July 6, 2021
Android Apps in Google Play Harvest Facebook Credentials Full Text
Abstract
The apps all used an unusual tactic of loading a legitimate Facebook page as part of the data theft.Threatpost
July 6, 2021
Malicious Privacy Tools Advertised to Extract Private Data Full Text
Abstract
Researchers uncovered a Privacy Tool campaign that purports to offer file protection via encryption and decryption services. In fact, it is loaded with malware. The latest campaign shed some light on the increasing amount of efforts attackers are putting into making such privacy-themed lures r ... Read MoreCyware Alerts - Hacker News
June 29, 2021
Pandemic hasn’t stemmed the rise of privacy salaries, but there is still some work to do Full Text
Abstract
A new report from the IAPP notes the average salary for a privacy pro in 2021 is $140,529 – a jump of more than $6,000 since 2019. That said, a gender gap persists.SCMagazine
June 28, 2021
Many companies believe it is important to protect employee privacy, yet few are effective in doing so Full Text
Abstract
As per a new survey, 63% of respondents say it is important or very important to protect employee privacy in the workforce, but only 34% of organizations are effective or very effective in doing so.Help Net Security
June 24, 2021
Security pros struggle to balance monitoring of remote workforces with privacy expectations Full Text
Abstract
Sixty-five percent of surveyed IT and security pros said their companies have increased monitoring of remote workers, but only 46% said their businesses are transparent about how.SCMagazine
June 23, 2021
Employee Privacy Gap Discovered Full Text
Abstract
Barely a third of companies are protecting the privacy of their workersInfosecurity Magazine
June 22, 2021
Brave launches its privacy-focused no-tracking search engine Full Text
Abstract
Today, Brave launched their non-tracking privacy-centric search engine to bring another alternative to finding the information you want on the web without giving up your data.BleepingComputer
June 22, 2021
Kids’ Apps on Google Play Rife with Privacy Violations Full Text
Abstract
One in five of the most-popular apps for kids under 13 on Google Play don’t comply with COPPA regulations on how children’s information is collected and used.Threatpost
June 22, 2021
Six Flags to Pay $36M Over Collection of Fingerprints Full Text
Abstract
Illinois Supreme Court rules in favor of class action against company’s practice of scanning people’s fingers when they enter amusement parks.Threatpost
June 18, 2021
Colorado Passes New Privacy Act Full Text
Abstract
Comprehensive data privacy law awaits signature of state governorInfosecurity Magazine
June 17, 2021
HHS unveils patient matching standards, guidance to boost patient privacy Full Text
Abstract
HHS developed patient matching standards in coordination with industry stakeholders and standards development entities, including HL7.SCMagazine
June 17, 2021
A New Spyware is Targeting Telegram and Psiphon VPN Users in Iran Full Text
Abstract
Threat actors with suspected ties to Iran have been found to leverage instant messaging and VPN apps like Telegram and Psiphon to install a Windows remote access trojan (RAT) capable of stealing sensitive information from targets' devices since at least 2015. Russian cybersecurity firm Kaspersky, which pieced together the activity, attributed the campaign to an advanced persistent threat (APT) group it tracks as Ferocious Kitten, a group that has singled out Persian-speaking individuals allegedly based in the country while successfully operating under the radar. "The targeting of Psiphon and Telegram, both of which are quite popular services in Iran, underlines the fact that the payloads were developed with the purpose of targeting Iranian users in mind," Kaspersky's Global Research and Analysis Team (GReAT) said . "Moreover, the decoy content displayed by the malicious files often made use of political themes and involved images or videos of resistance basThe Hacker News
June 16, 2021
IKEA Fined $1.2M for Elaborate ‘Spying System’ Full Text
Abstract
A French court fined the furniture giant for illegal surveillance on 400 customers and staff.Threatpost
June 15, 2021
Millions of Connected Cameras Open to Eavesdropping Full Text
Abstract
A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.Threatpost
June 15, 2021
IKEA Fined $1.2m for Spying on Employees Full Text
Abstract
French court fines Swedish furnishing giant and hands former IKEA France boss suspended prison sentenceInfosecurity Magazine
June 15, 2021
Instagram flaw allowed to see private, archived Posts/Stories of users without following them Full Text
Abstract
Instagram has addressed a new flaw that allowed anyone to access private accounts viewing archived posts and stories without having to follow them. Researcher Mayur Fartade has found a vulnerability in Instagram that allowed anyone to access private...Security Affairs
June 11, 2021
Mozilla Says Google’s New Ad Tech—FLoC—Doesn’t Protect User Privacy Full Text
Abstract
Google's upcoming plans to replace third-party cookies with a less invasive ad targeted mechanism have a number of issues that could defeat its privacy objectives and allow for significant linkability of user behavior, possibly even identifying individual users. "FLoC is premised on a compelling idea: enable ad targeting without exposing users to risk," said Eric Rescorla, author of TLS standard and chief technology officer of Mozilla. "But the current design has a number of privacy properties that could create significant risks if it were to be widely deployed in its current form." Short for Federated Learning of Cohorts, FLoC is part of Google's fledgling Privacy Sandbox initiative that aims to develop alternate solutions to satisfy cross-site use cases without resorting to third-party cookies or other opaque tracking mechanisms. Essentially, FLoC allows marketers to guess users' interests without having to uniquely identify them, thereby eliThe Hacker News
June 11, 2021
Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users Full Text
Abstract
Multiple critical security flaws have been disclosed in Samsung's pre-installed Android apps, which, if successfully exploited, could have allowed adversaries access to personal data without users' consent and take control of the devices. "The impact of these bugs could have allowed an attacker to access and edit the victim's contacts, calls, SMS/MMS, install arbitrary apps with device administrator rights, or read and write arbitrary files on behalf of a system user which could change the device's settings," Sergey Toshin, founder of mobile security startup Oversecured, said in an analysis published Thursday. Toshin reported the flaws to Samsung in February 2021, following which patches were issued by the manufacturer as part of its monthly security updates for April and May. The list of the seven vulnerabilities is as follows - CVE-2021-25356 - third-party authentication bypass in Managed Provisioning CVE-2021-25388 - Arbitrary app installationThe Hacker News
June 10, 2021
Hackers can exploit bugs in Samsung pre-installed apps to spy on users Full Text
Abstract
Samsung is working on patching multiple vulnerabilities affecting its mobile devices that could be used for spying or to take full control of the system.BleepingComputer
June 08, 2021
Feds Secretly Ran a Fake Encrypted Chat App and Busted Over 800 Criminals Full Text
Abstract
In a huge sting operation, the U.S. Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP) ran an "encrypted chat" service called ANoM for almost 3 years to intercept 27 million messages between criminal gang members globally. Dubbed Operation Ironside (AFP), Operation Greenlight (Europol), and Operation Trojan Shield (FBI), the long-term covert probe into transnational and serious organized crime culminated in the arrests of 224 offenders on 526 charges in Australia, with 55 luxury vehicles, eight tons of cocaine, 22 tons of cannabis and cannabis resin, 250 firearms, and more than $48 million in various currencies and cryptocurrencies seized in raids around the world. A total of more than 800 arrests have been reported across 18 countries, including New Zealand, Germany, and Sweden. Europol called it the "biggest ever law enforcement operation against encrypted communication." The communications allegedly involved plots to kill, mThe Hacker News
June 08, 2021
Top 10 Privacy and Security Features Apple Announced at WWDC 2021 Full Text
Abstract
Apple on Monday announced a number of privacy and security-centric features to its upcoming versions of iOS and macOS at its all-online Worldwide Developers Conference. Here is a quick look at some of the big-ticket changes that are expected to debut later this fall: 1 — Just Patches, Not Entire OS Update Every Time: As rumored before , users now have a choice between two software update versions in the Settings app. Users can either opt to update to the latest version of iOS 15 for all the latest features and most complete set of security updates or continue on iOS 14 and still get important security updates until they are ready to migrate to the next major version. 2 — Built-in 2-Factor Authenticator: The new versions of iOS and macOS come with new options that allow users to generate two-factor authentication codes for each of the online accounts saved to iCloud Keychain (Settings > Passwords) without the need for downloading additional apps like Google AuthenticaThe Hacker News
June 7, 2021
Google’s FLoC: Privacy Gone Amok? Full Text
Abstract
Google’s cookie replacement, FLoC, is coming under heavy criticism from privacy experts.Infosecurity Magazine
June 04, 2021
Google to Let Android Users Opt-Out to Stop Ads From Tracking Them Full Text
Abstract
Google is tightening the privacy practices that could make it harder for apps on Android phones and tablets to track users who have opted out of receiving personalized interest-based ads. The change will go into effect sometime in late 2021. The development, which mirrors Apple's move to enable iPhone and iPad users to opt-out of ad tracking, was first reported by the Financial Times. Once the revised policy goes live, Google is expected to completely cut off developers' access to the so-called "Advertising IDs," showing a "string of zeros" in its place. The Google Advertising ID (AAID), analogous to Apple's IDFA , is a unique device identifier that can be used by app developers to track users as they move between apps to target ads better and measure the effectiveness of marketing campaigns. "Starting in late 2021, when a user opts out of interest-based advertising or ads personalization, the advertising identifier will not be available,&qThe Hacker News
June 3, 2021
Missing Toddler Chat Group Banned Full Text
Abstract
Parents of vanished boy reach partial settlement in Facebook chat group cyber-bullying caseInfosecurity Magazine
June 01, 2021
Firefox now blocks cross-site tracking by default in private browsing Full Text
Abstract
Mozilla says that Firefox users will be protected against cross-site tracking automatically while browsing the Internet in Private Browsing mode.BleepingComputer
June 01, 2021
Report: Danish Secret Service Helped NSA Spy On European Politicians Full Text
Abstract
The U.S. National Security Agency (NSA) used a partnership with Denmark's foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014. Details of the covert wiretapping were broken by Copenhagen-based public broadcaster DR over the weekend based on interviews with nine unnamed sources, all of whom are said to have access to classified information held by the Danish Defence Intelligence Service (Forsvarets Efterretningstjeneste or FE). German Chancellor Angela Merkel, the then-German Foreign Minister Frank-Walter Steinmeier, and the opposition leader at the time, Peer Steinbrück, are said to have been targeted through the Danish-American pact. Using the telephone numbers of politicians as search parameters, the report alleged that the NSA "intercepted everything from text messages to phone calls that passed through the caThe Hacker News
May 31, 2021
Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors Full Text
Abstract
Starting June 8, Amazon will automatically enable a feature on your Alexa, Echo, or other Amazon device that will share some of your Internet bandwidth with your neighbors—unless you choose to opt out. Amazon intends to register its family of hardware devices that are operational in the U.S.—including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring Spotlight Cams—into Sidewalk as it readies to roll out the shared mesh network in the country next week. Initially announced in September 2019, Sidewalk is part of Amazon's efforts to build a long-range wireless network that leverages Bluetooth, 900 MHz spectrum ( FSK ), and other frequencies to help Echo, Ring, Tile trackers Sidewalk-enabled devices communicate over the internet without Wi-Fi. Amazon is expected to flip the switch on Sidewalk in the U.S. for all capable devices by default come June 8 , co-opting millions of devices into the network and providing near-ubiquitous connectThe Hacker News
May 26, 2021
NHS to Share Patient Data with Third Parties, Fueling Privacy and Security Fears Full Text
Abstract
Sensitive data will be made available to academic and commercial third parties for research and planningInfosecurity Magazine
May 25, 2021
Lawmakers request investigation into Postal Service’s covert operations program Full Text
Abstract
The bipartisan leaders of the House Oversight and Reform Committee on Tuesday requested an investigation into a branch of the U.S. Postal Service in the wake of reports that it carried out online surveillance of Americans’ social media posts.The Hill
May 25, 2021
The Cyberlaw Podcast: Is Apple Storing Its Dorian Gray Portrait Behind the Great Firewall? Full Text
Abstract
Paul Rosenzweig kicks off the news roundup by laying out the New York Times’s brutal overview of the many compromises Tim Cook’s Apple has made with an increasingly oppressive Chinese government. There is no way to square Apple’s aggressive opposition to U.S. national security measures with its quiet surrender to much more demanding Chinese measures.Lawfare
May 24, 2021
Chinese government has warned 222 apps to remove data slurping code Full Text
Abstract
Three weeks after a data privacy protection law has entered into effect in China, the Beijing government has begun warning mobile app developers to remove intrusive data slurping code from their apps.The Record
May 22, 2021
A Chinese hacking competition may have given Beijing new ways to spy on the Uyghurs Full Text
Abstract
With the advent of the Tianfu Cup, China appears to have access to a new talent pool of expert hackers, motivated by the competition’s prize money to produce potentially harmful hacks that Beijing may be willing to use both at home and abroad.The Conversation
May 20, 2021
USPS Reportedly Uses Clearview AI to Spy on Americans Full Text
Abstract
US Postal Service reportedly uses facial recognition tech to identify unknown targets in investigationsInfosecurity Magazine
May 20, 2021
#RSAC: The Lasting Impact of the COVID Pandemic on Privacy Full Text
Abstract
A year of lockdown, remote work and remote learning could well be the spark that helps to define a new era of user privacy, according to a panel of experts at the RSA ConferenceInfosecurity Magazine
May 18, 2021
How Apple Gave Chinese Government Access to iCloud Data and Censored Apps Full Text
Abstract
In July 2018, when Guizhou-Cloud Big Data (GCBD) agreed to a deal with state-owned telco China Telecom to move users' iCloud data belonging to Apple's China-based users to the latter's servers, the shift raised concerns that it could make user data vulnerable to state surveillance. Now, according to a deep-dive report from The New York Times, Apple's privacy and security concessions have "made it nearly impossible for the company to stop the Chinese government from gaining access to the emails, photos, documents, contacts and locations of millions of Chinese residents." The revelations stand in stark contrast to Apple's commitment to privacy, while also highlighting a pattern of conceding to the demands of the Chinese government in order to continue its operations in the country. Apple, in 2018, announced iCloud data of users in mainland China would move to a new data center in Guizhou province as part of a partnership with GCBD. The transitioThe Hacker News
May 15, 2021
Tor users, beware: ‘Scheme flooding’ technique may be used to deanonymize you Full Text
Abstract
FingerprintJS said it has identified a more dubious fingerprinting technique capable of generating a consistent identifier across different desktop browsers, including the Tor Browser.The Register
May 14, 2021
Scheme flooding fingerprint technique may deanonymize Tor users Full Text
Abstract
FingerprintJS experts devised a fingerprinting technique, named scheme flooding, that could allow identifying users across different desktop browsers, including the Tor Browser. FingerprintJS experts devised a new fingerprinting technique, named scheme...Security Affairs
May 13, 2021
Apple’s Find My network can be abused to leak secrets to the outside world via passing devices Full Text
Abstract
Passing Apple devices can be used to sneak out portions of information from one place to another, such as a computer on the other side of the world, over the air without any network connectivity.The Register
May 12, 2021
INTERPOL Launches Digital Piracy Project Full Text
Abstract
New initiative aims to counter online piracy and dismantle illicit online marketplacesInfosecurity Magazine
May 11, 2021
Germany Bans Facebook from Processing WhatsApp Data Full Text
Abstract
Privacy regulator bars Facebook from collecting data on WhatsApp users in GermanyInfosecurity Magazine
May 11, 2021
Twitter’s New Tip Jar Feature has Some Privacy Issues Full Text
Abstract
As Rachel Tobac of SocialProof Security highlighted in a tweet, if a user sends another a tip via PayPal, the receiver can find out the sender's address by opening the receipt from the tip received.Softpedia
May 10, 2021
Over 25% Of Tor Exit Relays Spied On Users’ Dark Web Activities Full Text
Abstract
An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed. "The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name nusenu said in a write-up published on Sunday. "The average exit fraction this entity controlled was above 14% throughout the past 12 months." It's the latest in a series of efforts undertaken to bring to light malicious Tor activity since December 2019 . The attacks, which are said to have begun in January 2020, were first documented and exposed by the same researcher in August 2020. Tor is open-source software for enabling anonymous communication on the Internet. It obfuscates the source and destination of a web request by directing network traffic through a series of relays in orThe Hacker News
May 10, 2021
WhatsApp will not deactivate accounts for not accepting new privacy terms Full Text
Abstract
WhatsApp will not deactivate the accounts of users who don't accept the new privacy policy update that requires sharing data with other companies owned by Facebook. WhatsApp on Friday announced that it will not deactivate accounts of users who don't...Security Affairs
May 08, 2021
Facebook Will Limit Your WhatsApp Features For Not Accepting Privacy Policy Full Text
Abstract
WhatsApp on Friday disclosed that it won't deactivate accounts of users who don't accept its new privacy policy rolling out on May 15, adding it will continue to keep reminding them to accept the new terms. "No one will have their accounts deleted or lose functionality of WhatsApp on May 15 because of this update," the Facebook-owned messaging service said in a statement. The move marks a turnaround from its previous stance earlier this year when the company outlined plans to make the accounts inaccessible completely should users choose not to comply with the data-sharing agreement and opt not to have their WhatsApp account information shared with Facebook. "If you haven't accepted by [May 15], WhatsApp will not delete your account. However, you won't have full functionality of WhatsApp until you accept," the company had previously said . "For a short time, you'll be able to receive calls and notifications, but won't be able toThe Hacker News
May 07, 2021
4 Major Privacy and Security Updates From Google You Should Know About Full Text
Abstract
Google has announced a number of user-facing and under-the-hood changes in an attempt to boost privacy and security, including rolling out two-factor authentication automatically to all eligible users and bringing iOS-styled privacy labels to Android app listings. "Today we ask people who have enrolled in two-step verification (2SV) to confirm it's really them with a simple tap via a Google prompt on their phone whenever they sign in," the company said . "Soon we'll start automatically enrolling users in 2SV if their accounts are appropriately configured." Google Play To Get Apple-Like Privacy Labels The Google Play Store for Android is also getting a huge overhaul on the privacy front. The search giant said it plans to include a new safety section for app listings that highlights the type of data is collected and stored — such as approximate or precise location, contacts, personal information, photos and videos, and audio files — and how the data iThe Hacker News
May 07, 2021
Twitter Tip Jar may expose PayPal address, sparks privacy concerns Full Text
Abstract
This week Twitter has begun experimenting with a new feature called 'Tip Jar,' which lets Twitter users tip select profiles to support their work.. But the feature has sparked multiple concerns among Twitter users: from the sender's PayPal shipping address getting exposed, to how are disputes handled.BleepingComputer
May 3, 2021
US Mulling Domestic Spying Partnership with Private Companies Full Text
Abstract
US president reportedly considering using private firms to spy on Americans’ online activityInfosecurity Magazine
May 02, 2021
How to stop Windows 10 Defender from uploading files to Microsoft Full Text
Abstract
Like other antivirus programs, Microsoft Defender will upload suspicious files to Microsoft to determine if they are malicious. However, some consider this a privacy risk and would rather have their files stay on their computer than being uploaded to a third party.BleepingComputer
April 29, 2021
Flubot Spyware is Employing Smishing Attacks Full Text
Abstract
Hackers are targeting Android phone users across the U.K via malicious text messages to steal banking information and credentials, and even lift passwords from devices.Cyware Alerts - Hacker News
April 28, 2021
Lawmakers introduce legislation to create civilian reserve program to fight hackers Full Text
Abstract
A group of bipartisan lawmakers in the House and Senate on Wednesday rolled out legislation that would create a National Guard-style program to help defend critical systems against increasing cyberattacks from nation states and criminals.The Hill
April 26, 2021
Flubot Spyware Spreading Through Android Devices Full Text
Abstract
The malware is spreading rapidly through ‘missed package delivery’ SMS texts, prompting urgent scam warnings from mobile carriers.Threatpost
April 23, 2021
A Multilateral Surveillance Accord: Setting the Table Full Text
Abstract
Stakeholders are increasingly advocating for a multilateral accord on government surveillance.Lawfare
April 22, 2021
Privacy and security in the software designing Full Text
Abstract
The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy. In order to reduce as much as possible the vulnerabilities and programming errors that can affect not only...Security Affairs
April 16, 2021
US Indicts SecondEye Operators Full Text
Abstract
Two charged over sale of thousands of false identity documents on dark netInfosecurity Magazine
April 15, 2021
Should NSA monitor your networks? Director Nakasone says no, ‘I’m not seeking legal authorities’ Full Text
Abstract
At a pair of hearings on Wednesday and Thursday, the National Security Agency and U.S. Cyber Command director again pushed back against a brewing Senate plan for the NSA to monitor domestic networks for foreign hackers.SCMagazine
April 14, 2021
Intelligence leaders push for mandatory breach notification law Full Text
Abstract
The leaders of the nation’s intelligence agencies on Wednesday joined bipartisan members of the Senate Intelligence Committee in pushing for measures to encourage the private sector to report breaches and to deter malicious hackers from attacking critical infrastructure.The Hill
April 14, 2021
Vivaldi, Brave, DuckDuckGo reject Google’s FLoC ad tracking tech Full Text
Abstract
Makers of Vivaldi and Brave web browsers have rejected Google's new privacy-preserving proposal called FLoC, which is meant to replace third-party tracking cookies across websites on browsers, including Chrome.BleepingComputer
April 13, 2021
Brave browser disables Google’s FLoC tracking system Full Text
Abstract
Brave, a Chromium-based browser, has removed Federated Learning of Cohorts (FLoC), Google's controversial alternative identifier to third-party cookies for tracking users across websites.ZDNet
April 11, 2021
Mozilla flooded with requests after Apple privacy changes hit Facebook Full Text
Abstract
Mozilla volunteers have recently been flooded with requests by online merchants and marketers for their domains to be added to what's called a Public Suffix List (PSL) due to recent privacy changes brought forth by Apple's iOS 14.5.BleepingComputer
April 9, 2021
Rhythm in the algorithm: digital rights groups call on Spotify to abandon voice recognition invention Full Text
Abstract
Activists launched a campaign to pressure Spotify to abandon plans for an AI-powered system that listens to your conversations in order to recommend music choices. The controversy spotlights a challenge faced by some of the most tech savvy companies: how to walk the line between innovation that serves the innate desires of consumers, and violation of their rights for information security and privacy.SCMagazine
April 7, 2021
Privacy Concerns Raised Over Scotland’s New #COVID19 Check-In App Full Text
Abstract
Check In Scotland uploads and stores venue check-in data to a centralized databaseInfosecurity Magazine
April 6, 2021
Privacy Concerns Sparked by Rust Programming Language Full Text
Abstract
While Rust has become a very popular language, for the past five years, developers have been concerned by their production builds leaking potentially sensitive debug information, writes Ax Sharma.Heimdal Security
April 03, 2021
Most loved programming language Rust sparks privacy concerns Full Text
Abstract
Rust developers have repeatedly raised concerned about a privacy issue over the last few years. Rust has rapidly gained momentum among developers, for its focus on performance, safety, safe concurrency, and for having a similar syntax to C++. However, developers have been bothered by their Rust production binaries leaking usernames.BleepingComputer
April 1, 2021
ACLU Files AI FOIA Request Full Text
Abstract
American Civil Liberties Union requests artificial intelligence documents from national security agenciesInfosecurity Magazine
March 27, 2021
Watch Out! That Android System Update May Contain A Powerful Spyware Full Text
Abstract
Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app masquerades itself as a System Update application to take control of compromised devices. "The spyware creates a notification if the device's screen is off when it receives a command using the Firebase messaging service," Zimperium researchers said in a Friday analysis. "The 'Searching for update..' is not a legitimate notification from the operating system, but the spyware." Once installed, the sophisticated spyware campaign sets about its task by registering the device with a Firebase command-and-control (C2) server with information such as battery percentage, stoThe Hacker News
March 24, 2021
Google removes privacy-focused ClearURLs Chrome extension Full Text
Abstract
Google has mysteriously removed the popular browser extension ClearURLs from the Chrome Web Store. ClearURLs is a privacy-preserving browser add-on which automatically removes tracking elements from URLs. This, according to its developer, can help protect your privacy when browsing the Internet.BleepingComputer
March 23, 2021
TikTok no worse than Facebook for privacy, says Citizen Lab Full Text
Abstract
TikTok is likely no more of a threat to users than Facebook, according to Citizen Lab that analyzed the video-sharing social networking app to probe for security, privacy, and censorship issues.The Register
March 22, 2021
Mozilla Firefox tweaks Referrer Policy to shore up user privacy Full Text
Abstract
Firefox 87, due to ship on March 23, will cut back on path and query string information from referrer headers "to prevent sites from accidentally leaking sensitive user data."ZDNet
March 19, 2021
Japan messenger app Line let engineers in China access user data without consent: Report Full Text
Abstract
Line, which has 186 million users worldwide - of which just under half are in Japan - has since blocked access to user data at the Chinese affiliate, the company spokesman said.The Times Of India
March 19, 2021
Millions of People Can Lose Sensitive Data through Travel Apps, Privacysavvy reports Full Text
Abstract
According to a report published by researchers at PrivacySavvy, many travel companies expose users' data through their booking apps. In a report published on the 16th of March by PrivacySavvy, many travel companies expose users' data through their...Security Affairs
March 18, 2021
Google Reveals What Personal Data Chrome and It’s Apps Collect On You Full Text
Abstract
Privacy-focused search engine DuckDuckGo called out rival Google for "spying" on users after the search giant updated its flagship app to spell out the exact kinds of information it collects for personalization and marketing purposes. "After months of stalling, Google finally revealed how much personal data they collect in Chrome and the Google app. No wonder they wanted to hide it," the company said in a tweet. "Spying on users has nothing to do with building a great web browser or search engine." The " privacy nutrition labels " are part of a new policy that went into effect on December 8, 2020, mandating app developers to disclose their data collection practices and help users understand how their personal information is put to use. The insinuation from DuckDuckGo comes as Google has been steadily adding app privacy labels to its iOS apps over the course of the last several weeks in accordance with Apple's App Store rules, but notThe Hacker News
March 18, 2021
Thinking of Joining Clubhouse? The Membership Fee Could Be Your Data Privacy Full Text
Abstract
There are questions about the way Clubhouse app handles users’ contacts. There are also questions over just how private users’ actions and audio content are on the app, too.Check Point Research
March 13, 2021
Vulnerability in Million Times Downloaded iPhone app Let Attacker Listen to any User’s Call Recording Full Text
Abstract
The "Automatic call recorder" application is one of the popular applications used by iPhone users to record their calls. The app is...Cyber Security News
March 12, 2021
Can private data be recovered from “sanitized” images? Full Text
Abstract
Researchers at the NYU Tandon School of Engineering found that PP-GAN designs can be subverted to pass privacy checks, while still allowing secret information to be extracted from sanitized images.Help Net Security
March 11, 2021
Trans Tracking Plugin Reported to Norwegian Authorities Full Text
Abstract
Browser add-on that flags social networks as transphobic or trans-friendly may violate GDPRInfosecurity Magazine
March 10, 2021
Camera tricks: Privacy concerns raised after massive surveillance cam breach Full Text
Abstract
A hacking collective compromised roughly 150,000 internet-connected surveillance cameras from Verkada. Now experts are weighing in on the potential ramifications that can befall an organization if security footage is leaked or falls into the wrong hands.SCMagazine
March 9, 2021
Apple Find My Devices Could Expose User Location Histories Full Text
Abstract
Recently, cybersecurity analysts have detected two discrete flaws in Apple's crowdsourced Bluetooth location tracking system or Find My feature.Cyber Security News
March 8, 2021
‘Businesses want clarity’: Dissecting the web of influence on privacy regulations Full Text
Abstract
Omer Tene, vice president and chief knowledge officer at the International Association of Privacy Professionals, sheds some light on the state of play for privacy legislation under the Biden administration.SCMagazine
March 5, 2021
Through automation, New Belgium Brewing has privacy on tap Full Text
Abstract
SC Media spoke to Tye Eyden, collaboration business systems analyst at New Belgium Brewing about ongoing efforts to stay ahead of privacy regulations. He credits workflow automation for bringing the company into compliance with the California Privacy Rights Act in just five months.SCMagazine
March 5, 2021
Critics Blast Google’s Aim to Replace Browser Cookie with ‘FLoC’ Full Text
Abstract
EFF worries that the Google’s ‘privacy-first” vision for the future may pose new privacy risks.Threatpost
March 4, 2021
National Surveillance Camera Roll Out Roils Privacy Activists Full Text
Abstract
TALON, a network of smart, connected security cameras developed by the Atlanta-based startup and installed by law enforcement around the country, raises surveillance-related privacy concerns.Threatpost
March 04, 2021
Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead Full Text
Abstract
Signaling a major shift to its ads-driven business model, Google on Wednesday unequivocally stated it would not build alternate identifiers or tools to track users across multiple websites once it begins phasing out third-party tracking cookies from its Chrome browser by early 2022. "Instead, our web products will be powered by privacy-preserving APIs which prevent individual tracking while still delivering results for advertisers and publishers," said David Temkin, Google's director of product management for ads privacy and trust. "Advances in aggregation, anonymization, on-device processing and other privacy-preserving technologies offer a clear path to replacing individual identifiers." The changes, which could potentially reshape the advertising landscape, are expected only to cover websites visited via Chrome and do not extend to mobile apps. At the same time, Google acknowledged that other companies might find alternative ways to track individual usThe Hacker News
February 26, 2021
TikTok Set for Massive $92m Payout Over Privacy Suit Full Text
Abstract
Proposed settlement will be one of largest everInfosecurity Magazine
February 25, 2021
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations Full Text
Abstract
Cybersecurity researchers today unwrapped a new campaign aimed at spying on vulnerable Tibetan communities globally by deploying a malicious Firefox extension on target systems. "Threat actors aligned with the Chinese Communist Party's state interests delivered a customized malicious Mozilla Firefox browser extension that facilitated access and control of users' Gmail accounts," Proofpoint said in an analysis. The Sunnyvale-based enterprise security company pinned the phishing operation on a Chinese advanced persistent threat (APT) it tracks as TA413 , which has been previously attributed to attacks against the Tibetan diaspora by leveraging COVID-themed lures to deliver the Sepulcher malware with the strategic goal of espionage and civil dissident surveillance. The researchers said the attacks were detected in January and February 2021, a pattern that has continued since March 2020. The infection chain begins with a phishing email impersonating the "TibThe Hacker News
February 25, 2021
‘Millions of people’s data is at risk’ — Amazon insiders sound alarm over security Full Text
Abstract
The warnings about privacy and compliance failures at Amazon come from three former high-level information security employees — one EU-based and two from the U.S., as reported by Politico.Politico
February 24, 2021
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique Full Text
Abstract
With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking , the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without users' knowledge and consent but also "increases [the] web security threat surface," said a group of researchers Yana Dimova, Gunes Acar, Lukasz Olejnik, Wouter Joosen, and Tom Van Goethem in the latest research. "This tracking scheme takes advantage of a CNAME record on a subdomain such that it is same-site to the including web site," the researchers said in the paper. "As such, defenses that block third-party cookies are rendered ineffective." The findings are expected to be presented in July at the 21st Privacy Enhancing Technologies Symposium (PETS 2021The Hacker News
February 23, 2021
Experts Find a Way to Learn What You’re Typing During Video Calls Full Text
Abstract
A new attack framework aims to infer keystrokes typed by a target user at the opposite end of a video conference call by simply leveraging the video feed to correlate observable body movements to the text being typed. The research was undertaken by Mohd Sabra, and Murtuza Jadliwala from the University of Texas at San Antonio and Anindya Maiti from the University of Oklahoma, who say the attack can be extended beyond live video feeds to those streamed on YouTube and Twitch as long as a webcam's field-of-view captures the target user's visible upper body movements. "With the recent ubiquity of video capturing hardware embedded in many consumer electronics, such as smartphones, tablets, and laptops, the threat of information leakage through visual channel[s] has amplified," the researchers said . "The adversary's goal is to utilize the observable upper body movements across all the recorded frames to infer the private text typed by the target." To achThe Hacker News
February 22, 2021
Brave browser found to leak users’ Tor dark web activity Full Text
Abstract
An anonymous security researcher demonstrated that the browser was sending the queries for .onion addresses to public DNS resolvers for all to see, defeating the purpose of using the Tor mode.Tech Radar
February 22, 2021
How smartphone apps extract your data via location tracking Full Text
Abstract
From the location data, an app can extract personal information and asks users to give feedback on the correctness of such information as well as to rate its relevance in terms of privacy sensitivity.The Times Of India
February 22, 2021
Clubhouse User Extracts Streams From Multiple Private Rooms to Third-Party Website Full Text
Abstract
An unidentified user was able to stream Clubhouse audio feeds this weekend from “multiple rooms” into their own third-party website, said Reema Bahnasy, a spokeswoman for Clubhouse.Bloomberg
February 20, 2021
Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users Full Text
Abstract
Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users' visits to dark web websites. The bug was addressed in a hotfix release (V1.20.108) made available yesterday. Brave ships with a built-in feature called " Private Window with Tor " that integrates the Tor anonymity network into the browser, allowing users to access .onion websites, which are hosted on the darknet, without revealing the IP address information to internet service providers (ISPs), Wi-Fi network providers, and the websites themselves. The feature was added in June 2018 . This is achieved by relaying users' requests for an onion URL through a network of volunteer-run Tor nodes. At the same time, it's worth noting that the feature uses Tor just as a proxy and does not implement most of the privacy protections offered by Tor Browser. But according to a report firstThe Hacker News
February 18, 2021
Tracker pixels in emails are now an ‘endemic’ privacy concern Full Text
Abstract
The Hey messaging service analyzed its traffic following a request from the BBC and discovered that roughly two-thirds of emails sent to its users' private email accounts contained a "spy pixel."ZDNet
February 17, 2021
Quad9 to move offices to Switzerland, invites other privacy-focused firms to follow Full Text
Abstract
Why would a company choose to relocate to a country with more stringent standards? As a proof point to customers. But other companies in the privacy community argue that building trust is more complicated than hopping a plane to Geneva.SCMagazine
February 16, 2021
Complaint Blasts TikTok’s ‘Misleading’ Privacy Policies Full Text
Abstract
TikTok is again in hot water for how the popular video-sharing app collects and shares data – particularly from its underage userbase.Threatpost
February 16, 2021
Europeans Unhappy with TikTok’s Child Safety Policy Full Text
Abstract
EU consumer groups say app fails to protect children from inappropriate contentInfosecurity Magazine
February 16, 2021
FBI Could use a Tool to Access Private Signal Messages on iPhones Full Text
Abstract
The court has recently published a document that affirms that the FBI may have developed a tool to access the Signal messages...Cyber Security News
February 16, 2021
Researchers want Australia’s digital ID system thrown out and redesigned from scratch Full Text
Abstract
Researchers find myGovID is subject to an easily-implemented code proxying attack, while the digital identity solution from Australia Post does not possess a fundamental requirement for accreditation.ZDNet
February 15, 2021
Apple will proxy Safe Browsing requests to hide iOS users’ IP from Google Full Text
Abstract
Apple's upcoming iOS 14.5 update will come with a new feature that will redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google. A built-in security-focused feature in the Safari browser, " Fraudulent Website Warning ," alerts users about dangerous websites that have been reported as deceptive, malicious, or harmful. To achieve this, Apple relies on Google Safe Browsing — or Tencent Safe Browsing for users in Mainland China — a blocklist service that provides a list of URLs for web resources that contain malware or phishing content, to compare a hash prefix calculated from the website address and check if the website is fraudulent. Any match against the database will prompt Safari to request Google or Tencent for the full list of URLs that match the hashed prefix and subsequently block the user's access to the site with a warning. While the approach ensures that thThe Hacker News
February 12, 2021
The “P” in Telegram stands for Privacy Full Text
Abstract
Security expert Dhiraj Mishra analyzed the popular instant messaging app Telegram and identified some failures in terms of handling the users' data. Summary: While understanding the implementation of various security and privacy measures in Telegram,...Security Affairs
February 10, 2021
SIM hijackers arrested after stealing millions from US celebrities Full Text
Abstract
Ten men part of a criminal gang involved in series of SIM swapping attacks targeting high-profile victims in the United States were arrested in the UK, Malta, and Belgium.BleepingComputer
February 6, 2021
FBI leaned on Dutch cops’ hacking in Emotet disruption Full Text
Abstract
The U.S. and European law enforcement agencies last week conducted an extraordinary crackdown on Emotet, a botnet of infected computers that has defrauded victims of millions.Cyberscoop
February 3, 2021
Playing Fetch: New XS-Leak exploits browser redirects to break user privacy Full Text
Abstract
The XS-Leak family of browser side-channel attacks that can be used to glean important information from a system, bypassing existing security measures to leak sensitive user data.The Daily Swig
January 29, 2021
#DataPrivacyDay: Organizations Must Increase Focus on Data Privacy in 2021 Full Text
Abstract
Consumers are becoming more aware of how their data is being usedInfosecurity Magazine
January 28, 2021
What We Learned From Apple’s New Privacy Labels Full Text
Abstract
Apps must now include so-called privacy labels, which list the types of data being collected in an easily scannable format. The labels resemble a nutrition marker on food packaging.New York Times
January 28, 2021
#RSAC365: Organizations Must Prepare for New #COVID19 Data Privacy Challenges Full Text
Abstract
Returning to work post-COVID brings about a number of data protection issuesInfosecurity Magazine
January 28, 2021
#DataPrivacyDay: Leaks and Breaches Soared 93% in 2020 Full Text
Abstract
Data Privacy Day studies remind organizations of their responsibilitiesInfosecurity Magazine
January 26, 2021
TikTok privacy issue could have allowed stealing users’ private details Full Text
Abstract
A vulnerability in the video-sharing social networking service TikTok could have allowed hackers to steal users' private personal information. Developers at ByteDance, the company that owns TikTok, have fixed a security vulnerability in...Security Affairs
January 22, 2021
ICO Urged to Investigate Secretive Tory Party Consultancy Full Text
Abstract
GDPR concerns over role of CT Partners in 2019 electionInfosecurity Magazine
January 21, 2021
Google Forms Set Baseline For Widespread BEC Attacks Full Text
Abstract
Researchers warn that attackers are collecting reconnaissance for future business email compromise attacks using Google Forms.Threatpost
January 17, 2021
Privacy-focused search engine DuckDuckGo grew by 62% in 2020 Full Text
Abstract
The privacy-focused search engine DuckDuckGo continues to grow rapidly as the company reached 102M daily search queries for the first time in January.BleepingComputer
January 16, 2021
WhatsApp Delays Controversial ‘Data-Sharing’ Privacy Policy Update By 3 Months Full Text
Abstract
WhatsApp said on Friday that it wouldn't enforce its recently announced controversial data sharing policy update until May 15. Originally set to go into effect next month on February 8, the three-month delay comes following "a lot of misinformation" about a revision to its privacy policy that allows WhatsApp to share data with Facebook, sparking widespread concerns about the exact kind of information that will be shared under the incoming terms. The Facebook-owned company has since repeatedly clarified that the update does not expand its ability to share personal user chats or other profile information with Facebook and is instead simply providing further transparency about how user data is collected and shared when using the messaging app to interact with businesses. "The update includes new options people will have to message a business on WhatsApp, and provides further transparency about how we collect and use data," WhatsApp said in a post. "WThe Hacker News
January 15, 2021
Amazon’s Ring Neighbors app exposed users’ precise locations and home addresses Full Text
Abstract
A security flaw in Ring’s Neighbors app, which lets users anonymously alert nearby residents to crime and public-safety issues, was exposing precise locations and home addresses of those who posted.TechCrunch
January 13, 2021
TikTok Takes Teen Accounts Private Full Text
Abstract
The company announced accounts for ages 13-15 will default to privacy setting, among other safety measures.Threatpost
January 13, 2021
#CES2021: Raising the Bar on Privacy and Trust Online in 2021 Full Text
Abstract
Improving privacy controls and transparency is becoming increasingly criticalInfosecurity Magazine
January 13, 2021
Data collection cheat sheet: how Parler, Twitter, Facebook, MeWe’s data policies compare Full Text
Abstract
CyberNews researchers analyzed data from multiple social platforms like Parler, Twitter, Facebook, MeWe’s to compare data policies. Original Post at https://cybernews.com/privacy/how-parler-twitter-facebook-mewe-data-policies-compare/ Alternative...Security Affairs
January 12, 2021
Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack Full Text
Abstract
A sophisticated threat actor has hijacked email security connections to spy on targets.Threatpost
January 12, 2021
New Android spyware targets users in Pakistan Full Text
Abstract
Cybercriminals have modified these otherwise legitimate apps (available on the Google Play Store) to add malicious features that seem completely focused on covert surveillance and espionage.Sophos
January 12, 2021
Location Data from Muslim Prayer App Sold to Data Broker Full Text
Abstract
Revelation has led to fears the information could be abusedInfosecurity Magazine
January 12, 2021
Warning — 5 New Trojanized Android Apps Spying On Users In Pakistan Full Text
Abstract
Cybersecurity researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage. Designed to masquerade apps such as the Pakistan Citizen Porta l, a Muslim prayer-clock app called Pakistan Salat Time , Mobile Packages Pakistan , Registered SIMs Checker , and TPL Insurance , the malicious variants have been found to obfuscate their operations to stealthily download a payload in the form of an Android Dalvik executable (DEX) file. "The DEX payload contains most of the malicious features, which include the ability to covertly exfiltrate sensitive data like the user's contact list and the full contents of SMS messages," Sophos threat researchers Pankaj Kohli and Andrew Brandt said. "The app then sends this information to one of a small number of command-and-control websites hosted on servers located in eastern Europe." Interestingly, tThe Hacker News
January 12, 2021
Chinese Firm Socialarks Exposes Scraped Data of Over 200 Million Facebook, Instagram, and LinkedIn Users Full Text
Abstract
The company’s unsecured ElasticSearch database contained personally identifiable information (PII) from at least 214 million people from around the world using Facebook, Instagram, and LinkedIn.Safety Detectives
January 11, 2021
WhatsApp group chat links seen again on Google Search Full Text
Abstract
WhatsApp is making several private groups available across the Web by indexing group chat invites, as their links can be accessed by anyone using a simple search on Google.The Times Of India
January 10, 2021
WhatsApp Privacy Updates Force Users to Agree on New Privacy Policy to Continue Using The App Full Text
Abstract
Whatsapp is one of the famous messaging apps that have Billions of users, and we all know that Facebook owns Whatsapp, and...Cyber Security News
January 6, 2021
WhatsApp will share your data with Facebook and its companies Full Text
Abstract
WhatsApp is notifying users that starting February 8, 2021, they will be obliged to share their data with Facebook, leaving them no choice. This is bad news for WhatsApp users and their privacy, the company is notifying them that starting February...Security Affairs
January 06, 2021
WhatsApp: Share your data with Facebook or delete your account Full Text
Abstract
After WhatsApp updated its Privacy Policy and Terms of Service on Monday with additional info on how it handles users' data, the company is now notifying users through the mobile app that, starting February, they will be required to share their data with Facebook.BleepingComputer
January 6, 2021
Bug? No, Telegram exposing its users’ precise location is a feature working as ‘expected’ Full Text
Abstract
A researcher who noted that using the "People Nearby" feature of popular messaging app Telegram exposed the exact location of the user has been told that it's working as expected.The Register
January 06, 2021
WhatsApp Will Delete Your Account If You Don’t Agree Sharing Data With Facebook Full Text
Abstract
"Respect for your privacy is coded into our DNA," opens WhatsApp's privacy policy . "Since we started WhatsApp, we've aspired to build our Services with a set of strong privacy principles in mind." But come February 8, 2021, this opening statement will no longer find a place in the policy. The Facebook-owned messaging service is alerting users in India of an update to its terms of service and privacy policy that's expected to go into effect next month. The "key updates" concern how it processes user data, "how businesses can use Facebook hosted services to store and manage their WhatsApp chats," and "how we partner with Facebook to offer integrations across the Facebook Company Products." Users failing to agree to the revised terms by the cut-off date will have their accounts deleted, the company said in the notification. WhatsApp's Terms of Service was last updated on January 28, 2020, while its current PrivThe Hacker News
January 5, 2021
Users can be manipulated to share private information online Full Text
Abstract
Online users are more likely to reveal private information based on how website forms are structured to elicit data, Ben-Gurion University of the Negev (BGU) researchers have determined.Help Net Security
December 28, 2020
12 new state privacy and security laws explained: Is your business ready? Full Text
Abstract
While at the federal level security and privacy legislation are lost in a morass of partisan politics and corporate lobbying delays, states have been moving ahead to push through an impressive number of important bills that help fill in the gaps. A search of the Legiscan database reveals that hundreds of bills that address privacy, cybersecurity and data breaches are pending across the 50 states, territories and the District of Columbia.Security Affairs
December 28, 2020
Privacy 2020: From prepared to alarmed, the year the rubber hit the road Full Text
Abstract
If 2019 was an opportunity for privacy advocates to push for preparation ahead of looming data protection deadlines, then 2020 was the year organizations were expected to prove themselves ready. In this second article in our Year in Review series, we consider how legal complications leave all businesses, big and small, with a heavier privacy burden than ever.SCMagazine
December 24, 2020
Coalition of human rights groups joins suit against Israeli firm NSO Full Text
Abstract
A coalition of human rights groups on Wednesday joined Facebook’s lawsuit against Israeli spyware vendor NSO, alleging that the company “prioritizes profit to the detriment of human rights.”Reuters
December 23, 2020
UK privacy watchdog warns SolarWinds victims to report data breaches Full Text
Abstract
United Kingdom's Information Commissioner's Office (ICO) has warned organizations that fell victim to the SolarWinds hack that they are required to report data breaches within three days after their discovery.BleepingComputer
December 22, 2020
Tech Giants Lend WhatsApp Support in Spyware Case Against NSO Group Full Text
Abstract
Google, Microsoft, Cisco Systems and others want appeals court to deny immunity to Israeli company for its alleged distribution of spyware and illegal cyber-surveillance activities.Threatpost
December 22, 2020
IMF could track your browsing history to determine credit score Full Text
Abstract
IMF researchers hinted at the possibility of using a user’s browsing history, including search and purchasing data, for more accurately determining the person or business’ credit rating.Hackread
December 21, 2020
Open source privacy project TinyCheck turns your Raspberry Pi into a stalkerware detection unit Full Text
Abstract
TinyCheck is open source software designed to be used on a Raspberry Pi with WiFi dongle and touchscreen. It was developed by Félix Aimé, a senior security researcher at Kaspersky Lab.The Daily Swig
December 21, 2020
Some UK Stores Are Using Facial Recognition to Track Shoppers Full Text
Abstract
Branches of Co-op in the south of England have been using real-time facial recognition cameras to scan shoppers entering stores. It was quietly introduced for limited trials during the last 18 months.Wired
December 18, 2020
Alibaba Facial Recognition Tech Picks Out Uyghur Minorities Full Text
Abstract
Chinese tech company offers facial recognition of minorities as a cloud serviceInfosecurity Magazine
December 18, 2020
Decade-Long Data Silo to Address Google-Fitbit Privacy Concerns Full Text
Abstract
Rights groups concerned over European Commission’s green lightInfosecurity Magazine