Category: Cyber Security
7. May 2019
Google has announced on its blog that it will introduce an auto delete feature for web tracking history.
So far, users have the option to manually delete data from Google products such as YouTube or Maps. After numerous requests, however, Google follows other technology giants and revised its privacy settings. “We work to keep your data private and secure, and we’ve heard your feedback that we need to provide simple ways for you to manage or delete it,” Google writes on it’s blog.
Users will be able to choose a period for which the data should remain stored, lasting a minimum of 3 months and a maximum of 18 months. At the end of the selected period, Google will automatically delete the data on a regular basis. This option will initially be introduced for Location History and Web & App Activity data and will be available over the next few weeks, according to Google.
Google’s announcement came the day after Microsoft unveiled a set of features designed to strengthen privacy controls for its Microsoft 365 users, aimed to simplify its privacy policies.
On the same day, during Facebook’s annual developer conference, F8, Mark Zuckerberg announced a privacy roadmap for the social network.
2. May 2019
Sensitive data of 80 million US households are unprotected available in the internet. The data are stored on an openly accessible database whose owner is unknown.
Affected are 65 % of all US households, in numbers, 80 million households. The database includes detailed information regarding the number of persons living in a household, their names, marital status, age, date of birth, residential address including GPS data for localization and household income.
The number of affected US-citizens cannot be named due to the fact, that in one household can live a different amount of people. Because of this it is possible that over 100 million people are affected.
On the basis of the accessible data an identification of individuals is easily possible because hackers or thefts of identity can find out the mailaddresses and connect this information with free accessible information from e.g. social media.
Regarding the owner of the database no information is known. It is presumed that it is a company from the health or insurance sector.
The owner need to be find, otherwise the leak cannot be closed.
25. April 2019
Since May 2016 Facebook uploaded email-contacts without respectively against the will of 1,5 million users.
Facebook itself discovered the mistake in March 2019 and according to it’s own statement has now corrected it. The data was uploaded unintentionally and not shared with third parties. The data will be deleted and Facebook will contact the concerned users.
Facebook was able to read the email-contacts of 1,5 million users, but the concerned amount of data subjects is a lot higher due to that many users have thousands of contacts. Facebook denied that e-mails have been accessed by its employees. It expects a fine of three to five billion dollar in the USA.
20. March 2019
The website Cookiebot recently published a report of its “Ad Tech Surveillance on the Public Sector Web”. They used their scanning technology to analyse tracking across official government websites and public health service websites in all 28 European Union member states. More than 100 advertising technology companies track EU citizens who visit those public sector websites by gaining access through free third-party services such as video plug-ins and social sharing buttons.
Said ad trackers were found on 25 out of the 28 official government websites in the EU. Only the Dutch, German and the Spanish websites had no commercial trackers. Most of them were found on the French website (52 trackers) followed by the Latvian website (27 trackers).
Cookiebot also investigated the tracking on Public Health Service Sites and found out that 52% of landing pages with health information contained ad trackers. The worst ranked one was the Irish health service with 73% of landing pages containing trackers. The lowest ranked country – Germany – still hat one third of its landing pages held trackers.
Those trackers got in via free third-party website plugins. For example, Ireland’s public health service (Health Service Executive (HSE)) installed the sharing tool ShareThis, which is like a Trojan horse that releases more than 20 ad tech companies into every Website it’s installed on.
Most of the tracking tools are controlled by Google. It controls the top three domains found and therefore tracks the visits to 82% of the main government websites of the EU. A complete list of all the trackers can be find in the published report.
18. February 2019
Prime Minister Scott Morrison reports that the governing Liberal Party of Australia and the governing National Party of Australia as well as the strongest opposition party, Labor Party were the target of an cyber attack on Parliament’s server. It is assumed that the server was attacked by a foreign government. Not affected by the breach were the ministers an their offices because they operate on different computer servers.
The attack was discovered on the 8th of February 2019 during an investigation of a breach of Parliament House’s computer. According to the statement of the nation’s chief cyber security adviser, Alistair MacGibbon, who is the head of the Australian Cyber Security Centre, it is too early to tell whether and what information the hackers had accessed.
At the moment, election influences of the upcoming nationwide elections can be excluded.
As a first measure the security agency reset passwords after detecting the breach so that the politicians and their staff lost access to their emails.
12. February 2019
After TechCrunch initiated investigations that revealed that numerous apps were recording screen usage, Apple called on app developers to remove or at least disclose the screen recording code.
TechCrunch’s investigation revealed that many large companies commission Glassbox, a customer experience analytics firm, to be able to view their users’ screens and thus follow and track keyboard entries and understand in which way the user uses the app. It turned out that during the replay of the session some fields that should have been masked were not masked, so that certain sensitive data, like passport numbers and credit card numbers, could be seen. Furthermore, none of the apps examined informed their users that the screen was being recorded while using the app. Therefore, no specific consent was obtained nor was any reference made to screen recording in the apps’ privacy policy.
Based on these findings, Apple immediately asked the app developers to remove or properly disclose the analytics code that enables them to record screen usage. Apples App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity. In addition, Apple expressly prohibits the covert recording without the consent of the app users.
According to TechCrunch, Apple has already pointed out to some app developers that they have broken Apple’s rules. One was even explicitly asked to remove the code from the app, pointing to the Apple Store Guidelines. The developer was given less than a day to do so. Otherwise, Apple would remove the app from the App Store.
18. January 2019
An 87 gigabyte dataset with stolen login information has appeared on the Internet. This affects 773 million e-mail addresses and over 21 million passwords.
According to initial information, the data do not originate from a single hack, but have been gathered from various hacks. The data set contains information from 12,000 domains and various web services.
The existence of the data set was made public by the Australian IT security expert Troy Hunt on his homepage, who calls it Collection #1. The expert writes that he was first made aware of the record by acquaintances and that the data was originally available from a file hosting provider, where it can no longer be found.
You have the option of checking for yourself whether your data is affected. To check this, simply enter your own address in the search field and click on “pwned?”. The verification service published by the Australian security researcher Troy Hunt is considered trustworthy by the Federal Office for Information Security (BSI). If you are affected, we recommend that you change your password as soon as possible.
8. January 2019
Following the hacker attack on hundreds of politicians and celebrities, investigators have arrested a 20-year-old suspect today. The apartment of the suspect had been searched and he has been taken into custody. This was reported by the central agency of the attorney general in Frankfurt am Main (Zentralstelle zur Bekämpfung der Internetkriminalität der Generalstaatsanwaltschaft Frankfurt am Main) and the Federal Criminal Police Office (BKA).
On January 7, prior to the arrest, the household of a 19-year-old IT worker, who is being treated as a witness, was searched and technical equipment was confiscated. He claimed that he knows the hacker.
On Friday, January 4, Germany’s Federal Office for IT Safety (BSI) revealed that it was investigating a data leak concerning hundreds of German politicians, journalists and celebrities published on the platform Twitter. The authorities were working together with the Irish Data Protection Commissioner to stop the spreading of the affected data. The hack targeted all of Germany’s political parties represented in the federal parliament at the moment, except for the far-right Alternative for Germany (AfD).
The data was published via a Twitter account, followed by more than 17,000 people at the time, in the style of an advent calendar over the course of December 2018. It included mobile phone numbers, contact info and private chats. Furthermore, ID cards as well as banking and financial details, for example credit card details, were leaked.
7. January 2019
Marriott International Inc, the world’s largest hotel company, based in the USA, which was hit by a data breach in 2018, has announced new information regarding the breach in which unauthorized access to the Marriott subsidiary Starwood’s reservation database was made (we reported).
Contrary to initial statements, not 500 million records of hotel guests but only 383 million are affected. It should be noted that for a guest who has stayed several times in one of the hotels belonging to the Marriott Group, there is one record for each overnight stay. According to this, not 383 million people were affected, but fewer. However, the Marriott Group cannot give the exact number of people affected.
In addition to the corrected number of victims, Marriott announced that some confidential data such as passport and credit card numbers were unencrypted. About 5,25 million unencrypted and about 20,3 million encrypted passport numbers could be viewed by unauthorized persons. According to the company, the master key for decryption was not copied.
In addition, around 8,6 million encrypted credit card numbers were affected, of which only 345.000 were still valid. Here, too, the master key could not be captured. At the moment, it is still being investigated whether credit card numbers entered in the wrong fields and thus stored unencrypted are affected.
17. December 2018
The Irish Data Protection Commission announced in a press release on December 14, 2018 that it had initiated a statutory inquiry into Facebook.
Due to the frequent, especially in the recent past, data breaches of the American company and the total number of reported data breaches since the GDPR came into force on May 25, 2018, the Irish Data Protection Commission has initiated an investigation into compliance with the relevant provisions of the GDPR against Facebook.
In recent weeks, reports of renewed breaches of data protection by Facebook have continued.
Most recently, it became known that the Italian competition authority AGCM had imposed a fine of 10 million euros on Facebook because the company had passed on data to other platforms without the express consent of the users and that a bug in the programming interface for picture processing led to third-party apps having access to pictures of 6.8 million Facebook users, some of which had not even been published by the users.
Pages: Prev 1 2 3 4 5 6 7 8 9 10 Next 
