Case Study: The Cookie Privacy Monster in Big Global Retail

Explore how an advanced exposure management solution saved a major retail industry client from ending up on the naughty step due to a misconfiguration in its cookie management policy. This wasn’t anything malicious, but with modern web environments being so complex, mistakes can happen, and non-compliance fines can be just an oversight away.Download the full case study here. As a child,

The Sad Truth of the FTC's Location Data Privacy Settlement

The FTC forced a data broker to stop selling “sensitive location data.” But most companies can avoid such scrutiny by doing the bare minimum, exposing the lack of protections Americans truly have.

A Bloody Pig Mask Is Just Part of a Wild New Criminal Charge Against eBay

Plus: Chinese officials tracked people using AirDrop, Stuxnet mole’s identity revealed, AI chatbot hacking, and more.

FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data

The U.S. Federal Trade Commission (FTC) on Tuesday prohibited data broker Outlogic, which was previously known as X-Mode Social, from sharing or selling any sensitive location data with third-parties. The ban is part of a settlement over allegations that the company "sold precise location data that could be used to track people's visits to sensitive locations such as medical and

LoanDepot Systems Offline Following Ransomware Attack

Facebook, Instagram Now Mine Web Links You Visit To Fuel Targeted Ads

After Injecting Cancer Hospital With Malware, Crims Threaten To Swat Patients

23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits

Plus: Russia hacks surveillance cameras as new details emerge of its attack on a Ukrainian telecom, a Google contractor pays for videos of kids to train AI, and more.

23andMe Told Victims Of Data Breach That Suing Is Futile, Letters Shows

Google Chrome Starts Blocking Data Tracking Cookies

How to Be More Anonymous Online

Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules.

Estes Express Lines Says Personal Data Stolen In Ransomware Attack

Millions Still Haven't Patched Terrapin SSH Protocol Vulnerability

Qualcomm Chip Vulnerability Enables Remote Attack By Voice Call

DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation

The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January 2018, in contravention of the Telemarketing Sales Rule (TSR). In addition to prohibiting the company from violating the law, the stipulated order requires it to meet other compliance measures,

Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode'

Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the “incognito” or “private” mode on web browsers. The class-action lawsuit sought at least $5 billion in damages. The settlement terms were not disclosed. The plaintiffs had

Google Settles $5 Billion Consumer Privacy Lawsuit

Crooks Push Holiday Misery With Leaksmas Release Of 50M PII Records

The Worst Hacks of 2023

It was a year of devastating cyberattacks around the globe, from ransomware attacks on casinos to state-sponsored breaches of critical infrastructure.

iPhone 0-Click Spyware Campaign Triangulation Detailed

LoanCare Notifying 1.3 Million Of Data Breach

Hackers See Value In Stealing Children's School Records

Ohio Lottery Hit By Ransomwarem Hackers Claim Theft Of Data

Hackers Steal Customer Data From Europe's Largest Parking App Operator

This Clever New Idea Could Fix AirTag Stalking While Maximizing Privacy

Apple updated its location-tracking system in an attempt to cut down on AirTag abuse while still preserving privacy. Researchers think they’ve found a better balance.

New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices

A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it's developed using an open-source mobile app framework called Xamarin and abuses the operating system's accessibility permissions to fulfill its objectives.

Congress Sure Made a Lot of Noise About Kids’ Privacy in 2023—and Not Much Else

Members of the US Congress touted improvements to children’s privacy protections as an urgent priority. So why didn’t they do anything about it?

Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected Android system (it had it on iOS)," Cisco Talos researchers Mike Gentile, Asheer Malhotra, and Vitor

ESO Solutions Data Breach Impacts 2.7 Million Individuals

Mr. Cooper Breach Affects 14.6 Million Customers

Xfinity Customer Data Compromised In Attack Exploiting CitrixBleed Vulnerability

Brazil's First Lady To Sue Musk's X Over Hacked Account

Delta Dental Says Data Breach Exposed 7 Million Customers

MongoDB Confirms Hack, Says Customer Data Stolen

MongoDB Suffers Security Breach, Exposing Customer Data

MongoDB on Saturday disclosed it's actively investigating a security incident that has led to unauthorized access to "certain" corporate systems, resulting in the exposure of customer account metadata and contact information. The American database software company said it first detected anomalous activity on December 13, 2023, and that it immediately activated its incident response

Google Just Denied Cops a Key Surveillance Tool

Plus: Apple tightens anti-theft protections, Chinese hackers penetrate US critical infrastructure, and the long-running rumor of eavesdropping phones crystallizes into more than an urban legend.

China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents

China's Ministry of Industry and Information Technology (MIIT) on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system. The effort is designed to "improve the comprehensive response capacity for data security incidents, to ensure timely and effective control, mitigation and elimination of hazards and losses caused

Suspects Can Refuse To Provide Phone Passcodes To Police, Court Rules

Information For 45,000 Stolen In Idaho National Laboratory Data Breach

Google's New Tracking Protection in Chrome Blocks Third-Party Cookies

Google on Thursday announced that it will start testing a new feature called "Tracking Protection" beginning January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser. The setting is designed to limit "cross-site tracking by restricting website access to third-party cookies by default," Anthony Chavez, vice president of Privacy

Think Tank Report Labels NSO, Lazarus As Cyber Mercenaries

Nearly A Million Non-Profit Donors' Details Left Exposed In Unsecured Database

Unveiling the Cyber Threats to Healthcare: Beyond the Myths

Let's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum?  Surprisingly, it's the EHR, and the difference is stark: according to a study, EHRs can sell for up to $1,000 each, compared to a mere $5 for a credit card number and $1 for a social

Toyota Germany Says Customer Data Stolen In Ransomware Attack

North Ireland Cops Count Human Cost Of August Data Breach

Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws

Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari

Congress Clashes Over the Future of America’s Section 702 Spy Program

Competing bills moving through the House of Representatives both reauthorize Section 702 surveillance—but they pave very different paths forward for Americans’ privacy and civil liberties.

SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users

Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times. "Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims' personal and

End-to-End Encrypted Instagram and Messenger Chats: Why It Took Meta 7 Years

Mark Zuckerberg personally promised that the privacy feature would launch by default on Messenger and Instagram chat. WIRED goes behind the scenes of the company’s colossal effort to get it right.

Meta Begins Rolling Out End-To-End Encryption

Governments May Spy on You by Requesting Push Notifications from Apple and Google

Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden. "Push notifications are alerts sent by phone apps to users' smartphones," Wyden said. "These alerts pass through a digital post office run by the phone operating system provider -- overwhelmingly Apple or Google. Because of

Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger

Meta has officially begun to roll out support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the "most significant milestone yet." "This isn't a routine security update: we rebuilt the app from the ground up, in close consultation with privacy and safety experts," Loredana Crisan, vice president of

The Binance Crackdown Will Be an 'Unprecedented' Bonanza for Crypto Surveillance

Binance’s settlement requires it to offer years of transaction data to US regulators and cops, exposing the company—and its customers—to a “24/7, 365-days-a-year financial colonoscopy.”

Police Can Spy on Your iOS and Android Push Notifications

Governments can access records related to push notifications from mobile apps by requesting that data from Apple and Google, according to details in court records and a US senator.

Governments Spying On Apple, Google Users Through Push Notifications

New Report: Unveiling the Threat of Malicious Browser Extensions

Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate extensions. Recent incidents like

23andMe Confirms Nearly 7 Million Customers Affected In Data Leak

US Lawmakers Want to Use a Powerful Spy Tool on Immigrants and Their Families

Legislation set to be introduced in Congress this week would extend Section 702 surveillance of people applying for green cards, asylum, and some visas—subjecting loved ones to similar intrusions.

New Relic Says Hackers Accessed Internal Environment Using Stolen Credentials

Inside America's School Internet Censorship Machine

A WIRED investigation into internet censorship in US schools found widespread use of filters to censor health, identity, and other crucial information. Students say it makes the web entirely unusable.