Explore how an advanced exposure management solution saved a major retail industry client from ending up on the naughty step due to a misconfiguration in its cookie management policy. This wasnβt anything malicious, but with modern web environments being so complex, mistakes can happen, and non-compliance fines can be just an oversight away.Download the full case study here.
As a child,
The FTC forced a data broker to stop selling βsensitive location data.β But most companies can avoid such scrutiny by doing the bare minimum, exposing the lack of protections Americans truly have.
The U.S. Federal Trade Commission (FTC) on Tuesday prohibited data broker Outlogic, which was previously known as X-Mode Social, from sharing or selling any sensitive location data with third-parties.
The ban is part of a settlement over allegations that the company "sold precise location data that could be used to track people's visits to sensitive locations such as medical and
By Lily Hay Newman, Andy Greenberg β January 6th 2024 at 14:00
Plus: Russia hacks surveillance cameras as new details emerge of its attack on a Ukrainian telecom, a Google contractor pays for videos of kids to train AI, and more.
The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January 2018, in contravention of the Telemarketing Sales Rule (TSR).
In addition to prohibiting the company from violating the law, the stipulated order requires it to meet other compliance measures,
Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the βincognitoβ or βprivateβ mode on web browsers.
The class-action lawsuit sought at least $5 billion in damages. The settlement terms were not disclosed.
The plaintiffs had
By Lily Hay Newman β December 27th 2023 at 12:00
Apple updated its location-tracking system in an attempt to cut down on AirTag abuse while still preserving privacy. Researchers think theyβve found a better balance.
A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices.
Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it's developed using an open-source mobile app framework called Xamarin and abuses the operating system's accessibility permissions to fulfill its objectives.
A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer.
"In 2021, Predator spyware couldn't survive a reboot on the infected Android system (it had it on iOS)," Cisco Talos researchers Mike Gentile, Asheer Malhotra, and Vitor
MongoDB on Saturday disclosed it's actively investigating a security incident that has led to unauthorized access to "certain" corporate systems, resulting in the exposure of customer account metadata and contact information.
The American database software company said it first detected anomalous activity on December 13, 2023, and that it immediately activated its incident response
By Andy Greenberg, Lily Hay Newman β December 16th 2023 at 14:00
Plus: Apple tightens anti-theft protections, Chinese hackers penetrate US critical infrastructure, and the long-running rumor of eavesdropping phones crystallizes into more than an urban legend.
China's Ministry of Industry and Information Technology (MIIT) on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system.
The effort is designed to "improve the comprehensive response capacity for data security incidents, to ensure timely and effective control, mitigation and elimination of hazards and losses caused
Google on Thursday announced that it will start testing a new feature called "Tracking Protection" beginning January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser.
The setting is designed to limit "cross-site tracking by restricting website access to third-party cookies by default," Anthony Chavez, vice president of Privacy
By The Hacker News β December 12th 2023 at 18:09
Let's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum?
Surprisingly, it's the EHR, and the difference is stark: according to a study, EHRs can sell for up to $1,000 each, compared to a mere $5 for a credit card number and $1 for a social
Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices.
This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari
Competing bills moving through the House of Representatives both reauthorize Section 702 surveillanceβbut they pave very different paths forward for Americansβ privacy and civil liberties.
Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times.
"Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims' personal and
Mark Zuckerberg personally promised that the privacy feature would launch by default on Messenger and Instagram chat. WIRED goes behind the scenes of the companyβs colossal effort to get it right.
Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden.
"Push notifications are alerts sent by phone apps to users' smartphones," Wyden said.
"These alerts pass through a digital post office run by the phone operating system provider -- overwhelmingly Apple or Google. Because of
Meta has officially begun to roll out support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the "most significant milestone yet."
"This isn't a routine security update: we rebuilt the app from the ground up, in close consultation with privacy and safety experts," Loredana Crisan, vice president of
Binanceβs settlement requires it to offer years of transaction data to US regulators and cops, exposing the companyβand its customersβto a β24/7, 365-days-a-year financial colonoscopy.β
By Andrew Couts, Lily Hay Newman β December 6th 2023 at 17:08
Governments can access records related to push notifications from mobile apps by requesting that data from Apple and Google, according to details in court records and a US senator.
Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate extensions.
Recent incidents like
Legislation set to be introduced in Congress this week would extend Section 702 surveillance of people applying for green cards, asylum, and some visasβsubjecting loved ones to similar intrusions.
By Todd Feathers, Dhruv Mehrotra β December 4th 2023 at 11:00
A WIRED investigation into internet censorship in US schools found widespread use of filters to censor health, identity, and other crucial information. Students say it makes the web entirely unusable.
Login
FreshRSS