Facebook has finally been slapped with its first fine of £500,000 for allowing political consultancy firm Cambridge Analytica to improperly gather and misuse data of 87 million users. The fine has been imposed by the UK’s Information Commissioner’s Office (ICO) and was calculated using the UK’s old Data Protection Act 1998 which can levy a
The U.K. Information Commissioner’s Office (ICO) has confirmed that it has hit Facebook with a maximum £500,000 ($645,000) fine around the way it mishandled user data following the Cambridge Analytica scandal earlier this year. The ICO announced its intention to hand Facebook the fine back in July and it said today that it had not changed
Over the past two decades, we’ve seen a huge rise in the popularity of online gaming among both children and adults. One particular game that has experienced huge success is “Grand Theft Auto,” or GTA, which has been developed and produced by Rockstar Games. The most recent edition of the game, “Grand Theft Auto V,”
Siemens AG Siclock central plant clocks were recently found to be affected by several vulnerabilities, some of which have been rated critical. What are these Siemens Siclock flaws and how can they be exploited? German manufacturer and tech giant Siemens recently disclosed six vulnerabilities — three classified as critical — that were found in its
A study on the state of software security released today by CA Veracode evidenced improvements in DevOps security, suggesting that DevSecOps is facilitating better security and efficiency. While the report shows promise on the development side, it also analyzed flaw persistence and measured the longevity of flaws after the initial discovery. Though software security is improving,
Have you recently tried to ditch a mobile app, only to have it keep following you around? If so, you may be a victim of a new crop of uninstall trackers that go beyond letting app developers track bugs and poor user experience: they also let developers track app users “the instant” they give them the
The malicious apps have all been removed from the official Android store but not before the apps were installed by almost 30,000 users Malware authors keep testing the vigilance of Android users by sneaking disguised mobile banking Trojans into the Google Play store. We’ve recently analyzed a set of 29 such stealthy Trojans, found in
Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia. TRITON, also known as Trisis, is a piece of ICS malware designed to
Apple’s CEO Tim Cook has joined the chorus of voices warning that data itself is being weaponized again people and societies — arguing that the trade in digital data has exploded into a “data industrial complex”. Cook did not namecheck the adtech elephants in the room: Google, Facebook and other background data brokers that profit
More and more, the internet is delivered wirelessly, but as bandwidth demand grows in each home — multiple TVs, smart devices, tablets and phones — current Wi-Fi standards are starting to fall short. Fortunately the FCC and wireless industry are prepared for this, and the former has just officially proposed opening up a wide swathe
This blog was co-written by Rafael Pena. We recently received customer submissions related to a phishing campaign that was redirecting users to a browser hijacker. It became clear, after analysis, that these cases were related to a technical support scam in which the attacker uses scare tactics—such as displaying fake error messages and phone numbers—to
While data breaches result in huge losses for the victims, criminals are cashing out on fraudulent purchases by working with deceitful communities that offer such services as shipping labels, according to Flashpoint. In today’s blog post, “Drop Networks, Label-Creation Services Sustain Shipments of Fraudulent Purchases,” analysts Luke Rodeheffer and Mike Mimoso detail the mechanics, methods
by John E Dunn Drupal’s maintainers have handed users of the popular content management system (CMS) some urgent patching homework in the form of five security vulnerabilities, including two rated ‘critical’. The headline here is simple: do not ignore Drupal updates or they’re likely to come back and bite you. Two critical flaws Both critical
Would you prefer purchasing an Android device that doesn’t have any apps or services from Google? No Google Maps, No Gmail, No YouTube! And NOT even the Google Play Store—from where you could have installed any Android apps you want Because if you live in Europe, from now on, you have to spend some extra
SoftBank Group has become the latest high profile technology business to drop out of an investment conference in Saudi Arabia following the snowballing global outcry over the killing of journalist, Jamal Khashoggi. The Wall Street Journal reports the last minute cancelation by CEO Masayoshi Son of a speaking engagement at the Future Investment Initiative conference which opens in
When we think about how technology impacts our daily lives, we don’t really notice it unless it’s a big-picture concept. In fact, there are many areas where technology plays an outsized impact on our lives — and we hardly notice it at all. Traffic lights can be controlled remotely, thermostats can automatically warm or chill
Late last week, members of the congressional staff had an opportunity to engage in cybersecurity training through the hands-on exercises brought to them, quite literally, by IBM’s X-Force command cyber-tactical operations center (C-TOC) – a first-of-its-kind mobile security operations center. With a focus on delivering response training and preparedness, onsite cybersecurity support and education and awareness,
Every now and again security researchers stumble on the sort of bad security flaw that reminds us how innocuous-looking aspects of web development can suddenly turn dangerously hostile. An unnerving example is a vulnerability that Akamai’s Larry Cashdollar stumbled on earlier this year after encountering the hugely popular file upload plugin, jQuery File Upload, used
The solution to password recycling may be easier to implement than previously thought, according to a recent paper Mandating longer and more complex passwords reduces the likelihood that users will reuse them across multiple online services, researchers have found. A team of three academics from Indiana University set out to examine the impact of prescribing
A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh version 0.6
What could be better than spending two adrenaline-packed days at Disrupt Berlin 2018 focused on the best of everything coming out of Europe’s early-stage startup scene? Saving up to €500 while doing it, that’s what. Just think about how much Red Bull or good German beer you could buy with that money. Here’s the thing. Ticket
The Facebook hack may be the work of spammers, not a nation-state affiliated group, according to a report. The Wall Street Journal reported earlier this week that, according to anonymous sources familiar with Facebook Inc.’s internal investigation, the hack of 30 million users was the work of spammers, not a nation-state as previously assumed. Facebook
Security researcher Peter Winter-Smith discovered a four-year-old authentication bypass vulnerability in the server code of libssh versions 0.6 and above. According to Winter-Smith’s tweet, “The root cause is that the libSSH server and client share a state machine, so packets designed only to be processed by and update the client state can update the server
A month after its most recent iPhone and Mac launches, Apple has refreshed its privacy pages. There isn’t much that’s changed: those pages still espouse Apple’s long-held commitment to privacy being a “fundamental human right” and that your information is, for the most part, kept on your iPhones, iPads and Macs. Apple’s iOS 12 was loaded
Today McAfee, the device-to-cloud cybersecurity company, announced the winners of its distinguished Partner Awards. The awards ceremony, hosted at McAfee’s Americas Partner Summit in Las Vegas, recognized partners who demonstrated the embodiment of three foundational pillars of the McAfee Partner Program: strategic relationships, profitable partnerships and driving better customer outcomes. Partners received awards based on
A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers. What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)? FreeRTOS is a leading open source real-time operating system (RTOS) for embedded systems
An explosive report in The New York Times this weekend sheds new light on the apparent targeting of Twitter accounts by “state-sponsored actors” three years ago. It comes in the wake of the confirmed death of Washington Post journalist Jamal Khashoggi on Friday, two weeks after he disappeared in the Saudi consulate in Istanbul. Khashoggi
A survey of nearly 200 financial services compliance individuals conducted throughout February and March 2018 found that organizations are struggling to keep pace with evolving technologies and have fallen behind when it comes to oversight of electronic communications, according to Smarsh. Results of the 40-question survey were released this week in the Electronic Communications Compliance Survey
by John E Dunn Stop me if you’ve heard this one before. In May, Polish researcher Błażej Adamczyk of the Silesian University of Technology contacted D-Link to tell it he’d discovered a trio of important security flaws affecting eight of its Wi-Fi routers. According to Adamczyk, D-Link replied two weeks later to say that two
Here’s some cool trivia for you: What profession currently has a zero-percent unemployment rate, pays an average of $116,000 a year, and is among the top in-demand jobs in the world? A lawyer? A pharmacist? A finance manager, perhaps? Nope. The job we’re talking about is a cybersecurity specialist and, because of the increase in cyber