Security News > 2020 > January

Its home state, Maryland, also knows how to swiftly propose mind-bogglingly bad legislation that would outlaw possession of ransomware and put researchers in jeopardy of prosecution. It's not supposed to keep researchers from responsibly researching or disclosing vulnerabilities, but like other, similar "Let's make malware more illegal" bills before it, SB 30's attempts to protect researchers could "Use a little more work," as pointed out by Ars Technica's Sean Gallagher.

Google claims it paid out over $6.5 million through its bug bounty programs in 2019, which brings the total awarded by the company since the launch of its first program in 2010 to more than $21 million. The total amount paid out in 2019 was nearly double compared to the previous year, and Google says the researchers who took part in its bug bounty programs donated an all-time-high of $500,000 to charity.

To comply with California's new data privacy law, companies that collect information on consumers and users are forced to be more transparent about it. The form proceeds to state that, as part of signing up for a rewards card, Ralphs "May collect" information such as "Your level of education, type of employment, information about your health and information about insurance coverage you might carry."

Google Chrome extension developers have been left high and dry for weeks as the company struggles to cope with a spike in fraud on the Chrome Web Store. Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users.

A recent dump of payment card information being sold on a popular online fraud marketplace suggests that more than 30 million payment cards may have been affected by a malware attack and data breach at Wawa convenience stores and gas stations that was first revealed in December. The marketplace boasted that the collection would include 30 million U.S. records across more than 40 states, as well as more than 1 million international records from more than 100 different countries, researchers wrote.

Convenience store giant Wawa Inc. said Tuesday it is responding to reports that hacked information from its customers' credit cards may be being sold on the dark web. The company said in a news release that customers who may be affected can obtain free credit monitoring and identity theft protection.

The cybercriminal group OurMine has struck again, claiming responsibility for hijacking and defacing the Twitter accounts of the US National Football League and 15 of its teams. OurMine has a long history of hijacking high profile accounts to turn them into billboards to advertise its so-called security "Services" and/or to vandalize pages, like it did to BuzzFeed back in the group's busy-beaver year of 2016.

They can still upgrade from Windows 7 to Windows 10 for free, but those who continue to use Windows 7 now that support has ended are simply more vulnerable to security risks. In addition to that, the good news is that some browser and many AV manufacturers will continue to offer Windows 7 support.

Facebook uses many tools to track people across the Internet, whether they have an account with the social networking site or not, and most of them rely on the online activity data other apps and websites share with Facebook. After facing worldwide criticism over privacy and data breach controversies, Facebook last summer announced a privacy tool, called Off-Facebook Activity, which gives users more control of their data collected by Facebook.

The Ring doorbell application for Android contains third-party trackers and sends out a large amount of personally identifiable information, the Electronic Frontier Foundation has discovered. The Ring app, the EFF says, sends user data to four main analytics and marketing companies, namely branch.io, mixpanel.com, appsflyer.com and facebook.com.