Security News > 2020 > March

US regulators moved to impose fines Friday against the nation's four major wireless carriers for selling location data of customers without their consent. The wireless firms were accused of having disclosed mobile network user location data to a third party without authorization from customers, the FCC said.

Despite Facebook claim, "Download Your Information" doesn't provide users with a list of all advertisers who uploaded a list with their personal data. As a user this means you can't exercise your rights under GDPR because you don't know which companies have uploaded data to Facebook.

For anyone who is a Stripe user - even if they haven't logged in for a while - the email seems pretty genuine. OK, the button didn't head to a Stripe domain, but the link didn't look particularly out of place, either - it was an HTTPS link to a regular-looking.com domain.

Seemingly everywhere you turn these days there is some announcement about 5G and the benefits it will bring, like greater speeds, increased efficiencies, and support for up to one million device connections on a private 5G network. Using IoT devices without a private 5G network or adequate technical knowledge could put organizations' and their employees' privacy at risk.

Facebook is suing the data analytics firm OneAudience for allegedly developing a malicious, social-media-profile-grabbing software development kit and then paying app developers to embed it in their apps. According to the complaint, OneAudience's malicious SDK swiped the data that Facebook users had agreed to share with the app - data that may have included their name, email address, the country where they logged in from, time zone, Facebook ID, and, sometimes, gender.

From Chrome's mystery zero-day to why the EC has switched to Signal, get yourself up to date with everything we've written in the last week.

The percentage of companies admitting to suffering a mobile-related compromise has grown despite a higher percentage of organizations deciding not to sacrifice the security of mobile and IoT devices to meet business targets, Verizon has revealed in its third annual Mobile Security Index report, which is based on a survey of 876 professionals responsible for the buying, managing and security of mobile and IoT devices, as well as input from security and management companies such as Lookout, VMWare and Wandera. The report also shows that attackers hit businesses big and small, and operating in diverse industries, and that those that had sacrificed mobile security in the past year were 2x as likely to suffer a compromise.

According to Jim O'Gorman, Chief Content and Strategy officer at Offensive Security and leader of the Kali team, Kali users generally fall into two buckets: highly informed, experienced professionals/hobbyist and individuals that are new to Linux in general. "As a whole, I think it's fair to say that we build and design Kali for security professionals and hobbyists to utilize as a base platform for their work. These are individuals that could easily roll their own version of Linux for their needs, but if Kali is done right, it's a no-brainer to use it and save the work and effort that would go into building your own," he told Help Net Security.

Numerous vendors are building on these technical advancements to bring zero trust solutions to market. Adopting zero trust in IT: Five steps for building a zero trust environment.

Only half of the vulnerabilities in cloud containers ever posed a threat, according to a Rezilion study. The top 20 most popular container images on DockerHub were analyzed to discover that 50% of vulnerabilities were never loaded into memory and therefore did not pose a threat, regardless of Common Vulnerability Scoring System scores and despite vast resources in budget and manpower spent on patching or mitigation.