Security News
LinkedIn received a €310 million fine from the Irish Data Protection Commission for violating European Union's law related to the processing of personal data for behavioral analysis and targeted...
Infosec in brief Scammers have been using Google's own ad system to fool people into downloading a borked copy of the Chocolate Factory's Authenticator software. A team at security shop Malwarebytes spotted the adverts, which appear to come from a Google approved domain - and from a verified user - earlier this week.
The U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes. [...]
The European Data Protection Board has extended the temporary ban on targeted advertising on Facebook and Instagram, imposed by the Norwegian Data Protection Authority in July. The European watchdog's 27 October urgent binding decision instructs Ireland's Data Protection Commission to ban the processing of personal data for behavioral advertising across the entire European Economic Area within two weeks.
Norway has told the European Data Protection Board it believes a countrywide ban on Meta harvesting user data to serve up advertising on Facebook and Instagram should be made permanent and extended across Europe. The Scandinavian country's Data Protection Authority, Datatilsynet, had been holding back Facebook parent Meta from scooping up data on its citizens with the threat of fines of one million Kroner per day if it didn't comply.
A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. "By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus," Guardio Labs researcher Nati Tal said in a technical report.
France's privacy watchdog has imposed a €60 million fine against Microsoft's Ireland subsidiary for dropping advertising cookies in users' computers without their explicit consent in violation of data protection laws in the European Union. The Commission nationale de l'informatique et des libertés noted that users visiting the home page of its Bing search engine did not have a "Mechanism to refuse cookies as easily as accepting them."
Twitter, which is in the process of being acquired by Tesla CEO Elon Musk, has agreed to pay $150 million to the U.S. Federal Trade Commission to settle allegations that it abused non-public information collected for security purposes to serve targeted ads. In addition to the monetary penalty for "Misrepresenting its privacy and security practices," the company has been banned from profiting from the deceptively collected data and ordered to notify all affected users.
The Federal Trade Commission has fined Twitter $150 million for using phone numbers and email addresses collected to enable two-factor authentication for targeted advertising. "As the complaint notes, Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads. This practice affected more than 140 million Twitter users, while boosting Twitter's primary source of revenue," said FTC Chair Lina M. Khan.
An Israeli citizen who operated DeepDotWeb, a news site and review site for dark web sites, has received a sentence of 97 months in prison for money laundering and was ordered to forfeit $8,414,173. The DeepDotWeb site didn't host anything malicious or harmful but directly linked to various dark web marketplaces selling illegal goods.