Security News

The FTC is advising companies to consult the US Cybersecurity and Infrastructure Security Agency's guidance on dealing with the Log4j flaws. If companies fail to fix their code and lose customer data, the FTC says it may just see what a judge thinks about that.

It is critical that companies and their vendors relying on Log4j act now, in order to reduce the likelihood of harm to consumers, and to avoid FTC legal action. The FTC's brief but blunt warning makes an example of the infamous Equifax breach of 2017, where the US credit reporting behemoth was compromised via an unpatched Apache Struts vulnerability with the unassuming bug identifier CVE-2017-5638.

The Federal Trade Commission will muster its legal muscle to pursue companies and vendors that fail to protect consumer data from the risks of the Log4j vulnerabilities, it warned on Tuesday. "The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future," according to the warning.

The US Federal Trade Commission has warned today that it will go after any US company that fails to protect its customers' data against ongoing Log4J attacks. "The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future," the US government agency said.

The US Federal Trade Commission said Americans reported losing $148 million to gift card scams during the first nine months of 2021, following a significant increase compared to last year. Almost 40,000 consumers reported falling victim to scams where gift cards were the chosen form of payment throughout the year.

The US Federal Trade Commission has shared guidance for small businesses on how to secure their networks from ransomware attacks by blocking threat actors' attempts to exploit vulnerabilities using social engineering or exploits targeting technology.The first step businesses are advised to take to fend off such attacks is to ensure their tech teams follow the best practices outlined by CISA in this Ransomware Guide and the Fact Sheet on Rising Ransomware Threat to Operational Technology Assets.

The Federal Trade Commission found that the six largest internet service providers in the U.S. collect and share customers' personal data without providing them with info on how it's used or meaningful ways to control this process. "Many internet service providers collect and share far more data about their customers than many consumers may expect-including access to all of their Internet traffic and real-time location data-while failing to offer consumers meaningful choices about how this data can be used," the FTC said.

The Federal Trade Commission says it will fine companies for using fake online reviews or other deceptive endorsements to deceive their customers. The US government agency announced this on Wednesday after it sent letters warning over 700 leading companies not to use such unlawful practices in their online marketing and advertising campaigns, given that they could trigger steep penalties.

The US Federal Trade Commission warns of extortion scammers targeting the LGBTQ+ community via online dating apps such as Grindr and Feeld. As the FTC revealed, the fraudsters would pose as potential romantic partners on LGBTQ+ dating apps, sending explicit photos and asking their targets to reciprocate.

America's trade watchdog today banned stalkerware developer SpyFone and its CEO from the surveillance industry, effectively putting an end to its business. In effect, the FTC said, Support King LLC, which traded as SpyFone.com, and its CEO Scott Zuckerman, "Secretly harvested and shared data on people's physical movements, phone use, and online activities" and allowed "Stalkers and domestic abusers to stealthily track the potential targets of their violence."