Security News

TikTok Quietly Updated Its Privacy Policy to Collect Users' Biometric Data
2021-06-06 22:04

The policy change, first spotted by TechCrunch, went into effect on June 2. TikTok users who reside in the European Economic Area, the U.K., Switzerland, and other geographies where the service operates are exempted from the changes.

GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks
2021-06-05 10:01

Code-hosting platform GitHub Friday officially announced a series of updates to the site's policies that delve into how the company deals with malware and exploit code uploaded to its service. Stating that it will not allow the use of GitHub in direct support of unlawful attacks or malware campaigns that cause technical harm, the company said it may take steps to disrupt ongoing attacks that leverage the platform as an exploit or a malware content delivery network.

The policy of truth: As ransomware claims rise, what's a cyber insurer to do?
2021-06-04 09:41

If you rely on your insurer to pay off crooks after a successful ransomware attack, you wouldn't be the only one. When you're dealing with a ransomware attack, how much do you know about who you're making a payment to? And what's the role of not just the insurer but also, say, the intermediary company that the insurer contracts with to negotiate the payment?

Facebook Will Limit Your WhatsApp Features For Not Accepting Privacy Policy
2021-05-14 00:38

"No one will have their accounts deleted or lose functionality of WhatsApp on May 15 because of this update," the Facebook-owned messaging service said in a statement. The move marked a turnaround from its previous stance earlier this year when the company outlined plans to make the accounts inaccessible completely should users choose not to comply with the data-sharing agreement and opt not to have their WhatsApp account information shared with Facebook.

Cybersecurity Community Unhappy With GitHub's Proposed Policy Updates
2021-04-30 11:10

GitHub wants to update its policies regarding security research, exploits and malware, but the cybersecurity community is not happy with the proposed changes. The community has been asked to provide feedback until June 1 on proposed clarifications regarding exploits and malware hosted on GitHub.

Google Project Zero Announces 2021 Updates to Vulnerability Disclosure Policy
2021-04-16 10:47

Google's Project Zero cybersecurity research unit on Thursday announced that it's making some changes to its vulnerability disclosure policies, giving users 30 days to install patches before disclosing the technical details of a flaw. Project Zero has announced three major changes to its vulnerability disclosure policy in 2021, compared to 2020.

What Cybersecurity Policy Changes Should We Expect from the Biden Administration?
2021-04-07 14:43

Despite my best efforts to come up with a brilliant "Thought leadership" piece on what I think the Biden Administration should do, the best answer has already been written and published in March of 2020 as the 2020 Cyberspace Solarium Commission Report. Co-chaired by Senator Angus King and Representative Mike Gallagher, the bipartisan Cyberspace Solarium Commission proactively scrutinized U.S. cybersecurity in much the same way the 2004 9/11 Commission Report reactively assessed failings within the U.S. Intelligence Community and offered recommendations for sweeping changes.

How to Vaccinate Against the Poor Password Policy Pandemic
2021-04-01 02:49

To shore up their defenses, they must remediate their password policy. Replacing password expiration with password exposure is critical with an increasingly hybrid workforce and, as outlined above, for the friction it incurs.

Mozilla Firefox adopts new privacy-enhancing Referrer Policy
2021-03-22 18:00

Mozilla has announced that it will introduce a more privacy-focused default Referrer Policy to protect Firefox users' privacy, starting with the web browser's next version. Once updated, the web browser will automatically trim user-sensitive information like path and query string information accessible from the Referrer URL. This URL is sent together with the HTTP Referrer header between websites during subresources requests and navigating between sites by clicking on links.

Digital Guardian releases DLP policy packs for business communications and collaboration apps
2021-03-19 02:30

Digital Guardian announced the release of DLP policy packs for top business communications and collaboration applications, Microsoft Teams, Skype, Slack, and Zoom. The new policy packs can help Digital Guardian customers enable secure communications and collaboration wherever employees are working by monitoring and controlling sensitive data sharing within these solutions.