Security News
Microsoft says the KB5021751 update is respecting users' privacy while identifying the number of customers running Office versions that are outdated or approaching their end of support. It will only be installed on systems where one of the following Microsoft Office versions is also present: Office 2013, Office 2010, or Office 2007.
In particular, NCA and several of its partners are hosting Data Privacy Week virtual events where you can listen to data security experts, learn about today's most pressing data privacy issues, and even share some of your own tips and advice. Keep in mind that Data Privacy Week and Data Privacy Day are both widely recognized events in the data and security spaces, so other technology and security leaders may be hosting similar events.
Ireland's data protection authority has fined WhatsApp Ireland €5.5 million for breaches of the GDPR relating to its service and told it comply with data processing laws within six months. Why Ireland? The Irish Data Protection Commissioner is the head regulator for several of the US tech giants, and this is because they have sited their operations in the European Union member state - with its Silicon Valley friendly 12.5 percent corporate tax rate.
Lengthy privacy notices included in a social media platform's terms of service can do little to help it comply with transparency requirements under European law, according to recently revealed documents from a case in which Meta was fined €390 million. The documents have been released by noyb, the privacy law campaign group founded by Max Schrems, the lawyer who has twice successfully challenged US-EU data sharing, including the cases that defeated the US Safe Harbor and Privacy Shield agreements.
Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history.
Boffins based in China and the UK have devised a telecom network attack that can expose call metadata during VoLTE/VoNR conversations. Researchers Zishuai Cheng and Baojiang Cui, with the Beijing University of Posts and Telecommunications, and Mihai Ordean, Flavio Garcia, and Dominik Rys, with the University of Birmingham, have found a way to access encrypted call metadata - VoLTE activity logs that describe call times, duration, and direction for mobile network conversations.
Online markets selling drugs and other illegal substances on the dark web have started to use custom Android apps for increased privacy and to evade law enforcement. These apps allow shop clients to communicate with drug vendors and provide specific courier instructions for delivery.
"The DPC corresponded with Twitter International Unlimited Company in relation to a notified personal data breach that TIC claims to be the source vulnerability used to generate the datasets and raised queries in relation to GDPR compliance," the Irish privacy regulator said on Friday. Twitter's lead EU watchdog wants to determine if Twitter has complied with its obligation as a data controller regarding the processing of users' data and if it infringed any General Data Protection Regulation or Data Protection Act 2018 provisions.
The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called FrodoPIR. The idea, the company said, is to use the technology to build out a wide range of use cases such as safe browsing, checking passwords against breached databases, certificate revocation checks, and streaming, among others. The scheme is called FrodoPIR because "The client can perform hidden queries to the server, just as Frodo remained hidden from Sauron," a reference to the characters from oJ. R. R. Tolkien's The Lord of the Rings.
Brave Software developers have created a new privacy-centric database query system called FrodoPIR that retrieves data from servers without disclosing the content of user queries. [...]