Security News

Ireland's data protection authority has fined WhatsApp Ireland €5.5 million for breaches of the GDPR relating to its service and told it comply with data processing laws within six months. Why Ireland? The Irish Data Protection Commissioner is the head regulator for several of the US tech giants, and this is because they have sited their operations in the European Union member state - with its Silicon Valley friendly 12.5 percent corporate tax rate.

Lengthy privacy notices included in a social media platform's terms of service can do little to help it comply with transparency requirements under European law, according to recently revealed documents from a case in which Meta was fined €390 million. The documents have been released by noyb, the privacy law campaign group founded by Max Schrems, the lawyer who has twice successfully challenged US-EU data sharing, including the cases that defeated the US Safe Harbor and Privacy Shield agreements.

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history.

Boffins based in China and the UK have devised a telecom network attack that can expose call metadata during VoLTE/VoNR conversations. Researchers Zishuai Cheng and Baojiang Cui, with the Beijing University of Posts and Telecommunications, and Mihai Ordean, Flavio Garcia, and Dominik Rys, with the University of Birmingham, have found a way to access encrypted call metadata - VoLTE activity logs that describe call times, duration, and direction for mobile network conversations.

Online markets selling drugs and other illegal substances on the dark web have started to use custom Android apps for increased privacy and to evade law enforcement. These apps allow shop clients to communicate with drug vendors and provide specific courier instructions for delivery.

"The DPC corresponded with Twitter International Unlimited Company in relation to a notified personal data breach that TIC claims to be the source vulnerability used to generate the datasets and raised queries in relation to GDPR compliance," the Irish privacy regulator said on Friday. Twitter's lead EU watchdog wants to determine if Twitter has complied with its obligation as a data controller regarding the processing of users' data and if it infringed any General Data Protection Regulation or Data Protection Act 2018 provisions.

The developers behind the Brave open-source web browser have revealed a new privacy-preserving data querying and retrieval system called FrodoPIR. The idea, the company said, is to use the technology to build out a wide range of use cases such as safe browsing, checking passwords against breached databases, certificate revocation checks, and streaming, among others. The scheme is called FrodoPIR because "The client can perform hidden queries to the server, just as Frodo remained hidden from Sauron," a reference to the characters from oJ. R. R. Tolkien's The Lord of the Rings.

Brave Software developers have created a new privacy-centric database query system called FrodoPIR that retrieves data from servers without disclosing the content of user queries. [...]

From your accounting software to your team chat, running a business today involves connecting to a variety of online apps. This leaves you vulnerable to attacks - unless you're using something like the KeepSolid Private Browser.

Epic Games has reached a $520 million settlement with the U.S. Federal Trade Commission over allegations that the Fortnite creator violated online privacy laws for children and tricked users into making unintended purchases in the video game. To that end, the company will pay a record $275 million monetary penalty for breaching the Children's Online Privacy Protection Act by collecting the personal information of Fortnite players under the age of 13 without seeking permission from their parents.