Security News

Facebook is pushing back on new Apple privacy rules for its mobile devices - and putting app developers in the middle. Apple will soon require apps to ask users for permission to collect data on what devices they are using and to let ads follow them around on the internet.

The global law firm of Winston & Strawn announced the formation of a new, fully integrated Global Privacy & Data Security practice. The new practice is the culmination of Winston's Global Privacy & Data Security Task Force, formed in 2017, which effectively established a suite of capabilities to serve clients across a wide range of regions and industries.

Sourcepoint has formed a relationship to help Oracle customers protect consumer privacy and manage compliance and user consent. Sourcepoint offers a fully customizable compliance management platform that allows companies to capture, manage, and optimize customer privacy preferences across a range of channels, including web, apps, AMP, and even emerging areas such as OTT and audio.

According to Snyk, SourMint actively performed ad fraud on hundreds of iOS apps and brought with it major privacy concerns to hundreds of millions of consumers. On the surface, the MintegralAdSDK posed as a legitimate advertising SDK for iOS app developers, but its malicious code appeared to commit ad attribution fraud by secretly accessing link clicking activity within thousands of iOS apps that use the SDK. SourMint also spied on user link click activity, improperly tracking requests performed by the app and reporting it back to Mintegral's servers.

Threatpost editors discuss a cryptomining malware targeting AWS systems, a recent development in a lawsuit against the IBM-owned Weather Channel app, and more. Listen to the full podcast below or download direct here.

IBM, the owner of the Weather Channel mobile app, has reached a settlement with the Los Angeles city attorney's office after a 2019 lawsuit alleged that the app was deceiving its users in how it was using their geolocation data. The 2019 lawsuit claimed, the app's permission prompt for users to share their geolocation data did not make them aware that it was also selling that data to third-party companies.

European Union privacy regulators are wrangling over the penalty Ireland's data privacy watchdog was set to issue Twitter for a data breach, pushing back the case's long awaited conclusion under the bloc's tough new data privacy rules. The Irish Data Privacy Commission was expected to issue its decision in the Twitter case, which would be its first involving a U.S. technology company since the new privacy law, known as GDPR, took effect in 2018, allowing for hefty fines.

Anti-vaccine websites, which could play a key role in promoting public hesitancy about a potential COVID-19 vaccine, are far more likely to be found via independent search engines than through an internet giant like Google. The study, led by researchers at Brighton and Sussex Medical School, showed that independent search engines returned between 3 and 16 anti-vaccine websites in the first 30 results, while Google.com returned none.

Maximizing data privacy should be on every organization's priority list. We all know how important it is to keep data and applications secure, but what happens when access to private data is needed to save lives? Should privacy be sacrificed? Does it need to be?

Corporate culture, lack of privacy teams hurt privacy initiatives. Despite the common refrain of "It's not a matter of if, but when" in relation to dealing with a privacy breach, companies are still struggling to implement data privacy protocols, according to a recent TechRepublic Premium survey.