Security News
Akamai observes nearly seven trillion DNS requests daily and classifies malicious DNS transactions into three main categories: malware, phishing and command and C2. These attacks present a major threat to both enterprises and home users. They analyzed malicious DNS data and linked attackers to malware such as Emotet, a malware strain that is now one of the most dangerous cybercrime services, and QSnatch, which targets backups or file storage and is the most significant botnet threat in enterprise environments.
A bill proposed by Washingston state lawmakers would make it illegal for period-tracking apps, Google or any other website to sell consumers' health data while also making it harder for them to collect and share this personal information. Washington Representative Vandana Slatter, a Democrat, introduced House Bill 1155 [PDF], the My Health, My Data Act, in response to the US Supreme Court ruling last year to overturn Roe v. Wade, which removed constitutional rights to abortion.
A woman in Canada failed in her claim for wrongful dismissal due to evidence from laptop software designed to track working time activity. 07 for part of the advance she received before starting work, and for the wages equal to the commensurate time lost.
Apple "Unlawfully records and uses consumers' personal information and activity," claims a new lawsuit accusing the company of tracking iPhone users' device data even when they've asked for tracking to be switched off. The would-be class action lawsuit, filed in Pennsylvania, accuses [PDF] Apple of violating Pennsylvania's Wiretapping and Electronic Surveillance Act, as well as breaching its trade practices and consumer protection law by "Representing that its mobile devices enable users to choose settings that would stop defendant from collecting or tracking their private data - a feature they do not have."
Google has settled two more of the many location tracking lawsuits it had been facing over the past year, and this time the search giant is getting an even better deal: just $29.5 million to resolve complaints filed in Indiana and Washington DC with no admission of wrongdoing. The cases filed in the Midwestern state and the capital are similar to those settled elsewhere in the US in the last 12 months and center on allegations that Google deceived users into handing over location data, which it then turned into billions in advertising dollars.
Raj Samani, SVP, Chief Scientist, Rapid7, discusses the tactics observed from a recent case of espionage, and what can be learned from such observations. This video was recorded at IRISSCON 2022, an annual conference organized by IRISSCERT. The all-day event focuses on providing attendees with an overview of the current cyber threats facing businesses in Ireland and what they can do to help deal with those threats.
Google has agreed to pay a total of $29.5 million to settle two different lawsuits brought by Indiana and Washington, D.C., over its "Deceptive" location tracking practices. The search and advertising giant is required to pay $9.5 million to D.C. and $20 million to Indiana after the states sued the company for charges that the company tracked users' locations without their express consent.
LastPass says attackers got users' info and password vault dataThe information couldn't come at a worst time, as businesses are winding down their activities and employees and users are thick in the midst of last-minute preparations for end-of-year holidays. New Microsoft Exchange exploit chain lets ransomware attackers inRansomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities to achieve remote code execution on Microsoft Exchange servers.
Advertisers have responded by pioneering a new method for tracking users across the Web, known as user ID smuggling, which does not require third-party cookies. Researchers at UC San Diego have for the first time sought to quantify the frequency of UID smuggling in the wild, by developing a measurement tool called CrumbCruncher.
Apple tracked users without their consent and deserves to be fined €6 million, according to a top advisor to France's data privacy watchdog. The Commission nationale de l'informatique et des libertés launched an investigation into Apple after a complaint filed by France Digitale, a lobby group supporting startups, accused the company of violating EU privacy laws last year.