Security News

Advanced persistent threats are a type of attack that's usually carried out or sponsored by a nation-state, and unlike other types of malware attacks, these pose their own challenges. Typically, an APT threat actor will perform some kind of reconnaissance on their target, and then target their victim by sending, for example, a spear-phishing email.

Internet giant Google has agreed to pay a record $391.5 million to settle with 40 states in the U.S. over charges the company misled users about the collection of personal location data. "Google misled its users into thinking they had turned off location tracking in their account settings, when Google continued to collect their location information," Oregon Attorney General Ellen Rosenblum said Monday.

Google has agreed to pay $391.5 million to settle a privacy lawsuit filed by a coalition of attorneys general from 40 U.S. states. The settlement shows that the U.S. attorneys general discovered while investigating a 2018 Associated Press article that the search giant misled Android users and tracked their locations since at least 2014 even when they thought location tracking was disabled.

Royal Mail, UK's leading mail delivery service, has been experiencing ongoing outages with its online tracking services down for more than 24 hours at the time of writing. With Royal Mail's Track & Trace website offline, British residents are unable to track their parcels, letters and mail deliveries.

PhishLabs by HelpSystems has identified attackers leveraging a weakness in Google's ad service to carry out phishing campaigns on financial institutions. In this Help Net Security video, Kevin Cryan, Director of Operational Intelligence at PhishLabs, talks about how this type of attack is different from the one identified by Microsoft - threat actors use conditional geolocation logic to present the legitimate landing page when Google scans their ad. Google publishes the ad and displays the legitimate landing URL on hover.

The massive amounts of digital data being bought and sold - or sometimes freely shared - poses a grave national security risk, according to a former US policymaker and diplomat. "There's a national security loophole from the proliferation of consumer data when we have so much information about Americans floating around the internet," she said.

GitHub to add non-essential cookies on marketing pages. "GitHub is introducing non-essential cookies on web pages that market our products to businesses," explains Olivia Holder, GitHub's Senior Privacy Counsel.

Those forces are tracking technologies and data privacy regulations. Three pharmacies in Sweden recently reported themselves to the Privacy Protection Authority for deploying the ubiquitous Facebook "Tracking pixel" on their site and sharing consumers' personal data the pixel collected with the world's largest social network.

Google on Friday pledged to update its location history system so that visits to medical clinics and similarly sensitive places are automatically deleted. Google keeps a log of its users whereabouts, via its Location History functionality, and provides some controls to delete all or part of those records, or switch it off.

Mozilla Firefox 102 was released today with a new privacy feature that strips parameters from URLs that are used to track you around the web. Numerous companies, including Facebook, Marketo, Olytics, and HubSpot, utilize custom URL query parameters to track clicks on links.