Security News
LastPass says attackers got users' info and password vault dataThe information couldn't come at a worst time, as businesses are winding down their activities and employees and users are thick in the midst of last-minute preparations for end-of-year holidays. New Microsoft Exchange exploit chain lets ransomware attackers inRansomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities to achieve remote code execution on Microsoft Exchange servers.
Advertisers have responded by pioneering a new method for tracking users across the Web, known as user ID smuggling, which does not require third-party cookies. Researchers at UC San Diego have for the first time sought to quantify the frequency of UID smuggling in the wild, by developing a measurement tool called CrumbCruncher.
Apple tracked users without their consent and deserves to be fined €6 million, according to a top advisor to France's data privacy watchdog. The Commission nationale de l'informatique et des libertés launched an investigation into Apple after a complaint filed by France Digitale, a lobby group supporting startups, accused the company of violating EU privacy laws last year.
Israeli fortifications in the West Bank are becoming a bit more faceless, as the military has reportedly deployed robotic turrets capable of firing stun grenades, less-than-lethal bullets, and tear gas at Palestinians protesting their presence. The remote-controlled auto guns were recently spotted at the Al-Aroub refugee camp in the southern West Bank, and in the city of Hebron, where locals speaking to the Associated Press told tales of weapons that fire without warning and frequently coat hillsides in tear gas.
Advanced persistent threats are a type of attack that's usually carried out or sponsored by a nation-state, and unlike other types of malware attacks, these pose their own challenges. Typically, an APT threat actor will perform some kind of reconnaissance on their target, and then target their victim by sending, for example, a spear-phishing email.
Internet giant Google has agreed to pay a record $391.5 million to settle with 40 states in the U.S. over charges the company misled users about the collection of personal location data. "Google misled its users into thinking they had turned off location tracking in their account settings, when Google continued to collect their location information," Oregon Attorney General Ellen Rosenblum said Monday.
Google has agreed to pay $391.5 million to settle a privacy lawsuit filed by a coalition of attorneys general from 40 U.S. states. The settlement shows that the U.S. attorneys general discovered while investigating a 2018 Associated Press article that the search giant misled Android users and tracked their locations since at least 2014 even when they thought location tracking was disabled.
Royal Mail, UK's leading mail delivery service, has been experiencing ongoing outages with its online tracking services down for more than 24 hours at the time of writing. With Royal Mail's Track & Trace website offline, British residents are unable to track their parcels, letters and mail deliveries.
PhishLabs by HelpSystems has identified attackers leveraging a weakness in Google's ad service to carry out phishing campaigns on financial institutions. In this Help Net Security video, Kevin Cryan, Director of Operational Intelligence at PhishLabs, talks about how this type of attack is different from the one identified by Microsoft - threat actors use conditional geolocation logic to present the legitimate landing page when Google scans their ad. Google publishes the ad and displays the legitimate landing URL on hover.
The massive amounts of digital data being bought and sold - or sometimes freely shared - poses a grave national security risk, according to a former US policymaker and diplomat. "There's a national security loophole from the proliferation of consumer data when we have so much information about Americans floating around the internet," she said.