Data Protection

Firefox exploited by scammers

A flaw in the Mac and Windows versions of Mozilla’s Firefox browser evidently has been used to dupe users into thinking their systems will be disabled if they don’t take action by calling a toll-free number. Mozilla says it is working on a fix for inclusion in an upcoming Firefox release. [node:read-more:link]

Twitter data-mined for Saudis

U.S. federal prosecutors say two former Twitter employees used their system access on behalf of Saudi Arabia to collect personal information on dissidents. The Department of Justice says it will not permit U.S. companies or technologies to become “tools of foreign repression." [node:read-more:link]

App developers retain data

Facebook has disclosed that as many as 100 app developers retained data from user groups on the platform. While the social media giant had changed settings to ensure developers could only see basic information, it recently became aware that some developers maintained access to names and images after the change went into effect. [node:read-more:link]

Desjardins data breach bigger than thought

A data breach last December at The Desjardins Group, a Quebec-based financial services company, is turning out to be worse than previously reported. The number of members of the cooperative affected originally was reported at 2.9 million in June but Desjardins President and CEO Guy Cormier disclosed Nov. 1 that the breach affected 4.2 million members. [node:read-more:link]

Georgian websites knocked out

A suspected state-sponsored cyberattack shut down more than 2,000 websites in Georgia, including court sites containing case materials and personal data, as well as the former Soviet satellite’s national TV station. Sources say Georgian government websites are poorly protected and vulnerable. [node:read-more:link]

Cybersecurity a budget a priority

Three weeks into the 2020 U.S. fiscal year, with Congress trying to finalize the budget, the White House is locking down cybersecurity priorities within broad reform of information technologies. Federal Chief Information Officer Suzette Kent says there is strong interest in identity management strategies, enhanced security measures for public services, and automated network monitoring for government agencies’ cyber operations. [node:read-more:link]

JEDI contract goes to Microsoft

Microsoft Corp. has secured a $10-billion Department of Defense contract for the Joint Enterprise Defense Infrastructure (JEDI) cloud data storage program. Amazon Web Services, sole host for the U.S. intelligence community’s cloud storage for six years, had been considered the front-runner in the often litigious bidding process. [node:read-more:link]

Cybersecurity certification

The U.S. Department of Defense Department is close to finalizing a new Cybersecurity Maturity Model Certification framework for assessing suppliers’ protection of sensitive data. After extensive feedback since the first draft was released six weeks ago, Ellen Lord, undersecretary for acquisition and sustainment, says the next iteration should be published in the first week of November, setting the stage for a final version in January after further comment. [node:read-more:link]

Procurement and the AI matrix

Improvements in artificial intelligence technologies means that government procurement agencies need to renew how they approach industry, according to the World Economic Forum. It says in a discussion paper that traditional processes might not be suitable due to new and unique risks to manage and the possibility of unintended consequences. [node:read-more:link]

Countering disinformation

The U.S. needs to refresh and expand its counterintelligence efforts in the face of a growing wave of cyberattacks, says Christopher Costa, a former senior director for counterterrorism at the National Security Council. [node:read-more:link]

Multi-factor authentication warning

The Federal Bureau of Investigation has warned the U.S. telecom sector that companies could be vulnerable to attacks which bypass multi-factor authentication to gain access to accounts. It cites several examples, including the use of stolen credentials to bypass banks’ two-factor authentication protocols.  “When reaching the secondary page where the customer would normally need to enter a PIN and answer a security question, the attacker entered a manipulated string into the Web URL setting the computer as one recognized on the account,” the FBI says. [node:read-more:link]

Political parties’ apps sacrosanct?

Even as governments introduce legislation and regulations to restrict private-sector use of data gathered through mobile apps, they have exempted political parties from any restrictions, which raises questions about how the data they collect is analyzed, used and possibly shared. Some experts are wondering why there’s not more scrutiny of parties. [node:read-more:link]

Privacy rules threaten research

Privacy rules on Facebook and other social media sites are frustrating a scientific study of social media’s influence in democracies. It apparently is at a point where the study’s financial backers are considering dropping out. [node:read-more:link]

Google enhances protections

In an effort to reduced subscribers’ stress over data breaches, Google has developed a “password checkup” feature which checks automatically for compromised passwords. It lets users know whether their information has been exposed at other social meia services or whether a password is considered vulnerable. [node:read-more:link]

Telecom “cleansing” in U.S.

Congress is being urged by legislators from both political parties to purge the U.S. telecom infrastructure of equipment manufactured by any foreign company the government considers a threat to national security. The proposed $1 billion cost of compensating small and rural service providers for replacing alternate equipment would be covered through the newly-proposed Secure & Trusted Communications Networks Act. [node:read-more:link]

Pages

Subscribe to RSS - Data Protection