Schneier on Security

JULY 28, 2021

Mobile carriers sold­ — and still sell — ­location data to brokers who aggregate it and sell it to a range of buyers, including advertisers, law enforcement , roadside services, and even bounty hunters. Carriers were caught in 2018 selling real-time location data to brokers , drawing the ire of Congress.

Mobile 362

Mobile Advertising Data collection Surveillance 362

Security Affairs

MARCH 4, 2024

Consumer groups assert that Meta is not adhering to various rules established by the European privacy regulation GDPR: Fair Processing (Article 5(1)(a)): Personal data must be processed lawfully, fairly, and transparently. Consumer groups claim that Meta’s data collection is unfair and lacks transparency.

Data collection 131

Data collection Surveillance Hacking Information Security 131

Schneier on Security

OCTOBER 3, 2019

Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 (varies by vendor, most up to 2018 releases). [.]. This dataset contains products such as home routers, enterprise equipment, smart cameras, security devices, and more.

IoT 211

IoT Firmware Data collection Architecture 211

CyberSecurity Insiders

AUGUST 26, 2021

It helps in protecting the rights of citizens and offers a plan to companies on what to do and what not to do when it comes to data collection and its security. UK’s Information Commissioner’s Office (ICO) plays a vital role in regulating the GDPR and other data protection rights as per the Data Protection act of 2018.

Information Security 112

Information Security Data privacy Data collection Media 112

Security Affairs

MAY 23, 2024

A previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ has been targeting military and government entities since 2018. Bitdefender researchers discovered a previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ that has been targeting military and government entities since 2018.

Malware 133

Malware Accountability Phishing Data collection 133

SecureWorld News

NOVEMBER 30, 2022

The DPC discussed the inquiry : "The scope of the inquiry concerned an examination and assessment of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta Platforms Ireland Limited ('MPIL') during the period between 25 May 2018 and September 2019.

Data breaches 79

Data breaches Data collection Media Cybersecurity 79

CyberSecurity Insiders

SEPTEMBER 8, 2021

Already, the cookies acceptance feature has been part of EU’s General Data Protection Regulation that came into effect in May 2018. By doing so, ICO wants to aim for a unified data protection for all web users in European Union. By doing so, ICO wants to aim for a unified data protection for all web users in European Union.

Data collection 99

Data collection Data privacy Data breaches Software 99

Troy Hunt

NOVEMBER 13, 2024

Apparently, before a child reaches the age of 13, advertisers will have gathered more 72 million data points on them. I knew I'd seen a metric about this sometime recently, so I went looking for "7,000", which perfectly illustrates how unaware we are of the extent of data collection on all of us.

Data breaches 273

Data breaches Passwords B2B Technology 273

Security Affairs

AUGUST 11, 2023

The SystemBC platform has been offered for sale on various underground forums at least since 2018 as a “malware as a service,” or MaaS. ” reads the report published by Data collected related to multiple incidents analyzed by Kaspersky suggest the attack was conducted by the Russian-speaking RaaS cybercrime Pistachio Tempest or FIN12.

Malware 98

Malware Data collection Healthcare Cybercrime 98

CyberSecurity Insiders

MAY 2, 2023

It amends the 2018 California Consumer Privacy Act (CCPA) introduced in response to rising consumer data privacy concerns. It has significantly impacted data collection and handling practices, giving consumers more control over how businesses handle their data. On the other hand, the CPRA relies on opt-out consent.

Data collection 52

Data collection Data breaches Password Management Data privacy 52

SecureWorld News

AUGUST 16, 2023

Their findings, which spanned data collected between 2018 and 2023, revealed an intriguing reality. This technique, often a precursor to larger cyberattacks such as ransomware, has seen an astonishing 6,000% increase since 2018.

Cybercrime 73

Cybercrime Passwords Data collection Data breaches 73

Centraleyes

OCTOBER 10, 2024

The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union (EU) in 2018. Its primary aim is to safeguard the personal data of EU residents and regulate how businesses and organizations process this data.

Data collection 52

Data collection Data breaches Data privacy Risk 52

Hot for Security

FEBRUARY 12, 2021

Vastaamo’s problems first began in 2018, when it discovered that a database of customer details and – most shockingly – notes from therapy sessions had been accessed by hackers. ”

Data collection 145

Data collection Data breaches Ransomware 145

Malwarebytes

MAY 31, 2023

However, Ring continued to allow hundreds of other employees and third-party contractors access to all video data, regardless of whether they actually needed it in order to perform their jobs. In January 2018, a male employee used his access rights to spy on a female colleague's videos, looking her up using her email address.

Engineering 98

Engineering Data collection Government Accountability 98

eSecurity Planet

DECEMBER 1, 2021

Businesses that have spent the past three-plus years adapting to the European Union’s far-reaching data privacy law now have to decide how they will respond to a similar law in China that has been criticized as being more vague in its wording and harsher in its penalties. Also read: Top GRC Tools & Software for 2021. PIPL vs. GDPR.

Data privacy 131

Data privacy Data collection Accountability Software 131

Security Affairs

DECEMBER 30, 2020

Customer proprietary network information (CPNI) is the data collected by telecommunications companies about a consumer’s telephone calls. The company reported the incident to the authorities and is investigating the incident with the heal of a cybersecurity firm.

Data breaches 145

Data breaches Mobile Telecommunications Wireless 145

CyberSecurity Insiders

FEBRUARY 23, 2021

million or €50 million penalty in March 2020 by the France data watchdog for failing to provide transparent information to users about its rules and regulations pertaining to data collection related to its products and services. Google was awarded $56.6

Marketing 111

Marketing Data collection Data breaches Cybersecurity 111

Thales Cloud Protection & Licensing

MAY 22, 2024

The regulation didn't just introduce new rules—it upended the entire approach to data privacy. Users should be able to opt in and agree to specific data collection while consenting to the scoped processing purpose. The regulation didn't just introduce new rules—it upended the entire approach to data privacy.

Data collection 62

Data collection Data privacy Encryption Authentication 62

Malwarebytes

DECEMBER 5, 2022

The act, which amended and expanded California's consumer privacy law that was built on the California Consumer Privacy Act (CCPA) of 2018 , is set to take effect on January 1, 2023. The CPRA is sometimes called the " CCPA 2.0 " and will affect the personal data of Californians collected from January 1, 2022 onwards.

Data collection 60

Data collection Mobile Risk Cybersecurity 60

SecureList

OCTOBER 29, 2024

Known since 2018, Amadey has been the subject of numerous security reports. The purpose here is likely to generate further revenue for its operators by boosting views of these websites, similar to adware: Payload: Amadey Trojan We recently discovered that the same campaign is now spreading the Amadey Trojan as well.

Adware 94

Adware Malware Cryptocurrency Password Management 94

Security Affairs

OCTOBER 11, 2020

Data collected by the agency is used by the federal government to allocate over $675 billion in federal funds to tribal, local, and state governments every year. According to the DHS, threat actors will likely interfere with the upcoming 2020 US Presidential election, as well as to compromise the 2020 US Census.

Government 145

Government Advertising Hacking Data collection 145

The Last Watchdog

OCTOBER 17, 2022

billion apps in 2021 alone, up more than 47 percent since 2018. This increased demand for apps also raises the need for improved data protection measures, which Google took steps to address with the new data safety section they launched in July 2022. Greediest data harvesters. In fact, Google Play users downloaded 111.3

Data privacy 192

Data privacy Media Data collection Data breaches 192

Security Affairs

NOVEMBER 15, 2022

The authorities started the investigation into Google collection practice following a 2018 Associated Press article that revealed Google “records your movements even when you explicitly tell it not to.”.

Consumer Protection 98

Consumer Protection Accountability Data collection Advertising 98

Krebs on Security

SEPTEMBER 9, 2019

In July, DHS’s Customs and Border Patrol (CPB) suspended all federal contracts with Perceptics , a contractor which sells license-plate scanners and other border control equipment, after data collected by the company was made available for download on the dark web.

Cybercrime 248

Cybercrime Government Data collection Internet 248

Security Affairs

MAY 18, 2019

Even if in Italy the cells of the popular Anonymous collective are very active , the overall number of hacktivist attacks that caused in quantifiable damage to the victim has declined by 95 percent since 2015. Researchers analyzed data collected by IBM’s X-Force threat intelligence unit between 2015 and 2019.

Advertising 95

Advertising Data collection DDOS Healthcare 95

Security Affairs

DECEMBER 10, 2020

Go versions of the backdoor were used since 2018 , they initially start collecting info on the compromised system, and then sends it to the command and control server. The malware samples analyzed by the researchers were heavily obfuscated, but the analysis of the code allowed the experts to attribute them to the APT28.

Malware 123

Malware Phishing Government Data collection 123

Security Affairs

JANUARY 2, 2023

The authorities started the investigation into Google collection practice following a 2018 Associated Press article that revealed Google “records your movements even when you explicitly tell it not to.”.

Consumer Protection 98

Consumer Protection Surveillance Data collection Accountability 98

Malwarebytes

AUGUST 4, 2023

Two complaints from the European Center for Digital Right (NYOB) back in 2018 set the wheels in motion. Additional interest from the European Data Protection Board and decisions made by the Court of Justice of the European Union (CJEU) heaped additional pressure on the now relenting Meta.

Advertising 90

Advertising Data breaches Data collection Marketing 90

Security Affairs

SEPTEMBER 3, 2018

— WikiLeaks (@wikileaks) August 31, 2018. — WikiLeaks (@wikileaks) September 2, 2018. — Ancilla (@ncilla) September 3, 2018. @JulianAssange associate and author of "Information Security for Journalists" @ArjenKamphuis has disappeared according to friends ( @ncilla ) and colleagues.

Advertising 77

Advertising Data collection Information Security Mobile 77

Centraleyes

DECEMBER 4, 2023

On May 25, 2018, Germany entered a new era of data protection. This marked a significant milestone, shaping global data privacy and setting the stage for enhanced regulations within Germany. Landmark cases in the 1990s and the GDPR’s rollout in 2018 shaped Germany’s evolving data protection landscape.

Data privacy 52

Data privacy Risk Telecommunications Big data 52

Security Affairs

APRIL 22, 2019

Data collected by SafeGuard confirm the intensification of the presence of Russian bots on Twitter. In November 2018, Twitter announced to have deleted more than 10,000 accounts managed by bots that were posting messages to influence U.S.

Advertising 104

Advertising Media Data collection Accountability 104

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Vicarius Vulnerability management 2022 Private Dragos ICS and OT security 2021 Private Safeguard Cyber Risk management 2021 Private CyberGRX Risk management 2019 Private Signifyd Fraud protection 2018 Private RedOwl Security analytics 2015 Acquired: Forcepoint. Accel Investments. Andreessen Horowitz (a16z).

Cybersecurity 128

Cybersecurity Technology Marketing Healthcare 128

Anton on Security

AUGUST 6, 2021

Wikipedia ( entry, reviewed 8/6/2021 ) has us believe that Palo Alto invented the term “in 2018.” This is definitely a defensible view of XDR as EDR with more data collection outside of the endpoint. First, a very brief bit of history. The origin of the term XDR (Extended Detection and Response) is disputed.

Technology 100

Technology Data collection Marketing Cybersecurity 100

Security Affairs

NOVEMBER 17, 2018

link ) was posted on Pastebin , the hacker claims to have compromised user’s email and also accused ProtonMail of sending user’s decrypted data to American servers. AmFearLiathMor also wrote that ProtonMail hasn’t configured the mandatory Subresource Integrity ( SRI ) allowing tampering and data collection.

Scams 111

Scams Hacking Data collection Advertising 111

Security Affairs

NOVEMBER 19, 2019

CERT-GIB’s report is based on data collected and analyzed by the Threat Detection System (TDS) Polygon as part of operations to prevent and detect threats distributed online in H1 2019 in more than 60 countries. In 2018, their number grew to 3.6%, while in H1 2019 saw an unusual rise of up to 27.8%. The revival of ransomware.

Ransomware 98

Ransomware Antivirus Malware Banking 98

Malwarebytes

DECEMBER 16, 2021

The fine covers the period from July 2018, when the “Law on the Processing of Personal Data (Personal Data Act)” was established, until April 2020, when Grindr changed the consent solution. Nevertheless, this is the highest fee to date from the Norwegian Data Protection Authority.

Advertising 100

Advertising Marketing Data collection Mobile 100

Security Affairs

NOVEMBER 28, 2020

Experts from threat intelligence firm KELA , speculate the threat actor could have obtained the credentials buying “Azor logs,” which are lots of data stolen from computers infected with the AzorUlt info-stealer trojan.

Accountability 116

Accountability Cybercrime Hacking Retail 116