Krebs on Security

DECEMBER 29, 2022

Internal Revenue Service website for months: Anyone seeking to create an account to view their tax records online would soon be required to provide biometric data to a private company in Virginia — ID.me. banks are stiffing account takeover victims. A single bitcoin is trading at around $45,000. Elizabeth Warren (D-Mass.)

Cryptocurrency 291

Cryptocurrency Cybercrime Computers and Electronics Scams 291

Security Affairs

AUGUST 28, 2021

vpnMentor’s researchers reported that the Chinese mobile gaming company EskyFun suffered a data breach, over 1 million gamers impacted. . vpnMentor’s researchers discovered that the Chinese mobile gaming company EskyFun suffered a data breach, information of over 1 million gamers were exposed on an unsecured server. .

Data breaches 132

Data breaches Mobile Data collection Hacking 132

Security Boulevard

MARCH 24, 2025

While MFA is primarily a security feature, its primary privacy benefit is adding another layer of security to prevent unauthorized access to information contained in particular important or sensitive accounts. These apps also frequently use Bluetooth data to gather location information and proximity to nearby devices.

Surveillance 75

Surveillance Telecommunications Data breaches Malware 75

SecureList

NOVEMBER 29, 2024

Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations. IT threat evolution in Q3 2024 IT threat evolution in Q3 2024.

Energy and Utilities 105

Energy and Utilities Ransomware Malware Government 105

Krebs on Security

AUGUST 14, 2019

“ Bluetana ,” a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests.

Banking 262

Banking Computers and Electronics Marketing Mobile 262

The Last Watchdog

MAY 26, 2021

Related: Credential stuffing fuels account takeovers. While changing passwords may be inconvenient at times, following this password best practice can help prevent the following data catastrophes: •Giving hackers easy access to your most sensitive accounts (avoid this problem by steering clear of insecure methods such as HTTP or public Wi-F.

Passwords 182

Passwords Password Management Accountability Authentication 182

Malwarebytes

JUNE 8, 2022

A mobile app violated Canada’s privacy laws via some pretty significant overreach with its tracking of device owners. In reality, this level of data collection is not as uncommon as is being suggested. The app collects how much data? That’s one theory, anyway. That’s one theory, anyway.

Mobile 120

Mobile Data collection Advertising Marketing 120

Security Affairs

SEPTEMBER 11, 2018

The security researcher that handle the Twitter account Privacy First first reported the alleged unethical behavior and published a video that shows how the app harvest users ‘data. “The data collected was explicitly identified to the customer in the data collection policy and is highlighted to the user during the install. .”

Adware 108

Adware Data collection Advertising Antivirus 108

Security Affairs

NOVEMBER 23, 2022

Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users. Researchers at software company Mysk discovered that analytics data collected by iPhone include the Directory Services Identifier (DSID), which could allow identifying users.

Data collection 145

Data collection Accountability Hacking Software 145

Security Affairs

AUGUST 3, 2024

“According to the complaint, from 2019 to the present, TikTok knowingly permitted children to create regular TikTok accounts and to create, view, and share short-form videos and messages with adults and others on the regular TikTok platform. ” reads the press release published by DoJ.

Accountability 128

Accountability Data collection Risk Hacking 128

SecureList

SEPTEMBER 6, 2022

One of the most outstanding examples involves $2 million ‘s worth of CS:GO skins stolen from a user’s account , which means that losses can get truly grave. To make the overview more in-depth, we included both mobile and PC games. Thus, we analyzed threats related to the following titles: Minecraft. Need for Speed.

Mobile 133

Mobile Passwords Software Accountability 133

Malwarebytes

MARCH 27, 2025

Its minimal data collection, transparency, and advanced security features make it superior to WhatsApp in protecting user information. Registration lock : Activate this feature in “Privacy” settings to require a PIN for re-registering your account on new devices. Another important tip is to check Group chat members.

Encryption 55

Encryption Data collection Mobile Authentication 55

Security Affairs

OCTOBER 15, 2018

Scammers create fake websites of known brands, fraudulent promotional campaigns, and fake accounts on social media. In recent years, an often-used fraud method has been fake mobile applications: 36% of users are unable to distinguish between genuine and fake apps, and 60% of the latter request access to the user’s personal data. .

Marketing 104

Marketing Media Phishing Engineering 104

Malwarebytes

JANUARY 25, 2024

The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead. While we don’t know the threat actor’s true intentions, data collection and spying may be one of their motives.

Malware 123

Malware Advertising Accountability Encryption 123

SC Magazine

JULY 13, 2021

The company’s investigation determined that social security numbers, driver’s license numbers, passport numbers and/or financial account numbers may have been accessed or acquired. For this reason – unlike [how] it appears in this case – organizations are wise to limit the amount of data kept and stored in systems,” Kron said.

Retail 102

Retail Ransomware Hacking Digital transformation 102

Security Affairs

MAY 15, 2019

A new story of a violation of the user’s privacy made the lines, Twitter revealed that due to a bug is collected and shared iOS location data with a third-party advertising company, Fortunately, only one partner of the micro-blogging firm was involved and the data collection and sharing occurred in certain circumstances.

Advertising 104

Advertising Accountability Data collection Mobile 104

Approachable Cyber Threats

AUGUST 2, 2021

social engineer a mobile provider employee to facilitate a SIM swap). Users must be better protected from the outset, and the only way to ensure that is to impose significant restrictions on data collection and usage by companies seeking to monetize or use it to their asymmetric benefit in any way.

Data collection 98

Data collection Media Mobile Identity Theft 98

BH Consulting

AUGUST 31, 2023

Having policies and procedures to secure social media accounts and minimise the potential for incidents can help. Recently, a client with several different social media accounts and a large team of people working on them approached BH Consulting to review its security and policies around them. More than 4.7

Media 52

Media Accountability Passwords Authentication 52

The Last Watchdog

FEBRUARY 27, 2019

A typical website or mobile web app consumer experience today gets cobbled together with software components supplied by dozens of different software contractors. We’re talking about things like consumer data collection, data management platforms and retargeting enablement systems.

Retail 138

Retail Digital transformation Advertising Software 138

SecureWorld News

APRIL 29, 2024

It is believed that PII (personally identifiable information) was transmitted to third-party vendors via mobile applications and other website tools used by the healthcare giant. Information collected by online trackers is often shared with an extensive network of marketers, advertisers, and data brokers.

Data breaches 112

Data breaches Healthcare Identity Theft Advertising 112

Security Affairs

APRIL 15, 2023

The Goldoson library was discovered by researchers from McAfee’s Mobile Research Team, it collects lists of applications installed on a device, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. The level of data collection depends on the permissions granted to the app using the malicious library.

Data collection 98

Data collection Mobile Malware Education 98

Troy Hunt

DECEMBER 19, 2017

The site asks you for some personal information when you create the account which it then stores in a database. Who now owns that data? This is an important question because it drives the way organisations then treat that data. Data Collection Should be Minimised, Not Maximisation. The cat site?

Data breaches 176

Data breaches Data collection B2B Mobile 176

SecureList

OCTOBER 13, 2023

This article delves deep into the settings and privacy policies of LLM-based chatbots to find out how they collect and store conversation histories, and how office workers who use them can protect or compromise company and customer data. The user creates an account and gains access to the bot. Account hacking.

Accountability 138

Accountability B2B Risk Hacking 138

Google Security

APRIL 27, 2023

We also continued to combat malicious developers and fraud rings, banning 173K bad accounts, and preventing over $2 billion in fraudulent and abusive transactions. We continued to partner with SDK providers to limit sensitive data access and sharing, enhancing the privacy posture for over one million apps on Google Play.

Mobile 91

Mobile Data collection Accountability Malware 91

Malwarebytes

MAY 13, 2024

When The New York Times retrieved filings from the San Francisco lawsuit above, attorneys for Tesla argued that the automaker could not realistically play a role in this matter: “Virtually every major automobile manufacturer offers a mobile app with similar functions for their customers,” the lawyers wrote. “It

Manufacturing 115

Manufacturing Mobile Wireless Internet 115

SecureList

NOVEMBER 19, 2024

This year, we also specifically analyzed the rise of fake mobile applications designed to steal shopping data. The threat data we rely on is sourced from Kaspersky Security Network (KSN), which processes anonymized cybersecurity data shared consensually by Kaspersky users. attempted to impersonate e-shops.

Banking 103

Banking Phishing Scams Retail 103

Malwarebytes

DECEMBER 16, 2021

Shared data. Grindr disclosed information about a user’s GPS location, IP address, mobile phone advertising ID, age and gender to several third parties for marketing purposes. With this information, users could be identified, and third parties could potentially share this data further.

Advertising 107

Advertising Marketing Data collection Mobile 107

McAfee

JANUARY 28, 2020

If you reuse passwords, you only need one of your cloud services to be breached—once criminals have stolen your credentials through one service, they potentially have access to every account that shares those same credentials, including banking platforms, email and other services where sensitive data is stored.

Passwords 71

Passwords Mobile VPN Identity Theft 71

Adam Levin

SEPTEMBER 27, 2019

A business with a physical location that wants to show up in local search results needs to create an account for Google My Business, so it can show up in Google Maps (which accounts for 67 percent of navigation app usage ), but also needs to keep an eye on Google Reviews left on its business listing. What do I mean by Orwellian?

Advertising 115

Advertising Marketing Data collection Accountability 115

Spinone

FEBRUARY 7, 2018

Installation of non-approved apps on mobile devices that may be used for work falls under the category of shadow IT – software that is installed without approval of the company IT team and can introduce many security risks. This can be particularly risky if an app is granted permissions for a corporate G Suite account, for example.

Mobile 40

Mobile Data breaches Accountability Risk 40

SecureWorld News

JULY 10, 2023

Operating under the radar, these apps silently collect and transmit sensitive data to servers based in China, posing significant risks to user data security and privacy. Pradeo, the mobile security company that discovered these malicious apps, has released a report discussing the spyware lurking on the Google Play Store.

Spyware 75

Spyware Cyber threats Mobile Data collection 75

Malwarebytes

MARCH 3, 2021

Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN apps themselves. The data leak of SuperVPN, GeckoVPN, and ChatVPN. link] — Troy Hunt (@troyhunt) February 28, 2021.

VPN 145

VPN Passwords Internet Internet 145

SecureWorld News

JUNE 24, 2024

Additionally, there sectoral privacy regulations in the United States, such as the Health Insurance Portability and Accountability Act (HIPAA), and state level regulations like the California Consumer Privacy Act (CCPA). Also, the GDPR recommends data anonymization to minimize the risk of PII breach and identity theft.

IoT 109

IoT InfoSec Artificial Intelligence Risk 109

NetSpi Executives

NOVEMBER 6, 2024

It’s an aggregator of data – collecting, ingesting, and deduplicating it to deliver a single comprehensive view about assets and their contextual relationships. This data is then used to identify potential exposures and coverage gaps across the entire asset landscape, including risks that relate to their interconnection.

Risk 52

Risk Technology Penetration Testing Cyber threats 52

McAfee

NOVEMBER 22, 2021

Based on the data collected by our research team from millions of connected McAfee Enterprise users across the globe, the overall usage of enterprise cloud services spiked by 50% across all industries, while the collaboration services witnessed an increase of up to 600% in usage. Figure 2: MVISION Unified Cloud Edge (UCE) .

Digital transformation 86

Digital transformation Data collection Technology Mobile 86

eSecurity Planet

APRIL 14, 2023

Malicious bots can be used to carry out a range of cyber threats like account takeovers and DDoS attacks, so bot protection is an increasingly important defense for web-facing assets. Comprehensive protection: DataDome protects against all types of bots, including credential stuffing, web scraping, and account takeover attacks.

Software 109

Software DDOS Accountability Firewall 109

Security Boulevard

MARCH 31, 2022

Data collection from FTP clients, IM clients. In a blog post published on March 22nd, 2022, Microsoft confirmed that one of their user accounts had been compromised by the Lapsus$ (also known as DEV-0537) threat actor, though they claimed that the information accessed was limited and that “no customer code or data was involved”.

Cybersecurity 98

Cybersecurity Social Engineering Passwords Malware 98