Data collection and Information Security

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

Security Affairs

FEBRUARY 26, 2025

Researchers found an updated LightSpy spyware with enhanced data collection features targeting social media platforms like Facebook and Instagram. have found an updated version of the LightSpy spyware that supports an expanded set of data collection features to target social media platforms like Facebook and Instagram.

Data collection

Data collection Spyware Media Surveillance

ByteDance agreed to pay $92M in US privacy Settlement for TikTok data collection

Security Affairs

MARCH 1, 2021

users for illegal data collection. The Chinese firm was accused to have failed to get the users’ consent to collect data in compliance with the Illinois biometric privacy law. The post ByteDance agreed to pay $92M in US privacy Settlement for TikTok data collection appeared first on Security Affairs.

Data collection

Data collection Hacking Information Security Malware

UK new information security commissioner is John Edwards

CyberSecurity Insiders

AUGUST 26, 2021

Factually speaking, an Information Commissioner plays a vital role in regurgitating data flow between companies and their customers, respectively. It helps in protecting the rights of citizens and offers a plan to companies on what to do and what not to do when it comes to data collection and its security.

Information Security

Information Security Data privacy Data collection Media

Italy’s data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations

Security Affairs

DECEMBER 23, 2024

Italy’s data protection watchdog fined OpenAI 15 million for ChatGPT’s improper collection of personal data. Italys privacy watchdog, Garante Privacy, fined OpenAI 15M after investigating ChatGPT’s personal data collection practices.

Artificial Intelligence

Artificial Intelligence Data collection Data breaches Hacking

Privacy and Security of Data at Universities

Schneier on Security

NOVEMBER 9, 2018

The boundaries between research and grey data are blurring, making it more difficult to assess the risks and responsibilities associated with any data collection. Many sets of data, both research and grey, fall outside privacy regulations such as HIPAA, FERPA, and PII.

Data collection

Data collection Cyber Risk Risk Government

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

The threat actors used exploits for the above issues in attacks against organizations in various sectors globally, allowing the APT group to access sensitive data and deploy infrastructure for ongoing data collection. The joint advisory includes a list of known vulnerabilities that should be addressed as soon as possible.

Data collection

Data collection Authentication Government Hacking

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

Security Affairs

OCTOBER 10, 2024

. “ The Mongolian Skimmer uses common techniques: DOM monitoring for sensitive input changes, data exfiltration via encoded tracking pixels, DevTools detection to evade debugging, data collection on page unload, cross-browser compatibility, and anti-debugging measures to avoid code tampering.

Data collection

Data collection Engineering Malware Hacking

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Security Affairs

DECEMBER 5, 2024

Automating Repetitive Tasks AI can also automate many of the tasks that make being a SOC analyst so mind-numbing, including data collection, cross-referencing information, and running queries.

Artificial Intelligence

Artificial Intelligence Data collection Cybersecurity Risk

USENIX Security ’23 – POLICYCOMP: Counterpart Comparison of Privacy Policies Uncovers Overbroad Personal Data Collection Practices

Security Boulevard

JANUARY 26, 2024

Authors/Presenters: Lu Zhou, Chengyongxiao Wei, Tong Zhu, Guoxing Chen, Xiaokuan Zhang, Suguo Du, Hui Cao, Haojin Zhu Permalink The post USENIX Security ’23 – POLICYCOMP: Counterpart Comparison of Privacy Policies Uncovers Overbroad Personal Data Collection Practices appeared first on Security Boulevard.

Data collection

Data collection Education Information Security

Calls for an NTSB?

Adam Shostack

JANUARY 2, 2025

Oh, and "The New School of Information Security." Build a repository of incident data. This database should categorize, report, and track pertinent instances of system security-related threats, risks, and failures. [.] First, if you remember such things, can you tell me about it? But I'm sure there have been others.

Data collection

Data collection Risk Information Security

Prominent US law firm Wolf Haldenstein disclosed a data breach

Security Affairs

JANUARY 16, 2025

The security breach occurred on December 13, 2023, but the company discovered the incident only on April 18, 2024, and has only now disclosed it due to the complexity of the digital forensic investigation. “On December 13, 2023, Wolf Haldenstein detected suspicious activity in its network environment.

Data breaches

Data breaches Identity Theft Consumer Protection Data collection

Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

Security Affairs

MARCH 27, 2025

In January, Italys Data Protection Authority Garante asked the AI firm DeepSeek to clarify its data collection, sources, purposes, legal basis, and storage, citing potential risks to user data. ” concludes the alert.

Malware

Malware Data collection Advertising Media

NEW TECH: How a ‘bio digital twin’ that helps stop fatal heart attacks could revolutionize medicine

The Last Watchdog

DECEMBER 7, 2021

A digital twin is a virtual duplicate of a physical entity or a process — created by extrapolating data collected from live settings. Digital twins enable simulations to be run without risking harm to the physical entity; they help inform efficiency gains made in factories and assure the reliability of jet engines, for instance.

Engineering

Engineering Data collection Artificial Intelligence Technology

How to Collect Market Intelligence with Residential Proxies?

Security Affairs

OCTOBER 27, 2023

Then, the derived insights let you monitor market trends, customer behavior, competitor pricing, and other key data collected via market research. Successful extraction of public data from the internet can be a tricky process, especially when visited websites use protection algorithms. Why Choose Residential Proxies?

Marketing

Marketing Data collection Internet Internet

Threat Report Portugal: Q2 2020

Security Affairs

AUGUST 14, 2020

The Threat Report Portugal: Q2 2020 compiles data collected on the malicious campaigns that occurred from April to Jun, Q2, of 2020. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Banking Malware

Texas is the first state to ban DeepSeek on government devices

Security Affairs

FEBRUARY 2, 2025

Last week, Italys data protection watchdog blocked Chinese artificial intelligence (AI) firm DeepSeek s chatbot service within the country, citing a lack of information on its use of users personal data. reads the announcement.

Government

Government Artificial Intelligence Media Data collection

Norway suspends its COVID-19 contact tracing app due to privacy concerns

Security Affairs

JUNE 16, 2020

On Friday, the Norwegian Data Protection Authority (Norwegian: Datatilsynet) issued a warning that it would stop the Norwegian Institute of Public Health from handling data collected via Smittestopp contact tracing app. “The pandemic is not over,” she said.

Data collection

Data collection Advertising Government Technology

Baidu Android apps removed from Play Store because caught collecting user details

Security Affairs

NOVEMBER 24, 2020

The code found in both apps allowed to gather device data, including model, MAC address, carrier information, and IMSI (International Mobile Subscriber Identity) number. The data collection code was found in the Baidu Push SDK, used to show real-time notifications inside both apps.

Data collection

Data collection Mobile Spyware Surveillance

Italy’s Data Protection Authority Garante requested information from Deepseek

Security Affairs

JANUARY 30, 2025

Italys data privacy regulator Garante has requested information from Chinese AI company DeepSeek regarding its data practices. Italys Data Protection Authority Garante has asked the AI firm DeepSeek to clarify its data collection, sources, purposes, legal basis, and storage, citing potential risks to user data.

Artificial Intelligence

Artificial Intelligence Data collection Data privacy DDOS

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

Security Affairs

FEBRUARY 28, 2020

Network data collected by the NetBlocks internet observatory confirm that Turkey has blocked access to social media as Idlib military crisis escalates.

Media

Media Data collection Internet Internet

Taking Control Online: Ensuring Awareness of Data Usage and Consent

Security Affairs

SEPTEMBER 17, 2024

The report provides insights into factors influencing user consent for data collection and usage and reasons for consumer disengagement. A Statista survey of US consumers showed that two-thirds (66%) of respondents said they would gain trust in a company if it were transparent about how it uses their personal data.

Data collection

Data collection Data privacy B2B Digital transformation

DRM Report Q2 2023 – Ransomware threat landscape

Security Affairs

OCTOBER 4, 2023

The data collected paints a vivid picture, revealing 1,736 ransomware claims, with 53 incidents specifically targeting Italy. Geographical data and affected sectors provide crucial insights into emerging trends and threats. Wrapping up: The second quarter of 2023 reflects a concerning surge in ransomware attacks globally.

Ransomware

Ransomware Data collection Cyber threats Hacking

Google agreed to settle a $5 billion privacy lawsuit

Security Affairs

DECEMBER 31, 2023

. “Judge Rogers had rejected Google’s bid to have the case dismissed earlier this year, saying she could not agree that users consented to allowing Google to collect information on their browsing activity.”

Data collection

Data collection Advertising Hacking Technology

Fortune-telling website WeMystic exposes 13M+ user records

Security Affairs

DECEMBER 2, 2023

Businesses employ MongoDB to organize and store large swaths of document-oriented information. While WeMystic has since closed the database, researchers said that the data was accessible for at least five days. One of the data collections in the exposed instance, named “users,” contained a whopping 13.3

Data collection

Data collection Risk Hacking Information Security

Threat Report Portugal: Q1 2021

Security Affairs

MAY 2, 2021

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Data collection

China Data Security Law bars online companies with 1 million users

CyberSecurity Insiders

JANUARY 4, 2022

Second, if the Chinese data processor feels that the company’s data collection from users could affect national security, they can carry on with their business objective of filing for an IPO after a review certification gets completed.

Data collection

Data collection Government Advertising Network Security

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

Re-fingerprinting the infected systems indicates the data collected by Lazarus via NineRAT may be shared by other APT groups and essentially resides in a different repository from the fingerprint data collected initially by Lazarus during their initial access and implant deployment phase.”

Malware

Malware Data collection Manufacturing Healthcare

Don’t use AI-based apps, Philippine defense ordered its personnel

Security Affairs

OCTOBER 23, 2023

Teodoro ordered “to refrain from using AI photo generator applications and practice vigilance in sharing information online” At this time, it remains unclear whether the order was issued in response to a specific event or to address potential attacks aimed at exploiting the data collected by these applications.

Identity Theft

Identity Theft Social Engineering Data collection Risk

Threat Report Portugal: Q2 2021

Security Affairs

JULY 22, 2021

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from April to June, Q2, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Banking

Threat Report Portugal: Q4 2020

Security Affairs

JANUARY 26, 2021

The Threat Report Portugal: Q4 2020 compiles data collected on the malicious campaigns that occurred from October to December, Q4, of 2020. Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst, Cybersecurity Analyst and also a Security Evangelist.

Threat Reports

Threat Reports Phishing Malware Banking

Learning from Near Misses

Adam Shostack

JANUARY 2, 2025

First, in the nearly ten years since Andrew Stewart and I wrote The New School of Information Security, and called for more learning from breaches, we've seen a dramatic shift in how people talk about breaches. Mandatory reporting and investigations would result better data collection.

InfoSec

InfoSec Data collection Engineering Cyber Attacks

Mobile virtual network operator Mint Mobile discloses a data breach

Security Affairs

DECEMBER 23, 2023

Our investigation indicates that certain information associated with your account was impacted.” ” reads the data breach notification email sent to the impacted customers. “Mint’s data collection policy is one of the most important ways in which we ensure the privacy and security of our subscribers.

Mobile

Mobile Data breaches Wireless Data collection

Threat Report Portugal Q1 2020

Security Affairs

APRIL 20, 2020

The Threat Report Portugal: Q1 2020 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2020. Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst, Cybersecurity Analyst and also a Security Evangelist.

Threat Reports

Threat Reports Phishing Malware Banking

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Hot for Security

FEBRUARY 16, 2021

Seismic monitoring devices linked to the internet are vulnerable to cyberattacks that could disrupt data collection and processing, according to Michael Samios of the National Observatory of Athens and his fellow colleagues who put together a new study published in Seismological Research Letters. .

IoT

IoT InfoSec Data collection Encryption

Unleashing the Power of a Security Data Lake

SecureWorld News

APRIL 3, 2023

The concept of a Security Data Lake, a type of Data Lake explicitly designed for information security, has not received much attention yet. However, this is not your ordinary data storage solution. It can potentially bring a company's security to the next level.

Unstructured Data

Unstructured Data Data collection Information Security Backups

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Security Affairs

JULY 12, 2021

For the third time in the past four months, LinkedIn seems to have experienced another massive data scrape conducted by a malicious actor. Once again, an archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it’s currently being sold for an undisclosed sum.

Social Engineering

Social Engineering Data collection Media Passwords

CIRWA Project tracks ransomware attacks on critical infrastructure

Security Affairs

SEPTEMBER 14, 2020

Data collected by the researchers are very interesting and very useful for future research projects on the security of the critical infrastructure. The researchers highlighted the importance of the contribution from the security community, anyone could submit info related to attacks to CIRWA using this form.

Ransomware

Ransomware Advertising Data collection Healthcare

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Security Affairs

OCTOBER 30, 2023

. “The Chief Information Officer of Canada determined that WeChat and Kaspersky suite of applications present an unacceptable level of risk to privacy and security. On a mobile device, the WeChat and Kaspersky applications data collection methods provide considerable access to the device’s contents.”

Mobile

Mobile Government Data collection Antivirus

Threat Report Portugal: Q3 2021

Security Affairs

NOVEMBER 14, 2021

The Threat Report Portugal: Q3 2021 compiles data collected on the malicious campaigns that occurred from July to September, Q3, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Banking

Italy’s data protection authority Garante blocked the DeepSeek AI platform

Security Affairs

JANUARY 31, 2025

This week, Italys Data Protection Authority Garante asked the AI firm DeepSeek to clarify its data collection, sources, purposes, legal basis, and storage, citing potential risks to user data. The AI-powered chatbot, recently launched globally, has rapidly gained popularity reaching millions of users.

Artificial Intelligence

Artificial Intelligence Data collection DDOS Risk

US FTC sued US data broker Kochava for selling sensitive and geolocation data

Security Affairs

AUGUST 29, 2022

FTC sued US data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices. ” reads the complaint.

Mobile

Mobile Data collection Hacking Information Security

Threat Report Portugal: Q4 2021

Security Affairs

FEBRUARY 20, 2022

The Threat Report Portugal: Q4 2021 compiles data collected on the malicious campaigns that occurred from July to September, Q4, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Banking

Threat Report Portugal: Q2 2022

Security Affairs

JULY 4, 2022

The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Threat Reports

Threat Reports Phishing Malware Banking

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Security Affairs

DECEMBER 30, 2020

T-Mobile discovered that the attackers had access to the CPNI (Customer Proprietary Network Information). Customer proprietary network information (CPNI) is the data collected by telecommunications companies about a consumer’s telephone calls.

Data breaches

Data breaches Mobile Telecommunications Wireless

New LightSpy spyware variant comes with enhanced data collection features targeting social media platforms

ByteDance agreed to pay $92M in US privacy Settlement for TikTok data collection

Trending Sources

UK new information security commissioner is John Edwards

Italy’s data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations

Privacy and Security of Data at Universities

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

E-skimming campaign uses Unicode obfuscation to hide the Mongolian Skimmer

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

USENIX Security ’23 – POLICYCOMP: Counterpart Comparison of Privacy Policies Uncovers Overbroad Personal Data Collection Practices

Calls for an NTSB?

Prominent US law firm Wolf Haldenstein disclosed a data breach

Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

NEW TECH: How a ‘bio digital twin’ that helps stop fatal heart attacks could revolutionize medicine

How to Collect Market Intelligence with Residential Proxies?

Threat Report Portugal: Q2 2020

Texas is the first state to ban DeepSeek on government devices

Norway suspends its COVID-19 contact tracing app due to privacy concerns

Baidu Android apps removed from Play Store because caught collecting user details

Italy’s Data Protection Authority Garante requested information from Deepseek

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

Taking Control Online: Ensuring Awareness of Data Usage and Consent

DRM Report Q2 2023 – Ransomware threat landscape

Google agreed to settle a $5 billion privacy lawsuit

Fortune-telling website WeMystic exposes 13M+ user records

Threat Report Portugal: Q1 2021

China Data Security Law bars online companies with 1 million users

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Don’t use AI-based apps, Philippine defense ordered its personnel

Threat Report Portugal: Q2 2021

Threat Report Portugal: Q4 2020

Learning from Near Misses

Mobile virtual network operator Mint Mobile discloses a data breach

Threat Report Portugal Q1 2020

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Unleashing the Power of a Security Data Lake

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

CIRWA Project tracks ransomware attacks on critical infrastructure

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Threat Report Portugal: Q3 2021

Italy’s data protection authority Garante blocked the DeepSeek AI platform

US FTC sued US data broker Kochava for selling sensitive and geolocation data

Threat Report Portugal: Q4 2021

Threat Report Portugal: Q2 2022

T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed

Stay Connected