Facebook fined in South-Korea for 5 million euros

Facebook fined in South-Korea for 5 million euros

South Korea’s privacy watchdog (PIPC) has fined Facebook millions for providing users’ personal information to companies.

According to the data protector, the data of at least 3.3 million local Facebook users would have been shared without permission with up to 10,000 companies. Personal data such as relationship statuses, work experience and education were shared with other companies when the users logged in to the online services of those companies with their Facebook account. The personal information of their Facebook friends was also shared without permission. The privacy watchdog states that the social network did not cooperate in the investigation that has been running since 2018, for example by submitting incomplete and false documents. Facebook however says it has cooperated well.

Read more about this: Facebook fined in South Korea for sharing user data without consent | ZDNet

66% of EU Banks using US big tech cloud services forms risk

66% of EU Banks using US big tech cloud services forms risk

The European Commission is going after cloud computing, the online data storage business dominated by big American companies.
A draft bill seeks to address concerns about dependence on a small group of providers: chiefly Amazon Web Services, Google Cloud, IBM Cloud and Microsoft Azure.


The bill creates an oversight system designed “to preserving the Union’s financial system stability,”. Along with “monitoring of operational risks which may arise as a result of the financial system’s reliance on critical [outsourced services. It includes unrestricted rights to access and process all information deemed relevant, and also the “right to conduct audits and inspections,” and to issue “mandatory instructions.”.

In this package there are also measures to help digitalize the financial sector and modernize the EU’s rulebook for the online market. These include initiatives to harmonize companies’ online defences and regulate digital financial assets. The package also includes policy strategies on retail payments and capital markets.

Read more about this: https://www.politico.eu/article/eu-cloud-new-front-with-us-tech-giants/?

Security Awareness training is most effective when repeated every six months

Security Awareness training is most effective when repeated every six months

Awareness training in the field of cybersecurity and phishing must be repeated after approximately six months to ensure that employees continue to recognize phishing emails properly. This is evident from a study that was carried out by a number of German universities at an organization from the public sector. In Germany, public organizations are required to implement an information security management system (ISMS) to increase employee awareness of information security. The research focused on the question of how effective these awareness training courses will still be over time. To this end, it was periodically tested whether employees were able to recognize phishing emails.
The research showed that the participants were still perfectly capable of recognizing phishing emails after four months. That was no longer the case if the phishing training was six months or more ago, ZDNet writes.

Read more about this: https://www.zdnet.com/article/phishing-awareness-training-wears-off-after-a-few-months/?

Does Instagram invade your privacy using camera access?

Does Instagram invade your privacy by camera access?

Last Thursday in the Northern District of California, Brittany Conditi filed a class-action complaint against Instagram and its parent company Facebook for invasion of privacy alleging that Instagram accessed users’ smartphone cameras when not using features that would require camera access, despite the defendants’ representations to the contrary.

Specifically, the party who initiated the lawsuit averred that “Instagram is constantly accessing users’ smartphone camera feature while the app is open and monitors users without permission, i.e., when users are not interacting with Instagram’s camera feature.”

Conditi argued that Instagram has broken its promise with users, as it has no reason to access users’ cameras when they are not using the camera feature.

read more about this: https://www.docketalarm.com/cases/California_Northern_District_Court/3–20-cv-06534/Conditi_v._Instagram_LLC_et_al/1/

Halo and goodbye privacy?

Halo and goodbye privacy?

In August Halo was lanched by Amazon which is a new wearable device to compete with Apple Watch and Fitbit. The Halo device does not only allow customers to track things like exercise and sleep, as most fitness wearables, but can also track emotional changes by listening to the wearer’s tone of voice and can present a 3D body image with a body fat percentage. Also there is an option to upload the collection information to the largest electronic medical record companies which could potentially make it available to physicians. Halo has taken the step of putting control of the collected health data in the hands of the individual, not the company that manufactured the device. Currently, neither Amazon, nor Apple, nor any other retail fitness tracker is required by federal law to maintain any particular privacy standard, so it’s fixed in their terms of service which might change in the future (California residents may benefit, though, from the California Consumer Privacy Act.). Does this open the commerical opportunity for such wearable devices by exploiting the hole in legislation? Will it be available in Europe and how does this relate to the current downfall of the EU-US Privacy Shield and the GDPR?

read more about this: https://www.cnbc.com/2020/08/29/op-ed-amazon-halo-privacy-considerations.html

28.000 printers hacked for security awareness

28.000 printers gehackt voor beveiligingsbewustzijn

Cybersecurity experts at CyberNews hijacked close to 28,000 unsecured printers worldwide and forced them to print out a guide on printer security. How to secure a printer?

  1. Limit or disable network printing;
  2. Secure your printing ports;
  3. Use a firewall;
  4. Update your printer firmware to the latest version;
  5. Change the default password to a strong passphrase.

Read more about this: https://cybernews.com/security/we-hacked-28000-unsecured-printers-to-raise-awareness-of-printer-security-issues/

Former Uber CISO charged for concealing hack

Former Uber CISO charged for concealing hack

Yesterday Uber’s former security chief Joe Sullivan was charged with attempting to conceal a hack from federal investigators. This hack exposed the email addresses and phone numbers of 57 million drivers and passengers.

As a result the former CISO could face up to eight years in prison for not promptly disclosing to the employee and consumer victims in that hack, which indicates bad corporate behaviour.

Read more about this at: https://www.nytimes.com/2020/08/20/technology/joe-sullivan-uber-charged-hack.html

Spy on satellite broadband traffic using $300?

Spy on satellite broadband traffic using $300?

Transmitted information via satellite broadband connections – something that’s useful in areas where fixed internet connections might be slow or non-existent – could get their traffic sniffed, potentially putting usernames and passwords into the hands of attackers, as well as the ability to track sensitive but often not encrypted information about individuals or corporations.

You can read more about this here: https://www.zdnet.com/article/how-hackers-could-spy-on-satellite-internet-traffic-with-just-300-of-home-tv-equipment/

FBI: how to recognize malicious web stores?

Ecommerce

The FBI has provided Internet users with tips for recognizing malicious web stores. According to the U.S. Service, there is an increase in the number of victims being tracked down through fake online stores. The US regulator FTC also reports an increase in the number of shoppers who do not receive ordered goods. These include masks.

Tips to recognize these malicious web stores are:

  • check the top level domain;
  • check the public whois data of the domain owner and whether the contact details are correct and how long the domain exists;
  • if the price or discount is too good to be true then it probably is;
  • check their email address, private email addresses are suspicious;
  • don’t blindly trust advertised websites on social media;
  • check the reviews and complaints of the sites.

Read more about this at: https://www.ic3.gov/media/2020/200803.aspx

European Court declares Privacy Shield treaty with US invalid

European Court declares Privacy Shield treaty with US invalid

The European Court of Justice has declared the Privacy Shield Treaty between the EU and the United States invalid. Privacy Shield regulates the exchange of personal data between companies in the European Union and the US. According to the Court, personal data of EU citizens stored in the United States is not sufficiently protected.

The Court finds that “the requirements of national security, the public interest, and compliance with US law take precedence, allowing for interference with the fundamental rights of individuals whose personal data are transferred to the United States.” However, according to the Court of Justice, contractual clauses for the transfer of personal data to processors established in third countries are valid.

Read more about this at: https://www.forbes.com/sites/stewartroom/2020/07/16/europes-top-court-collapses-the-privacy-shield-in-facebook-data-transfer-case/#29cac7b32a1c