Privacy & Compliance news & analysis | SC Media

Privacy & Compliance News and Analysis

Flaws in SETracker watch app posed danger to dementia patients

Security researchers found flaws in a smart tracker that was aimed at the elderly, especially those with dementia or other cognitive issues. In research released late this week, Pen Test Partners found flaws in source code that the manufacturer posted publicly. Most of the watches use SETracker as a backend, an app owned by the…

money

Frequency, size of fines for failing to secure data will grow by 2025, report

A little over two years since GDPR took effect and a few days after California began to enforce the CCPA, a study found more than one-third – 37 percent – of U.K. cybersecurity professionals expect the number and monetary amount of fines their employers face for not adequately safeguarding data will increase by 2025 even…

Personal home router

Home routers largely unpatched, raising risk during Covid-19 WFH

Employers who have suddenly shifted a large percentage of their workforce to remote due to Covid-19 no doubt will shudder by the findings of a new Fraunhofer Institute for Communication, Information Processing and Ergonomics study that concluded no home router was without security vulnerabilities. The German tech think tank analyzed 127 home routers from seven…

EARN IT passes Senate Judiciary, stokes concerns over erosion of end-to-end encryption

Proponents of the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARNIT) might tout its tough stance on online child sexual abuse material but privacy and digital rights advocates contend the bill, just passed by the Senate Judiciary Committee, will erode end-to-end encryption. EARN IT revokes Section 230 protection for internet intermediaries for what…

Running in infosec

Open S3 bucket exposes one million files of fitness brand V Shred

A misconfigured AWS S3 bucket at V Shred exposed more that one million files, including PII on 99,000 people associated with the fitness brand’s customers. Researchers at vpnMentor led by Noam Rotem and Ran Locar discovered the open server and alerted the company, which apparently removed the file containing the most PII, but kept the…

Eight cities using Click2Gov targeted in Magecart skimming attacks

Since April 10, eight cities in three states using the Click2Gov web-based platform to collect payments for services have been hit with Magecart card-skimming attacks that still appear active. Credit card information including card number, expiration date and CVV, as well as personal information such as name and contact address, were being exfiltrated from the…

UCSF paid $1.4 million ransom in NetWalker attack

The University of California, San Francisco (UCSF) ponied up $1.4 million to hackers to retrieve data encrypted during a NetWalker ransomware attack disclosed in early June.  “The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” according to a  statement from UCSF, which said…

Glupteba malware leverages blockchain as a communications channel

Glupteba malware does something novel: It uses the bitcoin blockchain as a communications channel to receive updated configuration information. That’s important because malware always needs a way to go back to its home base, preferably without being detected, according to a paper released this week by Sophos Labs researchers. The new form of malware sprinkles…

Dem bill would ban federal law enforcement from using facial recognition technology

Democrats in the House and Senate today introduced legislation banning federal law enforcement from using facial recognition technology. “Facial recognition technology doesn’t just pose a grave threat to our privacy, it physically endangers Black Americans and other minority populations in our country,” said Sen. Edward J. Markey, D-Mass., who introduced the bill along with Sen.…

Next post in Security News