Privacy & Compliance news & analysis | SC Media

Privacy & Compliance News and Analysis

Zoom taps Salesforce’s Jason Lee as CISO

As Zoom completes its ambitious 90-day security and privacy plan, the teleconferencing company has tapped seasoned veteran and former Salesforce Senior Vice President of Security Operations Jason Lee as CISO. Lee will report directly to Zoom COO Aparna Bawa. Zoom had suffered a number of growing pains – most of them around privacy – exploded…

OneClass unsecured S3 bucket exposes PII on more than one million students, instructors

An unsecured database belonging remote learning platform OneClass has exposed information associated with more than a million students in North America who use the platform to access study guides and educational assistance. “By not securing its users’ data, OneClass has created a goldmine for criminal hackers, jeopardizing the privacy and security of over a million…

Frost & Sullivan employee, customer data for sale on dark web

A group is hawking records of more than 12,000 Frost & Sullivan’s employees and customers on a hacker folder. “The breach occurred to a misconfigured backup directory on one of Frost and Sullivan public-facing servers,” Cyble CEO Beenu Arora said in a BleepingComputer report. “The backup directory had its employees and customers records, along with…

Twitter ‘incident’ leaves billing info stored in browser cache

A “data security incident” at Twitter caused billing information for companies using the social media company’s advertising and analytics platform to be stored in the browser’s cache. While Twitter doesn’t believe the information – including the last four digits off credit card numbers, email addresses and phone numbers – has been compromised it can’t rule…

OaklandPolice

BlueLeaks files expose data from law enforcement, fusion centers

As protesters continue to take to the streets to demand racial justice and police reform in the wake of George Floyd’s death, the activist group DDoSecrets published data on a searchable portal that it says was nicked from  more than 200 law enforcement agencies and fusion centers in the U.S. The BlueLeaks files – more…

Amnesty Int’l: Norway, Bahrain & Kuwait Covid-19 apps threaten privacy

An Amnesty International study of 11 Covid-19 contact tracing apps from Europe, the Middle East and North Africa found identified apps from Bahrain, Kuwait and Norway as the most dangerous to users’ privacy. In a news release published on Tuesday, the human rights organization’s Security Lab said Bahrain’s ‘BeAware Bahrain’, Kuwait’s ‘Shlonik’ and Norway’s ‘Smittestopp’…

Trump

Vulnerability in Trump campaign app revealed keys and secrets

A security vulnerability in President Trump’s mobile campaign app exposed Twitter application keys and secrets, Google apps and maps keys and Branch.io keys in the Android APK file, researchers at Website Planet recently discovered. A research team led by Noam Rotem and Ran Locar said the exposed keys and secrets provided access to the app’s…

Magecart skimmed from Claires.com for nearly two months

International retailer Claire’s, whose fashion accessories are popular with tweens and teenagers, was hit with a Magecart scheme that skimmed PPI, including credit card data, for nearly two months. Discovered by researchers at security firm Sansec, the malware injection began on April 20 and stopped on June 13. The skimming began on March 20, the…

Russian hacker releases at least 14,000 Mexican taxpayer IDs

Researchers at Lucy Security recently discovered that a Russian hacker named m1x breached a Mexican government web portal and three days later once the government refused to pay a ransom, publicly-released some 14,000 Mexican taxpayer ID numbers. Colin Bastable, CEO of Lucy Security, said the researchers discovered the case on a hacking forum on the dark web…

Amazon Logo

Amazon puts one-year moratorium on selling face recognition tech to law enforcement

Just days after Democrats in Congress introduced a police reform bill that included provisions addressing facial recognition and body cams in the wake of George Floyd’s killing, Amazon said it would put a one-year moratorium on selling its face recognition offering to law enforcement. And, IBM said it would pull out of the facial recognition…

Next post in Privacy & Compliance News and Analysis