Privacy & Compliance news & analysis | SC Media

Privacy & Compliance News and Analysis

Trump

Vulnerability in Trump campaign app revealed keys and secrets

A security vulnerability in President Trump’s mobile campaign app exposed Twitter application keys and secrets, Google apps and maps keys and Branch.io keys in the Android APK file, researchers at Website Planet recently discovered. A research team led by Noam Rotem and Ran Locar said the exposed keys and secrets provided access to the app’s…

Magecart skimmed from Claires.com for nearly two months

International retailer Claire’s, whose fashion accessories are popular with tweens and teenagers, was hit with a Magecart scheme that skimmed PPI, including credit card data, for nearly two months. Discovered by researchers at security firm Sansec, the malware injection began on April 20 and stopped on June 13. The skimming began on March 20, the…

Russian hacker releases at least 14,000 Mexican taxpayer IDs

Researchers at Lucy Security recently discovered that a Russian hacker named m1x breached a Mexican government web portal and three days later once the government refused to pay a ransom, publicly-released some 14,000 Mexican taxpayer ID numbers. Colin Bastable, CEO of Lucy Security, said the researchers discovered the case on a hacking forum on the dark web…

Amazon Logo

Amazon puts one-year moratorium on selling face recognition tech to law enforcement

Just days after Democrats in Congress introduced a police reform bill that included provisions addressing facial recognition and body cams in the wake of George Floyd’s killing, Amazon said it would put a one-year moratorium on selling its face recognition offering to law enforcement. And, IBM said it would pull out of the facial recognition…

Retail & IT Security

Magecart skimmer strikes Fitness Depot at checkout

A Magecart credit card skimmer scheme used on Canadian fitness equipment retailer Fitness Depot’s e-commerce system Feb. 18 affected an undisclosed number of customers requesting either at-home delivery or in-store pickup at one of the company’s 40 stores. A bogus form placed on the Fitness Depot website managed to capture names, addresses, email addresses, telephone…

Taser Body Camera

House police reform bill includes face recognition provisions

Tucked into the police reform bill introduced by the House today are provisions for using body cameras along with a cursory rebuff of facial recognition, prompting privacy advocates to call for legislators to clarify that the technology should only be used for accountability, not surveillance. “Any reform legislation should make clear that face recognition cannot…

Targeting browsers

Brave browser undercuts transparency by autofilling affiliate links

Brave, the internet browser that appeals to users concerned with privacy, has been autofilling links for affiliates like Coinbase and Binance during crypto service URL searches without gaining consent from users. “The fact that Brave has put revenue above transparency is problematic,” said Ray Walsh, digital privacy expert at ProPrivacy. “The fact is that Brave can…

CPA Canada breach put 329,000 accounting pros at risk

A breach at Charter Professional Accountants of Canada (CPA Canada) by an unauthorized third party exposed the personal information of 329,000 individuals. “329,000 professionals are now at risk of sustained attacks, and therefore their clients are at risk,” said Colin Bastable, CEO of Lucy Security. “Accounting firms’ numbers of clients can range from the tens to…

San Francisco benefits program breach exposes PII on 74,000

A breach of the San Francisco Employees’ Retirement System (SFERS) may have exposed the information of 74,000 members, including names, addresses, birth dates, banking and IRS data as well as details on beneficiaries. An unauthorized third party on February 24 accessed a database that a SFERS vendor, 10up Inc., was using in a test environment,…

Work from home survey finds major security lapses as workers share devices, reuse passwords

Stay-at-home workers are threatening corporate IT security with 93 percent of them admitting they reuse passwords and 29 percent allowing other family members to use their company-issued devices for homework and online entertainment, according to a report from CyberArk. In a late April 2020 survey of 3,000 remote office workers and IT professionals in the…

Next post in Coronavirus