ICYMI: GDPR spat; NAS vul; Criminal arrests; RingGo App; Hack tools

News by SC Staff

In Case You Missed It: GDPR 'consent'; NAS vulnerability; 5 criminals arrested; RingGo App vulnerability; More Shadow Brokers tools

Information Commissioner notes confusion over 'Consent' in GDPR

Issues around consent are increasingly troubling the minds of data protection professionals according to a new blogpost from the Information Commissioner's Office (ICO).

Jo Pedder, interim head of policy and engagement at the ICO, writing in response to a recent public consultation on guidance on EU regulation, said, “the issue of consent surrounding the use of data has proved to be increasingly high-profile recently – and that has been reflected in the large number of responses to our draft GDPR (General Data Protection Regulation) Consent guidance.”  More...

F-Secure claims new NAS vulnerabilities are "as bad as they get"

Earlier this year, F-Secure senior security consultant Harry Sintonen presented research on a series of vulnerabilities he found in a QNAP network attached storage (NAS) device.

Sintonen has since discovered more problems and says his newer discoveries are considerably more serious. “The previous vulnerabilities I found were only useful to an attacker that put themselves between QNAP servers and their targets. That's a difficult enough step to discourage most attackers from using those vulnerabilities as part of a widespread attack,” said Sintonen. “But that's not the case with what I've found more recently.” More...

Five arrests made in Spain and the UK for cyber-crimes

Police forces from Spain and the UK broke up a cyber-crime ring in an operation that led to five arrests, two from the UK and three from Spain. They are suspected of designing and selling malicious software tools online in an effort to discover banking and finance details of unsuspecting victims.

The malicious software containing backdoor viruses and keyloggers was sold on hacking forums in exchange for payments in Bitcoin. Europol coordinated the arrests of members of the cyber-criminal ring which had allegedly been operating since 2013 amassing a substantial financial haul. More...

Update to RingGo app leaves thousands of UK drivers' data exposed

Following release of a new version of car parking payment app "RingGo" last week, customers using the app found other people's details when they logged into their own accounts.

The app allows users to register multiple cars and pay to park in locations across the UK using unique numbers on parking meters. Some users reported being kicked out of the app even though their details were correct, or were forced to change their password. Others were unable to remove their card details as a precautionary measure since they couldn't see them. More...

ShadowBrokers leak more hacking tools - MS says most exploits patched

The Shadow Brokers have dumped more hacking tools onto the internet from code stolen from NSA-backed Equation Group. The exploits target Windows systems from Windows 2000 onwards. According to a blog post from Malwarebytes, the information dump contains several exploits and Windows binary files that were not seen with the previous collection of information.

“While the ‘Auction' file may have contained obsolete exploits and information, this new release appears to contain much more recent and current data including 0-Day exploits,” said Adam McNeil, senior malware intelligence analyst at Malwarebytes. More...

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews