Privacy News, Articles and Updates

Researchers: Security of messaging apps breaks down during group chats

Vulnerabilities in the group communication protocols of three encrypted messaging apps - WhatsApp, Signal, and Threema - could allow attackers to willfully subvert their integrity and confidentiality.

Europe creates new security body separate from Nato - UK not included

To be known as PESCO, the body will allow member states to jointly develop military capabilities, invest in shared projects and enhance their respective armed forces.

Hackers target private schools in UK

Hackers are taking advantage of poorly secured systems at schools in the UK, nicking identifying data, typically through phishing attacks, that they could use to target parents with fake invoices and other means of cyber-crime.

IT valuation of PII data shows huge variations

US security professionals value their personally identifiable information more than twice as much as their UK counterparts, according to a new report.

BrickerBot creators announce retirement from active operations

The individual, or people, behind the BrickerBot malware attacks have decided to hang up their mouse and keyboard after claiming to have locked more than 10 million supposedly unsecure Internet of Things devices.

"Wearables are being adopted by the healthcare industry but data privacy concerns need to be addressed"

If we are to take advantage of the opportunities offered by wearables in healthcare, safeguarding of personal and sensitive data must be a prime concern, with features to support privacy and protection against misuse of data.

NIST 1.1 tackles cybersecurity metrics, supply chain

The second draft of the update to the US National Institute of Standards and Technology's cyber-security framework, NIST 1.1, may prove to be more impactful than the original version released in 2013.

Data on 31 million users leaked by smartphone keyboard app

After the developer of virtual keyboard app Ai.Type left a 577GB Mongo-hosted database unsecured, personal data on more than 31 million customers was exposed to anyone who has an internet connection.

Mozilla patches critical flaws in Firefox 57.0.1 update

Mozilla released a security update to address critical vulnerabilities in Firefox 57 which could allow a remote attacker to take control of an affected system.

Ex-NSA worker stole classified data, related to Kaspersky incident

A former NSA employee pleaded guilty to taking classified national defence information that was later stolen by Russian spies.

Shipping company Clarksons refuses to pay ransom, data leak expected

UK shipping giant Clarksons has beenhit by hackers who were successful in stealing sensitive and confidential data which may soon be leaked due to Clarksons' refusal to pay the ransom demanded by the hackers.

Morrisons supermarket held liable after employee leaks data

Supermarket chain Morrison's was found liable, in a first of its kind data leak class action suit, for the actions of a former employee who stole the data on thousands of his co-workers and posted it online.

Wireless data tracking case to decide if US citizens have privacy rights

'An individual has no reasonable expectation of privacy in information voluntarily disclosed' is the premise being taken to the US Supreme Court Wednesday, to clarify if law enforcement must obtain warrants to access wireless data

Updated: DVLA selling details to parking firms seeking fines criticised

There has been speculation about the impact of incoming GDPR on government schemes that monitise the data of citizens given to them for the delivery of a service, which is then sold on without the data owner's consent.

The role of good data protection in a post cyber world

We now see 'weaponisation' of personal data against civilian groups largely indifferent to observation; as we live our lives online, criminal methods get easier, and rewards greater, cyber-crime is getting organised warns Peter Groucutt.

Eavesdropper flaw leaks millions of private conversations

Developers leave API credentials in applications built on Twilio telephony platform allowing phone call eavesdropping.

FBI hasn't cracked Texas shooter's mobile phone

The FBI hasn't yet broken the phone belonging to a gunman who went on a shooting rampage in a Texas church, killing 26 and wounding 24.

ONS watching thousands via their mobiles in 3 London boroughs for census

Statisticians at the Office for National Statistics (ONS) have been tracking the movements of thousands of people, albeit anonymised, in an experiment' with Vodaphone that could replace census questions in England and Wales.

Tor patches flaw that could expose MacOS and Linux IP addresses

The Tor Project released a patch fixing an issue that could reveal the correct IP address of MacOS and Linux users using the Tor browser.

Pirates of the Caribbean: 66 years of secrets dug up in Paradise Papers

The Queen's offshore accounts, Russian links to President Donald Trump's top administration officials among 13.4 million documents exposed in Paradise Papers. Legal and accounting firms can expect to be increasingly targeted.

Facebook asks users to send nudes to prevent revenge porn

Facebook is running a pilot programme in Australia asking users to submit their nudes in a preemptive strike to combat revenge porn by preventing 'matched' photos appearing.

Russia bans non-compliant VPNs - a blow to privacy and free speech?

Russia's ban on virtual private network (VPN) services that do not comply with the country's new set of anti-privacy laws took effect a month after Facebook told to store Russian citizens' data on Russian servers or get blocked.

News Feature: Google Security interview "human solutions - the way to go."

Google has launched of a range of personal and corporate security enhancements (below) this month. Google security expert Allison Miller, spoke to SC about the organisation's approach to security and privacy concerns.

'Data destruction' and its importance to secure your data privacy

Formatting old devices or deleting old information and selling it to third parties is common, says Sunil Chandna but data is not permanently removed and destruction or, preferably, true erasure of data is necessary.

Did Israel deliver spyware using Adobe Flash 0-day in Word document?

A new Adobe Flash zero day exploit has been identified, reportedly used in an attack on 10 October by a threat actor known as BlackOasis and delivered through a Microsoft Word document to deploy the FinSpy commercial spyware.

Equifax breach: lessons ahead of GDPR, be ready to report when it happens

Under GDPR, organisations must notify customers and authorities of a breach within 72 hours of becoming aware of the attack. James Barrett suggests this will transform how breaches are handled, including by companies like Equifax.

Don't be tomorrow's news - use machine data to protect PII pre-GDPR

Using machine data to monitor staff behaviours can identify potential PII breaches before they happen and avoid the huge fines that would follow once GDPR comes into effect says Matthias Maier

Data security lessons from the Swedish Transport Agency breach

Ben Rafferty says one positive thing that can be taken from the Swedish Transport Agency outsourcing blunder is that your company can use this disaster to start a conversation about your own data handling and protection strategies.

Quantum computing breaks encryption next decade; current data at risk

Quantum computing is arriving now and could break public key encryption in a decade - so long term valuable data could be obtained and held now to be decrypted later warns Graeme Park.

Cracking the GDPR compliance conundrum in local government

Before you start looking at GDPR you need to understand what PII data you have, where it is, who has access, who it is shared with, and ultimately, how you can best manage it according to GDPR requirements says Julian Cook.