We now see 'weaponisation' of personal data against civilian groups largely indifferent to observation; as we live our lives online, criminal methods get easier, and rewards greater, cyber-crime is getting organised warns Peter Groucutt.
Developers leave API credentials in applications built on Twilio telephony platform allowing phone call eavesdropping.
The FBI hasn't yet broken the phone belonging to a gunman who went on a shooting rampage in a Texas church, killing 26 and wounding 24.
Statisticians at the Office for National Statistics (ONS) have been tracking the movements of thousands of people, albeit anonymised, in an experiment' with Vodaphone that could replace census questions in England and Wales.
The Tor Project released a patch fixing an issue that could reveal the correct IP address of MacOS and Linux users using the Tor browser.
The Queen's offshore accounts, Russian links to President Donald Trump's top administration officials among 13.4 million documents exposed in Paradise Papers. Legal and accounting firms can expect to be increasingly targeted.
Facebook is running a pilot programme in Australia asking users to submit their nudes in a preemptive strike to combat revenge porn by preventing 'matched' photos appearing.
Russia's ban on virtual private network (VPN) services that do not comply with the country's new set of anti-privacy laws took effect a month after Facebook told to store Russian citizens' data on Russian servers or get blocked.
Google has launched of a range of personal and corporate security enhancements (below) this month. Google security expert Allison Miller, spoke to SC about the organisation's approach to security and privacy concerns.
Formatting old devices or deleting old information and selling it to third parties is common, says Sunil Chandna but data is not permanently removed and destruction or, preferably, true erasure of data is necessary.
A new Adobe Flash zero day exploit has been identified, reportedly used in an attack on 10 October by a threat actor known as BlackOasis and delivered through a Microsoft Word document to deploy the FinSpy commercial spyware.
Under GDPR, organisations must notify customers and authorities of a breach within 72 hours of becoming aware of the attack. James Barrett suggests this will transform how breaches are handled, including by companies like Equifax.
Using machine data to monitor staff behaviours can identify potential PII breaches before they happen and avoid the huge fines that would follow once GDPR comes into effect says Matthias Maier
Ben Rafferty says one positive thing that can be taken from the Swedish Transport Agency outsourcing blunder is that your company can use this disaster to start a conversation about your own data handling and protection strategies.
Quantum computing is arriving now and could break public key encryption in a decade - so long term valuable data could be obtained and held now to be decrypted later warns Graeme Park.
Before you start looking at GDPR you need to understand what PII data you have, where it is, who has access, who it is shared with, and ultimately, how you can best manage it according to GDPR requirements says Julian Cook.
Commercial multi-user gateways may only be licensed where the supplier can demonstrate that callers can be identified following Security Minister direction to Ofcom to ensure government access to information.
Unnamed major internet providers are reported to be the distribution route for the spread of a new variant of government spyware FinFisher (also known as FinSpy) in two countries, targeting people seeking privacy.
Protecting this data goes beyond your internal data governance processes says Jim Kaskade, it tests how well the business governs customer data beyond the firewall.
A catastrophic worldwide cyber-attack, the emergence of an IoT-enabled surveillance state, and the weakening of encryption were among the chief security and privacy fears expressed by experts.
In our connected society, securing the network "hive" is very much a team effort. Only by assessing and defining the landscape in the first instance can a successful security strategy be put in place says Russell Crampin
Apple is doubling down on its privacy beliefs with the latest iOS 11 which will reportedly add at least two new features designed to safeguard its owners' privacy.
It has been reported that a free online translation tool Translate.com which uses machine translation service Microsoft Translator, has suffered a major data breach, but the company has denied that it is a breach.
Organisations will have to ask permission first before being allowed to conduct electronic monitoring of staff.
21 European Union members continue to retain personal data despite going against both their own and EU legal mandates.
The 500 A-list celebrities whose Instagram accounts have been hacked, and whose contact details are for sale on the dark web, have now been identified.
Just two days after Selena Gomez's Instagram account was hacked to post leaked nude photos of Justin Bieber, the social media company confirmed it was hit by a cyber-attack targeting several high profile celebrities.
Today second hand games and electronics store CeX reported that it had been the victim of a massive data breach, issuing a statement to customers saying, "We have recently been subject to an online security breach."
Hackers leak more celeb nude pics - Dakota Johnson joins former sports couple Tiger Woods and Lindsey Vonn, actress Kristen Stewart, performers Miley Cyrus and Katharine McPhee, and model Stella Maxwell.
The US Justice Department has pressed DreamHost to hand over what amounts to more than 1.3 million IP addresses associated with visitors to disruptj20.org, the group that organised protests against Donald Trump on Inauguration Day 2017.