Privacy News, Articles and Updates

The role of good data protection in a post cyber world

We now see 'weaponisation' of personal data against civilian groups largely indifferent to observation; as we live our lives online, criminal methods get easier, and rewards greater, cyber-crime is getting organised warns Peter Groucutt.

Eavesdropper flaw leaks millions of private conversations

Developers leave API credentials in applications built on Twilio telephony platform allowing phone call eavesdropping.

FBI hasn't cracked Texas shooter's mobile phone

The FBI hasn't yet broken the phone belonging to a gunman who went on a shooting rampage in a Texas church, killing 26 and wounding 24.

ONS watching thousands via their mobiles in 3 London boroughs for census

Statisticians at the Office for National Statistics (ONS) have been tracking the movements of thousands of people, albeit anonymised, in an experiment' with Vodaphone that could replace census questions in England and Wales.

Tor patches flaw that could expose MacOS and Linux IP addresses

The Tor Project released a patch fixing an issue that could reveal the correct IP address of MacOS and Linux users using the Tor browser.

Pirates of the Caribbean: 66 years of secrets dug up in Paradise Papers

The Queen's offshore accounts, Russian links to President Donald Trump's top administration officials among 13.4 million documents exposed in Paradise Papers. Legal and accounting firms can expect to be increasingly targeted.

Facebook asks users to send nudes to prevent revenge porn

Facebook is running a pilot programme in Australia asking users to submit their nudes in a preemptive strike to combat revenge porn by preventing 'matched' photos appearing.

Russia bans non-compliant VPNs - a blow to privacy and free speech?

Russia's ban on virtual private network (VPN) services that do not comply with the country's new set of anti-privacy laws took effect a month after Facebook told to store Russian citizens' data on Russian servers or get blocked.

News Feature: Google Security interview "human solutions - the way to go."

Google has launched of a range of personal and corporate security enhancements (below) this month. Google security expert Allison Miller, spoke to SC about the organisation's approach to security and privacy concerns.

'Data destruction' and its importance to secure your data privacy

Formatting old devices or deleting old information and selling it to third parties is common, says Sunil Chandna but data is not permanently removed and destruction or, preferably, true erasure of data is necessary.

Did Israel deliver spyware using Adobe Flash 0-day in Word document?

A new Adobe Flash zero day exploit has been identified, reportedly used in an attack on 10 October by a threat actor known as BlackOasis and delivered through a Microsoft Word document to deploy the FinSpy commercial spyware.

Equifax breach: lessons ahead of GDPR, be ready to report when it happens

Under GDPR, organisations must notify customers and authorities of a breach within 72 hours of becoming aware of the attack. James Barrett suggests this will transform how breaches are handled, including by companies like Equifax.

Don't be tomorrow's news - use machine data to protect PII pre-GDPR

Using machine data to monitor staff behaviours can identify potential PII breaches before they happen and avoid the huge fines that would follow once GDPR comes into effect says Matthias Maier

Data security lessons from the Swedish Transport Agency breach

Ben Rafferty says one positive thing that can be taken from the Swedish Transport Agency outsourcing blunder is that your company can use this disaster to start a conversation about your own data handling and protection strategies.

Quantum computing breaks encryption next decade; current data at risk

Quantum computing is arriving now and could break public key encryption in a decade - so long term valuable data could be obtained and held now to be decrypted later warns Graeme Park.

Cracking the GDPR compliance conundrum in local government

Before you start looking at GDPR you need to understand what PII data you have, where it is, who has access, who it is shared with, and ultimately, how you can best manage it according to GDPR requirements says Julian Cook.

Government acts to restrict anonymous communications - legally

Commercial multi-user gateways may only be licensed where the supplier can demonstrate that callers can be identified following Security Minister direction to Ofcom to ensure government access to information.

State surveillance tool uses ISP to deliver malware to privacy seekers

Unnamed major internet providers are reported to be the distribution route for the spread of a new variant of government spyware FinFisher (also known as FinSpy) in two countries, targeting people seeking privacy.

Cloud providers must protect personally identifiable information

Protecting this data goes beyond your internal data governance processes says Jim Kaskade, it tests how well the business governs customer data beyond the firewall.

Report: Without safeguards, Internet & IoT may create surveillance states

A catastrophic worldwide cyber-attack, the emergence of an IoT-enabled surveillance state, and the weakening of encryption were among the chief security and privacy fears expressed by experts.

Protecting your network hive: 4 security trends you need to know about

In our connected society, securing the network "hive" is very much a team effort. Only by assessing and defining the landscape in the first instance can a successful security strategy be put in place says Russell Crampin

Apple iOS 11 makes it harder for law enforcement to access data

Apple is doubling down on its privacy beliefs with the latest iOS 11 which will reportedly add at least two new features designed to safeguard its owners' privacy.

Update: Free translation service denies report that it had a breach

It has been reported that a free online translation tool Translate.com which uses machine translation service Microsoft Translator, has suffered a major data breach, but the company has denied that it is a breach.

EU says prior permission required to monitor staff electronic communications

Organisations will have to ask permission first before being allowed to conduct electronic monitoring of staff.

21 EU members not complying with court ordered privacy rules: report

21 European Union members continue to retain personal data despite going against both their own and EU legal mandates.

Instagram hack victims identified, details now for sale on darkweb

The 500 A-list celebrities whose Instagram accounts have been hacked, and whose contact details are for sale on the dark web, have now been identified.

Instagram API hacked, targeting verified celeb accounts for nude pix

Just two days after Selena Gomez's Instagram account was hacked to post leaked nude photos of Justin Bieber, the social media company confirmed it was hit by a cyber-attack targeting several high profile celebrities.

CeX data breach - up to 2 million hit - and at risk of future scams

Today second hand games and electronics store CeX reported that it had been the victim of a massive data breach, issuing a statement to customers saying, "We have recently been subject to an online security breach."

Hackers leak more celeb nude pics - Dakota Johnson joins Miley Cyrus

Hackers leak more celeb nude pics - Dakota Johnson joins former sports couple Tiger Woods and Lindsey Vonn, actress Kristen Stewart, performers Miley Cyrus and Katharine McPhee, and model Stella Maxwell.

If you visited anti-Trump site, the US Justice wants your details

The US Justice Department has pressed DreamHost to hand over what amounts to more than 1.3 million IP addresses associated with visitors to disruptj20.org, the group that organised protests against Donald Trump on Inauguration Day 2017.