The British privacy regulator ICO is considering imposing a fine of EUR 30 million on TikTok for possibly violating privacy legislation. Investigation by the ICO shows that the platform may not have protected the privacy of children and would therefore be in violation of UK data protection law. TikTok may have processed data from children […]
Danish organizations and companies are no longer allowed to use Google Analytics unless they take additional measures such as setting up a proxy, the Danish privacy regulator has ruled. In doing so, the Danish data protection authority follows other European privacy regulators, including those from Austria, Italy and France, who also prohibit the use of […]
The South-Korean watchdog fined Google and Meta for not having implemented legitimate consent in the process of collecting information from users who visit their websites and use other websites as well as apps for customized advertisements.
Hackers are actively exploiting a critical zero-day vulnerability in the WordPress plugin WPGateway & have attacked more than 280,000 sites in the last 30 days, adding malicious admins to the successfully breached sites.
Thanks in part to action by the Dutch police, the American authorities have taken offline a criminal marketplace where millions of stolen login details were traded, as well as tens of thousands of credit card details and scanned passports and driver’s licenses. The alleged administrator of the WT1Shop marketplace has also been charged. This is […]
Recent SMS phishing attacks company employees show how easy it is to set up a site that looks like the company’s IAM landing page (f.e. Okta) which asks for a user credentails and a one time passcode for access. This would result in gaining the users’ credententials which would be send to the attacker in […]
All five extensions discovered by McAfee behave with the web app manifest (“manifest.json” file), which dictates how the extension should behave on the system, loads a multifunctional script (B0.js) that sends the browsing data to a domain the attackers control (“langhort[.]com”).The data is delivered through via POST requests each time the user visits a new URL. The info reaching […]
Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service.
Observer: “Probably to avoid answering questions about Facebook’s cover-up of the Cambridge Analytica data breach Facebook has settled for an undisclosed sum this case just days away from Mark Zuckerberg being cross-examined under oath for six hours.”
Propietary software and technical information stolen of LastPass. No effects according to LastPass on 33 million active end-users and more than 100.000 businesses. LastPass says to update customers with transparency. Up2now LastPass didn’t elaborate on the exact mitigation techniques that it used to strengthen its environment. It also reiterated that the break-in had no impact […]