Online gambling platform DraftKings has been hit by a credential stuffing attack in which attackers managed to break into users’ accounts and steal some $300,000. Credential stuffing uses previously leaked email addresses and passwords to gain automated account access. Attackers check whether they can also log in to website B with credentials stolen from website […]
Free service offers such as Office365 and Google Workspace are excluded from public procurement according to the French Ministry. Their position reflects ongoing European concerns about cloud data sovereignty, competition, and privacy rules. Paid versions of these cloud services might be an option if they hadn’t already been disallowed based on worries about data safety. […]
Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections. Stealing session cookies has become one of the most common ways that attackers circumvent multifactor authentication. For unmanaged devices, they recommend conditional access policies and strong controls.
The CNIL pronounced against the company Discord INC. a fine of 800,000 euros for failing to comply with several GDPR obligations, in particular with regard to retention periods and the security of personal data. Discord is a voice over IP (technology that allows users to chat via their microphone and/or webcam over the Internet) and […]
Google has settled in the United States for misleadingly obtaining location data from millions of users for an amount of $ 391 million. Forty US states participated in the lawsuit against the tech company. According to state attorneys general, Google has violated consumer law by misleading users about location settings since at least 2014. This […]
New research suggests that even if you disable the sharing of Device Analytics and turn on other privacy settings, Apple apps track you; data is being collected by a number of Apple iPhone apps—the App Store, Apple Music, Apple TV, Books, and Stocks.
The OpenSSL Project has patched two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections.The vulnerabilities (CVE-2022-3602 and CVE-2022-3786) affect OpenSSL version 3.0.0 and later and have been addressed in OpenSSL 3.0.7. Only roughly 7,000 Internet-exposed systems running vulnerable OpenSSL versions out of a total of more than 1,793,000 unique hosts spotted by Censys online […]
The technofeudalism model involves establishing a monopoly position and using sophisticated data extraction to secure it. Google, Facebook, Microsoft, and Amazon — have turned the slippery slope of digital surveillance into a hamster wheel, a new self-perpetuating system of exploitation. Not only does the tech oligopoly seamlessly record our preferences, habits, and choices, it also […]
Due to the large number of vulnerabilities in software, the continuous stream of cyber attacks and the conflict in Ukraine, the threat situation in cyberspace is higher than ever before, according to the German government in a new management report for 2022. The annual report of the Bundesamt für Sicherheit in der Informationstechnik (BSI), part […]
CNIL fined Clearview AI with €20 Million for processing data without legal basis and orders to delete data already collected. Clearview AI is an US FacialRecognition company, providing software to companies, law enforcement, universities, and individuals. The company’s algorithm matches faces to a database of more than 20 billion images indexed from the Internet, including […]