The Hellenic data protection authority has fined the controversial facial recognition firm Clearview AI with €20 million and banned it from collecting and processing the personal data of people living in Greece. Also already collected data should be deleted. The business model of Clearview AI is scraping selfies off the internet to build an algorithmic […]
Microsoft phishing attacks have targeted more than 10,000 organizations starting with September 2021, using the gained access to victims’ mailboxes in follow-on business email compromise (BEC) attacks.The threat actors used landing pages designed to hijack the Office 365 authentication process (even on accounts protected by multifactor authentication (MFA) by spoofing the Office online authentication page.In […]
Microsoft phishing attacks have targeted more than 10,000 organizations starting with September 2021, using the gained access to victims’ mailboxes in follow-on business email compromise (BEC) attacks.The threat actors used landing pages designed to hijack the Office 365 authentication process (even on accounts protected by multifactor authentication (MFA) by spoofing the Office online authentication page.In […]
While GDPR related fines to big companies like Amazon or Google have seen widespread media attention, data protection authorities have issued several hundred more penalties since 2018. This study analyzes 856 fines and their summaries provided by the CMS Law GDPR Enforcement Tracker. The exploratation fines in the light of data flows with a detailed […]
An engineer changed his Expersian account at Experian with a strong password in 2020 to place a security freeze on a credit file. Two years later he received an email from Experian saying the email address on his account had been changed. Experian’s password reset process was useless at that point because any password reset […]
Hackers duped a senior engineer at Axie Infinity into applying for a job at a fictitious company. The scheme resulted in the loss of $540 million in crypto earlier this year. Details of how the hack was carried out are being reported for the first time by The Block.
Google is using deceptive design, unclear language and misleading choices when consumers sign up to a Google account to encourage more extensive and invasive data processing. Instead of giving them privacy by design and by default as required by the General Data Protection Regulation (GDPR)Contrary to its claims, the tech giant is thwarting consumers who […]
The processing of location data is unnecessary, such as Windows 10’s location setting being automatically enabled violates the “data protection by default” requirement under Article 25(2) GDPR. The DPA noted that the principle of “data protection by default” requires that the controller, when using third-party software or firmware, ensures that functions for which there is […]
The 2022 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses list demonstrates the currently most common and impactful software weaknesses. Often easy to find and exploit, these can lead to exploitable vulnerabilities that allow adversaries to completely take over a system, steal data, or prevent applications from working.
The Australian government advises citizens in the country to set up a secure passphrase for each email account. “Passwords are passé. It’s time to use passphrases,” said the Australian Cyber Security Center (ACSC). A passphrase is a password that consists of several words. This makes it easier for users to remember, but more difficult for […]