Daily NCSC-FI news followup 2019-07-27

New York Passes Law to Update Data Breach Notification Requirements

www.bleepingcomputer.com/news/security/new-york-passes-law-to-update-data-breach-notification-requirements/ New York Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act into law, with the new consumer privacy policy being designed to protect New Yorkers’ private data and strengthen the state’s data breach policies.. The signed legislation, sponsored by State Senator Kevin Thomas, Chairman of Committee on Consumer Protection, expands “the scope of information subject to the current data breach notification law to include biometric information, and email addresses and their corresponding passwords or security questions and answers.”

In 80 Days, Google Will Require Chrome Extensions To Request ‘The Least Amount of Data’

www.pcmag.com/news/369714/google-to-minimize-the-data-collected-by-chrome-extensions The change addresses how the extensions generally need to request certain permissions from your browser in order to function. However, some of these permissions can be pretty powerful; they can include the ability to take desktop screenshots, capture audio from a microphone, and collect data from the local file system, among other things, which can open the door to potential abuse.. The risks prompted Google to work toward securing the 180,000+ Chrome extensions on the company’s official web store. “We’re requiring extensions to only request access to the least amount of data,” the company said in a Tuesday blog post. “While this has previously been encouraged of developers, now we’re making this a requirement for all extensions.”. See also:


UK made illegal copies and mismanaged Schengen travelers database

www.zdnet.com/article/uk-made-illegal-copies-and-mismanaged-schengen-travelers-database/#ftag=RSSbaffb68 EU officials indirectly confirm UK’s gross mismanagement detailed in an unconfirmed report last week.. Authorities in the United Kingdom have made unauthorized copies of data stored inside a EU database for tracking undocumented migrants, missing people, stolen cars, or suspected criminals.. Named the Schengen Information System (SIS), this is a EU-run database that stores information such as names, personal details, photographs, fingerprints, and arrest warrants for 500,000 non-EU citizens denied entry into Europe, over 100,000 missing people, and over 36,000 criminal suspects.

No More Ransom saves ransomware victims $108 million

www.scmagazine.com/home/security-news/ransomware/no-more-ransom-saves-ransomware-victims-108-million/ Europol marked the third anniversary of the No More Ransom initiative by rolling out a few statistics, the top being that the site has helped more than 200,000 people recover files after a ransomware attack.. Since its launch in July 2016, the site has registered 3 million visitors from 188 countries, and ended up stopping $108 million in ransom demands from ending up in criminals pockets. The portal added 14 new decryptor tools in 2019, bringing its total to 109.. “The efforts against GandCrab considered to be one of the most aggressive ransomware attacks last year, epitomizes such a success: Since the release of the first GandCrab tool in February 2018, nearly 40,000 people have successfully decrypted their files, saving roughly $50 million in ransom payments,” Europol wrote.. See also


Apple’s Siri records fights, doctors appointments, and sex (and contractors hear it)

arstechnica.com/gadgets/2019/07/siri-records-fights-doctors-appointments-and-sex-and-contractors-hear-it/ One of the contract workers told The Guardian that Siri did sometimes record audio after mistaken activations. The wake word is the phrase hey Siri, but the anonymous source said that it could be activated by similar-sounding words or with the noise of a zipper. They also said that when an Apple Watch is raised and speech is detected, Siri will automatically activate.. “There have been countless instances of recordings featuring private discussions between doctors and patients, business deals, seemingly criminal dealings, sexual encounters and so on,” the source said. “These recordings are accompanied by user data showing location, contact details, and app data.”

You might be interested in …

Daily NCSC-FI news followup 2020-01-11

An Empirical Study of Wireless Carrier Authentication for SIM Swaps www.issms2fasecure.com/ We examined the authentication procedures used by five prepaid wireless carriers when a customer attempts to change their SIM card, or SIM swap. We found that all five carriers use insecure authentication challenges that can easily be subverted by attackers. We found 17 websites […]

Read More

Daily NCSC-FI news followup 2021-01-23

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product thehackernews.com/2021/01/exclusive-sonicwall-hacked-using-0-day.html SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. “Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting […]

Read More

Daily NCSC-FI news followup 2021-01-16

BugTraq Shutdown www.securityfocus.com/archive/1/542247 At this time, resources for the BugTraq mailing list have not been prioritized, and this will be the last message to the list. The archive will be shut down January 31st, 2021. Also: www.zdnet.com/article/iconic-bugtraq-security-mailing-list-shuts-down-after-27-years/ Massive stolen credit card shop Joker’s Stash shuts down www.bleepingcomputer.com/news/security/massive-stolen-credit-card-shop-jokers-stash-shuts-down/ The administrator of Joker’s Stash, one of the […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.