On the afternoon of Friday, 28 September, Facebook announced that 50 million Facebook accounts had been breached. What happened? Facebook’s Vice President of Product Management, Guy Rosen, announced that the security breach affected 50 million users. It is believed the attackers exploited a vulnerability in Facebook’s code involving the “View As” feature, which allows people … [Read more...]
October 3, 2018
September 26, 2018
Holes found in Mojave’s privacy protection
macOS Mojave was released on Monday, September 24, with much promise of increased privacy protections. In particular, apps are now required to get permission from users before they can access data in certain locations, such as Mail data, contacts, calendar events, Safari user data, and more. Blocking access to Safari user data would have prevented the issue brought to light earlier this month, in … [Read more...]
September 19, 2018
A month of giveaway spam on Twitter
We’ve observed a low level spam campaign working its way through Twitter, with just under 2,000 posts visible on public search since September 1. Click to enlarge The posts promote what appears to be CBD oil. For those who don’t know (And I was one of them—still not sure if this oil is supposed to be inhaled or consumed, but anyway), CBD is short for Cannabidiol, which is a chemical … [Read more...]
September 18, 2018
Consent is not enough (part 2): GDPR recordkeeping, reporting and notification requirements
Last month, in my article titled Think you’re GDPR compliant? Think again, I wrote about how consent can be key to proving that your organization’s collection, storage, and processing of personal data of individuals is lawful under the GDPR. Then earlier this month, in part one of the “Consent is not enough” series, I discussed […] … [Read more...]
September 5, 2018
Consent is not enough: GDPR data security requirements pt. 1
The EU’s General Data Protection Regulation has been in full force for almost three months as of this writing, but many companies are still struggling with the challenges of attaining and maintaining compliance with its numerous complex requirements. Last month, in my article titled Think you’re GDPR compliant? Think again, I wrote about how consent […] … [Read more...]
September 3, 2018
A week in security (August 27 – September 2)
Last week, we looked at dubious antics in mobile land, a peculiar case of spam on the official Cardi B website, and we deep dived into fileless malware. We also explored the inner workings of Hidden Bee, and gave an explainer of Regex. Other cybersecurity news: Huge data breach affects Chinese hotel chain (Source: Xinhuanet) Cryptojacking doesn’t bring in the big bucks [PDF] (Source: … [Read more...]
August 28, 2018
August 27, 2018
A week in security (August 20 – 26)
Last week on Labs, we took a look at insider threats, doubled back on the privacy of search browser extensions, profiled green card scams, revisited Defcon badgelife, and talked about what happens to a user’s accounts when they die. Other cybersecurity news There was an archiving error in Twitch HQ. Unfortunately, that left some private user messages (even those with sensitive info in them) … [Read more...]
August 24, 2018
Get #BreachReady before you get burnt!
Just because everyone else is on holiday, doesn’t mean cyber attackers are. Protect yourself from the financial penalties and losses associated with data breaches with our fixed-price, tailored services. What’s more, when reporting the breach you’ll need to explain how it could have been avoided – a sticky situation you won’t relish. You can’t prevent a cyber attack from the beach, so get ready … [Read more...]
August 23, 2018
Can search extensions keep your searches private?
One of the most common things most of us do on the Internet is search, whether we are looking up the price of the latest gadget or we need to find the address of that great restaurant recommended by a friend. The dizzying number of Google search queries per second (more than 40,000, on average) tells us there is plenty of money to be made by advertising in search results. It’s not just big … [Read more...]
Official Cardi B website plagued by spammers
We come bearing tidings of proper website maintenance and general housekeeping for singer Cardi B (or rather, for her web development team). At first glance, it appeared as though her website had been hacked a few days ago. But a look under the hood told a different story. We were surprised to see the following lurking on the official Cardi B website: Click to enlarge Ignore the privacy policy … [Read more...]