dcsimg
April 23, 2019

Consumers have few legal options for protecting privacy

There are no promises in the words, “We care about user privacy.” Yet, these words appear on privacy policy after privacy policy, serving as disingenuous banners to hide potentially invasive corporate practices, including clandestine data collection, sharing, and selling. This is no accident. It is a strategy. In the US, companies that break their own privacy policies can—and do—face … [Read more...]

Filed Under: ACLU, Apple, consumer privacy, corporate surveillance, Data privacy, deceitful business practices, digital privacy, DNA testing, EFF, Helix DNA, mozilla, privacy, privacy policy, Privacy Rights Clearinghouse, Security world, signal, unfair business practices, whatsapp
April 11, 2019

What is personal information? In legal terms, it depends

In early March, cybersecurity professionals around the world filled the San Francisco Moscone Convention Center’s sprawling exhibition halls to discuss and learn about everything infosec, from public key encryption to incident response, and from machine learning to domestic abuse. It was RSA Conference 2019, and Malwarebytes showed up to attend and present. Our Wednesday afternoon session—“One … [Read more...]

Filed Under: California Consumer Privacy Act, cybersecurity law, data breach notification, data breach notification law, data privacy legislation, data protection law, European Union, GDPR, general data protection regulation, online privacy, personal data, personal information, personally identifiable information, privacy, RSA Conference, Security world
April 2, 2019

The global data privacy roadmap: a question of risk

For most American businesses, complying with US data privacy laws follows a somewhat linear, albeit lengthy, path. Set up a privacy policy, don’t lie to the consumer, and check the specific rules if you’re a health care provider, video streaming company, or kids’ app maker. For American businesses that want to expand to a new market, though, complying with global data privacy laws is more akin to … [Read more...]

Filed Under: Africa, amazon, Argentina, asia, Bahrain, Brazil, china, CNIL, Data privacy, data privacy laws, data protection authority, europe, European Union, GDPR, general data protection regulation, global data privacy, Google, Microsoft, Middle East, National Data Protection Commission, Personal Information Protection Act, privacy, Qatar, singapore, South Korea, whitelist
April 1, 2019

GDPR Overview: Complying with EU Laws for Personal Data

With the EU’s General Data Protection Regulation (GDPR) now in effect, GDPR preparedness should be top of mind for businesses everywhere, not just those based in the European Union (EU). This guide will take you through the basics of GDPR, including the seven principles that drive regulation and enforcement. … [Read more...]

Filed Under: Brexit, Compliance, GDPR, privacy
March 28, 2019

US Congress proposes comprehensive federal data privacy legislation—finally

The United States might be the only country of its size—both in economy and population—to lack a comprehensive data privacy law protecting its citizens’ online lives. That could change this year. Never-ending cybersecurity breaches, recently-enacted international privacy laws, public outrage, and crisis after crisis from the world’s largest social media company have pushed US Senators and … [Read more...]

Filed Under: Amy Klobuchar, Brian Schatz, California Consumer Privacy Act, CDT, Center for Democracy and Technology, comprehensive data privacy law, comprehensive data privacy legislation, Consumer Data Protection Act, data broker, Data Care Act, Data Dissemination Act, Data privacy, data privacy law, data privacy laws, data privacy legislation, federal legislation, GDPR, general data protection regulation, Klobuchar, Marco Rubio, privacy, Ron Wyden, Rubio, Schatz, Senator, statewide legislation, Wyden
March 27, 2019

Location data leaks from family tracking app database

An app called Family Locator, which allows family members to keep track of one another recently experienced an exposed database issue of the worst kind. Specifically: the MongoDB database was left exposed with no password, like so many other recent infosec tales of woe. The end result is the location of about 280,000 users leaking in real time. For a location tracking app that also includes … [Read more...]

Filed Under: cybercrime, database, exposed, family, location, MongoDB, privacy
March 27, 2019

Facebook’s plain text misstep, and other password sins

Two days after an article by Brian Krebs disclosed that hundreds of millions of Facebook account passwords had been stored in plain text for years, Facebook released a statement indicating they hash and salt passwords, more or less in accordance with industry best practice. Plain text storage of credentials is a fairly egregious security misstep, but there’s a variety of other ways … [Read more...]

Filed Under: breach, credential management, facebook, passwords, privacy, security questions, Security world
March 25, 2019

A week in security (March 18 – 24)

Last week on Malwarebytes Labs, we touched on the susceptibility of hospitals against phishing attacks, password reuse, the risk of interactive TV shows to side-channel attacks, and Facebook’s new and out-of-character plan to promote privacy in the platform. Other cybersecurity news A study highlighted that 20 percent of Americans do not trust anyone with the protection of their data, … [Read more...]

Filed Under: bandersnatch, bec. cdc spam, Business Email Compromise, center for disease control and prevention, cybersecurity, education, epic games, facebook, formjacking, gandcrab, google photos, iPhone, kiddle, learn4life, malicious app, netflix, network security, Password reuse, phishing, privacy, security fatigue, Security world, steam, vulnerabilities, Week in security
March 22, 2019

Researchers go hunting for Netflix’s Bandersnatch

A new research paper from the Indian Institute of Technology Madras explains how popular Netflix interactive show Bandersnatch could fall victim to a side-channel attack. In 2016, Netflix began adding TLS (Transport Layer Security) to their video content to ensure strangers couldn’t eavesdrop on viewer habits. Essentially, now the videos on Netflix are hidden away behind HTTPS—encrypted and … [Read more...]

Filed Under: bandersnatch, black mirror, cybercrime, FMV, JSON, netflix, privacy, SSL, TLS, video games
March 20, 2019

Facebook’s history betrays its privacy pivot

Facebook CEO Mark Zuckerberg proposed a radical pivot for his company this month: it would start caring—really—about privacy, building out a new version of the platform that turns Facebook less into a public, open “town square” and more into a private, intimate “living room.” Zuckerberg promised end-to-end encryption across the company’s messaging platforms, interoperability, disappearing … [Read more...]

Filed Under: advertising portal, Aela Callan, Australia, Australian, Brian Acton, Burmese, Business, cambridge analytica, CEO announcements, CLOUD Act, data breach, digital living room, digital town square, discrimination, discriminatory, E2E, Elliot Schrage, encryption, end-to-end encryption, ethnic cleansing, facebook, FOSTA, human rights, human rights violations, Instagram, Jan Koum, Malwarebytes news, Mark Zuckerberg, messenger, Myanmar, Net Neutrality, Onava, privacy, ProPublica, Rohingya, Rohingya Muslim, SESTA, SESTA/FOSTA, Sheryl Sandberg, ultranationalist, unsend, whatsapp
Next Page »