Information Security

Technology • Internet & Web
Hackers hijack and publish mental health data of hundreds of people
Hackers hijack and publish mental health data of hundreds of people
Credit: Blogtrepreneur (Creative Commons Attribution 2.0)

The criminals demanded from the psychotherapy center Vastaamo 450,000 euros in exchange for stopping publishing the data. The release of patient data - including minors - ceased on Friday, sparking rumors about a possible payment. The information published so far includes the patient's personal data and the content of the therapy sessions.

Technology • Internet & Web
Twitter warned developers that private keys and tokens could have been exposed
Twitter warned developers that private keys and tokens could have been exposed
Credit: Ravi Sharma

In an email to developers, Twitter warned of a bug that may have exposed their private application keys and account tokens due to a mistake on how Twitter stored the information in the browser's cache.

"Prior to the fix, if you used a public or shared computer to view your developer app keys and tokens on developer.twitter.com, they may have been temporarily stored in the browser’s cache on that computer," the email read. "If someone who used the same computer after you in that temporary timeframe knew how to access a browser’s cache, and knew what to look for, it is possible they could have accessed the keys and tokens that you viewed."

Twitter shared that it has not yet seen any evidence that these keys were compromised, but alerted developers out of an abundance of caution.

Technology • Internet & Web
Facebook states that withdrawal from EU is possible if data sharing with US servers will not be allowed
Facebook states that withdrawal from EU is possible if data sharing with US servers will not be allowed
Credit: unsplash.com / Thought Catalog

Following an announcement of Facebook Ireland's head of data protection Yvonne Cunnane, it is not clear how the company "could continue to provide the Facebook and Instagram services in the EU" following a preliminary order to stop the data transfer of European customers to servers based in the United States.

Ireland’s Data Protection Commission (DPC) had voiced concerns over possible surveillance of the data by the United States government.

Technology • Internet & Web
Former Uber Chief Security Office charged with concealing hack
Former Uber Chief Security Office charged with concealing hack
Credit: Uber

The former Uber's Chief Security Office was charged Thursday with attempting to conceal a 2016 hack that exposed the personal information of 57 million drivers and passangers. The executive is accused of arranging a $100,000 payoff to the hackers responsible for the attack.

David Anderson, U.S. Attorney for the Northern District of California, announced: "Sullivan is being charged with a corporate cover-up and Sullivan is being charged with the payment of hush money to conceal something that should have been revealed."

Matt Kallman, Uber spokesman, said: "We continue to cooperate fully with the Department of Justice's investigation. Our decision in 2017 to disclose the incident was not only the right thing to do, it embodies the principles by which we are running our business today: transparency, integrity, and accountability."

Technology • Smartphones, Hardware & Gadgets
Amazon Alexa security issue could have allowed access to user data
Amazon Echo Dot
Amazon Echo Dot Credit: Amazon

Researchers from security firm Check Point found vulnerabilities, affecting Amazon Echo, in certain Amazon and Alexa subdomains that could have allowed outsider access to user's voice history, including all voice searches and conversation history.

Alexa users could have been easily tricked into falling for the vulnerability, which reportedly needed a single click on a malicious link crafted and sent by the hacker.

Amazon has already patched the flaw.

Technology • Internet & Web
TikTok tracked Android users’ device identifiers until late last year
TikTok tracked Android users’ device identifiers until late last year
Credit: Illustration: Pendect, Ashley Winkler (Creative Commons Attribution ShareAlike 4.0)

The Wall Street Journal reported Tuesday TikTok’s Android app collected its users’ MAC addresses for 18 months in violation of the platform rules. The MAC address serves as a unique identifier for each user’s device.

Since 2015, both the App Store and the Google Play Store had banned the collection of MAC addresses as a matter of policy, but the video app used a loophole. According to the Journal, nearly 350 apps on the Google Play Store used a similar loophole, generally for ad-targeting purposes.

Technology • Smartphones, Hardware & Gadgets
20GB of Intel documents were leaked online
20GB of Intel documents were leaked online
Credit: Takuya Oikawa (Creative Commons Attribution ShareAlike 2.0)

More than 20GB worth of Intel internal documents have been leaked, and it was publicly available on BitTorrent feeds. The leak contains data that Intel makes available to partners and customers under NDA.

The leak, posted Thursday night by Tillie Kottman, an IT consultant based in Switzerland, included source code, development and debugging tools and schematics, tools and firmware for the company’s unreleased Tiger Lake platform.

A misconfigured Akamai CDN server and files with the password “intel123” have been pinpointed as the apparent cause of the leak.

Technology • Internet & Web
TikTok announces new data centre in Ireland to store European user data
TikTok announces new data centre in Ireland to store European user data
Credit: Illustration: Pendect, Ashley Winkler – Logo via TikTok (Creative Commons Attribution ShareAlike 4.0)

TikTok announced Thursday it would invest €420million in establishing a data centre in Ireland. The company states all European user data will be stored in this new location when the data centre is operational in early 2022.

In a press release, the company states: "Protecting our community's privacy and data is and will continue to be our priority. Today's announcement is just the latest part of our ongoing work to enhance our global capability and efforts to protect our users and the TikTok community."

Technology • Internet & Web
Twitter fixes security issue affecting some Android devices
Twitter fixes security issue affecting some Android devices
Credit: Érico Andrei (Creative Commons Attribution ShareAlike 4.0)

Twitter announced Wednesday a security vulnerability in its Android app. The company stated the problem relates to an Android security issue in versions 8 and 9 of the popular mobile operating system, and that it doesn't have evidence attackers exploited the vulnerability.

According to Twitter, around 96% of all their Android users already have installed the necessary security protections, leaving 4% still vulnerable to attackers through outside apps accessing private data on their devices.

Regional News • Americas • United States
US Senate committee approves TikTok ban bill
US Senate committee approves TikTok ban bill
Credit: Solen Feyissa

The "No TikTok on Government Devices Act" bill by Senator Josh Hawley (R-Mo.) was unanimously approved bu the Senate Homeland Security and Governmental Affairs Committee on Wednesday. The bill states U.S. federal employees would be barred from using Chinese-owned mobile video app TikTok on government-issued devices.

The bill now moves to the Senate floor.

Regional News • Europe • United Kingdom
UK bans Huawei from 5G networks
Huawei Office Building
Huawei Office Building Credit: Open Grid Scheduler / Grid Engine (Public Domain)

The UK government announced Tuesday a ban on Huawei 5G wireless network equipment. The ban requires all existing Huawei 5G tech to be purged entirely from the country's network by the end of 2027.

UK Digital Secretary Oliver Dowden said: "Following US sanctions against Huawei and updated technical advice from our cyber experts, the government has decided it is necessary to ban Huawei from our 5G networks.".

Huawei said in a statement: "Regrettably our future in the UK has become politicised, this is about US trade policy and not security."

Technology • Internet & Web
Wells Fargo tells workers to delete TikTok, citing privacy concerns
TikTok logo
TikTok logo Credit: TikTok

Wells Fargo, United States fourth-largest bank, has instructed employees who installed TikTok on company devices to remove the app over privacy concerns.

“We have identified a small number of Wells Fargo employees with corporate-owned devices who had installed the TikTok application on their device,” Wells Fargo said in a statement to NBC News. “Due to concerns about TikTok’s privacy and security controls and practices, and because corporate-owned devices should be used for company business only, we have directed those employees to remove the app from their devices.”

Technology • Internet & Web
Amazon rolls back ban of TikTok from employee phones
Amazon rolls back ban of TikTok from employee phones
Credit: Kon Karampelas

Five hours after requiring employees to delete TikTok from their mobile devices, Amazon backtracked saying the email to workers had been sent by mistake.

A spokesperson for the company said, "This morning’s email to some of our employees was sent in error, there is no change to our policies right now with regard to TikTok.".

Technology • Internet & Web
Amazon demands employees to remove TikTok from their phones citing security risks
Amazon demands employees to remove TikTok from their phones citing security risks
Credit: Kon Karampelas

The New York Times reports Amazon officials, in a memo, required employees to delete TikTok from any mobile devices that "access Amazon email.". The removal is due to "security risks" posed by the app.

According to the memo, workers are still allowed to user TikTok from their laptop browser.

Technology • Internet & Web
New Google data retention police will delete users' location, web history after 18 months
New Google data retention police will delete users' location, web history after 18 months
Credit: Cesar Solorzano (Creative Commons Attribution 2.0)

Google is switching to an auto-delete setup as its default for web browsing and app history. The company will automatically delete some web and location history after 18 months for new users, and make it easier for existing customers to change their settings.

Previously users had ways to limit data collection and delete history — location history, search, voice, and YouTube activity data — but it was an opt-out experience.

In a blog post, Sundar Pichai CEO of Google stated: "Today, we are announcing privacy improvements to help do that, including changes to our data retention practices across our core products to keep less data by default."

Transportation • Cars & Automobiles
Honda's global operations hit by cyber-attack
Honda's global operations hit by cyber-attack
Credit: Honda

Japanese manufacturer Honda has said in a statement it is dealing with a cyber-attack that is impacting its operations around the world.

"Honda can confirm that a cyberattack has taken place on the Honda network," a spokesperson said. "We can also confirm that there is no information breach at this point in time".

Technology • Internet & Web
Video call provider Zoom plans on excluding encryption for free users to allow FBI surveillance

The video call and conferencing provider Zoom that experienced a surge in popularity due to the Covid-19 pandemic and has faced criticism over security concerns has announced that it will implement end-to-end encryption for video calls. Though the encryption will only be provided for users with a paid plan. CEO Eric Yuan has stated that they "want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose" as a reason for not providing the encryption to free users.

Technology • Internet & Web
Easyjet data breach exposes 9 million accounts and 2,208 credit cards
EasyJet plane at London Airport
EasyJet plane at London Airport Credit: unsplash.com/ Elio Santos

The UK airline company claims that it has already "closed off this unauthorised access" and contacted the customers with credit card details taken. Email addresses and travel details were accessed by the cyber-attackers, but not the passport records.

Technology • Internet & Web
Zoom acquires security startup Keybase to get end-to-end encryption expertise

Video communications company Zoom announced today is buying Keybase, makers of an end-to-end encrypted messaging and cloud storage system.

Zoom, in a press release, stated: "We are excited to integrate Keybase’s team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability. "

The acquisition is the first one in Zoom's history.