Unhappy #DataPrivacyDay to us all
New research claims that data leaks and breaches skyrocketed 93% in 2020. Imperva detected 883,865 incidents at the start of the year—a number that rose to 1.7 million by year’s end … and that doesn’t even include data lost on physical devices. It says that security has been an afterthought as businesses rushed to stay afloat during the rocky year. Another report, from Entrust, found that 63% of consumers are OK with handing over more data in exchange for greater personalization, and 47% said they don’t review the T&Cs of an app before downloading. Why? They’re too long.
WhatsApp adds biometric authentication to web, desktop versions
Over the past few weeks, the Facebook-owned, wildly popular messaging app WhatsApp has been shedding users after announcing (and then delaying) changes to how it shares, or doesn’t share, data with Facebook. It’s still tweaking privacy and security, with the latest being a new biometric authentication layer for those using its web and desktop versions. As of yesterday, users get to add a fingerprint, face, or iris scan to authenticate when they log in to WhatsApp on desktop or web by linking it to the mobile app. The biometric feature is used alongside the existing QR code authentication.
Sources: Facebook preps suit against Apple over App Store rules
Facebook has been spending months preparing an antitrust lawsuit against Apple that would allege that it’s forced app developers to stick to App Store rules that Apple’s own apps don’t have to follow, according to people with direct knowledge of the efforts. The lawsuit might not happen, given that Facebook execs are facing internal pushback from employees. According to The Information, Facebook employees have “expressed skepticism over waging a high-profile battle against Apple,” with some employees concerned that Facebook just isn’t a compelling victim, given its own legal issues and “past mishandling of user data.”
Facebook Oversight Board says ‘No’ to 4 of 5 post removals
Facebook’s Oversight Board issued its first decisions on Thursday, overturning four out of five removals of posts for violating policies on issues such as hate speech. Facebook says it will abide by the rulings. For example, the board overturned Facebook’s removal of a post from a user in Myanmar who disparaged Muslims as “psychologically inferior.” The board, made up of 20 journalists, politicians and judges, ruled that the terms used “were not derogatory or violent.” In coming weeks, the board will consider overturning Facebook’s suspension of former President Donald Trump’s account in the wake of the Jan. 6 riots.
(NBC News)
And now our sponsor Nucleus Security brings you “The Top 5 Antipatterns in Vulnerability Management”:
Apple delays iPhone tracking transparency to appease Facebook, et al.
Apple is once again delaying the release of its App Tracking Transparency control—a long-awaited feature that will prevent iPhone apps from secretly shadowing us—until early spring. It was originally scheduled to be released this past September. The release got pushed out after Facebook—along with other digital services that rely on user surveillance to fund ad revenues—cried foul. Apple released the latest update as part of Data Privacy Day. The feature will be part of an iPhone software update likely to arrive in late March or at some time in April.
Robinhood slams the brakes on GameStop trading
This week, GameStop’s stock price soared, thanks to a Reddit-fueled frenzy meant to flummox the hedge funds and short-sellers who placed bets that its stock would crash. As of yesterday morning, GameStop was up more than 1,700% since the start of January, and as we reported at the time, the melee was causing outages for some trading platforms. Among them, TD Ameritrade and the popular consumer trading application Robinhood responded by restricting trades on GameStop and the popular movie chain AMC.
Citrix employees affected in data breach win $2.3m settlement
For five months, hackers lurked undetected in the network systems of Citrix, surreptitiously stealing data from the company’s employees. Now, a judge has approved a $2.275 million settlement for those employees. The settlement was first agreed in June 2020. Citrix will set up a fund to be used for credit monitoring services, ID theft recovery, and up to $15,000 in reimbursement for expenses and loss per claimant. The stolen data may have included their PII, Social Security numbers, passport numbers, limited health insurance data, driver’s licenses, and financial account information such as payment card numbers.
(ZDNet)
New ‘LogoKit’ phishing kit can build phishing pages in real-time
LogoKit, a new phishing toolkit that’s appeared on more than 300 domains and 700 sites over the past month, changes logos and text on a phishing page in real-time to tailor its come-ons to targeted victims. “Once a victim navigates to the URL, LogoKit fetches the company logo from a third-party service, such as Clearbit or Google’s favicon database,” RiskIQ security researcher Adam Castleman said in a report on Wednesday. He says that the kit also auto-fills a victim’s email into the email or username field, tricking victims into feeling like they’ve previously logged into the site.
(ZDNet)