10 matches found
Microsoft Still Uses RC4
Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft over its continued use of the RC4 encryption algorithm. The letter talks about a hacker technique called Kerberoasting, that exploits the Kerberos authentication system...
A week in security (July 29 – August 4)
Last week on Malwarebytes Labs: Threat actor impersonates Google via fake ad for Authenticator Scammers are impersonating cryptocurrency exchanges, FBI warns Meta to pay $1.4 billion over unauthorized facial recognition image capture Apple fixes Siri vulnerabilities that could have allowed...
US senators ask FTC to investigate car makers’ privacy practices
An ongoing US Senate investigation indicated that connected car makers violate consumer privacy by sharing and selling drivers’ data, including their location, on a vast scale, and that the same car makers often obtain consumer consent through deception. Based on this investigation, senators have...
Former Uber Security Chief Found Guilty of Data Breach Coverup
A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. Sullivan has been convicted on two counts: One for obstructing justice by not reporti...
To settle with the DoJ, Uber must confess to a cover-up. And it did.
Uber covered up the 2016 data breach that affected its 57 million customers and drivers. The confession came as part of the settlement between the DOJ US Department of Justice and the taxi company, which will see it avoid criminal prosecution. In a press release from the DOJ, Uber "admits that it...
Senators Urge FTC to Probe ID.me Over Selfie Data
Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission FTC to investigate identity-proofing company ID.me for "deceptive statements" the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal...
RevenueWire to pay $6.7 million to settle FTC charges
What can you do as a scammer when no legitimate payment provider wants to process your payments anymore? Or, what if you are growing sick and tired of these same payment providers reimbursing disgruntled customers who claim that your products didn't fix computers, like—you know—you said they woul...
Facebook Cracks Down On Data Misuse With Expanded Bug Bounty Program
Facebook said in the coming weeks it will expand its bug bounty program in an attempt to crackdown on data misuse by third-party app developers. The company’s bug bounty program, first started in 2011, prompts researchers to find vulnerabilities on the social media platform – but now will be...
Proof-of-Concept App Released for Android Jelly Bean Security Bypass Bug
The researchers who discovered a serious vulnerability in Android 4.3 Jelly Bean that enables a malicious app to disable the security locks on a vulnerable device have published a proof-of-concept app that exploits the bug, as well as source code for the app. The vulnerability in question lies in...
ACLU Asks FTC to Investigate Carriers on Android Security
The next shoe has fallen in an effort to force wireless carriers and handset makers to provide regular security updates to Android mobile devices. The American Civil Liberties Union filed a complaint this week with the U.S. Federal Trade Commission accusing four leading carriers of deceptive...