285 matches found
SIM swapper jailed for 18 months over crypto heist
Nicholas Truglia 25 from Florida was sentenced to 18 months on Thursday for his involvement in a digital heist that cost Michael Terpin @michaelterpin, a renowned personality in the cryptocurrency space, $23.8M. The theft happened on January 2018, where Truglia and his co-conspirators targeted...
Former Uber Security Chief Found Guilty of Data Breach Coverup
A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. Sullivan has been convicted on two counts: One for obstructing justice by not reporti...
FTC Sues Data Broker
This is good news: The Federal Trade Commission FTC has sued Kochava, a large location data provider, for allegedly selling data that the FTC says can track people at reproductive health clinics and places of worship, according to an announcement from the agency. "Defendants violations are in...
FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones
The U.S. Federal Trade Commission FTC on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers' mobile devices. The complaint alleges that the U.S. company amasses a "wealth of information" about users b...
Twitter Whistleblower Complaint: The TL;DR Version
A recently surfaced 84-page whistleblower report filed with the US government by Twitter’s former head of security Peiter “Mudge” Zatko last month blasts his former employer for its alleged shoddy security practices and being out of compliance with an FTC order to protect user data. Twitter has...
Twitter security under scrutiny after former executive turns whistleblower
A former Twitter executive has acted as a whistleblower and alleged some serious problems. Provided these accusations are true, the disclosure shows a side of Twitter that poses a threat to its own users' personal information, to company shareholders, to national security, and to democracy...
Mudge Files Whistleblower Complaint against Twitter
Peiter Zatko, aka Mudge, has filed a whistleblower complaint with the SEC against Twitter, claiming that they violated an eleven-year-old FTC settlement by having lousy security. And he should know; he was Twitters chief security officer until he was fired in January. The Washington Post has the...
To settle with the DoJ, Uber must confess to a cover-up. And it did.
Uber covered up the 2016 data breach that affected its 57 million customers and drivers. The confession came as part of the settlement between the DOJ US Department of Justice and the taxi company, which will see it avoid criminal prosecution. In a press release from the DOJ, Uber "admits that it...
To settle with the DoJ, Uber must confess to a cover-up. And it did.
Uber covered up the 2016 data breach that affected its 57 million customers and drivers. The confession came as part of the settlement between the DOJ US Department of Justice and the taxi company, which will see it avoid criminal prosecution. In a press release from the DOJ, Uber "admits that it...
A week in security (July 18 – July 24)
Last week on Malwarebytes Labs: Extortionists target restaurants, demand money to take down bad reviews The FTC will go after companies misusing location, health, and other sensitive data Roblox breached: Internal documents posted online by unknown attackers Warning for WordPress admins: Uninstal...
Security Experts Warn of Two Primary Client-Side Risks Associated with Data Exfiltration and Loss — The Hacker News
Two client-side risks dominate the problems with data loss and data exfiltration: improperly placed trackers on websites and web applications and malicious client-side code pulled from third-party repositories like NPM. Client-side security researchers are finding that improperly placed trackers,...
The FTC will go after companies misusing location, health, and other sensitive data
After the overturning of Roe V Wade, many feared that using, having access to, and sharing reproductive and sexual health data—once done freely—would be outlawed with the practice of abortion in many states. To protect such data from falling into the wrong hands, Congresswoman Sara Jacobs D-CA...
U.S. FTC Vows to Crack Down on illegal Use and Sharing of Citizens' Sensitive Data
The U.S. Federal Trade Commission FTC warned this week that it will crack down on tech companies' illegal use and sharing of highly sensitive data and false claims about data anonymization. "While many consumers may happily offer their location data in exchange for real-time crowd-sourced advice ...
LGBTQ+ community targeted by extortionists who threaten to publish nudes
The FTC Federal Trade Commission has warned the LGBTQ+ community about extortionists posing as potential romantic partners on Grindr and Feeld. The scammers send their targets explicit photos and then ask for them to reciprocate. If they do, targets are then blackmailed into paying a ransom,...
Twitter fined $150M after using 2FA phone numbers for marketing
The Federal Trade Commission FTC and the Department of Justice DOJ have ordered Twitter to pay a $150M penalty for using users account security data deceptively. The deception violates an FTC order from 2011, that bars Twitter from "misleading consumers about the extent to which it protects the...
Twitter Fined $150 Million for Misusing Users' Data for Advertising Without Consent
Twitter, which is in the process of being acquired by Tesla CEO Elon Musk, has agreed to pay $150 million to the U.S. Federal Trade Commission FTC to settle allegations that it abused non-public information collected for security purposes to serve targeted ads. In addition to the monetary penalty...
Senators Urge FTC to Probe ID.me Over Selfie Data
Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission FTC to investigate identity-proofing company ID.me for "deceptive statements" the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal...
CafePress faces $500,000 fine for data breach cover up
The US Federal Trade Commission FTC has announced that it took action against online customized merchandise platform CafePress over allegations that it failed to secure consumers’ sensitive personal data and covered up a major breach. CafePress is a popular online custom T-shirt and merchandise...
WordPress FTC Disclosure plugin <= 2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress FTC Disclosure plugin versions = 2.0. Solution No patched version available...
WordPress FTC Disclosure plugin <= 2.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress FTC Disclosure plugin versions = 2.0. Solution No patched version available...