News

Facebook Inc and the Federal Trade Commission (FTC) are negotiating a possible settlement that would require the company to create an independent privacy oversight committee and take other steps to safeguard users, Politico reported on Wednesday, citing a source. The steps would include appointing a federally-approved privacy official at the highest level of Facebook and creating a privacy oversight committee that may include Facebook board members, the report said. Source: https://uk.reuters.com/article/us-facebook-ftc-settlement/facebook-settlement-with-u-s-may-include-privacy-oversight-politico-idUKKCN1S802X

Google is to offer users the option of automatically deleting their search and location history after three months. The search giant already allows users to manually delete the data it scoops up when they use its products such as YouTube, Maps and Search. Now, in a bid to offer more control over personal data, it will offer the option of automatic deletion after three or 18 months. Source: https://www.bbc.co.uk/news/technology-48132041

On Tuesday 30 April, Facebook debuted a makeover for its main app at its annual developer conference, F8, in San Jose, California. Speaking at the event, CEO Mark Zuckerberg explained that Facebook Messenger has been rewritten from scratch: it now includes ways for people to watch videos together. Likewise, the Facebook app has been entirely redesigned (“The app isn’t even blue anymore!”), and a new desktop webpage will launch later this year. Both will feature new...

The Department of Homeland Security has ordered federal civilian agencies to more swiftly plug the vulnerabilities found on their networks, citing evidence that hackers are getting quicker at exploiting such bugs. In a Binding Operational Directive (BOD) dated April 29, DHS’s Cybersecurity and Infrastructure Security Agency gives agencies 15 days after discovery to fix vulnerabilities deemed critical – as opposed to the 30 days that agencies previously had to address those flaws. Source: https://www.fedscoop.com/dhs-orders-agencies-patch-faster/

Attackers are exploiting a recently disclosed WebLogic vulnerability to install a new ransomware called Sodinokibi. As this vulnerability is trivial to exploit, it is important that server admins install the patch immediately in order to prevent infections or unauthorized access. Earlier this month, a deserialization vulnerability (CVE-2019-2725) was discovered in Oracle WebLogic Server that allows attackers to gain full access to the server in order to install malware or use it as a launchpad for...

The rapidly growing "internet of things" (IOT) - internet-connected gadgets - would have to be made more secure under proposed new laws. Security vulnerabilities that could be targeted by hackers have been found in everything from toy dolls to internet-connected ovens in recent years. The new laws would mean such devices would have to come with unique passwords, for example. Source: https://www.bbc.co.uk/news/technology-48106582

Vodafone has denied a report saying issues found in equipment supplied to it by Huawei in Italy in 2011 and 2012 could have allowed unauthorised access to its fixed-line network there. A Bloomberg report said that Vodafone spotted security flaws in software that could have given Huawei unauthorised access to Italian homes and businesses. Source: https://www.bbc.co.uk/news/business-48103430

Vodafone has confirmed that vulnerabilities were found in equipment supplied by Huawei to bolster the telecom giant's Italian fixed-line network. The vulnerabilities, described as "hidden backdoors" by Bloomberg, could have been utilized to give the Chinese networking giant unauthorized access to Vodafone infrastructure, the publication reported on Tuesday. Source: https://www.zdnet.com/article/huawei-denies-existence-of-backdoors-in-vodafone-networking-equipment-brands-them-technical-flaws/

Hackers hid sophisticated malware on Puma Australia's website that could steal your credit card information at checkout, a security researcher found. Sanguine Security forensic analyst Willem de Groot said he found suspicious code tucked away on Puma Australia's page containing a script that logged people's credit card numbers, names and addresses when they typed them in on the website. The code sent victims' data over to a server registered in Ukraine, de Groot said. The security researcher said...

Hackers have stolen $1.75 million from the Saint Ambrose Catholic Parish following a successful BEC (Business Email Compromise) attack which was discovered on April 17 after payments related to the church's Vision 2020 project were not received by a contractor. BEC (also known as Email Account Compromise - EAC) scams are a highly prevalent attack used by crooks to quickly make bank, most times not requiring that much technical skill given its focus on tricking people into wiring money to trusted...