CNET: Facebook’s banned research app collected data on almost 200K users. “It looks like we now know the number of users affected by a banned Facebook market research app, which paid users up to $20 a month to give the social media site access to how they used their phones. The app, which gained attention earlier this year after Apple blocked Facebook from offering to iPhone users, collected sensitive device data on about 187,000 users, the social network told lawmakers.”
Security & Legal Issues
Security & Legal issues and news. May be about patches, hacks, or court decisions.
Ubergizmo: WhatsApp Warns Of Legal Action Against Abusers Of Its Platform
Ubergizmo: WhatsApp Warns Of Legal Action Against Abusers Of Its Platform. “Facebook-owned WhatsApp is the most popular cross-platform messaging service in the world. Operating at that scale presents its own set of challenges. The company has had to take several steps to ensure that its platform isn’t abused and not used for the spread of misinformation. WhatsApp is now threatening legal action against even those who merely claim that they have the ability to abuse its platform as many companies have emerged who claim to be able to do just that.”
Yubico YubiKey lets you be me: Security blunder sparks recall of govt-friendly auth tokens (The Register)
The Register: Yubico YubiKey lets you be me: Security blunder sparks recall of govt-friendly auth tokens. “The vendor said the firmware in the FIPS Series of YubiKey widgets, aimed mainly at US government use, were prone to a reduced-randomness condition that could make their cryptographic operations easier to crack in some cases, particularly when the USB-based token is first powered up.”
Infosecurity Magazine: “Major Flaw” Discovered in Evernote’s Chrome Extension
Infosecurity Magazine: “Major Flaw” Discovered in Evernote’s Chrome Extension. “A major flaw has been discovered in the code of the Web Clipper Chrome extension of note-taking service Evernote. The flaw, a universal XSS marked CVE-2019-12592 which could have allowed threat actors to extract personal information from the browser environment, was unearthed by security company Guardio and disclosed to Evernote in late May. Within a week, Evernote addressed the issue and rolled-out a complete fix.”
The New York Times: Dark Web Drug Sellers Dodge Police Crackdowns
The New York Times: Dark Web Drug Sellers Dodge Police Crackdowns. “Authorities in the United States and Europe recently staged a wide-ranging crackdown on online drug markets, taking down Wall Street Market and Valhalla, two of the largest drug markets on the so-called dark web. Yet the desire to score drugs from the comfort of home and to make money from selling those drugs appears for many to be stronger than the fear of getting arrested.”
The Guardian: Cybersecurity giant Symantec plays down unreported breach of test data
The Guardian: Cybersecurity giant Symantec plays down unreported breach of test data. “The American cybersecurity giant Symantec has downplayed a data breach that allowed a hacker to access passwords and a purported list of its clients, including large Australian companies and government agencies.”
ZDNet: This is how scammers are now abusing Google Calendar to pillage your data
ZDNet: This is how scammers are now abusing Google Calendar to pillage your data. “Kaspersky researchers said on Monday that multiple cases of the latest invite scheme were detected throughout May, in which fraudsters sent unsolicited event invitations by abusing a ‘free online calendar service that adds invitations and events to users’ calendars automatically.’ The spam message blast exploited a smartphone-based feature for Gmail which automatically added and notified potential victims of the fraudulent calendar invitations.”
