Nakedsecurity – Microsoft may still be violating privacy rules, says Dutch regulator
“The Dutch data privacy regulator is also advising Windows users to “pay close attention to privacy settings when installing and using this software.””
VRTNWS – FaceApp plots populair, maar is die grappige verouderings-app wel zo onschuldig?
“Wie bij het installeren van de app de kleine lettertjes leest, zal namelijk zien dat FaceApp allerlei informatie over zijn gebruikers opslaat, zoals de beelden van je gezicht, je locatie, ip-adres (het unieke identificatienummer van je internetverbinding) en waar je precies op klikt binnen de app. “
The Hacker News – British Airways Fined £183 Million Under GDPR Over 2018 Data Breach
“Britain’s Information Commissioner’s Office (ICO) today hit British Airways with a record fine of £183 million for failing to protect the personal information of around half a million of its customers during last year’s security breach.”
Elektor – Raspberry Pi steelt data van NASA
“De hackers wisten toegang te krijgen tot het interne netwerk van het JPL door het gebruikersaccount van de Raspberry Pi over te nemen. De RPi was door een medewerker op het netwerk aangesloten, maar ten gevolge van lakse controle wisten de netbeheerders van de NASA niet dat de RPi aanwezig was. “
The Hacker News – Two Florida Cities Paid $1.1 Million to Ransomware Hackers This Month
“The ransomware attack … infected Lake City systems on June 10 after an employee in city hall opened a malicious email. Though the IT staff disconnected computers within just 10 minutes of the cyber attack starting, it was too late.”
Nakedsecurity – WeTransfer sends user file links to wrong people
Asymmetric (public key) cryptography is more complex but also more secure because it uses two digital keys for each user – a private (secret) one that is never sent via any channel, and a public (non-secret) one.
Nakedsecurity – Government agencies still send sensitive files via hackable .zips
Even users who have access to AES-based ZIP crypto in their archiving tool don’t always use it …
Nakedsecurity – Hacker threw Molotov cocktail, dropped USB drive of his DDoS deeds
HLN reports that the case law isn’t clear about whether hacking with ethical purposes is prohibited or not. That’s surprising to hear, particularly if you’re in the US, where prosecutors come down like a ton of bricks on hackers, noble intent or no.
Forbes – NASA Has Been Hacked
“It reveals that an unauthorized Raspberry Pi computer connected to the JPL servers was targeted by hackers, who then moved laterally further into the NASA network.” “Everything from poor IT asset visibility and security violation ticket resolution shortcomings, through to untimely delays in patching known vulnerabilities were detailed by the auditors.”
Helpnetsecurity – Human error still the cause of many data breaches.
When assessing additional causes of data breaches, the report found that nearly half of all C-suite executives (47%) and one in three Small Business Owners (31%) say human error or accidental loss by an employee/insider was the cause.