HMD admits the Nokia 7 Plus was sending personal data to China

HMD admits the Nokia 7 Plus was sending personal data to China

HMD is in hot water following a report from Norwegian site NRKbeta, which found that HMD's Nokia 7 Plus was sending users' personal information to a server in China.

Private info of 2.3M disaster victims wrongly released by U.S. emergency management

Private info of 2.3M disaster victims wrongly released by U.S. emergency management

The Federal Emergency Management Agency wrongly released to a contractor the personal information of 2.3 million survivors of devastating 2017 hurricanes and wildfires, potentially exposing the victims to identity fraud and theft, a government watchdog reported Friday.

Big Tech is Spying on Us: a collection of articles to freak you out and convince your doubting friends.

Big Tech is Spying on Us: a collection of articles to freak you out and convince your doubting friends.

It's in Big Tech's DNA to spy on us, and the proliferation of IoT / smart home gadgets along with artificial intelligence (AI) algorithms are only going accelerate the problem.

Google Quietly Adds Search Engine Privacy Option To Chrome - Here's How To Enable It

Google Quietly Adds Search Engine Privacy Option To Chrome - Here's How To Enable It

The latest Google Chrome web browser update has a pleasant surprise in store for users who value their privacy. Indeed, DuckDuckGo enters into an agreement with the user to block advertising trackers, keep your search history private and allow you to take control of your personal data by not storing it.

Pointing to the future: the next step in fraud prevention

Pointing to the future: the next step in fraud prevention

Considering that five million UK consumers had funds stolen from their bank or credit card account in 2017 – at an average cost of £840 each according to comparison site ComparetheMarket – it is vital that issuers are able to resolve payment disputes quickly and efficiently to maintain cardholder loyalty and brand reputation.

Facebook admits it stored ‘hundreds of millions’ of account passwords in plaintext

Facebook admits it stored ‘hundreds of millions’ of account passwords in plaintext

Facebook confirmed Thursday in a blog post, prompted by a report by cybersecurity reporter Brian Krebs, that it stored “hundreds of millions” of account passwords in plaintext for years. Both companies said passwords were stored in plaintext and not scrambled.

Streaming site Kanopy exposed viewing habits of users, researcher says

Streaming site Kanopy exposed viewing habits of users, researcher says

In a blog post, Paine said the server contained between 25-40 million daily logs, which he said could have identified all the videos searched for and watched from a user’s IP address.

Facial recognition can speed you through airport security, but there's a cost

Facial recognition can speed you through airport security, but there's a cost

"US Customs and Border Protection is changing the face of travel with its cloud-based facial biometric matching service," the agency says in a pamphlet explaining the technology.

Facebook admits storing unencrypted user passwords on its server, says issue fixed

Facebook admits storing unencrypted user passwords on its server, says issue fixed

Brian Krebs of security news website cited an unnamed Facebook source as saying the internal investigation had so far indicated that as many as 600 million users of the social network had account passwords stored in plain text files searchable by more than 20,000 employees.

Facebook stored hundreds of millions of passwords unprotected

Facebook stored hundreds of millions of passwords unprotected

According to security reporter Brian Krebs, who cited a “senior Facebook insider”, “access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plaintext user passwords”.

Facebook employees had access to millions of user passwords

Facebook employees had access to millions of user passwords

stored up to 600 million user account passwords without encryption and viewable as plain text to tens of thousands of company employees, according to a report Thursday by cybersecurity journalist Brian Krebs.

Law enforcement needs to protect citizens and their data

Law enforcement needs to protect citizens and their data

While the bill includes limited restrictions on law enforcement requests, the vague definitions and concentrated authorities give the Australian government sweeping powers that ultimately undermine the security and privacy of the very citizens they aim to protect.

With facial recognition, shoplifting may get you banned in places you've never been

With facial recognition, shoplifting may get you banned in places you've never been

If a logged person tries entering the store, Kogniz's facial recognition will be able to detect that and flag security, Daniel Putterman, the company's co-founder and director, said in an interview. There aren't any rules or standards governing how companies use facial recognition technology.

Preparing for Travel – Properly Backing Up Your Android Cell Phone

Preparing for Travel – Properly Backing Up Your Android Cell Phone

Wipe: Reinstall OS and Overwrite All Free Space with Garbage Data You can use the “system restore” or “factory reset” feature on a lot of phones in order to roll back all of your apps, settings, and caches to the factory defaults.

It's Scary How Much Personal Data People Leave on Used Laptops and Phones, Researcher Finds

It's Scary How Much Personal Data People Leave on Used Laptops and Phones, Researcher Finds

Frantz amassed a respectable stockpile of refurbished, donated, and used hardware: 41 desktops and laptops, 27 pieces of removable media (memory cards and flash drives), 11 hard disks, and six cellphones. Screenshot: Josh Frantz / Rapid7 Only two of the devices were erased properly, he said: a Dell laptop and a Hitachi hard drive.

Facial recognition has no checks, and that’s bad news for our privacy

Facial recognition has no checks, and that’s bad news for our privacy

If a logged person tries entering the store, Kogniz's facial recognition will be able to detect that and flag security, Daniel Putterman, the company's co-founder and director, said in an interview. One store that uses Kogniz shares its login information with its local police department, Putterman said.

Gmail's end-to-end encryption project is dead. Start using end-to-end encryption!

Gmail's end-to-end encryption project is dead. Start using end-to-end encryption!

Two years ago, Google has silently handed the project E2EMail which was started to enable easy end-to-end encryption in Gmail via a browser extension to "the open source community". Three years earlier, Google had announced that they are building an end-to-end encrypted Chrome plugin to automatically encrypt emails between Gmail users.

Alarm over leaked US database targeting journalists and immigration activists

Alarm over leaked US database targeting journalists and immigration activists

Photograph: Ariana Drehsler/UPI/Barcroft Images “It means that the debate about immigrants’ rights, about the treatment of immigrants, about the treatment of asylum seekers, is going to be suppressed or censored because the people who are speaking out with a voice that’s critical of the government are going to be singled out for harsher treatment or punished,” Bhandari said.

Sandboxing and DMARC Authentication Added to SpamTitan Email Security Solution

Sandboxing and DMARC Authentication Added to SpamTitan Email Security Solution

This week, TitanHQ has rolled out two new features for its award-winning email security solution SpamTitan: Sandboxing and DMARC email authentication. SpamTitan now incorporates DMARC authentication to provide even greater protection against email spoofing attacks.

Login With Facebook, Google or AT&T? Thanks, but No Thanks

Login With Facebook, Google or AT&T? Thanks, but No Thanks

There's more: Project Verify is better than the Facebook and Google SSOs because it's going to be checked against your mobile SIM card, phone number, user credentials, account tenure and phone account type (info only your wireless carrier has).

Exploding sneakers are only one reason for passing IoT cyber-security regulations

Exploding sneakers are only one reason for passing IoT cyber-security regulations

Sometimes shipped with factory-set, hardcoded passwords and often unable to be updated or patched, IoT devices can represent a weak point in a network’s security, leaving the rest of the network vulnerable to attack Hacker-created IoT botnets can direct enormous swarms of connected sensors like thermostats or sprinkler controllers to cause damaging and unpredictable spikes in infrastructure use, leading to things like power surges or reduced availability of critical infrastructure on a city or state-wide level.

Why You Should Be Worried about Online Ad Tracking (Step-By-Step Guide to Stop It)

Why You Should Be Worried about Online Ad Tracking (Step-By-Step Guide to Stop It)

Open Settings Go to Privacy Select Advertising Toggle the Limit Ad Tracking switch Even if you turn this feature off, Apple can still collect data about you to send ads in the right language and for the right location.

Slack hands over control of encryption keys to regulated customers

Slack hands over control of encryption keys to regulated customers

Slack announced today that it is launching Enterprise Key Management (EKM) for Slack, a new tool that enables customers to control their encryption keys in the enterprise version of the communications app.

Trading privacy for survival is another tax on the poor

Trading privacy for survival is another tax on the poor

“I can’t cross-examine an algorithm.” advertisement Personal data is used to deny low-income people access to resources or opportunities, but it’s also used to target them with predatory marketing for payday loans or even straight-up scams.

Why Phone Numbers Stink As Identity Proof — Krebs on Security

Why Phone Numbers Stink As Identity Proof — Krebs on Security

Nixon said countless companies have essentially built their customer authentication around the phone number, and that a great many sites still let users reset their passwords with nothing more than a one-time code texted to a phone number on the account.

A huge trove of medical records and prescriptions found exposed

A huge trove of medical records and prescriptions found exposed

According to a brief review of the data, the faxes contained a host of personally identifiable information and health information, including medical records, doctor’s notes, prescription amounts and quantities, as well as illness information, such as blood test results.

Google’s Nest fiasco harms user trust and invades their privacy

Google’s Nest fiasco harms user trust and invades their privacy

But, following a trust-shattering move by Google last month regarding its Nest Secure product, consensus on one issue has emerged: Companies shouldn’t ship products that can surreptitiously spy on users.

DARPA Is Building a $10 Million, Open Source, Secure Voting System

DARPA Is Building a $10 Million, Open Source, Secure Voting System

“Galois and DARPA have just stepped up and filled a vacuum of leadership at the federal level to address the well-documented vulnerabilities in US voting machines that constitute a national security crisis.” But even so, the secure designs are expected to change how new CPUs are architected going forward.

Senators want to know when they've been hacked

Senators want to know when they've been hacked

In a letter signed by Sen. Ron Wyden, a Democrat from Oregon, and Sen. Tom Cotton, a Republican from Arkansas, the senators ask Senate Sergeant at Arms Michael Stenger to provide an annual report on the number of times Senate computers have been hacked, and incidents where hackers were able to access sensitive Senate data.

New BitLocker attack puts laptops storing sensitive data at risk

New BitLocker attack puts laptops storing sensitive data at risk

Image: Denis Andzakovic A security researcher has come up with a new method of extracting BitLocker encryption keys from a computer's Trusted Platform Module (TPM) that only requires a $27 FPGA board and some open-sourced code.

More