Privacy News Online | Weekly Review: November 20, 2020

Privacy News Online | Weekly Review: November 20, 2020

In a new blogpost on Microsoft’s blog, Alex Weinert – Director of Identity Security – has urged users to stop using SMS and call based multi-factor authentication.Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service.

Microsoft Warns: A Strong Password Doesn’t Work, Neither Does Typical Multi-Factor Authentication

Microsoft Warns: A Strong Password Doesn’t Work, Neither Does Typical Multi-Factor Authentication

picture alliance via Getty Images The Director of Identity Security at Microsoft has been warning about the inefficacy of passwords and more recently about standard Multi-Factor Authentication or MFA.He should know: the team he works with at Microsoft defends against hundreds of millions of password-based attacks every day.

FBI warns ransomware assault threatens US healthcare system

FBI warns ransomware assault threatens US healthcare system

The aggressive offensive by a Russian-speaking criminal gang coincides with the U.S. presidential election, though there was no immediate indication it was motivated by anything but profit.“We are experiencing the most significant cyber security threat we’ve ever seen in the United States,” Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement.

Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web

Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web

97% of companies have data leaks and other security incidents exposed on the Dark Web. 631,512 verified security incidents were found with over 25% (or 160,529) of those classed as a high or critical risk level+ containing highly sensitive information such as plaintext credentials or PII, including financial or similar data.

Trump says he is considering pardon for leaker Edward Snowden

Trump says he is considering pardon for leaker Edward Snowden

WASHINGTON (Reuters) - President Donald Trump said on Saturday he is considering a pardon for Edward Snowden, the former U.S. National Security Agency contractor - now living in Russia - whose spectacular leaks shook the U.S. intelligence community in 2013.

Privacy-Focused OS Wants to Know How Facebook and the FBI Hacked it

Privacy-Focused OS Wants to Know How Facebook and the FBI Hacked it

The hacking tool relied on an unknown flaw—also called a zero-day in hacker lingo—in the default video player included in Tails, a well-known Linux-based operating system that’s used by journalists, dissidents, human rights activists, and security-focused users all over the world.

App Used by Netanyahu's Likud Leaks Israel's Entire Voter Registry

App Used by Netanyahu's Likud Leaks Israel's Entire Voter Registry

The voter registry was uploaded by Likud to the Elector app, which is used by the party to manage Election Day. The firm that developed the application, Feed-b, commented that the vulnerability was a “one-off incident that was immediately dealt with," and that security measures have since been boosted.

Health Data Breach Not Reported for Seven Months

Health Data Breach Not Reported for Seven Months

While HIPAA covered entities and business associates are required to investigate all security incidents, a '"breach" is not determined until the entities confirm that "acquisition, access, use or disclosure of PHI in a manner not permitted [under the regulations] which compromises the security or privacy of the PHI" occurred, she notes.

Over 120 million X-Rays, CT scans exposed on the internet due to carelessness of hospitals: Report

Over 120 million X-Rays, CT scans exposed on the internet due to carelessness of hospitals: Report

Confidential personal health data belonging to millions of Indians are lying exposed on the internet because hospitals and medical institutions have not taken security precautions to safeguard this information.

Chinese state 'likely' linked to cyber spies targeting human rights workers

Chinese state 'likely' linked to cyber spies targeting human rights workers

The espionage group, dubbed Bronze President, deployed malware against its alleged victims to monitor their activities and steal documents, according to the assessment released on Sunday by Secureworks , a US-based cyber security company.

Pentagon warns US military not to use home DNA testing kits

Pentagon warns US military not to use home DNA testing kits

The Pentagon is advising members of the US military not to use DNA testing kits, warning that the popular genetic identification kits could pose a security risk.But a department of defence memo, obtained by Yahoo News, warned that the kits could put members of the military at risk.

The Fear of Biometric Technology in Today’s Digital World

The Fear of Biometric Technology in Today’s Digital World

With access to biometric data, hackers can easily steal someone’s identity or even use and tamper the private information that could be detrimental to someone’s life.The security issues regarding biometric data focus on how sensitive information is captured, stored, processed, transmitted, and accessed.

Privacy protection essential to shield human rights, says Microsoft's Smith

Privacy protection essential to shield human rights, says Microsoft's Smith

LISBON (Reuters) - Microsoft President Brad Smith said on Wednesday a “new wave” of data privacy protection and other security measures was needed to safeguard people’s rights at a time when “everything has gone digital”.

Australia proposed using facial recognition technology for online gambling and pornography age verification

Australia proposed using facial recognition technology for online gambling and pornography age verification

The Australian government’s Department of Home Affairs has proposed using facial recognition for online age verification for pornography and gambling websites visited by Australians as an update to Australia’s National Identity Security Strategy.

Google Might Soon Let Huawei Use its Services Again

Google Might Soon Let Huawei Use its Services Again

Google apps and the Play store might soon be returning to Huawei devices, according to a report from the New York Times.An executive order signed by US president (ugh) Donald Trump in May banned US companies from purchasing telecommunications equipment from foreign companies, including Huawei, deemed a national security risk.

WeWork Breach of Confidential Business Information Serves as a Good Reminder About the Holes in Public WiFi Security

WeWork Breach of Confidential Business Information Serves as a Good Reminder About the Holes in Public WiFi Security

Given that most of WeWork’s tenants do not have permanent office space in the building, the company primarily sells itself on amenities like its WiFi. WeWork offers enhanced security options such as a private VLAN, but they come with substantial added setup and ongoing monthly fees.

This Online Black Market Will Sell Your Entire Digital Identity

This Online Black Market Will Sell Your Entire Digital Identity

An online marketplace called Richlogs is selling stolen digital fingerprints that include access to a person’s entire online presence or web activity.Basically, it’s enough data to let a buyer totally assume their identity online, according to a report published Wednesday by the cybersecurity firm IntSight.

Apple accidentally reopens security flaw in latest iOS version

Apple accidentally reopens security flaw in latest iOS version

Stefan Esser, an iPhone security expert, tweeted an additional warning: “I hope people are aware that with a public jailbreak being available for the latest iOS 12.4 people must be very careful what apps they download from the Apple AppStore.

5 big questions to ask companies before entrusting them with your personal data

5 big questions to ask companies before entrusting them with your personal data

Given the number of data breaches and privacy violations in recent years involving companies from Equifax EFX, -0.67% to Facebook FB, -0.77%, some people might only be surprised if their personal data was not hacked, said Britt Siedentopf, vice president of services at Global Asset, a cybersecurity and IT support firm in the Dallas, Texas metro area.

What can we learn from Palantir’s secret user manual for police users of its big data software?

What can we learn from Palantir’s secret user manual for police users of its big data software?

A Bloomberg article last year gave some details of how the Los Angeles Police Department uses Palantir’s Gotham product for Operation Laser, a program to identify and deter people likely to commit crimes: Information from rap sheets, parole reports, police interviews, and other sources is fed into the system to generate a list of people the department defines as chronic offenders, says Craig Uchida, whose consulting firm, Justice & Security Strategies Inc., designed the Laser system.

US Attorney General demands encryption backdoors at all costs and for you to just accept it

US Attorney General demands encryption backdoors at all costs and for you to just accept it

President Trump’s Attorney General, William Barr, has demanded the tech industry create encryption backdoors because he views encryption as a security risk. There isn’t any way for lawful access to exist without materially weakening the security provided by encryption.

Tech firms “can and must” put backdoors in encryption, AG Barr says

Tech firms “can and must” put backdoors in encryption, AG Barr says

He also accused tech firms of "dogmatic" posturing, saying lawful backdoor access "can be and must be" done, adding, "We are confident that there are technical solutions that will allow lawful access to encrypted data and communications by law enforcement, without materially weakening the security provided by encryption.".

Passbase  -  Blog - Identity Checking - Why Digital Identities Drive Security And Privacy

Passbase - Blog - Identity Checking - Why Digital Identities Drive Security And Privacy

In today's hyper-connected world, aspects that cover user verification, reducing fraud, checking identity theft and enabling identity checking services are some of the main focus points for businesses, regulators and government bodies. For businesses, identity theft means losses, highlighting the need for companies to cautiously leverage identity checking services and identity card checking for user verification.

Bloomberg Appears To Flub Another China Story, Insists Telnet Is A Nefarious Huawei Backdoor

Bloomberg Appears To Flub Another China Story, Insists Telnet Is A Nefarious Huawei Backdoor

Europe’s biggest phone company identified hidden backdoors in the software that could have given Huawei unauthorized access to the carrier’s fixed-line network in Italy, a system that provides internet service to millions of homes and businesses, according to Vodafone’s security briefing documents from 2009 and 2011 seen by Bloomberg, as well as people involved in the situation.".

Yes, LinkNYC Kiosks Are Giant Data-Harvesting Surveillance Cameras, Obviously

Yes, LinkNYC Kiosks Are Giant Data-Harvesting Surveillance Cameras, Obviously

Police identified Rodriguez using security camera footage captured by the kiosks themselves: In one video, he can allegedly be seen approaching one of the data monoliths and hurling a brick directly into its all-seeing face.

“5 Surprisingly Easy Ways We Let People Steal Our Identity.” (From our Forums.)

“5 Surprisingly Easy Ways We Let People Steal Our Identity.” (From our Forums.)

When personal information is fraudulently used to open new accounts, BJS says, people affected experience a lot financial problems in the future. Someone calls you claiming to be from your bank and asks for sensitive personally identifiable information like your social security number.

Why Phone Numbers Stink As Identity Proof — Krebs on Security

Why Phone Numbers Stink As Identity Proof — Krebs on Security

Nixon said countless companies have essentially built their customer authentication around the phone number, and that a great many sites still let users reset their passwords with nothing more than a one-time code texted to a phone number on the account.

The Cybersecurity Industry Makes Millions, But Is It Keeping Us Safe?

The Cybersecurity Industry Makes Millions, But Is It Keeping Us Safe?

Kelly Shortridge, vice president of product strategy at Capsule8, a New York City-based security startup, joined CYBER to talk about the cybersecurity industrial complex, and about her piece: The Infosec Reckoning Has Arrived .

The Dangers of a Mandatory DNA Database

The Dangers of a Mandatory DNA Database

A law he proposed would have forced many residents to give samples of their DNA to a state database, to be stored with their name and Social Security number.

How to Regulate the Internet Without Becoming a Dictator

How to Regulate the Internet Without Becoming a Dictator

Governments can exert some influence over the internet within their borders without being authoritarian—if they act in a way that protects citizens from cybersecurity threats, such as identity theft or computer hacking—provided those actions are also backed by democratic laws and procedures that prevent the abuse of power (e.g., using cyberinsecurity as an excuse for censorship).

More