Security and privacy news, 4/11/2021

Security

Last week’s security news showed many facets on how consumers are directly exposed to risks simply by engaging on the web.

• Answers being sought from Facebook over latest data breach to find out What Really Caused Facebook's 500M-User Data Leak?

• Another 500 million accounts have leaked online, and LinkedIn’s in the hot seat despite claiming the leak was just scraping of public information.

• US charges California man over Shopify data breach

In addition, key consumer services and apps are being undermined to trap consumers:

• Hackers are exploiting discord and slack links to serve up malware

• A New Phishing Campaign Sends Malware-Laced Job Offers Through LinkedIn

• New wormable Android malware poses as Netflix to hijack WhatsApp sessions

• Android App That Promised Free Netflix Shockingly Just Highly Annoying Malware

• He believed Apple’s App Store was safe. Then a fake app stole his life savings in bitcoin.

• Another supply-chain attack? Android maker Gigaset injects malware into victims' phones via poisoned update

Massive amounts of consumer data have been exposed 70,000 SSNs, 600,000 Credit Card Records Leaked After Stolen-Data Hub Gets Hacked and No password required: Mobile carrier exposes data for millions of accounts

As usual, there was ransomware news: a VPN vulnerability allowed ransomware to disrupt two manufacturing plants It pays to find out how they got in:A company paid millions to get their data back, but forgot to do one thing. So the hackers came back again and When Companies Fail to Pay, Ransomware Gangs Email Their Customers

In different ways, the underlying infrastructures are attacked:

• Windows and Linux devices are under attack by a new cryptomining worm

• Imposters steal restaurants’ names in delivery app deception

• Wi-Fi slinger Ubiquiti hints at source code leak after claim of ‘catastrophic’ cloud intrusion emerges

• FBI, CISA warn Fortinet FortiOS vulnerabilities are being actively exploited

While enterprises are actively investing in security Survey finds 96% of execs are considering adopting ‘defensive AI’ against cyberattacks consumers would rather not have to deal with it Experian: Consumers prefer ‘invisible security’ to passwords

The fact that Nation-state cyber attacks targeting businesses are on the rise indicates a dangerous escalation.

Privacy

Changes in the ad tracking technologies received a lot of attention lasts week.

While Privacy activist Max Schrems claims Google Advertising ID on Android is unlawful, files complaint in France, Apple shares more details about its imminent App Tracking Transparency feature showing that Tim Cook is making very different choices from Mark Zuckerberg.

Trying to push us from the frying pan into the fire, Email is the answer to the death of cookies for digital publishers

Advancing “customer data management" Segment founder on future of customer data management and acquisition by Twilio But do customers really want to be engaged by businesses? Shouldn’t customer data management mean that customers manage their data?

There are questions about the use of all the data collected. Study suggests Facebook shows users different job ads based on their gender. While Spotify explains how its voice assistant uses your data, not using it is users’ only way to control their data. And once they have the data, Tech Giants Won’t Name Foreign Companies They Give US ‘Bidstream’ Data To

Face recognition received a lot of attention again last week. There was more indication of heavy use in the US Clearview AI's Facial Recognition Has Been Used by Over 1,800 Public Agencies and Dallas Police Used Face Recognition Software Without Authorization, Installed on Personal Phones it In Europe, letters to the EU Commission claim Facial recognition tech is supporting mass surveillance. It's time for a ban, say privacy campaigners

In another case of technology advances having dark sides, Anyone with an iPhone can now make deepfakes.

Regulation

Facebook is increasingly in regulators’ sights, in the US FTC urges courts not to dismiss Facebook antitrust case as well as in Europe: Facebook’s tardy disclosure of breach timing raises GDPR compliance questions and Facebook’s Kustomer buy could face EU probe after merger referral

While anti-trust for big tech is still in early discussions in the US, UK’s Digital Markets Unit starts work on pro-competition reforms