720-891-1663

Alerts, Breach, Hacks, Legal, Privacy

Security News for the Week Ending January 6, 2023

Leave a comment

Welcome 2023! Hopefully, it will be better for cybersecurity. Hopefully.

More FTX Cybercrime

The DoJ has launched yet another criminal probe in the bizarre FTX bankruptcy. This represents about $375 million out of the billions lost, but it looks like this theft took place right after the bankruptcy became public. Credit: MSN

Slack Joins Okta in Losing Source Code

Slack joined Okta (see last week’s newsletter) in admitting that hackers compromised employee’s tokens and used them to access the company’s GitHub account. According to the company, all the hackers stole was their source code, not any of your very important messages. Their spin doctors want to downplay the seriousness of this, but it is very serious, both the the company and to customers. They claim to have their world under control again, but that does not mean that they got their source code back. Credit: Cyber News

Telsa, Others at Risk from Cross-Origin Resource Sharing

Like other web capabilities, CORS can be mis-configured which allows hackers into, in this case, Tesla’s internal network. CORS is a way to get access to resources outside the company’s domain in a controlled manner – if done right. Credit: Portswigger

Ireland Says Facebook Cannot Bury Consent to Steal Your Data Inside User Agreement Because There is No Way to Opt Out

Ireland is Facebook’s primary EU regulator and the fined Meta $400 million for burying the consent for data sharing inside the terms of service, meaning that if you want to use Facebook or Instagram, you must agree to allow them to steal your data. The Irish DPC gave Facebook three months to tell them how they plan to fix it. This exposes a rift between Ireland and the European Data Protection Board, which ruled last month to overturn a previous Irish decision. We need to wait until the dust settles to figure this out, but if companies are allowed to bury consent inside terms of service, then Article 6 of GDPR is meaningless (express consent). Credit: The Register

France Fines Apple $8 Million Over Check Box

In fairness, the checkbox, which defaults to checked, says the user gives Apple permission to steal your data to send you personalized ads, rather than asking the user if they want Apple to do that. Of course, there is a huge financial incentive for Apple to do this because personalized ads generate much more revenue for Apple. On top of that, Apple makes it difficult for users to find and turn this off (look in settings, then privacy and then Apple Advertising to find the checkbox to uncheck. The fine only addresses French users, but the problem is not limited to France. Credit: Tech Crunch

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2024 CyberCecurity, All rights reserved. Privacy Policy