A major phishing attack mimicking cloud-based Google Docs software spread across news organizations and other companies yesterday. Gmail users have been reporting massive numbers of fraudulent emails that masquerade as a message from Google Docs. The emails appear as an invitation to join a Google Doc and often claim to be sent by an individual in the user’s address book. However, clicking on the embedded link directs recipients to grant access to a Google Docs app that is actually a program that sends spam to addresses in the recipient’s email. Continue reading Google Docs Users Targeted in Widespread Phishing Attack

Hackers are reportedly targeting third-party sellers on Amazon by using stolen email and password credentials (available for purchase from previous hacks via the “Dark Web”) in a scam to post fake product deals online and pocket cash. Thieves have changed the bank info of active sellers on Amazon to steal amounts up to tens of thousands from each and have hacked less active sellers to post merchandise that does not exist, offering products at steep discounts. While PayPal and eBay have been targeted by hackers in the past, cybersecurity experts indicate that Amazon is becoming a new target. Continue reading Third-Party Sellers on Amazon Become Latest Hacking Target

Yahoo has issued another warning that users’ personal data may have been compromised. In addition to the malicious activity reported in December that involved more than 1 billion user accounts in 2013-2014, following the September report regarding a separate theft of 500 million records, the Internet company is now notifying users that additional accounts were compromised between 2015 and 2016. “The stolen data included email addresses, birth dates and answers to security questions,” reports CNBC. The hacks involved “the use of ‘forged cookies’ — strings of data which are used across the Web and can sometimes allow people to access online accounts without re-entering their passwords.” Continue reading Yahoo Warns Users: Hackers Forged Cookies to Access Data

Vizio just agreed to pay $2.2 million to settle a lawsuit filed by the Federal Trade Commission and the New Jersey Attorney General. The lawsuit accused the smart TV manufacturer of using its TVs to track what its owners watched — without their knowledge or consent — and then selling that information to marketing firms. According to the FTC, Vizio began gathering such data in 2014, and even retrofitted smart TVs sold as early as 2010 via a software update, for a total of 11 million TVs. Continue reading Vizio Settles FTC, New Jersey Lawsuit Against Data Collection

In September, Yahoo revealed a 2014 security breach that involved 500,000 of its users’ accounts. Now the company has announced an even larger data breach from 2013 involving more than one billion accounts, including those of more than 150,000 government and military employees. “The two attacks are the largest known security breaches of one company’s computer network,” reports The New York Times. “The newly disclosed 2013 attack involved sensitive user information, including names, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions that could be used to reset a password.” Continue reading Yahoo: Second Data Breach Involves 1 Billion User Accounts

The Federal Communications Commission, by a 3-to-2 vote, passed rules protecting consumers’ digital information, by preventing broadband companies such as AT&T and Comcast from collecting and distributing data including Web browsing, app use, location and financial information. Up until this ruling, users had to opt-out of broadband providers’ right to track such data. The ruling is considered a landmark since it is the first time the FCC issued privacy restrictions to high-speed Internet providers. Continue reading In Landmark Ruling, FCC Protects Privacy of Consumer Data

Following extensive debate, the European Union has approved the EU-U.S. Privacy Shield data transfer agreement that will replace Safe Harbor, which “was struck down by the European Court of Justice in October of last year over concerns about how EU data was being treated once it was transferred to the U.S.,” reports Digital Trends. According to the European Commission’s press release, “For the first time, the U.S. has given the EU written assurance that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms and has ruled out indiscriminate mass surveillance of European citizens’ data.” Continue reading EU Approves Debated Privacy Shield to Replace Safe Harbor

According to a new Accenture report, 23 percent of consumers claim their financial data has been breached at least once in the past two years. Interestingly, most remain willing to share their data if it means better service. “About 63 percent of respondents are willing to give their bank direct access to personal information,” reports HousingWire. The National Association of Federal Credit Unions recently called on Congress to combat hacking with legislation that would create stricter standards for retail businesses. Accenture surveyed 4,013 bank customers in North America — 70 percent in the U.S. and 30 percent in Canada. Continue reading Consumers Report Financial Data Breaches, Still Trust Banks

Last month, 60 lawmakers signed a letter objecting to an FCC regulation that would open up the cable TV set-top box market. More recently, Democratic congressman Bobby Rush’s staff pushed his colleagues to sign another letter, this one opposing an FCC proposal to limit how broadband providers can share users’ personal data. These are just recent efforts by the cable industry to oppose what it sees as unfair advantages enjoyed by tech companies such as Google in the light of new FCC proposals. Continue reading Cable and Telecom Companies Lobby Against FCC Proposals

According to Twitter, the personal data of nearly 33 million of its users are presently at risk due to malware that may have trolled the information from users, not the company. Millions of usernames, emails and, in some cases, passwords are listed for sale on the dark web. Similar leaks in the past month have impacted users of LinkedIn, Myspace and some Russian-language sites. “The website that published the Twitter passwords, LeakedSource, says it has more than 1.8 billion records in its database,” reports The Wall Street Journal. “LeakedSource sells access to these records for a fee.” Twitter is encouraging its users to change their passwords. Continue reading Personal Credentials Leaked From Millions of Twitter Accounts

The Justice Department revealed it has learned a way to unlock Syed Rizwan Farook’s iPhone without help from Apple. Farook was a gunman in the San Bernardino shooting that killed 14 people. The announcement stalls the legal standoff between the federal government and Apple; the Justice Department will withdraw its efforts to enlist the tech company’s help in the investigation. While the news suspends the privacy vs. security debate, at least temporarily, law enforcement’s ability to open the device without Apple’s assistance raises new concerns. Continue reading Government Says iPhone Unlocked, Apple No Longer Needed

As the issue of digital encryption versus privacy roiled in the U.S. over the FBI’s demand that Apple unlock the iPhone of a mass murderer in California, recent violence in Brussels and Paris has brought those same issues to the fore in Europe. Although privacy is enshrined as a basic right in much of Europe, lawmakers in some countries are considering proposals that would give greater powers to law enforcement to access personal digital data. But privacy advocates in those same countries are fighting back. Continue reading Europe Divides in Battle Between Privacy, Digital Decryption

The FBI asked to postpone a hearing scheduled for today regarding the Apple encryption case. The Justice Department may no longer need the tech company’s help in opening an iPhone used by gunman Syed Rizwan Farook in the San Bernardino shootings. A third party has reportedly come forward with a technique to help unlock the phone, which is currently being tested. Judge Sheri Pym of the U.S. District Court for the Central District of California granted the Justice Department’s motion to postpone. The government is required to provide an update to the court by April 5. Continue reading FBI Tests Method to Unlock iPhone, Cancels Today’s Hearing

A recent Check Point Software survey determined that enterprise network vulnerabilities often result from the ease in which company employees can now connect their mobile devices to insecure wireless networks. The study suggests that the threat level increases with larger organizations. For example, companies that use 2,000 or more devices experience a 50 percent chance that at least six devices have become infected with malware (something to consider since 82 percent of companies now have a BYOD plan in place). Continue reading Mobile Devices Now the Largest Threat to Enterprise Security

U.S. Senator Al Franken (D-Minnesota) highlighted the findings of a just-released GAO (Government Accountability Office) report focusing on the privacy implications of facial recognition technology. The report details concerns about the practices of companies that collect, use and store massive amounts of personal information. Franken, chair of the Judiciary Subcommittee on Privacy Technology and the Law, pointed to the report’s findings as more proof that federal standards are needed. Continue reading GAO Report Looks at Privacy Concerns of Facial Recognition