Google still lets third-party apps scan your Gmail data

https://money.cnn.com/2018/09/20/technology/google-gmail-scanning/index.html

Google is defending its policy to allow third-party apps to access and share data from Gmail accounts, according to a letter made public Thursday.

Gmail, which has over 1.4 billion users globally, lets third-party developers integrate services into its email platform, such as trip planners and custom relationship management systems.

“Developers may share data with third parties so long as they are transparent with the users about how they are using the data,” Susan Molinari, VP of public policy and government affairs for the Americas at Google, said in the letter to Senators, which was obtained by CNNMoney.

Full disclosure: Benchmarking data reveals the human error in privacy incidents

https://iapp.org/news/a/full-disclosure

This month, we are returning to this topic to dig deeper into incident intent classifications and how they can be further broken down into specific scenarios. To level set, looking at data from January 2017 through July 2018, we can see that the vast majority of incidents fall into one intent classification:

• Intentional, malicious intent: 0.86 percent of incidents.
• Intentional, not malicious intent: 2.78 percent of all incidents.
• Unintentional or inadvertent intent: 96.33 percent of all incidents.

The numbers show that unintentional or inadvertent incidents — those typically caused by human error rather than malicious intent such as hacking — are by far the most common.

Cyber security is changing, and so is the way it’s being sold

https://www.itworldcanada.com/article/cybersecurity-is-changing-and-so-is-the-way-its-being-sold/409213

Cyber security vendors still have sales targets to meet and their own products to glorify, but a “weird sales dynamic,” as Brian Krause describes, is also creeping its way into the market.

“Every single person in here is a salesperson, there’s no denying what we’re doing here … it’s our software first,” said the director of North American channels for Centrify, referring to a room full of cyber security vendors at Optiv Security‘s 2018 Toronto Enterprise Security Solutions Summit last week. “But we’re seeing more, especially in the software community, most of us are partnering with each other.”

BlackBerry CEO John Chen warns driverless cars could turn into fully loaded weapons if hacked

https://business.financialpost.com/technology/driverless-driverless-cars-could-be-fully-loaded-weapons-if-tech-i

Driverless cars could be hacked and deployed as “fully loaded weapons,” according to the chief executive of BlackBerry.

Best known for its smartphones, the company is developing software for driverless cars in partnership with Baidu, the Chinese web search giant.

John Chen, BlackBerry’s chief executive, said driverless cars were programmed with more lines of code than a typical fighter jet, offering enormous scope for hackers to exploit vulnerabilities to insert malware

https://globalnews.ca/news/4476625/ncix-server-data-breach/

Privacy advocates are raising the alarm after data potentially belonging to thousands of Canadians allegedly made its way onto buy-and-sell website Craigslist.

The information was contained on servers and hard drives formerly owned by Vancouver-based computer retailer NCIX.

The company went bankrupt last December, and its inventory was auctioned off.

Link to the original source article and principle investigation below. Very interesting read!

https://www.privacyfly.com/articles/ncix_breach/

Teenage hacker admits making hoax bomb threats against schools and airlines

British police have announced that they have arrested a 19-year-old man in connection with a series of hoax bomb threats and distributed denial-of-service (DDoS) attacks.

George Duke-Cohan (who goes by online aliases such as “7R1D3N7”, “DoubleParallax”, and “optcz1”) is also reported to be a member of the Apophis Squad hacking gang, which has launched denial-of-service attacks against secure email provider ProtonMail, and cybersecurity blogger Brian Krebs.

https://hotforsecurity.bitdefender.com/blog/teenage-hacker-admits-making-hoax-bomb-threats-against-schools-and-airlines-20309.html

Vodafone Tells Hacked Customers with “1234” Password to Pay Back Money

https://www.bleepingcomputer.com/news/security/vodafone-tells-hacked-customers-with-1234-password-to-pay-back-money/

A Czech court recently sentenced two hackers to three years in prison for accessing Vodafone customer’s mobile accounts and using them to purchase 600,000 Czech Koruna worth of gambling services. Vodafone reportedly wants the hacked victim’s to pay for these charges as they were using an easy password of “1234”.

According to reporting from Czech news site idnes.cz, the hackers accessed mobile customer’s accounts by using the password 1234. Once they were able to gain access, they ordered new SIM cards that they picked up from various branches. As they knew the phone number and password they were able to pick up the SIM card and install it in their phones without any other verification.

This allowed the attackers to charge over 600,000 Czech Koruna, or approximately 30K USD, for gambling services.

Apple Removes Top Security App For Stealing Data and Sending it to China

Apple removed today a very popular anti-malware app called Adware Doctor from the Mac App Store because it was gathering browsing history and other sensitive information without a user’s permission and then uploading it to someone in China.

Adware Doctor is promoted as an anti-malware and adware protection program that claims to be able to protect your Mac from malicious files and browser from adware. This program was the #1 paid utility in the Mac App Store with a 4.8 star rating and over 7,000 reviews.

https://www.bleepingcomputer.com/news/security/apple-removes-top-security-app-for-stealing-data-and-sending-it-to-china/

Facebook, Twitter try to limit U.S. regulation at hearing

Senior executives of Facebook and Twitter faced a Congressional committee Wednesday morning trying to limit the amount of regulation the U.S. government might impose on social media companies in the wake of increasing evidence that foreign organizations are using them for disinformation campaigns there and in other countries.

“Actions taken show how determined we are to do everything we can do to stop this from happening,” said Facebook COO Sheryl Sandberg.

She noted the company has more than doubled the number of people working in its safety and security divisions to 20,000, reviewing reports in 50 languages. With the use of machine learning Facebook is more proactive in finding abuse, she said. In the first three months of this year over 85 per cent of violent content was either taken down or added warning labels before they were reported.

“We are now blocking millions of attempts to register false accounts each and every day,” she added.

https://www.itworldcanada.com/article/facebook-twitter-try-to-limit-u-s-regulation-at-hearing/408633

Chinese tech firm Huawei is fighting back in Australia following reports that authorities could ban it from any involvement in building 5G mobile networks in the country.

http://money.cnn.com/2018/06/18/technology/huawei-australia-5g-china/index.html

The company, one of the world’s biggest makers of smartphones and telecommunications equipment, took the unusual step of publishing an open letter to Australian lawmakers on Monday.

Recent public comments linking Huawei to security concerns “are ill informed and not based on facts,” Huawei Australia’s chairman and two board directors wrote in the letter.

Australian wireless carriers will soon need to hire companies to build new superfast mobile networks. But Huawei faces opposition from Australian national security agencies, according to reports last week from outlets including the Australian Financial Review and the Australian Broadcasting Corporation.

The concerns are linked to alleged ties between Huawei and the Chinese government, according to the reports.

In its open letter, the company insisted that it is “a private company, owned by our employees with no other shareholders.”

But the company has been dogged by security concerns for years. In 2012, it was blocked from the bidding for a huge Australian national broadband network.

Huawei has also faced a lot of pressure in the United States, with lawmakers and security agencies accusing it of ties to the Chinese government. Huawei has repeatedly denied that its products pose security risks, but it has remained largely shut out of the US market.

In Australia, it has successfully bid for private contracts in the past. It’s currently the country’s largest supplier of wireless technology, with relationships with three of the major mobile carrier networks.

http://money.cnn.com/2018/06/18/technology/huawei-australia-5g-china/index.html