Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label data threat. Show all posts
Regulatory Concerns
Chatbot Cybersecurity Data Breach data threat DeepSeek Regulatory Concerns

DeepSeek’s Data Use Raises Regulatory Concerns

 


There have been numerous scandals surrounding this artificial intelligence company which had astonished the world by seemingly rivaling the successful chatbot ChatGPT at a fraction of the cost. However, now, regulators and privacy advocates have raised questions about the safety of users' data after the company launched its service. 

A government probe into what data the company collects and how it is stored has resulted in regulators in Italy blocking the app from both the Apple App Store and Google Play Store, as they investigate how they collect that data. As a result of DeepSeek's failure to address the regulator's concerns regarding its privacy policy, the Italian data protection authority, the Garante, ordered that it block its chatbot within its borders on Thursday. 

The DeepSeek company was founded in Hangzhou, China, and it has grown quickly since then. Liang Feng started the company in 2023. In 2016 he founded the $7 billion hedge fund group High-Flyer with two other business classmates who attended the same university. As a result, DeepSeek was investigated by the China-based watchdog Xinhua this week about how their data is used. They were looking for information on what personal data is collected, from what sources, for what purpose, and under what legal basis. 

A business intelligence startup based in China, DeepSeek, has received much attention in recent months as a result of its rapid growth. However, many corporate finance departments have raised concerns about the security of the startup. DeepSeek, a free application powered by Artificial Intelligence, achieved the most downloads on the U.S. iOS App Store within weeks of its launch, surpassing OpenAI's ChatGPT, which had gained popularity within weeks. 

While the company's popularity has skyrocketed recently, it has drawn the attention of cybersecurity experts and regulators, causing alarms to be raised about data security, intellectual property risks, as well as regulatory compliance issues. DeepSeek's privacy policy states that the service collects a variety of information about its users, including chat and search query history, device information, keystroke patterns, IP addresses, internet connection, and activity from other apps, as well as information about their activities on the deep seek service. 

The same data collection practices are employed by other AI services, such as OpenAI's ChatGPT, Anthropic's Claude, or Perplexity. Similarly, popular social media apps, such as Facebook, Instagram, and X, also record a great deal of user data. Regulators have sometimes questioned this kind of data-gathering practice. A new model of the DeepSeek software, DeepSeek R1, was unveiled by the company in January. This is a free AI-powered chatbot whose look and feel are very similar to that of ChatGPT by OpenAITM, based in California. 

It is a type of computer program that simulates a human-like conversation with a user through questioning the bot. The bot will then respond to the questions asked using the information it has access to on the internet that it has been trained to handle in a conversation. There are many possible uses for these programs, including solving mathematics problems, writing drafts of texts such as emails and documents, and translating, or even writing codes, among a multitude of other possibilities.

In the view of experts, DeepSeek's risks go beyond those of TikTok, which has been under scrutiny and could be banned at some point. “DeepSeek raises all the problems that TikTok has raised plus more,” said Stewart Baker, a Washington-based attorney who is a former official of the National Security Agency and the Department of Homeland Security. To provide these advanced AI models with high levels of accuracy, users need to entrust them with highly sensitive personal information and business information. 

If users' data can be accessed by an adversary, either intelligence implications are significant" Increasingly, DeepSeek's AI technology is being used to conduct business research, personal inquiries, and content generation, resulting in an enormous amount of valuable data that DeepSeek is generating. A study conducted by Feroot suggests DeepSeek's login system utilizes fingerprinting techniques, which tech firms widely use to track the devices of their users to improve security and target advertisements. 

Although there is no conclusive proof of Chinese government involvement in this case, the links to China Mobile's identity and authentication infrastructure indicate that Chinese state involvement has taken place. There has been no response to DeepSeek's requests for comment, leaving critical questions about how far they collaborate with China Mobile and how safe the data of their users is unanswered. Given the increased scrutiny surrounding Chinese-controlled digital platforms, regulators may soon take further action against DeepSeek, mirroring efforts already directed towards TikTok, as a response to the increasing scrutiny regarding these platforms. 

A tightening of export regulations was implemented under the Biden administration to prevent China from developing artificial intelligence as quickly as possible.  There are several questions that DeepSeek's success raises regarding the effectiveness of these controls, as well as the status of Washington and Beijing's broader technology battle.   Among the researchers who study Chinese cybersecurity at Yale, Samm Sacks, said that DeepSeek could pose a significant national security threat to the United States, as he pointed out. 

According to the public reports that have been made, no Chinese officials are currently trying to obtain personal data about U.S. citizens by using DeepSeek. In contrast to the debate over TikTok, the fears about China boil down to the mere possibility that Beijing may make use of Americans' data for its purposes, and that is enough to trigger concern. In addition to Sacks's astute assessment of what DeepSeek might mean for Americans' data, he pointed out that there are two other major factors to be considered. First, the Chinese government already possesses an unimaginable amount of data on them. 

In December, Chinese hackers broke into the U.S. A group of Chinese hackers has infiltrated the Treasury Department's computer systems in the past year. They have since been infiltrating US telecom companies to spy on American texts and calls. It should also be noted that there is a vast web of digital data brokers who routinely buy and sell a massive amount of data on Americans.
Read more »
Senior Tories
Cinservative Party Cyber Attacks CyberCrime CyberThreat Data Leak data threat Private Information Senior Tories

Campaign Oversight Results in Leak of Senior Tories' Private Info

 


Although local party anger has been expressed over the selection of Conservative Chairman Richard Holden as the party's candidate for Basildon and Billericay, he has been appointed at the very last minute as the party's candidate. The BBC contacted two local Tory officials and they said Mr Holden was the only candidate offered by the National Party to represent Essex. 

The former Tory official said the move was a "slap in the face" for local Conservatives. The cabinet minister told the BBC that the decision had 'gone down like a bucket of cold sick'. He did not respond to requests for comment. A Conservative Party spokesperson said he had been "unanimously chosen". A Conservative Party spokesperson stated that he had been elected unanimously. Despite serving North West Durham, nearly 300 miles further north, since 2019, the party chairman will be expelled from the seat for this year's election as part of a review of UK seat boundaries, which means that he will have to find another seat. 

A small number of senior association members attended Mr Holden's address on Wednesday evening in the constituency where he represented the senior political association. It was reported that the entire local executive committee was quite dissatisfied with the way the central party handled the issue, but Mr Holden ultimately did "align" with the views and values of locals. In the opinion of another activist - who was not present in the room - the choice of Mr Holden was a "very poor decision" since several cabinet ministers are fighting marginal seats and are aware that they will lose their seats. In addition to making himself a safe seat, Richard has also used a process that is completely insane. 

As the Conservative Party scrambles to put together a full slate of candidates before the registration deadline on Friday, the Conservative Party is putting together a full slate of candidates. The Tory MP for Basildon and Billericay has been in the House of Commons since 2001. Last October, he announced that he would be leaving the House of Commons. As a result of his last election victory, the seat was attractive to the Tories as it yielded a 20,412 majority, which made it an ideal location for candidates of the party to run this time around. 

Earlier this year, the local association chairman, Richard Moore, told the BBC that the group would be given the option to pick their candidate at a meeting scheduled for a choice of three candidates from the national party. He added that local members were "extremely put out" that the party had waited until two days before the close of nominations to put forward a candidate. "This could have all been done in March or April," he said, adding that the central party had "sat on this for seven months". Andrew Baggot, a local Conservative councillor, also criticised the process, calling it a "slap in the face to local councillors, volunteers and the membership". 

Basildon Conservative Association's executive council is expected to meet next week to discuss the next steps for fighting the decision. According to him, members of the association are exploring options to fight the decision. There have been numerous selection disputes in the Labour Party involving left-wing candidates, including Diane Abbott, a close ally of Jeremy Corbyn. In addition, the Conservatives have been triggering discontent within local party branches for a while, following the same process as the opposition. The Conservatives are expected to fill dozens of seats before Friday, but they have also been following a systematic approach. 

While the party is scrambling to fill places, several Tory advisers have been selected to run for relatively safe seats for the party during the selection process. As it turns out, Will Tanner, an adviser to Prime Minister Rishi Sunak, has been chosen to run for Bury St Edmunds & Stowmarket. He is reportedly one of three candidates on the list drawn up by the party's headquarters. In Wellingborough and Rushden, Mr Sunak's deputy political secretary, David Goss, has been selected, while in Great Yarmouth, James Clark, a former adviser to the Defence Secretary, has been chosen. 

The Conservative Party usually shortlists and approves candidates through local Conservative associations, along with national officials who approve selections. The Labour Party normally offers local branches the opportunity to select candidates based on the longlists that have been approved by the central party. In the closing days of the campaign, local members have been reduced to less than their usual role, as the national party is focusing on filling target seats or seats where MPs are stepping down or suspensions are taking place. As a result, Alex Harrison has been selected as the Labour candidate for Basildon and Billericay, while Stephen Conlay has been selected as the Reform UK candidate and Stewart Goshawk has been selected as the Green candidate.
Read more »
Marvel Wolverine
Cyber Leaks Cyberattacks CyberCrime Cybersecurity data threat Insomniac Marvel Wolverine

Regenerate and Conquer: Wolverine's Real-Time Damage System to Dominate the Gaming Landscape

 


Marvel's Wolverine has leaked details which suggest that the game will use advanced features, even those that are not available on current PlayStation 5 hardware, to play the game. In the recent Insomniac data breach, a new rumour has been circulating suggesting that the upcoming Marvel film Wolverine may include real-time damage and regeneration, as Logan's powers in the comics were. 

It has been suggested that the recent data leak from Insomniac might have sparked speculation about Marvel's Wolverine, suggesting that it will include real-time damage and regeneration as if Logan's abilities in comic books were to be emulated.

In addition to the plot and characters in the game, this leak has also revealed footage of early Alpha builds of the game, which is one of the most intriguing revelations about the game. One of the most interesting revelations is that Logan's healing factor might be implemented as part of the game's plot. 

Insomniac documents have been leaked for several weeks now, but users are still finding interesting things about them despite it not being long since they were leaked. In response to the leaked gameplay from the vertical slice of Marvel's Wolverine, users had mixed reactions: many viewers of the initial version of the game criticized the combat system, pointing out that there was insufficient blood and damage to the enemies as well as Logan.

They also complained that there was no regeneration system as in X-Men Origins: Wolverine. Although it appears that the release version of the game will make this much better, it is still too early to tell. There was a lot of anticipation among Marvel gamers when Insomniac announced the development of Marvel's Wolverine in 2021, a series of games that were critically acclaimed for their Spider-Man titles. 

With the promise of a darker and more brutal take on the mutant hero, as well as an intense combat style, the anticipation surrounding the game has been growing rapidly. There were, however, many setbacks associated with the excitement, as Insomniac suffered a massive ransomware attack that compromised the company's sales and development records, resulting in the loss of significant sales and marketing information. 

Among the many details revealed by this breach was the fact that Marvel's Wolverine was a fully playable PC version, much to the dismay of both the developers and the fans involved in the game. According to the Insomniac Games document, there will be real-time damage to the characters in the game, according to leaks. 

Furthermore, the game has been leaking even more intriguing information. There is no doubt that Wolverine's healing factor is incredibly effective, helping him recover from damage like ripped skin, bulletshots, or even death. It is not clear from the leaked footage that the healing factor is a major goal of Marvel’s Wolverine, but Insomniac Games emphasized that it is an important part of the game, along with other targets. 

The regeneration system in X-Men Origins Wolverine, released in 2009, appears to be quite elaborate despite the low production value of the game. Though the game doesn't look that great in terms of production, it appears that it could serve as an inspiration for the upcoming game. An explosion in the forest can cause Wolverine to recover on more than just a surface level since individual tissues can heal before the skin. It is therefore expected that fans will be able to expect an even more polished version of this system. 

In addition, it was interesting to separate Wolverine's body from his costume, which proved to be another challenging task. Healing also stitched the spandex back together in the X-Men: Origins movie. This was, of course, a very bizarre feature of healing. Logan does not possess any superpowers that I am aware of, including the ability to repair subconsciously sewn garments. This has not yet happened, at least not shortly. 

An explosion in the forest can cause Wolverine to recover on more than just a surface level since individual tissues can heal before the skin. It is therefore expected that fans will be able to expect an even more polished version of this system. In addition, it was interesting to separate Wolverine's body from his costume, which proved to be another challenging task. 

Healing also stitched the spandex back together in the X-Men: Origins movie. This was, of course, a very bizarre feature of healing. Logan does not possess any superpowers that I am aware of, including the ability to repair subconsciously sewn garments. This has not yet happened, at least not shortly. 

It may be that Insomniac will implement a costume damage system in Wolverine in addition to regeneration for a more immersive experience, which follows the implementation of the costume damage system in Spider-Man 2. In any case, Wolverine's release date is confirmed to be 2026 (according to hacked internal documents released after the attack on Sony), and a lot can change in those two years. 

While Insomniac is currently experimenting with real-time healing, one of the most impressive aspects of Origins is the ability to heal players in real-time, making it even better. Besides destruction and dynamic weather in Marvel's Wolverine, the film will also include supernatural elements. 

It's expected that the PS5 will be able to handle the game in a very impressive way with the combination of all of these systems. The leaks have also made it clear that the game will aim to achieve a visual level similar to the one that was seen in Hellblade 2 and that may be an interesting piece of information.
Read more »
Social Media
cyber threat Cyberattacks CyberCrime Cybersecurity Data Theft data threat IAK IT Service Social Media

Guarding the Gate: How to Thwart Initial Access Brokers' Intrusions

 


The term "Access-as-a-service" (AaaS) refers to a new business model in the underground world of cybercrime in which threat actors sell one-time methods to gain access to networks to infiltrate networks for as little as one dollar. 

One group of criminals, which are known as access brokers, initial access brokers, and initial access traders (IABs), are stealing credentials of enterprise users and selling them to other groups of attackers. There are also encryption tools that can be used by these buyers to secretly exfiltrate your personal information from the target organization using malware-as-a-service (MaaS) or ransomware-as-a-service (RaaS). 

Cybercrime-as-a-service (CaaS) is a growing trend that is increasingly being used as a platform for committing crimes. A significant portion of the evolution of ransomware attacks over the last decade has taken place at both the technological level and organizational level as threat actors have attempted to expand the scope and profitability of their operations. 

A pivotal factor behind the widespread increase in the frequency and complexity of ransomware attacks can be attributed to the provision of ransomware as a service (RaaS). RaaS, which operates much like SaaS, and involves the creation of ransomware capabilities and selling or leasing them to buyers, has lowered the barrier to entry for the extortion business and provided a simpler and more accessible model. 

There are now a number of operators working together in unison to orchestrate the attacks in order to achieve the goal, including Users, Affiliates, and Initial Access Brokers, who act as a cohesive team. According to the recent report, "Rise of Initial Access Brokers", these intermediaries, which are the first to get access to cyberattack victims, are playing a key role at the top of the kill-chain funnel of cyberattacks. 

An independent analysis bureau (IAB) can be defined as a de facto intermediary whose business model is exactly what their name suggests: they breach the networks of as many companies as they are able to. Upon accessing victims, they then sell to the highest bidders at the highest prices. There is a tendency for ransomware groups to buy the ransomware from the buyers. 

A growing number of independent advisory boards have been formed recently mainly as a result of the pandemic and the ensuing migration to work from home. As a result of workers log in remotely and connecting to untrustworthy Wi-Fi networks, untrustworthy Wi-Fi networks can be exploited to allow attackers to gain access to systems.

There is a growing trend among cybercriminals of scanning at scale for vulnerabilities that will allow them to access remote systems, such as virtual private networks (VPNs) and selling this access to their victims. Once the details of a vulnerability are made public, the Information Assurance Business deploys info stealers to gather keystrokes, session cookies, credentials, screenshots and video recordings, local information, browser history, bookmarks, and clipboard material from the compromised device as soon as the details are made public. 

As soon as an information stealer is installed in an organization or system, a remote access Trojan (RAT) will begin to collect raw log files to log information. As a result, these logs are manually reviewed to identify usernames and passwords that may be used to sell or monetize identities on the Dark Web. This means that IABs are seeking login credentials to access virtual private networks (VPNs), remote desktop protocols (RDPs), Web applications, and email servers that will aid in the recruitment of spear phishing scammers and potential business email compromise schemes. Occasionally, some brokers have direct contact with system administrators or end users who may be willing to sell access to their systems directly through them. 

Threat groups have been advertising (on the Dark Web) in recent months for administrators and end users who are willing to share their credentials with them in exchange for large amounts of cryptocurrency in exchange for sharing credentials for a few minutes. 

Threat groups have contacted employees from specific organizations to obtain access to their systems in exchange for larger payments. It is safe to say that initial access brokers have taken the spotlight in the past year because they have demonstrated a significant ability to facilitate network intrusions by ransomware affiliates and operators, and they have been very successful at it. As the cybercrime underground ecosystem becomes more active and popular, these initial access brokers ("IABs") will continue to gain popularity as the cybercrime underground ecosystem grows. 

A Guide to Defending Against Access Brokers 


Users should identify their attack surface and develop a plan to address it, to close security gaps, security teams must gain an outside-in perspective on their entire enterprise attack surface. Empower user security teams to map their assets, visualize attack paths, and define plans to address them so that they can close the gaps.  

Identity protection should be considered a priority, today, plenty of malware-free attacks, social engineering, and similar attempts have been made to steal and use credentials, making it crucial that strong identity protection is implemented. Employees need to be taught about social media, not just how to use it. 

Avoid announcing department closures or IT service changes on social media, and remind them to refrain from sharing private information on social media. Users should train their staff not to share credentials over support calls, emails, or support tickets. 

Finally, users should avoid publishing executive or IT contact information on their company's website — it might facilitate impersonation attempts on their behalf. 

To protect the cloud, a strong cloud protection strategy is required. There have been increasing attacks on cloud infrastructure and attackers have been employing a variety of tactics, techniques, and procedures to compromise cloud-based data and applications that are critical to businesses. 

The role of IABs in the realm of RaaS (Ransomware-as-a-Service) is continuously evolving. By understanding and keeping up with their shifting tactics, methods, and trends, organizations can better prepare themselves to effectively mitigate the risk and impact of ransomware attacks. As IABs continually remodel and refine their strategies, it becomes increasingly crucial for organizations to adopt and implement robust security measures. 

Strengthening the security of the supply chain, implementing multi-factor authentication across all systems and platforms, deploying advanced threat-hunting solutions to proactively detect and prevent attacks, and conducting regular and comprehensive training sessions for employees are key steps that organizations should take to effectively mitigate the growing threat posed by IABs.
Read more »
uber
AFP Cyberattacks Cybersecurity data threat Email Phishing Privacy uber

Uber's Costly Mistake: AUS$412,500 Fine for Spam Emails in Australia

 


There are many services offered by Uber Technologies, Inc., commonly known as Uber, which is a multinational company that offers a wide array of services, like ride-hailing, food delivery, and freight transportation, to its customers. 

Founded in California, the company is located in around 70 countries around the world, providing its services in over 10,500 cities around the globe, from its headquarters in San Francisco. On a global scale, Uber brings together more than 6 million active drivers and couriers daily, which gives the app an extremely high user base, with more than 131 million active users every month. 

The platform facilitates an estimated 25 million trips on a typical day, which is a record for the platform. The United States' largest ride-sharing company, Uber, has played a significant role in enabling a remarkable 42 billion trips since its establishment in 2010. Uber has also made a significant contribution to enabling a large share economy through opportunities such as the sharing economy. 

AFP reported that Uber was fined Aus$412,500 ($260,000) by Australian Communications and Media Authority (ACMA) for sending more than two million emails to customers in violation of anti-spam laws, as the company had violated anti-spam laws by sending over two million emails.  

There was a bulk email campaign distributed in January that marketed a new service that delivered alcohol to people at their homes. Furthermore, the company did not provide the option for customers to unsubscribe from the mailing list. Further, over 500,000 emails were sent to recipients who previously indicated that they did not want to receive marketing emails from us in the future. 

There are explicit laws in the Australian laws that prohibit companies from sending marketing emails without receiving the express consent of the recipient. Additionally, these laws require that the email recipients be provided with a clear option to unsubscribe from these mailings.

It has been noted that Nerida O'Loughlin, the chair of the ACMA, described Uber's actions as an 'avoidable error' and that the importance of respecting the preferences of customers cannot be overstated, given that customers are becoming increasingly frustrated when their requests are not met. 

As a response to these violations, Uber has apologized for sending these marketing emails, admitting that they had made an error in sending these emails. According to their apology, Uber acknowledged that they had made an error in this regard as well. 

According to ACMA reports, over the past 18 months, the total amount of penalties and fines paid by Australian businesses for violating spam and telemarketing laws has been over Aus$11 million. Accordingly, Uber has been fined an amount of Australian dollars 412,500 (equivalent to US dollars 260,000) in response to these violations. 
Read more »
VPN
Chrome Cyberattacks CyberCrime Data Cookies data threat Google IP Address Privacy VPN

Enhancing Online Privacy: Google Trials IP Address Masking Option

 


Currently, Google is in the process of perfecting Gnatcatcher, which used to be called Gnatcatcher. Under the new name "IP Protection," Gnatcatcher is called more appropriately. By doing this, Chrome is reintroducing a proposal to hide users' IP addresses, thereby making it harder to track their activities across sites. 

When users add their computer to a network, it receives a unique address called an Internet Protocol (IP) address that indicates what it will do over the network. A number acts as a means of identifying the user's location on the network when they are connected. Messages must be delivered to the right location for a computer to communicate with another computer without the need for each computer to know the other's address. 

To track the user behaviour of sites and online services, IP addresses are used to create digital profiles that can be used for targeted advertising purposes on websites and online services. The fact that this tracking can be circumvented without third-party tools raises significant privacy concerns, as bypassing this tracking is not as straightforward as dealing with third-party cookies without using these tools. 

While navigating the web, Google recognizes that it is crucial to balance the requirement for a user's privacy with practical functionality. Essentially, the solution they have devised involves disguising the IP address of the user through the redirection of traffic from certain third-party domains through proxy servers, so that the IP address remains invisible for these domains even though traffic is coming from them. 

The IP Protection feature will initially be available as an opt-in service, so users will have the option of obfuscating their IP addresses from third parties whenever they wish. It was decided that IP Protection should be rolled out in stages to ensure regional considerations can be accommodated and to ensure that there is a shallow learning curve. The first phase of this initiative will have Google proxying requests to its domain to satisfy regional considerations. 

The proxies will only be accessible by US-based IP addresses for a short period until Google has fine-tuned the list of affected domains. For now, only US-based IP addresses can access them. Despite the possibility of tracking you, your IP address also plays a huge role in routing traffic, preventing fraud, as well as other important tasks that are required by the network. 

The Google IP Protection feature for Chrome was designed to do this by routing all third-party traffic from specific third-party websites through proxy servers to hide your IP address from those sites on the Internet. It is also pointed out that when this feature is introduced to Chrome users, it will be an opt-in feature. 

It is the responsibility of users to decide whether they wish to obscure their IP address from third parties or not, so IP Protection will be a feature they can opt in to. To accommodate regional differences and ensure a shallow learning curve, IP Protection will be rolled out in stages. Phase 0, which will be a proxying of Google's domains, will serve as the first step towards Phase 0. 

It is expected that this situation will continue until Google has had sufficient time to fine-tune the list of affected domains. In the beginning, those proxy servers will only be accessible to IP addresses from the US at least. 

It has been decided that Google to use a two-hop approach to improve privacy in the next phase, which will include Google managing the first hop while an external Content Delivery Network (CDN) will manage the second hop.

Ideally, IP addresses are a must-have for Internet traffic routing, fraud prevention, and a wide variety of other functions. Thus, Google has designed a system that will cover traffic routing, fraud prevention, and a wide variety of other functions while thwarting tracking at the same time. 

It is a feature of Google's 'The Privacy Sandbox' toolkit which has been known as 'Gnatcatcher' previously. It is specifically designed for users to be able to avoid being tracked between websites through their IP address. 

At first, this proxy will remain optional for users, and its implementation will be phased out, so each region is allowed to adapt to this innovation at its own pace. Google intends to facilitate a phased approach so that each region adapts to the new technologies at its own pace. It will be possible to only affect domains within third-party contexts at first, with an emphasis on tracking domains that are well known. 

Users do not want to reveal their IP addresses, which is why they use proxy servers or VPNs to hide their IP addresses. A proxy or a VPN masks the real IP address of a user by masking it with one of the proxy operator's IP addresses. Only the proxy operator or the VPN provider knows a user's real address. A proxy is being used by Google to hide the IP addresses of its users under its IP Protection proposal. 

The feature will be tested and rolled out in multiple phases due to the potential side effects it may cause. Google wants to learn as it goes. The first phase of the feature will only support users with IP addresses from the United States and will only work with a single Google-owned proxy that will only redirect requests to Google-owned domains. 

Google is interested in testing out the infrastructure without impacting any third-party companies that may be using it. In addition to services such as Gmail, Google also owns the Ad Services domain, which is used for advertising purposes. 

There is a small percentage of users who will be automatically enrolled by Google in the current phase, and these users must also be logged into Chrome to participate. In a future phase, Google plans to use a chain of two proxy servers to prevent both of the proxy servers from seeing both the origin IP address as well as the destination IP address. 

There have been some interesting developments recently when it comes to Google's privacy options, as it has now launched its Privacy Sandbox which is aimed directly at making third-party cookies a thing of the past. 

According to the company, cookies will be disabled in the year 2024. By combining IP Protection with third-party websites, data will be less likely to be gathered from multiple sites by third-party sites in the future.
Read more »
Social Media
Cyberattacks CyberCrime Cyberfraud data threat Facebook Privacy Social Media

Fines for Facebook Privacy Breaches in Norway Crack Down on Meta

 


A fine of 1 million crowns ($98,500) will be imposed on the owner of Facebook, Meta Platforms, by the Norwegian Data Protection Authority (Datatilsynet) starting August 14 due to a privacy breach that occurred before that date. A significant penalty of this magnitude could have major implications for other countries in Europe as well since it may set a precedent.

In a court filing, Meta Platforms has requested that a court in Norway stay a fine imposed by the Nordic country's information regulator on the company that owns Facebook and Instagram. It argued that the company breached users' privacy via Facebook and Instagram. 

It appears that Meta Platforms has filed a court filing requesting a temporary injunction against the order to prevent execution. During a two-day hearing to be held on August 22, the petition will be presented by the company. Media inquiries should be directed to Meta company's Norwegian lawyer, according to company's Norwegian lawyer. An inquiry for comment was not responded to by Meta Platforms. 

According to Datatilsynet, Meta Platforms have been instructed not to collect any personal data related to users in Norway, including their physical locations as part of behavioral advertising, i.e. advertising that is targeted at specific user groups. 

Big Tech companies tend to do this type of thing a lot. Tobias Judin, Head of Datatilsynet's international section, said that the company will be fined 1 million crowns per day as of next Monday if the company does not comply with the court order. 

Meta Platforms have filed a court protest against the imposition of the fine, according to Norway's data regulator, Datatilsynet. Datatilsynet will be able to make the fine permanent by referring the decision to the European Data Protection Board, which also holds the authority to endorse the Norwegian regulator's decision, after which the fine will be effective until November 3 at which point it could be made permanent by the Norwegian regulator. 

Successful adoption of this decision would have an impact on the entire European region if it were to be approved. Currently, Datatilsynet has not taken any further steps in implementing these measures. In a recent announcement, Meta announced that it intends to seek consent from users in the European Union before allowing businesses to use targeted advertisements based on how they interact with Meta's services like Instagram and Facebook. 

Judin pointed out that Meta's proposed method of seeking consent from users was insufficient and that such a step would not be wise. As a result, he required Meta to immediately cease all data processing, and not to resume it until a fully functional consent mechanism had been established. There is a violation of people's rights with the implementation of Monday, even though many people are unaware of this violation. 

A Meta spokesperson explained that the decision to modify their approach was prompted by regulatory obligations in the European region, which came as a result of an order issued in January by the Irish Data Protection Commissioner regarding EU-wide data protection regulations. 

According to the Irish authority, which acts as Meta's primary regulator within the European Union, the company is now required to review the legal basis of the methods that it uses to target customers with advertisements. While Norway may not be a member of the European Union, it remains a member of the European Single Market, even though it is not a member of the EU.
Read more »
User Privacy
Cyber Security data threat Pakistan Phishing Attacks Sensitive Data Leak User Privacy

Pakistan Election Commission Faces Cyber Attack

 

The Pakistan Election Commission recently encountered a significant cyber attack, jeopardizing the security and integrity of its electoral processes. This incident has raised concerns regarding the protection of sensitive data and the potential implications for the country's democratic system. The attack, believed to be a ransomware incident, targeted the Election Commission's computer systems and disrupted its operations. 
According to the latest reports from reliable sources, the Election Commission of Pakistan (ECP) confirmed the cyber attack and issued an advisory to its staff members. The advisory highlighted the need for increased vigilance and adherence to cybersecurity protocols to mitigate any further threats. The ECP, in collaboration with cybersecurity experts, is actively investigating the incident and working towards restoring the affected systems.

The ECP's response to this cyber attack is crucial in maintaining public trust and confidence in the electoral process. As a neutral body responsible for overseeing elections, the Election Commission plays a vital role in upholding democratic values and ensuring free and fair elections. A successful cyber attack on the ECP could potentially compromise voter data, electoral rolls, and other critical information, leading to serious implications for the democratic functioning of the country.

In light of the incident, cybersecurity experts emphasize the significance of robust security measures for electoral systems. Dr. Aftab Ahmed, a cybersecurity analyst, expressed the need for comprehensive cybersecurity frameworks to protect sensitive data. He stated, "Ensuring the security of electoral systems is paramount in safeguarding the democratic process. The Election Commission must invest in advanced security measures and regularly update their systems to counter evolving cyber threats."

The ECP must also prioritize staff training and awareness programs to enhance cybersecurity practices. Cybersecurity specialist Sarah Khan emphasized, "Human error is often the weakest link in the security chain. By promoting cybersecurity awareness and providing regular training to employees, the Election Commission can significantly reduce the risk of successful cyber attacks."

Collaboration between the ECP, cybersecurity specialists, and relevant government entities is essential to thwart future attacks and strengthen the Election Commission's defenses. The tragedy should act as a wake-up call for the government to spend enough funds and build a solid cybersecurity framework suited to the particular needs of the election system.

While investigations continue, the ECP must move right away to fortify its cyber defenses, restore compromised systems, and guarantee the validity of the next elections. The Election Commission can lessen the danger of future cyberattacks and protect the integrity of the voting process by adopting cutting-edge security measures and establishing a culture of cybersecurity.


Read more »
Subscribe to: Posts (Atom)