AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/18/2023

TikTok hit with €345 million fine over privacy settings for children

TikTok has been hit with a €345 million EU fine over the way it processes the personal data of children and teenage users, the first handed out by the bloc to the Chinese-owned social media platform. Ireland’s Data Protection Commission, the regulator responsible for holding TikTok Technology to EU data protection law, announced the fine on Friday after an investigation that began in September 2021. The DPC’s probe found TikTok had infringed EU data protection rules by setting the profiles of children aged 13-17 to default to a public setting, meaning anyone on or off TikTok could view their content and contact them. TikTok, which set up an office in Ireland in 2020 and this month opened a long-planned site in Dublin to store EU citizens’ data, was investigated by the DPC over its compliance during the period July 31, 2020, to December 31, 2020.


Google to pay California $93 million over location-tracking claims

Google has agreed to pay $93 million to the state of California to settle claims it tracked the location of users without their knowledge. Under the terms of the proposed agreement, Google must also provide more information about the location data it collects on users. The settlement follows a “multi-year” investigation by California’s Department of Justice, which found that Google deceived users into thinking they weren’t getting tracked when they actually were. According to the complaint, Google continued to collect and store location data on users even when they disabled the “Location History” setting within its apps and services, allowing the company to use this information for targeted advertising.


More Russian journalists investigating possible spyware infections

More Russian journalists have come forward this week expressing concern that they too may have been targeted with spyware, following the news that the prominent media figure Galina Timchenko was hacked with Pegasus. On Thursday, three Russian-speaking journalists reported that they have also recently received notifications from Apple warning them that their phones are potential targets for state-sponsored hackers. Apple notified two of the journalists — Maria Epifanova, the CEO of Novaya Gazeta Europe, and Evgeniy Pavlov, a correspondent for Novaya Gazeta Baltia — in August. The third, Evgeny Erlich, a journalist-in-exile at the Russian-language outlet Current Time, did not say when he was notified.


Feds hit Penn State University with false claims lawsuit over cyber compliance

The United States government is bringing legal action against Penn State University under the False Claims Act, saying the university lied or misled about its adherence to government cybersecurity protocols when contracting with the federal government. The suit is being brought on behalf of Matthew Decker, chief information officer at a Penn State research laboratory who also served briefly as interim vice provost and CIO for the university in 2016. Decker’s claims and testimony about the university’s malfeasance form the basis of the lawsuit. Like all defense contractors, Penn State receives and generates as part of its work what is known as controlled unclassified information — data which falls below the threshold of official government secrets, but must nonetheless be managed by contractors in highly specified ways to prevent malicious parties from using them to piece together gaps in government security or programs.


US-Canada water org confirms ‘cybersecurity incident’ after ransomware crew threatens leak

The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB of data from the organization. “The International Joint Commission has experienced a cybersecurity incident, and we are working with relevant organizations to investigate and resolve the situation,” a spokesperson for the org told The Register. The spokesperson declined to answer specific questions about what happened, or confirm the miscreants’ data theft claims.


Illegal Betting Ring Used Satellite Tech to Get Scoop on Results

Police are celebrating after busting a suspected illegal betting and match-fixing ring which used advanced technology to find out the results of matches before bookmakers. The investigation began as far back as 2020, when Spanish police identified a criminal Romanian and Bulgarian network suspected of placing suspicious bets on international table tennis events. They would corrupt the athletes involved, including several playing for football teams in Romania, and then place massive bets on the outcome of the games, Europol said.

Related Posts