Europe launches ‘gait recognition’ pilot program to monitor border crossings
A European Commission-funded biometric “gait recognition” program to study how to more easily identify people crossing the European Union’s external borders by examining their unique walking styles kicked off Thursday. The initiative, dubbed the PopEye Project, is supported by a €3.2 million ($3.5 million) grant that covers a three-year pilot testing the technology, according to TechTransfer, a program at the Vrije Universiteit Brussels and a partner on the effort. Horizon Europe, a European Union funding mechanism for research and innovation, is bankrolling the pilot, according to TechTransfer and a second partner, the Swiss research institute Idiap.
Tech critics want a Google exec punished for deleted chats
Three advocacy groups are trying to amp up the pressure on Google for allegedly destroying company records. The American Economic Liberties Project, Check My Ads, and the Tech Oversight Project are urging the State Bar of California to investigate Kent Walker, Google’s President of Global Affairs and a member of the Bar. They claim Walker “coached” the company “to engage in widespread and illegal destruction of records relevant to multiple ongoing federal trials.”
SEC charges tech companies for downplaying SolarWinds breaches
The SEC has charged four companies—Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast—for allegedly misleading investors about the impact of their breaches during the massive 2020 SolarWinds Orion hack. “The Securities and Exchange Commission today charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – with making materially misleading disclosures regarding cybersecurity risks and intrusions,” announces the SEC in a Tuesday press release. “The SEC also charged Unisys with disclosure controls and procedures violations.”
AWS, Azure auth keys found in Android and iOS apps used by millions
Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. Exposing this type of credentials can easily lead to unauthorized access to storage buckets and databases with sensitive user data. Apart from this, an attacker could use them to manipulate or steal data. According to a report from Symantec, a Broadcom company, these keys are present in the apps’ codebases because of errors and bad practices during the development phase.
CISA proposes new security requirements to protect govt, personal data
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is proposing security requirements to prevent adversary states from accessing American’s personal data as well as government-related information. The requirements are aimed at entities that engage in restricted transactions that involve bulk U.S. sensitive personal data or U.S. government-related data, especially if the info is exposed to “countries of concern” or “covered persons.” The proposal is linked to the implementation of Executive Order 14117, signed by President Biden earlier this year, aimed at addressing severe data security liabilities that extend to or amplify national security risks.
Phishing Attack Impacts Over 92,000 Transak Users
Transak, a fiat-to-crypto payment gateway provider, has reported a security incident which has impacted 92,554 of its users. Attackers gained unauthorized access to one of the firm’s employee laptops through a sophisticated phishing attack. The firm said that the attacker used compromised credentials to log in to the system of a third-party KYC vendor that the company uses for document scanning and verification services. The attacker was then able to gain access to user information stores within the vendor’s dashboard.