On November 1, the European Union’s Digital Markets Act comes into force, starting the clock on a process expected to force Amazon, Google, and Meta to make their platforms more open and interoperable in 2023. That could bring major changes to what people can do with their devices and apps, in a new reminder that Europe has regulated tech companies much more actively than the US. “We expect the consequences to be significant,” says Gerard de Graaf, a veteran EU official who helped pass the DMA early this year. Last month, he became director of a new EU office in San Francisco, established in part to explain the law’s consequences to Big Tech companies. De Graaf says they will be forced to break open their walled gardens.
Communication services provider Twilio this week disclosed that it experienced another “brief security incident” in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information. The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in. “In the June incident, a Twilio employee was socially engineered through voice phishing (or ‘vishing’) to provide their credentials, and the malicious actor was able to access customer contact information for a limited number of customers,” Twilio said.
It feels like every other day another tech startup is caught red-faced spilling reams of data across the internet because of a lapse in security. But even for technology giants like Amazon, it’s easy to make mistakes. Security researcher Anurag Sen found a database packed with Amazon Prime viewing habits stored on an internal Amazon server that was accessible from the internet. But because the database was not protected with a password, the data within could be accessed by anyone with a web browser just by knowing its IP address.
Online age-verification system could create ‘honeypot’ of personal data and pornography-viewing habits, privacy groups warn
In the wake of the Optus and Medibank data breaches, digital rights groups are urging the federal government to rule out requiring identification documents as part of any online age-verification system, warning it could create a honeypot of people’s personal information and pornography-viewing habits. The eSafety commissioner, Julie Inman Grant, is developing an online safety “roadmap”, outlining a way to prevent minors from accessing adult content online by ensuring host sites have verified the ages of users. The commissioner’s report was initially due to the government in December, however, the deadline has now been extended to March next year. Stakeholders were informed of the delay in reporting last week.
A new strain of ransomware called Azov is currently being distributed through adware bundles, pirated software downloads, and key generators. What sets this one apart from other ransomware variants, however, is that it frames established cybersecurity researchers by blaming them for the attack. For instance, the ransomware claims that it was created by Hasherezade, a programmer and a malware analyst. The ransom note says that Azov is encrypting devices in protest of Crimea’s seizure and because western countries are not doing enough to help Ukraine in the war against Russia.