AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 9/24/2019

Android VPN apps found serving disruptive ads

A security researcher has discovered four VPN apps that serve ads while running in the background and also on the home screen of Android smartphones in the latest case of adware found on the Google Play Store. While researching suspicious Android VPN apps, Andy Michael found that Hotspot VPN, Free VPN Master, Secure VPN and Security Master by Cheetah Mobile were all showing full screen pop-up ads on his smartphone even though none of these apps were currently open.

 

Google Assistant Audio Privacy Controls Updated After Outcry

Google is unveiling new privacy controls for the Google Assistant virtual assistant, after the company came under fire earlier this year for eavesdropping on users’ personal audio snippets – without their permission. The tech giant on Monday promised more transparency around the audio data that it collects, more user control over audio privacy preferences, as well as greater “security protections” around the audio collection process. Google also said it will take steps to minimize the audio data that it stores, by automatically deleting audio data that’s older than a few months.

 

Massive wave of account hijacks hits YouTube creators

Over the past few days, a massive wave of account hijacks has hit YouTube users, and especially creators in the auto-tuning and car review community, a ZDNet investigation discovered following a tip from one of our readers. Several high-profile accounts from the YouTube creators car community have fallen victim to these attacks already. The list includes channels such as Built, Troy Sowers, MaxtChekVids, PURE Function, and Musafir.

 

Tesco parking app hauled offline after exposing 10s of millions of Automatic Number Plate Recognition images

Tesco has shuttered its parking validation web app after The Register uncovered tens of millions of unsecured ANPR images sitting in a Microsoft Azure blob. The images consisted of photos of cars taken as they entered and left 19 Tesco car parks spread across Britain. Visible and highlighted were the cars’ numberplates, though drivers were not visible in the low-res images seen by The Register.

 

Facebook Antitrust Investigation Finally Gives Snapchat a Chance to Take Revenge

It looks like Facebook’s anti-competitive bullying tactics may finally be coming back to bite the social media giant. Citing sources familiar with the matter, the Wall Street Journal reported Monday that current and former Facebook rivals are speaking with the Federal Trade Commission about the company’s practice of either snapping up its competition (e.g. Instagram), or creating products meant to elbow out those smaller companies altogether, as it has done in the past with competitors that rejected Facebook acquisition offers. One of those competitors is Snapchat.

 

A Nevada Law That Fines Companies for Selling Private Data Is About to Go Into Effect

Starting next Tuesday, Nevada residents may choose to opt-out of having their personal information resold by online businesses. A privacy bill, signed into law this May, requires website operators to respond to requests from consumers and halt the sale of their personal information within 60 days—or potentially face strict fines. The law, passed as Senate Bill 220, was modeled after the California Consumer Privacy Act (CCPA), though it’s more limited in some areas. Companies are still permitted to exchange personally identifiable information (PII) with their own business affiliates, for example. To be eligible for an opt-out, the operator must intend to actually sell the information.

 

Europe’s top court rules that ‘right to be forgotten’ only applies in Europe

The Court of Justice of the European Union has ruled that Google doesn’t have to de-reference results related to the so-called right to be forgotten at a global scale. Europe’s top court also reminds Google  and other search engines that it doesn’t change anything when it comes to the right to be forgotten in Europe. Google still has to de-reference results for all of the 28 Member States of the European Union.

Related Posts