AT&T, Sprint, Verizon to Stop Sharing Customer Location Data With Third Parties

Credit to Author: BrianKrebs| Date: Tue, 19 Jun 2018 18:03:44 +0000

In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, the four major wireless carriers have responded to requests from a U.S. senator for more details about how the carriers are managing access to this extremely sensitive information. While three out of four providers said they had cancelled data sharing agreements with some of the offending companies, only one — Verizon — pledged to terminate all of them and initiate a wholesale review of their location data-sharing practices.

Read more

Verizon to Stop Sharing Customer Location Data With Third Parties

Credit to Author: BrianKrebs| Date: Tue, 19 Jun 2018 18:03:44 +0000

In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, the four major wireless carriers have responded to requests from a U.S. senator for more details about how the carriers are managing access to this extremely sensitive information. While three out of four providers said they had cancelled data sharing agreements with some of the offending companies, only one — Verizon — pledged to terminate all of them and initiate a wholesale review of their location data-sharing practices.

Read more

Google to Fix Location Data Leak in Google Home, Chromecast

Credit to Author: BrianKrebs| Date: Mon, 18 Jun 2018 14:04:14 +0000

Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network.

Read more

Librarian Sues Equifax Over 2017 Data Breach, Wins $600

Credit to Author: BrianKrebs| Date: Wed, 13 Jun 2018 20:14:40 +0000

In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people, many Americans no doubt felt resigned and powerless to control their information. But not Jessamyn West. The 49-year-old librarian from a tiny town in Vermont took Equifax to court. And now she’s celebrating a small but symbolic victory after a small claims court awarded her $600 in damages stemming from the 2017 breach.

Read more

Microsoft Patch Tuesday, June 2018 Edition

Credit to Author: BrianKrebs| Date: Tue, 12 Jun 2018 21:04:05 +0000

Microsoft today pushed out a bevy of software updates to fix more than four dozen security holes in Windows and related software. Almost a quarter of the vulnerabilities addressed in this month’s patch batch earned Microsoft’s “critical” rating, meaning malware or miscreants can exploit the flaws to break into vulnerable systems without any help from users.

Read more

Bad .Men at .Work. Please Don’t .Click

Credit to Author: BrianKrebs| Date: Mon, 11 Jun 2018 14:42:39 +0000

Web site names ending in new top-level domains (TLDs) like .men, .work and .click are some of the riskiest and spammy-est on the Internet, according to experts who track such concentrations of badness online. Not that there still aren’t a whole mess of nasty .com, .net and .biz domains out there, but relative to their size (i.e. overall number of domains) these newer TLDs are far dicier to visit than most online destinations.

Read more

Adobe Patches Zero-Day Flash Flaw

Credit to Author: BrianKrebs| Date: Thu, 07 Jun 2018 16:37:50 +0000

Adobe has released an emergency update to address a critical security hole in its Flash Player browser plugin that is being actively exploited to deploy malicious software. If you’ve got Flash installed — and if you’re using Google Chrome or a recent version of Microsoft Windows you do — it’s time once again to make sure your copy of Flash is either patched, hobbled or removed.

Read more

Further Down the Trello Rabbit Hole

Credit to Author: BrianKrebs| Date: Wed, 06 Jun 2018 14:45:13 +0000

Last month’s story about organizations exposing passwords and other sensitive data via collaborative online spaces at Trello.com only scratched the surface of the problem. A deeper dive suggests a large number of government agencies, marketing firms, healthcare organizations and IT support companies are publishing credentials via public Trello boards that quickly get indexed by the major search engines.

Read more

Are Your Google Groups Leaking Data?

Credit to Author: BrianKrebs| Date: Fri, 01 Jun 2018 14:29:00 +0000

Google is reminding organizations to review how much of their Google Groups mailing lists should be public and indexed by Google.com. The notice was prompted in part by a review that KrebsOnSecurity undertook with several researchers who’ve been busy cataloging thousands of companies that are using public Google Groups lists to manage customer support and in some cases sensitive internal communications.

Read more

Is Your Google Groups Leaking Data?

Credit to Author: BrianKrebs| Date: Fri, 01 Jun 2018 14:29:00 +0000

Google is reminding organizations to review how much of their Google Groups mailing lists should be public and indexed by Google.com. The notice was prompted in part by a review that KrebsOnSecurity undertook with several researchers who’ve been busy cataloging thousands of companies that are using public Google Groups lists to manage customer support and in some cases sensitive internal communications.

Read more