A UK class action privacy lawsuit against Google can go ahead, according to the UK Court of Appeal. The suit claims up to £3bn ($3.9bn) in damages based on Google’s manipulation of Apple’s Safari browser in 2011-12. In 2010, Apple included anti-tracking technology in Safari that would stop advertising companies from inserting cookies into the browser. Google developed a workaround, enabling it to put cookies from its DoubleClick advertising technology into users’ browsers anyway. Safari’s anti-tracking technology at the time made an exception for sites that users interacted with, so Google included code in advertisements that made it look as though the user was filling out a form.
Thanks to a whopping data breach from an unknown server exposing 419 million data records, our monthly total comes to 531,596,111 breached records. This brings the total amount of breached records for the year so far to 10,331,579,614. September may have had fewer incidents than August at only 75, but overall there was a massive 363% increase on records breached.
A recent attack aimed at a U.S.-based oil, gas and chemical supplier leverages the company’s use of the enterprise-class Asterisk open-source PBX software, used for VoIP services. According to research from Check Point, presented here at Virus Bulletin 2019 on Friday, the attack was first identified early last year when researchers spotted scanning activity targeting 1,500 unique gateways tied to 600 companies. This reconnaissance activity stopped abruptly five months later, only to resume in February of this year, with one difference. This time the scans were targeted at a single U.S.-based engineering company that provides niche services to critical infrastructure utilities in the U.S.
A researcher has released details of a WhatsApp remote code execution (RCE) flaw it is claimed could be used to compromise not only the app but the mobile device the app is running on. Reported to Facebook some weeks ago by a researcher called ‘Awakened’, the critical issue (CVE-2019-11932) affects users of the Android versions of the app, specifically versions 8.1 and 9.0 although not, apparently, version 8.0 (Apple’s iOS doesn’t appear to be affected). It’s described as a double-free memory vulnerability in a WhatsApp image preview library called libpl_droidsonroids_gif.so, and some aspects of how it might execute remain unclear.
IoT is one of the fastest growing trends in technology today, yet enterprises are leaving themselves vulnerable to dangerous cyberattacks by failing to prioritize PKI security, according to new research from nCipher Security. The 2019 Global PKI and IoT Trends Study, conducted by research firm the Ponemon Institute and sponsored by nCipher Security, is based on feedback from more than 1,800 IT security practitioners in 14 countries/regions. The study found that IoT is the fastest-growing trend driving public key infrastructure (PKI) application deployment – with 20% growth over the past five years.