BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Cybersecurity Is Becoming More Diverse … Except by Gender
/in General NewsWhile other professions are making up ground, cybersecurity still lags behind in female representation, thanks to a lack of respect and inclusion.
darkreading – Read More
FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data
/in General NewsThe U.S. Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T, Sprint, T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent.
The fines mark the culmination of a more than four-year investigation into the actions of the major carriers. In February 2020, the FCC put all four wireless providers on notice that their practices of sharing access to customer location data were likely violating the law.
The FCC said it found the carriers each sold access to its customers’ location information to ‘aggregators,’ who then resold access to the information to third-party location-based service providers.
“In doing so, each carrier attempted to offload its obligations to obtain customer consent onto downstream recipients of location information, which in many instances meant that no valid customer consent was obtained,” an FCC statement on the action reads. “This initial failure was compounded when, after becoming aware that their safeguards were ineffective, the carriers continued to sell access to location information without taking reasonable measures to protect it from unauthorized access.”
The FCC’s findings against AT&T, for example, show that AT&T sold customer location data directly or indirectly to at least 88 third-party entities. The FCC found Verizon sold access to customer location data (indirectly or directly) to 67 third-party entities. Location data for Sprint customers found its way to 86 third-party entities, and to 75 third-parties in the case of T-Mobile customers.
The commission said it took action in response to a May 2018 story broken by The New York Times, which exposed how a company called Securus Technologies had been selling location data on customers of virtually any major mobile provider to law enforcement officials.
That same month, KrebsOnSecurity broke the news that LocationSmart — a data aggregation firm working with the major wireless carriers — had a free, unsecured demo of its service online that anyone could abuse to find the near-exact location of virtually any mobile phone in North America.
The carriers promised to “wind down” location data sharing agreements with third-party companies. But in 2019, reporting at Vice.com showed that little had changed, detailing how reporters were able to locate a test phone after paying $300 to a bounty hunter who simply bought the data through a little-known third-party service.
The FCC fined Sprint and T-Mobile $12 million and $80 million respectively. AT&T was fined more than $57 million, while Verizon received a $47 million penalty. Still, these fines represent a tiny fraction of each carrier’s annual revenues. For example, $47 million is less than one percent of Verizon’s total wireless service revenue in 2023, which was nearly $77 billion.
The fine amounts vary because they were calculated based in part on each day that the carriers continued sharing customer location data after being notified that doing so was illegal (the agency also considered the number of active third-party location data sharing agreements). The FCC notes that AT&T and Verizon took more than 320 days from the publication of the Times story to wind down their data sharing agreements; T-Mobile took 275 days; Sprint kept sharing customer location data for 386 days.
Krebs on Security – Read More
ESET PROTECT Portfolio Now Includes New MDR Tiers and Features
/in General NewsPost Content
darkreading – Read More
13.4M Kaiser Insurance Members Affected by Data Leak to Online Advertisers
/in General NewsTracking code used for keeping tabs on how members navigated through the healthcare giant’s online and mobile sites was oversharing a concerning amount of information.
darkreading – Read More
Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023
/in General NewsGoogle on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year.
The tech giant also said it blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or for repeated policy violations.
“In 2023,
The Hacker News – Read More
Ford’s hands-free driver system is under investigation after fatal crashes – what to know
/in General NewsAnother rough day for autonomous driving Just days after closing a Tesla investigation, Federal safety regulators are now looking into Ford’s driver-assistance system, BlueCruise.
Latest stories for ZDNET in Security – Read More
How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat
/in General NewsHistory of TikTok and how it many view it as a national security threat.
The post How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat appeared first on SecurityWeek.
SecurityWeek – Read More
CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure
/in General NewsNew CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy.
The post CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure appeared first on SecurityWeek.
SecurityWeek – Read More
Should Cybersecurity Leadership Finally be Professionalized?
/in General NewsThe majority opinion is that a cybersecurity professional body is long overdue and would benefit cybersecurity and cybersecurity practitioners.
The post Should Cybersecurity Leadership Finally be Professionalized? appeared first on SecurityWeek.
SecurityWeek – Read More
Google Says it Blocked 2.28 Million Apps from Google Play Store
/in General NewsIn 2023, Google said it blocked 2.28 million bad applications from being published on Google Play and banned 333,000 developer accounts.
The post Google Says it Blocked 2.28 Million Apps from Google Play Store appeared first on SecurityWeek.
SecurityWeek – Read More