Stephanie Milot reports: TikTok has agreed to pay $92 million to settle a class-action lawsuit alleging the social network collected users’ biometric information and personal data without consent and shared it with third parties. The proposed settlement applies to 89 million TikTok members in the US whose personal data was allegedly tracked and sold to advertisers in…
Category: Of Note
French Regulator Lambasts Health Firms Over Mass Data Leak
Helene Fouquet reports: France’s privacy watchdog said it’s investigating the leak of sensitive health data on half a million people and said the companies involved could face heavy penalties if they don’t come forward with details of the breaches. The leaks were of “particularly significant magnitude and severity,” the CNIL said in a statement. Hackers may have…
Lazarus targets defense industry with ThreatNeedle
Vyacheslav Kopeytsev and Seongsu Park write: We named Lazarus the most active group of 2020. We’ve observed numerous activities by this notorious APT group targeting various industries. The group has changed target depending on the primary objective. Google TAG has recently published a post about a campaign by Lazarus targeting security researchers. After taking a closer look,…
Insider Cloud Data Theft Plagues Healthcare Sector
Phil Muncaster reports: Over a third (35%) of global healthcare organizations suffered cloud data theft by malicious insiders last year, according to data from Netwrix. The findings come from the security vendor’s 2021 Netwrix Cloud Data Security Report, based on interviews with 937 IT professionals around the world. It claimed that while insider theft was less…
CISA Releases Joint Cybersecurity Advisory on Exploitation of Accellion File Transfer Appliance
The cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States have released Joint Cybersecurity Advisory AA21-055A: Exploitation of Accellion File Transfer Appliance. Cyber actors worldwide have exploited vulnerabilities in Accellion File Transfer Appliance to attack multiple federal, and state, local, tribal, and territorial government organizations as well as private industry organizations…
SolarWinds hackers targeted NASA, Federal Aviation Administration networks
Zack Whittaker reports: Hackers are said to have broken into the networks of U.S. space agency NASA and the Federal Aviation Administration as part of a wider espionage campaign targeting U.S. government agencies and private companies. The two agencies were named by the Washington Post on Tuesday, hours ahead of a Senate Intelligence Committee hearing tasked with…