Nick Statt reports: Whisper, an anonymous secret-sharing mobile app that rose to prominence more than half a decade ago, has been inadvertently exposing sensitive information about its users for years through a public online database, according to a new report from The Washington Post. The app, while far from as popular as it was in the few years…
Brazil: Millions of Records Leaked, Including Biometric Data
Jim Wilson reports: The security research team at Safety Detectives has discovered a significant data leak in addition to other security flaws (such as lack of password protection) relating to fingerprint data on an Antheus log server in Brazil. Our team, led by Anurag Sen, discovered almost 2.3 million data points in total and estimates that…
Israeli spyware company accused of WhatsApp hack: Facebook lied in lawsuit
Tal Shahaf of Reuters reports: A fierce legal battle between Facebook and Israeli cyber security firm NSO ramped up this week with the latter telling a California court that the social media giant lied about providing material related to its lawsuit against the high-tech firm. Facebook is suing NSO for allegedly spying on smartphone users…
University of Hertfordshire avoids data breach action by UK watchdog
Charlie Osborne reports: The University of Hertfordshire has avoided an investigation by the ICO into its data-sharing practices after exposing student information. The security incident took place in November 2019, in which a bulk email promoting an art lecture also included an attachment containing the names and email addresses of approximately 2,000 students. Read more…
Hackers are targeting other hackers by infecting their tools with malware
Zack Whittaker reports: A newly discovered malware campaign suggests that hackers have themselves become the targets of other hackers, who are infecting and repackaging popular hacking tools with malware. Cybereason’s Amit Serper found that the attackers in this years-long campaign are taking existing hacking tools — some of which are designed to exfiltrate data from a database through…
NY SHIELD Act Data Security Requirements Effective This Month
Julia K. Kadish of Sheppard Mullin writes: Businesses collecting personal information from New York residents will soon be expected to apply enhanced data security requirements. The New York SHIELD Act, signed into law in July 2019, expanded breach notice requirements in October 2019. Now, On March 21, 2020, the remaining provisions related to data security will…