A huge data dump includes the personal information of tens of millions of people and where they have met – and its origin is a mystery. The breach includes almost 90GB of people’s personal data, including details of where they have been and met people. But there is no clue where the information has actually come from in the first place. Though the information has been hosted publicly, and available to anyone, there is no hint about where it was first collected from.…

Another amendment blocking the FBI surveillance failed by just one vote Wednesday, bringing McConnell’s proposal one step closer to becoming law. The Senate is expected to vote Wednesday to renew the 2001 Patriot Act, and Mitch McConnell is pushing an amendment to the law that would expand the FBI’s surveillance powers. An amendment proposed by McConnell would, for the first time ever, let the FBI collect records on Americans’ web-browsing and search histories without a warrant.…

Cookies today are doing all kinds of bad things, but did you know that the original creators wanted to stop that? I had a discussion the other day about GDPR, ePrivacy and all those problems for publishers, and I pointed out that the way we think about this is wrong. We were never supposed to be able to do what most publishers and tech companies do today. In fact, what if I were to tell you that the original specification for how cookies should be implemented in browsers pretty much defined what GDPR is today?…

For 8 years, a hacker operated a massive IoT botnet just to download Anime videos The botnet consisted solely of D-Link NAS and NVR devices and the botnet peaked at 10,000 bots in 2015. Named Cereals and first spotted in 2012, the botnet reached its peak in 2015 when it amassed more than 10,000 bots. However, despite its size, the botnet operated without detection from most cyber-security firms. Currently, Cereals is slowly disappearing, as the vulnerable D-Link devices on which it fed all these years have started aging and are being decommissioned by their owners.…

Samsung patches 0-click vulnerability impacting all smartphones sold since 2014 Samsung patched this month a critical bug discovered by Google security researchers. South Korean smartphone vendor Samsung released this week a security update to fix a critical vulnerability impacting all smartphones sold since 2014. The security flaw resides in how the Android OS flavor running on Samsung devices handles the custom Qmage image format (.qmg), which Samsung smartphones started supporting on all devices released since late 2014.…

New Firefox service will generate unique email aliases to enter in online forms Firefox Private Relay add-on to help users safeguard their email addresses from spammers. Browser maker Mozilla is working on a new service called Private Relay that generates unique aliases to hide a user’s email address from advertisers and spam operators when filling in online forms. The service entered testing last month and is currently in a closed beta, with a public beta currently scheduled for later this year, ZDNet has learned.…

President Donald Trump signed today an executive order barring US power grid entities from buying and installing electrical equipment that has been manufactured outside the US. Besides barring power grid operators from buying and installing new foreign equipment, the order also authorizes the Secretary of Energy to start procedures to identify current electrical equipment manufactured outside the US and develop strategies with government agencies and the private sector to have it isolated, monitored, and eventually replaced in the future.…

Last October, Facebook and its WhatsApp subsidiary sued the software developer and its affiliate Q Cyber Technologies in California, claiming that the firms made, distributed, and operated surveillance software known as Pegasus that remotely infects, hijacks, and extracts data from the smartphones of WhatsApp users. NSO Group then filed a motion to dismiss the hacking lawsuit, arguing that it can’t be sued in the US: it has immunity because its customers are governments.…

In this blog post, Ian Levy explains how the new NHS COVID-19 app will help us fight the coronavirus while protecting your privacy and security (and not draining your phone battery). Source: gov.uk…

Tesla claims that the computers are supposed to be wiped before being thrown away, but he is only aware of a reset procedure that can be done at the factory but not at service centers. Either people dumpster dive to grab them and sell them to resellers and they end up on eBay, which is hardly “stealing,” or Tesla employees themselves sell the computers. You can see plenty of them available for sale on the website: Green told Electrek that he even heard about Tesla employees selling computers to third-party Tesla repairers: I know some people on the unauthorized repair side…

Last year, Apple accused a cybersecurity startup based in Florida of infringing its copyright by developing and selling software that allows customers to create virtual iPhone replicas. Critics have called the Apple’s lawsuit against the company, called Corellium, “dangerous” as it may shape how security researchers and software makers can tinker with Apple’s products and code. The lawsuit, however, has already produced a tangible outcome: very few people, especially current and former customers and users, want to talk about Corellium, which sells the eponymous software that virtualizes iPhones and Android devices.…

A hacker who bribed a worker for the online video game Roblox managed to gain access to the personal information of over 100 million active users, the ability to change passwords and email addresses, and allocate in-game currency. The hacker first paid an employee to look up data about users, and then targeted a customer support representative. They saidthey did it to “prove a point” to the company. Speaking to Motherboardunder the condition of anonymity, the hacker could also remove two-factor authentication (a method by which user logins are made more secure by verifying the login from a second device), enact bans, and steal items from other users.…

Hundreds of people have been exposed for reporting people who have flouted social distancing rules and some are now scared they could receive a backlash. The names and addresses of approximately 900 people in Missouri were released as part of a media request under the Sunshine Law, which allows for the release of information submitted to a public agency (except for wrongdoing and abuse tips). St. Louis County had urged the community to share details of anyone not following guidelines in response to the coronavirus pandemic and noted in the terms and conditions that information may be shared publicly.…

Maybe it will be a better idea someday, but that day isn’t here yet. Ankle bracelets are prone to unexpected failure, just like any other electronic device. False negatives — alerts saying a parolee isn’t at home — are no better than false positives in the long run, although the former is the only one that can take away someone’s freedom. The costs of ankle bracelets are borne by the parolee.…

The billion-dollar deal set off alarm bells from the very beginning: no one in the domain name industry had ever heard of Ethos Capital, and it only had two named employees. It quickly emerged it had been secretly created by a former CEO of ICANN, and he had registered the company one day after ICANN made clear it was going to lift price caps on the 10 million .org domains, instantly making the registry worth tens of millions more.…

Malicious Android apps from the so-called PhantomLance campaign targeted hundreds of users, and at least two slipped past Google’s defenses. Google’s Play Store for Android apps has never had a reputation for the strictest protections from malware. Shady adware and even banking trojans have managed over the years to repeatedly defy Google’s security checks. Now security researchers have found what appears to be a more rare form of Android abuse: state-sponsored spies who repeatedly slipped their targeted hacking tools into the Play Store and onto victims’ phones.…

The federal government is attempting to convince Australians it can be trusted to handle personal data collected by the coronavirus contact tracing app. But it’s an uphill battle due to a long history of secrecy and failures to live up to promises on security and privacy of Australians’ data. Governments around the world are dealing with the same problem: everyone wants to be able to resume some level of normal life, but authorities will need to be able to quickly find and contain people who might have the virus and not yet know it.…

RIPE speaks out against China and Huawei’s ‘New IP’ internet upgrade plan, says internet standards should be left to the IETF, not the UN. EU-based Internet governance body RIPE is opposing a proposal to remodel core internet protocols, a proposal backed by the Chinese government, Chinese telecoms, and Chinese networking equipment vendor Huawei. Named ‘New IP,’ this proposal[1, 2, 3] consists of a revamped version of the TCP/IP standards to accommodate new technologies, a ‘shutoff protocol’ to cut off misbehaving parts of the internet, and a new ‘top-to-bottom’ governance model that centralizes the internet and puts it into the hands of a few crucial node operators.…

Whole Foods is keeping an eye on stores at risk of unionizing through an interactive heat map, according to five people with knowledge of the matter and internal documents viewed by Business Insider. The heat map is powered by an elaborate scoring system, which assigns a rating to each of Whole Foods’ 510 stores based on the likelihood that their employees might form or join a union. The stores’ individual risk scores are calculated from more than two dozen metrics, including employee “loyalty,” turnover, and racial diversity; “tipline” calls to human resources; proximity to a union office; and violations recorded by the Occupational Safety and Health Administration.…

In an attempt to stem the tide of the coronavirus pandemic, at least 30 governments around the world have instituted temporary or indefinite efforts to single out infected individuals or maintain quarantines. Many of these efforts, in turn, undermine personal privacy. It’s a complex trade-off: Governments need information to create containment strategies and know where to focus resources. At the same time, governments have a way of holding onto tools that undermine citizens’ privacy long after the moment of crisis has passed.…