Yazılar

EU Court Imposes Fine on EU for Breaching Own Data Protection Law

/in /tarafından

In a landmark decision, the EU General Court ruled on Wednesday that the European Commission must pay compensation to a German citizen for breaching its own data protection laws. The court found that the Commission transferred the citizen’s personal data to the United States without adequate safeguards, in violation of the EU’s General Data Protection Regulation (GDPR).

The case stemmed from the individual using the “Sign in with Facebook” option to register for a conference via the EU login page. The court concluded that the Commission’s transfer of the user’s IP address to Meta Platforms in the U.S. was unlawful, as it did not meet the required data protection standards set out by the GDPR. As a result, the Commission was ordered to pay the citizen 400 euros ($412) in damages.

A spokesperson for the European Commission acknowledged the ruling and stated that it would carefully assess the judgment and its implications. This decision marks a significant development in the enforcement of GDPR, a regulation widely considered to be among the most robust data privacy laws globally. Many major companies, including Meta, LinkedIn, and Klarna, have faced heavy fines from the EU for failing to comply with these regulations.

 

Hackers Target Multiple Companies’ Chrome Extensions in Widespread Campaign

/in /tarafından

Hackers have compromised a variety of companies’ Chrome browser extensions in a series of cyberattacks that began in mid-December, according to affected firms and cybersecurity experts. One confirmed victim, Cyberhaven, a California-based data protection company, revealed the breach in a statement to Reuters on Friday.

“Cyberhaven can confirm that a malicious cyberattack occurred on Christmas Eve, affecting our Chrome extension,” the company said. It referenced cybersecurity experts’ findings, which indicated the breach was part of a broader campaign targeting Chrome extension developers across multiple organizations. The company also confirmed it is cooperating with federal law enforcement authorities in its investigation.

Browser extensions, often used to enhance user experience through features like auto-applying coupons or improving data management, were exploited in this campaign to compromise sensitive data. Cyberhaven’s Chrome extension is specifically designed to help monitor and secure client data across web-based applications.

Jaime Blasco, cofounder of Nudge Security in Austin, Texas, noted that Cyberhaven is not an isolated case. He identified several other compromised extensions, some impacted as early as mid-December. These included extensions related to artificial intelligence and virtual private networks (VPNs), suggesting an opportunistic approach aimed at collecting as much sensitive data as possible from a wide range of sources.

Blasco said, “I’m almost certain this is not targeted to Cyberhaven. If I had to guess, this was just random.”

The geographical reach of the campaign remains unclear. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) declined to comment, referring inquiries to the affected companies. Alphabet, the parent company of Google and maker of the Chrome browser, did not immediately respond to requests for comment.

This incident highlights the vulnerabilities associated with browser extensions and the potential for malicious actors to exploit them for broad data collection efforts. Experts urge developers and users alike to exercise caution and maintain robust security measures for extensions to prevent similar breaches.

 

How to Protect Yourself from iPhone Thieves Locking You Out of Your Device

/in /tarafından

A concerning new trend has emerged where thieves are exploiting an iPhone security feature called the recovery key to lock victims out of their devices and drain their bank accounts. This method, although complex, has been growing in frequency, according to a recent report by The Wall Street Journal. The attack involves stealing an iPhone and manipulating the device’s security settings to make it nearly impossible for the owner to regain access to their data.

The process begins with a criminal observing the victim’s passcode or tricking them into revealing it. This can happen in public places, such as bars or events, where the thief might catch a glimpse of the passcode. Once they have access to the device, the thief can change the Apple ID, disable “Find My iPhone” to prevent tracking, and reset the recovery key—a 28-digit code designed to prevent unauthorized access. If the thief changes the recovery key, the rightful owner will be locked out of their account.

Apple has acknowledged the issue, noting that while this type of attack is rare, it is taken very seriously. The company also emphasizes that users are responsible for maintaining access to their recovery key and trusted devices. If both are lost, users could be permanently locked out of their accounts.

Jeff Pollard, a security expert at Forrester Research, has called on Apple to provide better customer support options to help users recover from such incidents. Until such support is available, here are a few steps iPhone owners can take to safeguard their devices:

  1. Protect Your Passcode:
    The first line of defense is ensuring that your passcode is secure. Apple recommends using Face ID or Touch ID, particularly in public spaces, to avoid revealing your passcode. Users can also set up a longer, alphanumeric passcode, which is more difficult for thieves to guess. If you believe someone has seen your passcode, change it immediately.
  2. Use Screen Time Settings:
    A clever workaround involves setting up a secondary password within the iPhone’s Screen Time settings. This password is required before changes can be made to an Apple ID, preventing a thief from altering your Apple ID without it. Although not officially endorsed by Apple, this measure can add an extra layer of protection.
  3. Back Up Regularly:
    Frequent backups, whether through iCloud or iTunes, can protect your data in case your phone is stolen. In addition, consider storing important files and photos on other cloud services like Google Photos, Microsoft OneDrive, or Dropbox. While this won’t prevent thieves from accessing the device, it can minimize the loss of personal data.

By taking these steps, iPhone users can reduce the risk of being locked out of their devices and mitigate the damage if their phone is stolen.