Incident prompts fears for latest Silicon Valley craze’s ability to guarantee users’ security and privacy
Clubhouse, the audio-chatroom app that has emerged as the latest craze to consume Silicon Valley, has shut down a site that was rebroadcasting the platform’s content, renewing concerns over the service’s ability to provide security and privacy for its users.
The app, currently available only on iPhones, allows users to quickly and easily set up and discover panel-style discussions, with a small group of speakers and potentially thousands of listeners in each room. It has been strictly limited since its launch in April, with users requiring an invitation before they can create an account. It initially gained popularity in the tech and venture capitalist community of the San Francisco Bay area.
from Data and computer security | The Guardian https://ift.tt/2NAwGmq
Genetic testing company with 10 million customers’ data has ‘huge cybersecurity implications’
The genetic testing company 23andMe will go public through a partnership with a firm backed by the billionaire Richard Branson, in a deal that has raised fresh privacy questions about the information of millions of customers.
Launched in 2006, 23andMe sells tests to determine consumers’ genetic ancestry and risk of developing certain illnesses, using saliva samples sent in by mail.
Related: Your DNA is a valuable asset, so why give it to ancestry websites for free? | Laura Spinney
from Data and computer security | The Guardian https://ift.tt/3tGKuw7
Exclusive: former cybersecurity chief calls for law change and warns situation is ‘close to getting out of control’
Insurers are inadvertently funding organised crime by paying out claims from companies who have paid ransoms to regain access to data and systems after a hacking attack, Britain’s former top cybersecurity official has warned.
Ciaran Martin, who ran the National Cyber Security Centre until last August, said he feared that so-called ransomware was “close to getting out of control” and that there was a risk that NHS systems could be hit during the pandemic.
from Data and computer security | The Guardian https://ift.tt/3pgTd5r
Investigation launched after teachers warn of worm on devices handed out by government for home schooling
An investigation has been launched into reports that some of the laptops handed out to vulnerable children for homeschooling in England are infected with malware.
According to an online forum, teachers from a school in Bradford noticed the issue and believe it contacts Russian servers.
from Data and computer security | The Guardian https://ift.tt/39TEqY4
Kaspersky investigators uncover evidence that may support US claims Moscow was behind attack
A Moscow-based cybersecurity company has reported that some of the malicious code employed against the US government in a cyber-attack last month overlaps with code previously used by suspected Russian hackers.
The findings by Kaspersky investigators may provide the first public evidence to support accusations from Washington that Moscow was behind the biggest cyber-raid against the government in years, affecting 18,000 users of software produced by SolarWinds, including US government agencies.
Related: What you need to know about the biggest hack of the US government in years
from Data and computer security | The Guardian https://ift.tt/3q9T9V6
Fraud worries as UK company Now:Pensions says ‘third-party contractor’ posted personal details of clients to online public forum
About 30,000 customers of Now:Pensions face an anxious Christmas after a serious data breach at the pensions provider led to their sensitive personal details being posted on the internet.
In an email sent to affected customers, the workplace pensions firm warned that names, postal and email addresses, birth dates and National Insurance numbers all appeared in a public forum online.
from Data and computer security | The Guardian https://ift.tt/34EkLJS
Analysis: NSO Group’s Pegasus spyware could allegedly track locations and access passwords
For almost a year, spyware sold by Israel’s NSO Group was allegedly armed with a computer security super-weapon: a zero-footprint, zero-click, zero-day exploit that used a vulnerability in iMessage to seize control of an iPhone at the push of a button.
That means it would have left no visible trace of being placed on target’s phones, could be installed by simply sending a message that the victim didn’t even need to click on, and worked even on phones that were running the then-latest version of iOS, the operating system for iPhones.
from Data and computer security | The Guardian https://ift.tt/34yI1ce
Analysis: trade in stolen data is a boon for investigators and a headache for Kremlin
In early 2019, the journalist Andrey Zakharov managed to buy his own phone records and banking records in a groundbreaking investigation into Russia’s thriving markets in stolen personal data, in which law enforcement and telecoms employees can be contracted anonymously to dip into their systems and pull out sensitive details on anyone.
A year and a half later, investigators from Bellingcat and the Insider used some of the same tools and clever analysis to out a secret FSB team that had been tasked with killing Alexei Navalny using a novichok nerve agent.
Related: Russian FSB hit squad poisoned Alexei Navalny, report says
Related: ‘We got really lucky’: how novichok suspects’ identities were revealed
from Data and computer security | The Guardian https://ift.tt/3mq7LgW
UK information commissioner calls for international approach to emerging threat
The information commissioner has criticised the “antiquated process” that led to Facebook getting hold of Cambridge Analytica’s servers before the UK regulator itself, and renewed calls for an international approach to data privacy to tackle the emerging threat of data havens.
Elizabeth Denham, the information commissioner, spoke to Damian Collins MP, the former chair of the digital, culture, media and sport committee, who led the parliamentary enquiry into disinformation, on his podcast Infotagion. She described discovering that Facebook was inside the offices of defunct electioneering consultancy Cambridge Analytica while in the middle of an interview with Channel 4’s Jon Snow.
from Data and computer security | The Guardian https://ift.tt/3kZkMgT
Peiter Zatko’s appointment follows mass attack on social media platform in July
Twitter has appointed one of the world’s most respected hackers as its new head of security in the wake of a humiliating mass attack in July.
The company has placed Peiter Zatko in charge of protecting its platform from threats of all varieties, poaching him from the payments startup Stripe. Zatko is better known as Mudge, his handle for more than 20 years of operation on both sides of the information security arena.
Related: Why are public thinkers flocking to Substack? | Sean Monahan
from Data and computer security | The Guardian https://ift.tt/2UAZE5K