The Global Surveillance Free-for-All in Mobile Ad Data

Not long ago, the ability to remotely track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites. Continue reading The Global Surveillance Free-for-All in Mobile Ad Data

Crooks Steal Phone, SMS Records for Nearly All AT&T Customers

AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers. AT&T said it delayed disclosing the incident in response to “national security and public safety concerns,” noting that some of the records included data that could be used to determine where a call was made or text message sent. AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed). Continue reading Crooks Steal Phone, SMS Records for Nearly All AT&T Customers

First American Financial Pays Farcical $500K Fine

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [NYSE:FAF] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back more than 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000. Continue reading First American Financial Pays Farcical $500K Fine

SolarWinds Hack Could Affect 18K Customers

The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affected, as it recently took possession of a key domain name used by the intruders to control infected systems. Continue reading SolarWinds Hack Could Affect 18K Customers

Twitter prepares to pay up to $250 million for using security data for advertising

Twitter acknowledged it could pay up to $250 million to the U.S. Federal Trade Commission for directing targeted advertising to users based off data submitted for security purposes. In a financial filing submitted to the Securities and Exchange Commission, Twitter estimated it would pay between $150 million and $250 million to the FTC. The penalty comes after the FTC drafted a complaint on July 28 alleging that Twitter used “phone number and/or email address data provided for safety and security purposes for targeted advertising during periods between 2013 and 2019,” Twitter said in the SEC filing. The complaint suggests Twitter violated a 2011 FTC consent order that required the company to establish a data security program, which required them to be transparent with users about the security and privacy measures in place. In October 2019, the company said it used email addresses and phone numbers to improve targeted advertising efforts. […]

The post Twitter prepares to pay up to $250 million for using security data for advertising appeared first on CyberScoop.

Continue reading Twitter prepares to pay up to $250 million for using security data for advertising

Trial delayed for former SEC watchdog accused of abusing computer access

A federal judge in New York has agreed to postpone the trial of a former U.S. government official accused of abusing his position at the Securities and Exchange Commission to access information about his new employer. U.S. prosecutors last year charged Michael Cohn, a former examiner for the SEC, with unauthorized access of a computer and obstruction of justice. During negotiations for a job at a private equity firm, GPB Holdings, Cohn told the company he possessed inside information about an SEC investigation into their behavior, according to an indictment. The exact technical nature of the alleged crime is not clear, based on the indictment. Cohn has pleaded not guilty.  U.S. District Judge Gary Brown, of the Eastern District of New York, on Wednesday agreed to delay the start of trial to September, after it was initially scheduled to begin on June 15, Law360 first reported. The decision came in response to a letter […]

The post Trial delayed for former SEC watchdog accused of abusing computer access appeared first on CyberScoop.

Continue reading Trial delayed for former SEC watchdog accused of abusing computer access

Two traders accused of profiting from SEC hack settle charges

Two financial traders accused of using nonpublic information to enrich themselves have settled with the U.S. Securities and Exchange Commission more than a year after the allegations were made public. The SEC announced Thursday its settled charges against David Kwon and Igor Sabodakha in connection with a wider scheme to hack an SEC database, then use stolen data to inform financial trades. The breach at the SEC, and the insider trades that followed, illuminated to much of the public how cybercrime had emerged a new way to boost traditional forms of global financial crime. Kwon and Sabodakha were charged last year alongside seven others for allegedly infiltrating the EDGAR database, where public companies upload financial disclosure forms and future announcements for shareholders. The SEC alleges the hack was carried out by two Ukrainians, Oleksandr Ieremenko and Artem Radchenko, who then passed tips to different groups of traders. With early access […]

The post Two traders accused of profiting from SEC hack settle charges appeared first on CyberScoop.

Continue reading Two traders accused of profiting from SEC hack settle charges

Employees from Israeli spyware vendor Ability arrested in probe of ‘significant’ issues

Israeli authorities have arrested multiple employees of the spyware vendor Ability in connection with an investigation into allegations of fraud, smuggling and money laundering at the company, the firm’s chief financial officer said Monday in a U.S. regulatory filing. Avi Levin, CFO of Ability Inc., confirmed to the U.S. Securities and Exchange Commission Monday that employees from subsidiaries Ability Security Systems Ltd. and Ability Computer & Software Industries Ltd. were taken into custody on suspicion of breaking the law on a “significant scale” as part of their business activities. The SEC update followed prior reports from Israeli media outlets indicating the Israeli Defense Ministry has been investigating the firm for allegedly violating international law which regulates Israeli security export controls. Tel Aviv-based Ability was co-founded by CEO Anatoly Hurgin and CTO Alexander Aurovsky. It is best known for marketing hacking tools, like ULIN, which stands for “Ultimate Interception,” to international governments. […]

The post Employees from Israeli spyware vendor Ability arrested in probe of ‘significant’ issues appeared first on CyberScoop.

Continue reading Employees from Israeli spyware vendor Ability arrested in probe of ‘significant’ issues

SEC Investigating Data Leak at First American Financial Corp.

The U.S. Securities and Exchange Commission (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003, KrebsOnSecurity has learned. Continue reading SEC Investigating Data Leak at First American Financial Corp.

United Airlines CISO Emily Heath joins TC Sessions: Enterprise this September

In an era of massive data breaches, most recently the Capital One fiasco, the risk of a cyberattack and the costly consequences are the top existential threat to corporations big and small. At TechCrunch’s first-ever enterprise-focused event (p.s. early bird sales end August 9), that topic will be front and center throughout the day. That’s […] Continue reading United Airlines CISO Emily Heath joins TC Sessions: Enterprise this September