KW 47: Data protection activists protest against European anti-terrorism plans, Data protection complaint about Apple’s online tracking, Capcom ignores blackmail letters

NEWS

Data protection activists protest against European anti-terrorism plans: Following the terrorist attacks in Paris, Nice and Vienna, EU member states discussed new competencies for the security authorities in a draft resolution. According to a draft submitted to the Austrian station ORF, the EU states want to weaken messengers’ encryption of messages and thus gain insight into private encrypted communications. But there is massive resistance among data protection activists and politicians. The Chaos Computer Club fears that this could also create a gateway for criminals. There is also fear of abuse of power by governments.
tagesschau.de

Data protection complaint about Apple’s online tracking: An Austrian privacy advocacy group led by lawyer and privacy campaigner Max Schrems has filed complaints with data protection watchdogs in Germany and Spain alleging that an online tracking tool used in Apple devices illegally enabled Apple to store users’ data without their consent. According to the privacy group, Apple’s iOS mobile operating system breaks the EU’s so-called cookie law by creating a tracking code without users’ knowledge or consent. This identifier for advertisers allows Apple and app providers to monitor what users are doing and build profiles for targeted advertising.
reuters.com, fortune.com

Capcom ignores blackmail letters: Japanese video game developer Capcom has declined a ransom demand of an unknown amount after successful hacking attacks on its internal networks. The company had announced that there had been anomalies since November 2, which later turned out to be attacks by a group called Ragnar Locker. Since the company did not enter into a deal with the cyber criminals, the stolen data has now been put online. In contrast to the company presentation, according to which only nine customers are specifically affected, the extortionists say they have targeted 350,000 customers, employees and other contacts of the Capcom company.
golem.de

– Advertisement –
IoT – Ticker -The physical world meets the digital one. Internet of Things as an interface that revolutionizes both the industry and everyday life. Get a weekly update from the world of “Internet of Things”. iot-ticker.net

Big Sur bypasses firewall for data transmission to Apple: If you’re using a Mac VPN and recently updated your device to Big Sur, your privacy may be at risk as it was discovered that Apple apps are able to bypass both firewalls and VPN services in the company’s latest version of macOS. Twitter user mxswd first spotted the issue back in October. Security researcher at Jamf, Patrick Wardle confirmed that this was happening and explained in a comment that previous versions of macOS allowed a firewall or VPN to be set up using the Network Kernel Extension.
techradar.com

There is still a security gap in Windows systems: A year and a half after Microsoft disclosed the BlueKeep vulnerability impacting the Windows RDP service, more than 245,000 Windows systems still remain unpatched and vulnerable to attacks. The number represents around 25% of the 950,000 systems that were initially discovered to be vulnerable to BlueKeep attacks during a first scan in May 2019.
zdnet.com

TÜV NORD warns of hacker attacks on elevators: The Chief Digital Officer in the management of TÜV NORD Systems, Ulf Theike, has warned of increased hacker attacks on elevators. Modern building elevators are often connected to a control center via sensors, where they are monitored and controlled. Digital controls are either connected to the Internet of Things or to the outside world via the cellular network, where they could easily be taken over by cyber criminals. Theike therefore calls for IT security requirements to be taken into account in the test catalog for elevators in the future. There is an urgent need for a legal basis for testing critical systems such as digital elevator control.
elektronikpraxis.vogel.de

Malware: Network printer blockage fixed by update heise.de
Zscaler: Company relies on microtunnels for cloud security it-business.de
Update: InfluxDB Cloud 2.0 promises more security heise.de
Agreement: Palo Alto Networks announces acquisition of Expanse infopoint-security.de
Study: Online Christmas shopping is a paradise for cyber criminals it-daily.net

– Advertisement –
African Edition – The weekly newsletter that provides you with hand-picked news about current discussions and news from Africa: from socio-political developments to African-European relations. The continent at a glance. african-edition.com

NUMBER OF THE WEEK

According to a cybersecurity survey by CrowdStrike, it was found that almost 60 percent of German companies have been victims of a ransomware attack once or even several times in the last 12 months.
it-daily.net

BACKGROUND

Certificate for Android smartphones expires in 2021: Owners of older Android smartphones are threatened with a rude awakening when they try to surf the internet in the coming year. The certification authority “Let’s Encrypt”, which issues approvals for secure internet connections, will let the partnership with another certification authority called “IdenTrust” expire in the coming year. This means that Android versions prior to 7.1.1 in particular will no longer be able to access a large number of websites. Owners of such Android smartphones could install the now mandatory root certificate as a user certificate, but according to the website “Techbook” this offers space for cyberattacks.
techbook.de

Australia’s Cyber Security Strategy: Australia’s 2016 Cyber Security Strategy attempted to address the question: ‘how do we secure our prosperity in a connected world?’ This strategy focused on growth, innovation and economic opportunity and recognized Australia’s role in championing an open, free and secure internet in the international community. This focus was in large part driven by then Prime Minister Malcolm Turnbull, a former technology investor with a personal interest in technology and cyber security issues. The 2016 strategy was developed within the Department of the Prime Minister and Cabinet and on the day of its launch Turnbull announced a new position of Special Adviser to the Prime Minister on Cyber Security.
rusi.org

QUOTE

“A more secure digital environment is the best guarantor of safety and security for Western countries in the digital age.”
In cyber-space, a strong defense should take precedence over arming ourselves with new weapons, the UK’s National Cyber Security Center (NCSC)’s ex-chief Ciaran Martin has warned.
bbc.com

SECURE?

Company forced to change name that could be used to hack websites: Companies House has forced a company to change its name after it realized it could pose a security risk. The company was set up by a British software engineer, who says he did it purely because he thought it would be “a fun playful name” for his consulting business. He now says he didn’t realize that Companies House was actually vulnerable to the extremely simple technique he used, known as “cross-site scripting”, which allows an attacker to run code from one website on another.
theguardian.com

Newsletter subscription

Subscribe to our free weekly newsletter for a compact overview of safety and security topics:

Safety-Security-Ticker

More digital news briefings

Our political briefings