Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. ” reads the analysis published by Google TAG. Pierluigi Paganini.

Phishing 135

Phishing Archiving Encryption Authentication 135

Security Affairs

MARCH 22, 2023

Experts noticed that it was first uploaded to the Chrome Web Store on February 14, 2023. According to the researchers, it is able to steal Facebook session cookies and compromise accounts in masses. Once the victim installed the extension, the malicious code uses the OnInstalled handler function to steal Facebook session cookies.

Encryption 97

Encryption IT Security Access 97

Hunton Privacy

JANUARY 13, 2022

On December 31, 2021, the French Data Protection Authority (the “CNIL”) imposed a €150,000,000 fine on Google and a €60,000,000 fine on Facebook (now Meta) for violations of French rules on the use of cookies. After receiving several complaints from users, the CNIL investigated the cookie practices of facebook.com, google.fr, and youtube.com.

GDPR 105

GDPR Privacy Government IT 105

DLA Piper Privacy Matters

JANUARY 8, 2022

and youtube.com to reject cookies as easily as they may accept them and (ii) issued an injunction to remedy to such infringement within 3 months under penalty of 100,000 euros per day of delay. Several clicks were necessary to reject all cookies (3 for Facebook and 5 for Google), when only one click was necessary to accept them all.

GDPR 97

GDPR Compliance Data collection Government 97

Security Affairs

JULY 12, 2022

The proxy server allows attackers to access the traffic and capture the target’s password and the session cookie. Once obtained the credentials and session cookies to access users’ mailboxes, threat actors launched business email compromise (BEC) campaigns against other targets. and certificate-based authentication.

Phishing 134

Phishing Authentication Passwords Access 134

Security Affairs

AUGUST 31, 2021

The experts noticed that Outlook Web Access and Exchange Control Panel pass authentication requests to the Exchange Back End. These requests include a ‘SecurityToken’ cookie that when is present in a request within ‘/ecp’, delegates the authentication process to the backend. ” continues the analysis.

Authentication 93

Authentication Access Information Security IT 93

Data Protection Report

FEBRUARY 14, 2022

The French Data Protection Authority (the “ CNIL ”) continues its campaign against companies that do not respect the rules relating to cookies and other trackers, which the CNIL has previously reminded the market about in multiple communications and decisions. CNIL’s role to issue practical illustrations under GDPR.

GDPR 113

GDPR Compliance Communications Personal data 113

Hunton Privacy

JUNE 2, 2022

The CNIL carried out 384 controls, issued 135 letters of formal notice and imposed 18 sanctions for a cumulative amount of more than €214 million. One of the CNIL’s priorities in 2021 was to verify companies’ compliance with the new cookies rules.

Artificial Intelligence 113

Artificial Intelligence Privacy Data breaches Government 113

Schneier on Security

APRIL 5, 2023

Genesis Market is shut down : Active since 2018, Genesis Market’s slogan was, “Our store sells bots with logs, cookies, and their real fingerprints.” ” Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials.

Marketing 79

Marketing 79

Security Affairs

DECEMBER 25, 2022

France’s privacy watchdog fines €60 million Microsoft for using advertising cookies without explicit customer consent. France’s privacy watchdog fines €60 million Microsoft’s Ireland subsidiary for using advertising cookies without the explicit consent of its customers. Pierluigi Paganini.

Privacy 52

Privacy IT Security Information Security 52

Hunton Privacy

APRIL 15, 2020

On April 9, 2020, the Belgian Data Protection Authority (the “Belgian DPA”) released guidance and a set of frequently asked questions (“FAQs”) regarding the use of cookies and other tracking technologies. Key takeaways from the Belgian DPA’s guidance and the FAQs include: Transparency: Users must be informed about the use of cookies.

Communications 97

Communications Data collection Access IT 97

Security Affairs

MARCH 10, 2023

The experts noticed that the was continuously improved during 2022 and was distributed in small campaigns. The experts also noticed that the authors set up a website to advertise this Android malware-as-a-service, a circumstance that confirms their intentions of entering the MaaS landscape. ” continues the report.

Authentication 98

Authentication Passwords Access IT 98

Hunton Privacy

JANUARY 19, 2022

The case resulted from a complaint submitted by certain Members of the European Parliament (“MEPs”) who alleged that the Parliament’s use of cookies violated data protection law, including requirements regarding the transfer of personal data outside of the EU. in connection with the use of cookies of U.S. Background. The EDPS Decision.

Personal data 104

Personal data Analytics Compliance IT 104

Data Protection Report

JULY 27, 2021

These organizations all remedied the identified breaches within the month granted, but the CNIL has identified and sent formal enforcement notices regarding the same issue to a further 40 non-compliant organizations in the meantime. The latest formal notices are only the beginning of the CNIL’s work. What is the risk of sanction?

IT 78

IT Compliance Risk 78

Data Matters

SEPTEMBER 6, 2022

The California Attorney General issued its first CCPA fine based on a company’s alleged failure to provide sale opt-outs for third-party advertising cookies and not recognize the Global Privacy Control signal. In the early days of CCPA, some questioned whether the use of cookies and trackers in this regard constituted a sale.

Privacy 197

Privacy B2B Sales Compliance 197

Hunton Privacy

MAY 11, 2021

Disqus collected data through cookies placed on the devices of website visitors using the widget, and subsequently passed personal data collected by those cookies to third-party advertising partners and its parent company. Numerous Norwegian online newspapers used its services through the Disqus plugin (the “widget”).

GDPR 129

GDPR Personal data Communications Data collection 129

Security Affairs

AUGUST 9, 2023

Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months. million employees. “Threat actors utilized EvilProxy – a phishing tool based on a reverse proxy architecture, which allows attackers to steal MFA-protected credentials and session cookies.”

Cloud 97

Cloud Phishing Authentication Security 97

Security Affairs

OCTOBER 3, 2020

Facebook detailed an ad-fraud cyberattack that’s been ongoing since 2016, crooks are using a malware tracked as SilentFade (short for “Silently running Facebook Ads with Exploits”) to steal Facebook credentials and browser cookies. The experts noticed that it was usually bundled with potentially unwanted programs (PUPs). .

Healthcare 114

Healthcare Paper Authentication Metadata 114

Hunton Privacy

DECEMBER 1, 2020

million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation (“GDPR”) and Article 82 of the French Data Protection Act governing the use of cookies. GDPR and Cookie Violations. Background. Highlights from the CNIL’s decisions are detailed below.

GDPR 91

GDPR Personal data Data collection Marketing 91

WIRED Threat Level

MAY 22, 2021

Cookie consent notices are everywhere, and opting out of tracking is a pain. It doesn’t have to be this way.

IT 77

IT Security 77

DLA Piper Privacy Matters

MARCH 23, 2021

As described in more details in our previous post , the French supervisory authority (“ CNIL ”) has published on October 2020 a revised version of its guidelines (“ Revised Guidelines ”) and the final version of its recommendations on the practical procedures for collecting consent concerning cookies and other trackers (“ Recommendations ”).

Compliance 105

Compliance Communications Cybersecurity Risk 105

Security Affairs

JUNE 29, 2022

Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. ” reads the post published by Intezer.

Authentication 98

Authentication Libraries Encryption Marketing 98

Data Matters

AUGUST 9, 2022

Revisions to the first draft are expected through likely multiple notice and comment rounds, in addition to deliberations by the CalPPA Board in noticed public meetings. Broader notices at collection with vague disclosure criteria. The notice at collection requirements are substantially expanded under the proposed regulations.

Privacy 88

Privacy Sales Analytics Compliance 88

eSecurity Planet

FEBRUARY 26, 2024

The new malicious code is designed to steal data — like cookies or credentials — from that web application. Reflected XSS can be severe if an attacker uses it to steal session cookies or user credentials. Cross-site scripting attacks are dangerous because they’re challenging to detect.

Risk 91

Risk Financial Services Security Libraries 91

Security Affairs

AUGUST 15, 2023

The cybersecurity company, which discovered the malware earlier this month, said it’s “meticulously designed” to harvest web browser histories, bookmarks, cookies, credit card information, keystrokes, screenshots, FTP credentials, messenger data, and data from the Steam platform.

Sales 98

Sales Access Cybersecurity IT 98

Security Affairs

FEBRUARY 22, 2024

The company claimed their software would “block[] annoying tracking cookies that collect data on your browsing activities” and “[p]rotect your privacy by preventing. “Respondents sold the browsing information that they purported to protect, in many instances without notice to users.” FTC will also fine Avast $16.5

Cybersecurity 115

Cybersecurity Privacy Data collection IT 115

Data Protection Report

APRIL 16, 2020

Last week, the Irish Data Protection Commission (“ DPC ”) published its much anticipated guidance note on cookies and similar tracking technologies (the “ Guidance ”). It also published a report following a “cookie sweep” that took place between August 2019 and December 2019 of 38 data controllers (the “ Report ”).

Analytics 87

Analytics Data collection Compliance Privacy 87

Security Affairs

FEBRUARY 13, 2020

Developers of the popular WordPress GDPR Cookie Consent plugin have addressed a critical bug that could potentially impact 700K users. The GDPR Cookie Consent plugin assists users in making your website GDPR compliant. SecurityAffairs – WordPress GDPR Cookie Consent, hacking). The vulnerabilities affect version 1.8.2

GDPR 85

GDPR IT Authentication Access 85

Krebs on Security

MARCH 20, 2023

EPIC notes that all three major carriers say resetting the consumer’s device ID and/or clearing cookies in the browser will similarly reset any opt-out preferences (i.e., the customer will need to opt out again), and that blocking cookies by default may also block the opt-out cookie from being set.

Customer Experience 275

Customer Experience Privacy Data collection Marketing 275

Security Affairs

OCTOBER 20, 2022

” reads the Notice of data breach published by the company. The way users may have been impacted depends on multiple factors, such as their choice of browser, the configuration of their browsers, the management of their cookies, and whether they have Facebook or Google accounts.

Data breaches 122

Data breaches Personal data Insurance Privacy 122

Data Matters

JANUARY 27, 2022

In particular, a case before the European Court of Justice (“ CJEU ”) may ultimately require changes to privacy notices. Companies will need to be sensitive to changing expectations in this regard and may need to explore new dynamic means of seeking consent and providing notice to individuals to ensure data is handled in a compliant way.

Artificial Intelligence 97

Artificial Intelligence GDPR Compliance Cybersecurity 97

Security Affairs

AUGUST 31, 2022

Basically, the extension modifies the cookies on the site so that the extension authors receive affiliate payment for any items purchased. . This action modifies the cookies on the site so that the extension authors receive affiliate payment for any items purchased.” ” reads the analysis published by the experts.

Retail 98

Retail Sales Authentication Privacy 98

Security Affairs

NOVEMBER 23, 2023

The malware is able to steal data from multiple browsers, including auto-fills, passwords, cookies, wallets, and credit card information. ” On November 17, security researcher Ankit Anubhav first noticed that the Clearfake campaign was also distributing Mac malware.

Passwords 123

Passwords IT Security Information Security 123

Data Protection Report

JUNE 8, 2021

Max Schrems’ privacy NGO, noyb, has sent hundreds of draft complaints to companies across Europe that it claims use unlawful cookie banners along with a guide of how to comply. The impact of not collecting consent for cookies will be significant for many companies. Placing non-essential cookies without consent.

Compliance 64

Compliance Privacy Analytics Risk 64

Krebs on Security

MAY 30, 2023

Meanwhile, anyone in the compromised Discord channel who notices the scam and replies is banned, and their messages are deleted by the compromised admin account. “A CAPTCHA bot that allows Discord cookies to be accessed by the person hosting the CAPTCHA,” was how Scavuzzo described the attack.

Blockchain 271

Blockchain Phishing Authentication Access 271

IT Governance

JULY 4, 2023

million) Wilton Reassurance announces security breach related to MOVEit software vulnerability (1,482,490) California Public Employees’ Retirement System and CalSTRS compromised by MOVEit breach (769,000) Intellihartx files notice of security breach after mass-hack (490,830) CGM, Inc.

Data breaches 96

Data breaches Ransomware Government Insurance 96

Security Affairs

JANUARY 15, 2024

The researchers noticed that the number of Balada Injector infections has doubled compared with August 2023. Balada Injector malware infected more than 7100 WordPress sites using a vulnerable version of the Popup Builder plugin. The Balada injector is a malware family that has been active since 2017.

CMS 123

CMS IT Information Security Security 123