Security: Mozilla, GCHQ, Compliance and Misconfigurations
-
A wave of malware add-ons hit the Mozilla Firefox Extensions Store
If you browse the official Mozilla store for Firefox extensions, called Mozilla AMO, you may stumble upon extensions that have names of popular software products or extensions.
Extensions like Adobe Flash Player or ublock Origin Pro are listed in the Mozilla AMO store currently. These have no users at the time of writing as they are brand new and they appear to have been created and uploaded by random users (Firefox user xyz).
-
We ain't afraid of no 'ghost user': Infosec world tells GCHQ to GTFO over privacy-busting proposals
Bruce Schneier, Richard Stallman and a host of western tech companies including Microsoft and WhatsApp are pushing back hard against GCHQ proposals that to add a "ghost user" to encrypted messaging services.
The point of that "ghost user", as we reported back in 2018 when this was first floated in its current form, is to apply "virtual crocodile clips" and enable surveillance by spies, police, NHS workers and any others from the long list of state organisations allowed to snoop on your day-to-day life.
"Although the GCHQ officials claim that 'you don't even have to touch the encryption' to implement their plan, the 'ghost' proposal would pose serious threats to cybersecurity and thereby also threaten fundamental human rights, including privacy and free expression," said a letter (PDF, 9 pages, 300kB) signed by around 50 prominent individuals and organisations.
Those signatories include the aformentioned luminaries and tech firms as well as Apple, the Tor Project, pro-freedom pressure and lobby groups such as the Electronic Frontier Foundation, Big Brother Watch, Liberty, Privacy International and more.
-
Detecting and preventing cybercrime while being compliant has never been more complicated
Compliance protects your business continuity. as well as your clients' data and personal information from potential attacks or breaches that might cause financial losses, risk your reputation, and lead the company to sanctions. In addition, compliance works for your competitive advantage, allowing you to offer data and data transfer security to your clients.
During the International Conference on Cyber Crime and Legal Compliance, we will discuss sensitive issues for data protection security, as well as the biggest risks, norms, and regulations of the moment. We'll also touch on the economic aspects of compliance, including how companies can and should prevent and protect themselves from data breaches, economic sanctions, cybercrime, and how to ensure legal compliance with national and international regulations.
-
Colossal 2.3 Billion Files Now Exposed Online
There are now a eye watering 2.3 billion files exposed online, owing to the misconfiguration of commonly used file storage technologies. That’s according to digital risk specialist Digital Shadows – a sharp rise on the number it found last year.
Ninety-eight million of those are in the UK: up from 64 million in 2018. The company described some of the misconfigurations as “inexcusable”. The files exposed included “everything” a hacker would need for identify theft, including passport scans and financial information, personal medical data including prescriptions and worse.
-
