Tag Archive for: 20th

Google demands Android app developers turn over Data safety info by July 20th


As Ars Technica points out, by July 20th, all apps listed in the Google Play Store face a deadline. On that date, all of the app listings on the site will need to include the Data safety information provided by the developers of each app. The Data safety feature is found on most apps listed in the Play Store by opening any random oneand scrolling down until you see the Data safety heading on the screen.

Google is replacing the Android app’s permissions list with the new Data safety feature in the Play Store

For example, we opened the TikTok app, and under the Data safety heading it says, “Safety starts with understanding how developers collect and share your data. Data privacy and security practices may vary based on your use, region, and age. The developer provided this information and may update it over time.” TikTok’s Data safety listing says that the app does not share data with third parties, encrypts data in transit, and allows you to request that data be deleted.

On the other hand, the Data safety listing does note that the app collects Location, Personal info, and 9 other different types of data. If this bothers you, you might decide not to install TikTok or uninstall it if you’ve already added the app to your phone.

This data replaces the list of Android operating system permissions that the app requests from the OS. That list is created by Google while the Data safety list is submitted to Google by  app developers. Get the difference? The app permissions list is created by Google when it scans the permissions info requested by Play Store apps and thus nothing is left out or not disclosed intentionally by the developer .
But since the Data safety feature uses data completely submitted by developers, users have to believe that when a developer tells Google that his app doesn’t capture users’ personal and location data, they are telling the truth. And you can’t see whether a developer, vouching for his app, has his fingers crossed behind his back.

Android users will need to put their faith in both app developers and Google

This is how Google…

Source…

The Week in Ransomware – August 20th 2021


Ransomware

Ransomware gangs continue to attack schools, companies, and even hospitals worldwide with little sign of letting up. Below we have tracked some of the ransomware stories that we are following this week.

Stories of particular interest revolve around new features and tactics used by some of the ransomware operations.

After analyzing the Conti training material leaked earlier this month, we learned that they use a legitimate remote access software to retain persistence on a compromised network. We also learned that they prioritize searching for cyber insurance policies and financial documents after taking control of a network.

Another report illustrates how threat actors are tracking researchers on Twitter as a new ransomware gang known as LockFile uses the PetitPotam attack to take over Windows domains.

Some of the attacks we saw this week were against the Brazilian National Treasury, Memorial Health System, and Japanese insurer Tokio Marine.

Finally, there is some good news, as Emsisoft has released a SynAck ransomware decryptor after the master decryption keys were released by the threat actors earlier this month.

Contributors and those who provided new ransomware information and stories this week include: @malwareforme, @DanielGallagher, @jorntvdw, @Seifreed, @Ionut_Ilascu, @struppigel, @PolarToffee, @demonslay335, @VK_Intel, @BleepinComputer, @serghei, @malwrhunterteam, @FourOctets, @fwosar, @LawrenceAbrams, @symantec, @emsisoft, @AdvIntel, @IBMSecurity, and @fbgwls245.

August 14th 2021

New Karma ransomware

dnwls0719 found a a new Karma ransomware that appends the .KARMA extension and has a dedicated leak site.

Karma ransomware

August 16th 2021

Hive ransomware attacks Memorial Health System, steals patient data

In what appears to be an attack from the Hive ransomware gang, computers of the non-profit Memorial Health System have been encrypted, forcing staff to work with paper charts.

Colonial Pipeline reports data breach after May ransomware attack

Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May.

August 17th 2021

Source…

This Week In Techdirt History: September 20th – 26th

Five Years Ago

This week in 2015, a major scandal began when Volkswagen was accused of using software to cheat emissions tests. The White House was backing away from attacks on encryption, and it turned out that the FBI, CIA and much of the military were not doing basic email encryption — but in India things were going in the opposite direction. The monkey selfie saga began a new chapter with PETA filing a lawsuit on behalf of the monkey, and then an even bigger copyright bombshell hit when a judge ruled that Warner Chappell doesn’t hold the copyright on happy birthday. Plus the world got a new famous villain with a sudden hike in drug prices introducing everyone to a man named Martin Shkreli.

Ten Years Ago

This week in 2010, Intel was threatening to break out the DMCA anti-circumvention lawsuits against anyone using the recently-leaked HDCP master key, state AGs were turning their attention to Backpage (which was gearing up to fight back), and movie studios were freaking out about fan pages. The MPAA was apparently fishing for censorship tools in ACTA by talking about Wikileaks, while the Senate was offering them a gift with a new bill that would enable global censorship of “pirate sites” (with a special loophole allowing the DOJ to avoid due process. And we saw a variety of interesting developments in various lawsuits: one judge was entertaining the notion of implied licenses in a Righthaven lawsuit while another was shutting down US Copyright Group subpoenas, a UK judge was similarly not impressed by copyright pre-settlement campaigns, and a judge in Spain smartly ruled that Google is not liable for user uploads.

Fifteen Years Ago

This week in 2005, there was a mess of internet jurisdiction cases in Canada with one ruling being overturned on appeal while another court muddied the waters with a ruling based on the overturned ruling. Hollywood was pouring money into an ill-fated attempt to build better DRM technology, which could be described as them calling their own bluff. Following the Supreme Court’s decision in their case, Grokster was scrambling to sell to a “legit” company, as were several other file-sharing software providers. And one judge in a RIAA lawsuit thankfully recognized that parents aren’t liable for their kids downloading music.

Techdirt.

This Week In Techdirt History: June 14th – 20th

Five Years Ago

This week in 2015, we saw some hall-of-fame FUD about Edward Snowden from the Sunday Times in the UK. The piece was rapidly trashed by Glenn Greenwald, leading News Corp. to abuse the DMCA in an attempt to hide the criticism. Facing ongoing scrutiny, the reporter who wrote the piece eventually admitted that he just wrote down whatever the government told him, and the editor doubled down on this suggesting that any questions about the story should be directed to the government. Meanwhile, Bruce Schneier was making a much more reasonable point about the same core issue: that Russia and China probably have the Snowden docs, but not because of Snowden.

Ten Years Ago

This week in 2010, we looked at yet another example of how ludicrous it is to expect YouTube to magically know which videos are infringing, while Rapidshare was countersuing Perfect 10 over copyright trolling, and music publishers were trying to pile on the already-dead Limewire. The Hurt Locker producers were deep in their copyright shakedown scheme, while at the same time touting their free speech rights against the soldier who claimed they used his life story. One ISP tried to get very creative and charge users to block file sharing to avoid copyright strikes — and ended up installing malware that broadcast their private information. Meanwhile, long before today’s ongoing dust-up that is drawing everyone in, we covered an earlier conversation about “fixing” Section 230.

Fifteen Years Ago

This week in 2005, we saw the latest in a long string of reports urging the recording industry to embrace file sharing, while some people were working on yet another pipe-dream of universal DRM, and libraries were developing their systems for limiting the use of digital materials as though they were physical. Amazon was trying to patent more basics of e-commerce, while a patent troll reared its head with a 1998 patent that appeared to cover transmitting any information over a network, at all. And we saw the clearest death-knell for the VCR when Wal-Mart announced it would stop selling VHS movies.

Techdirt.