FTC Enforcement Action to Bar GoodRx from Sharing Consumers’ Sensitive Health Info for Advertising
The Federal Trade Commission has taken enforcement action for the first time under its Health Breach Notification Rule against the telehealth and prescription drug discount provider GoodRx Holdings Inc., for failing to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to Facebook, Google, and other companies. In a first-of-its-kind...
Read More >>

Skyview Networks Suffers Security Incident
Matthew Keys reports: An unauthorized person or group gained access to internal systems used by Skyview Networks this week, disrupting the delivery of the CBS World News Roundup and other programming to radio affiliates on Monday. The issue was confirmed in an email sent to Radio Ink by Steve Jones, the president and CEO of Skyview, who...
Read More >>

UK: Counter-attacking ransomware hackers
Thomas Rudkin of Farrer & Co writes: There is a developing line of cases in England & Wales where those who have been subject to a ransomware attack take action against the hackers through the civil courts. The question is why bother and what is the best way to go about this if that...
Read More >>

In 2023, Resolve to Fix Your Organization’s Meta Pixel Problem
In 2023, Resolve to Fix Your Organization’s Meta Pixel Problem It’s time to be proactive about user privacy. Find out if you’re sending too much data to Facebook—or if you need to send data at all By: Maria Puertas and Simon Fondrie-Teitler We all use the internet to complete increasingly sensitive tasks: book doctor’s...
Read More >>

Yandex data breach reveals source code littered with racist language
Ross Kelly reports: Russian tech company Yandex has issued an apology after racial slurs were discovered in source code leaked in a recent data breach. Several references to racial slurs, including the ‘N-word’, were found in the company’s source code last week. A researcher first revealed the use of offensive terminology in a series...
Read More >>

GitHub revokes code signing certificates stolen in repo hack
Sergiu Gatlan reports: GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories. So far, GitHub has found no evidence that the password-protected certificates (one Apple Developer ID certificate and two Digicert code signing certificates used for...
Read More >>

Microsoft disables verified partner accounts used for OAuth phishing
Bill Toulas reports: Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations’ cloud environments to steal email. In a joint announcement between Microsoft and Proofpoint, Microsoft says the threat actors posed as legitimate companies to enroll and successfully be verified as that company in the...
Read More >>

Google Fi Customers Caught Up in T-Mobile Data Breach
Matthew Humphries reports: Google is in the process of telling Google Fi customers that their data was stolen as part of the T-Mobile breach earlier this month. On Jan. 5, a hacker breached T-Mobile’s network and stole data from 37 million customer accounts. Google Fi uses T-Mobile’s network for the majority of its connections, and it seems...
Read More >>

Hacker finds bug that allowed anyone to bypass Facebook 2FA
Lorenzo Franceschi-Bicchierai reports: A bug in a new centralized system that Meta created for users to manage their logins for Facebook and Instagram could have allowed malicious hackers to switch off an account’s two-factor protections just by knowing their phone number. Gtm Mänôz, a security researcher from Nepal, realized that Meta did not set up a...
Read More >>