Private
now browsing by tag
In Kupwara, private school teacher detained under PSA | #teacher | #children | #kids | #parenting | #parenting | #kids
Photograph by Vikar Syed for The Kashmir Walla A private school teacher and a former activist of banned outfit Jamaat-e-Islami J-K from north Kashmir’s Kupwara district was booked under Public […] View full post on National Cyber Security
#cybersecurity | #infosec | Webex flaw allowed anyone to join private online meetings
Source: National Cyber Security – Produced By Gregory Evans Cisco, the makers of Webex, had warned users of the online conferencing service that a vulnerability allowed unauthorised remote users to listen in on private online meetings – without having to enter a password. The vulnerability, which was rated as high severity by Cisco in a […] View full post on AmIHackerProof.com
#cybersecurity | #infosec | Facebook and Twitter warn some users’ private data accessed via SDK
Source: National Cyber Security – Produced By Gregory Evans
Facebook and Twitter have announced that personal data related to hundreds of users may have been improperly accessed after users logged into third-party Android apps with their social media accounts.
According to a report by CNBC, users of Android apps that made use of a software development kit (SDK) named oneAudience may have unwittingly shared information such as their email addresses, usernames and recent tweets.
CNBC says that amongst the offending Android apps are the photo-editing tools Giant Square and Photofy. Presently there is no indication that iOS users are affected by the issue.
According to an advisory published by Twitter, data extracted from accounts via the use of the oneAudience SDK (which it describes as “malicious”) in a smartphone app could be used to take control of a Twitter account, although it has seen no evidence that this has occurred.
Twitter was keen to emphasise that the “issue is not due to a vulnerability in Twitter’s software, but rather the lack of isolation between SDKs within an application,” and says it will be notifying users of the Twitter for Android app who may have been affected.
Furthermore, Twitter says it has “informed Google and Apple about the malicious SDK so they can take further action if needed.” I presume what they mean by that is that so Google and Apple can kick any offending apps out of their respective app stores.
In response, oneAudience has issued a statement claiming the “data was never intended to be collected, never added to [its] database and never used.”
According to the company, it “proactively” updated its SDK in mid-November so user data could not be collected, and asked developer partners to update to the new version. However, it has now announced it is shutting down the offending SDK.
Facebook meanwhile has issued a statement saying that it is taking action against not only the oneAudience SDK, but also an SDK from marketing company MobiBurn:
“Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores.”
“After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.”
On its website, MobiBurn describes how it helps app developers generate revenue – not by placing more ads within an app, but through the “monetization of your applications’ valuable data in a safe and confidential way.”
However, in light of the revelations and action taken by Facebook and Twitter, MobiBurn says it has “stopped all its activities” until investigations are complete.
This is all very well and good, but what are users supposed to do to protect themselves?
When they install an app, they have no way of knowing whether the developers chose to make use of a malicious SDK which might leave personal information exposed.
All you can realistically do is exercise restraint regarding which third-party apps you connect to your social media profiles. The fewer apps you connect to your Facebook and Twitter, the smaller the chance that someone’s code will be abusing that connection to access information you would rather not share.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
The post #cybersecurity | #infosec | Facebook and Twitter warn some users’ private data accessed via SDK appeared first on National Cyber Security.
View full post on National Cyber Security
Private #Equity Giants Buy #Cybersecurity #Firm for $400 #Million
Source: National Cyber Security News

The trend of private equity firms snapping up cybersecurity businesses continues.
BlackRock and Pamplona Capital Management have jointly acquired PhishMe, a cybersecurity company based in Leesburg, Va., in a deal that valued the firm at $400 million.
Pamplona has purchased a two-thirds stake in the business, while BlackRock has bought the remainder, a person familiar with the terms of the deal told Fortune.
In addition to the change in ownership, PhishMe on Monday rebranded itself as “Cofense.” The new name derives from a combination of “collaborative” (or “collective”) and “defense.”
Rohyt Belani, CEO and cofounder of the company now called Cofense, said the executive team decided to sell the business to allow “early investors to cash out, and for employees and common stock holders to partake in the spoils.” The company was last privately valued at roughly $200 million after its most recent fundraising round in July 2016, according to Pitchbook, a database that tracks venture capital deals.
The cybersecurity industry benefited from a flurry of VC activity as big data breaches made headlines over the past few years. A recent pullback in funding, however, has left a glut of companies struggling to find new means of financing.
View full post on National Cyber Security Ventures
Private sector urged to focus on cyber security defense
Source: National Cyber Security – Produced By Gregory Evans
The private sector will come under increased focus to serve as the first line of defense for cyber security, a former general counsel for the U.S. National Security Agency said Wednesday. Rajesh De, now a partner at Mayer Brown’s Washington …
The post Private sector urged to focus on cyber security defense appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Hackers take on private engineering college after student suicide
Source: National Cyber Security – Produced By Gregory Evans
Soon after threatening the management of a Kerala-based engineering college, where a student killed himself earlier this month, hackers have taken down the college website. A group of hackers claiming to be part of the hacker collective Anonymous has released …
The post Hackers take on private engineering college after student suicide appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures