Month: August 2024

The Google Pixel 9 series just debuted less than two weeks ago, and we’re still finding new aspects about the phones that Google didn’t tell us about. That isn’t too surprising, considering the Made by Google keynote lasted about an hour and twenty minutes, with twenty of those minutes being spent on Google’s AI services rather than the new hardware. Even so, we thought we already knew everything there was to know about the Pixel 9’s display, but as it turns out, it still had one more trick up its sleeves: Adaptive Touch.

Tucked under Settings > Display > Touch sensitivity is a new Adaptive Touch feature. When Adaptive Touch is enabled, “touch sensitivity will automatically adjust to your environment, activities and screen protector.”

One of the best parts of owning a smartphone is how it keeps us connected to what’s going on with our friends, family members, and other people we share interests with. One of the worst parts of owning a smartphone is how that constant connection can distract us from our work or studies, which is why it’s crucial that you learn how to use Do Not Disturb mode to eliminate distractions. Do Not Disturb mode can be customized in a variety of ways through the Settings app, and in Android 15, those customization options could be greatly expanded.

Google released Android 15 QPR1 Beta 1 earlier today, and while digging through it to find what’s new, I discovered many changes to Do Not Disturb mode settings. Google is not only preparing to rename the Do Not Disturb mode entry point but also working on tweaking the Do Not Disturb settings UI, adding a new Quick Settings tile, and introducing many new customization options. With a bit of tinkering, I managed to fully activate the new experience, so here’s a first look.

The NPD breach, one of the most significant cybersecurity incidents in history, exposed the personal data of nearly three billion people, including Social Security numbers, addresses and email addresses. A cybercriminal group carried out the breach called “USDoD,” which claimed responsibility for the attack. The breach occurred in December 2023 but was only confirmed by the National Public Data (NPD), a data broker that collects information from public sources for background checks, in August 2024. The NPD also admitted that it had accidentally published its own passwords online, making the breach worse.

The breach has sparked outrage and concern among the public, lawmakers and experts, who have criticized the NPD for its lack of transparency, accountability and security. The NPD is facing a lawsuit from a consumer advocacy group, which accuses the company of violating the privacy rights of millions of Americans. The breach has also raised questions about the adequacy of the U.S. laws and regulations that govern personal data collection, use and protection, especially by data brokers that operate with minimal oversight and disclosure. The breach has also exposed the vulnerability of the consumers, who may not be aware of how their data is collected, stored and shared, and who may face the risk of identity theft, fraud and scams.

Several cybersecurity experts from different companies have shared their insights and opinions on the NPD breach and its implications. Clyde Williamson from Protegrity emphasized the need for organizations to protect the data they exchange with consumers and comply with privacy laws. He also pointed out the inadequacy of U.S. laws in handling citizens’ personal data and the need for regulatory standards for data brokers. Kiran Chinnagangannagari from Securin expressed alarm over the silence of the NPD until the breach included leaked social security numbers. He also stressed the need for organizations to evaluate and ensure the cybersecurity practices of their partners and third-party vendors. Ayan Hadler from Traceable AI suggested using intent-driven risk management, which looks at how users behave after getting onto the platform and what they are going after, to reduce the risks posed by weak KYC measures.

Clyde Williamson, Product Management, Innovations, Protegrity

“Organizations rely on the exchange of data for their vitality. Consumers share their personal identifiable information (PII), like Social Security numbers and emails, with the expectation that businesses will protect this data and comply with privacy laws to prevent unauthorized access. In this case, National Public Data (NPD) scraped individuals’ PII from public sources for use in background checks, leaving people unaware if their data was accessed and emphasizing growing concerns regarding customer trust in businesses and their ability to secure their data. 

Notably, this breach wasn’t announced for a week; it only came to light and led to a lawsuit earlier because the company didn’t disclose it. Further, it’s still unclear whether they intentionally avoided sharing details of this breach or just discovered it themselves. This highlights the inadequacy of U.S. laws in handling citizens’ personal data, which are not equipped for the challenges of the 21st century. Data brokers like the NPD also aren’t held to the same regulatory standards as institutions like the Payment Card Industry (PCI), where they’re obligated to conduct annual audits and controls around credit card data. As things stand now, the US has no such obligations.

Most likely, a lot of the stolen data set is from one of our most vulnerable demographics: senior citizens and their families. A popular scam has a threat actor pretending to be a lawyer with bad news for the senior – their family member is in trouble and needs money. And why wouldn’t a grandparent believe them if they had valid PII to validate their credibility? These scammers don’t have to open credit in someone’s name to ruin lives. They just need to know how to use the information stolen to empty a caring family member’s bank account.

As breaches and attack surfaces continue to grow, relying on class action lawsuits for negligence cannot be the best option. Organizations must prioritize transparency and enhance their efforts to de-identify sensitive data to protect consumer information. They must move beyond traditional defense mechanisms and adopt regulator-recommended data protection strategies like encryption and tokenization. These methods render data useless to attackers, making it impossible to steal and use maliciously. By implementing these protections, businesses can diminish the value of stolen data and mitigate the long-term effects of ransomware attacks or fraudulent activities.”

Kiran Chinnagangannagari,  Chief Product & Technology Officer, Securin

“In the wake of the staggering National Public Data breach, which compromised millions of records on U.S. citizens, the silence from the company until the breach included leaked social security numbers is nothing short of alarming. This breach underscores the profound risks posed by mass data aggregation and sheds a harsh light on the glaring gaps in corporate responsibility when managing and communicating such incidents. The fact that such enormous volumes of personal data are accessible to companies and private investigators, and now the deep and dark web, raises severe doubts about how well-protected our information truly is. This breach lays bare the minimal oversight over who gains access to this data—and what happens afterward.

This breach should also serve as a wake-up call, emphasizing the critical need for organizations to rigorous or stricter regulations and better enforcement. Companies must be held accountable, not just for evaluating the cybersecurity practices of their partners and third-party vendors. It’s no longer enough to trust that data handlers have robust defenses—organizations must proactively ensure that every entity in their supply chain is equipped to prevent such catastrophic breaches. It’s time for their cybersecurity practices but for those of every entity they do business with. The stakes are too high to allow this negligence to continue.”

Ayan Hadler, Sr. Product Manager, Traceable AI

“When fraudsters have access to key personal details needed to bypass KYC on nearly all American consumers, the question is who to trust anymore? This is where intent-driven risk management shines. Intent-driven risk management looks at how users are behaving “after” getting onto the platform and what are they going after, negating a lot of the risks injected through brittle KYC measures.”

The post Experts Weigh In on the NPD Breach and Its Implications appeared first on Cybersecurity Insiders.

Since August 14, 2024, the Federal Office for Information Security (BSI) in Germany has begun issuing security labels for IT devices. These labels provide a snapshot of the security level that users can expect from their devices.

In today’s digital age, smartphones and tablets used in corporate settings handle and store vast amounts of sensitive information, making them prime targets for hackers. To protect personal information such as photos, videos, documents, messages, and contacts, users require a certain level of security.

The BSI has introduced guidelines for manufacturers to qualify for these IT security labels. To earn a label, manufacturers must ensure their products, components, and services adhere to specific security standards.

Key requirements include:

a.) Identifying and addressing vulnerabilities promptly.
b.) Maintaining transparency about data collection, analysis, and storage practices.
c.)  Informing users about the use of components like microphones, cameras, and location sensors.
d.)  Clearly outlining permissions required by pre-installed mobile apps for accessing information such as camera, contacts, microphone, location, messages, and gallery.

Privacy advocates emphasize that these guidelines should not only be established in theory but should be rigorously applied by manufacturers.

The need for such IT security labels extends beyond Germany, as digitalization becomes increasingly pervasive worldwide. These labels provide valuable insights into the cybersecurity measures of devices, helping both consumers and businesses make informed decisions and fostering trust in the products they use. Thus, these labels not only enhance business reputations but also ensure that consumers can use products with greater confidence.

The post Germany offers Cybersecurity Labels for mobile devices appeared first on Cybersecurity Insiders.

Google introduced the Pixel 9 series just last week, and if you’re anything like us, you rushed to get your pre-order in. The first of those orders are just about to start arriving, giving Pixel’s biggest fans their first hands-on look at this new hardware. And while there’s clearly a lot to like about the phones, we’re curious just how far that same enthusiasm will extend to Google’s latest packaging.

For years now, Google’s placed an emphasis on trying to be environmentally friendly when it comes to hardware. That’s involved a lot of recycled plastics, not just in devices themselves, but also for their accessories, like cases. That trend has continued when it comes to packaging, and if you’ve opened any Google products anytime recently, you know to expect a whole lot of cardboard, with minimal plastic.

Update, August 20, 2024 (12:22 AM ET): Users are reporting that the Song Search/Audio Search feature in Circle to Search is now rolling out.

The feature has been spotted on Samsung Galaxy flagships, but it should soon become available on all phones that support Circle to Search.