Ireland's Data Privacy Commissioner (DPC) issues €225 million fine
Ireland's Data Privacy Commissioner (DPC) has hit Facebook-owned messaging platform WhatsApp with a €225 million (£193 million) administrative fine for violating the EU's GDPR privacy regulation after failing to inform users and non-users on what it does with their data. The fine follows an investigation started in December 2018 after the data watchdog received multiple complaints from "individual data subjects" (both users and non-users) regarding WhatsApp data processing activities.
Throughout the investigation, Ireland's DPC "examined whether WhatsApp has discharged its GDPR transparency obligations with regard to the provision of information and the transparency of that information to both users and non-users of WhatsApp’s service. This includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies," the regulator explained.
WhatsApp's fine reflects the infringements the EU regulators found:
- In respect of Article 5(1)(a) of the GDPR (a fine of €90 million);
- In respect of Article 12 of the GDPR (a fine of €30 million);
- In respect of Article 13 of the GDPR (a fine of €30 million); and
- In respect of Article 14 of the GDPR (a fine of €75 million).
On top of the fine, the Irish data watchdog also ordered WhatsApp to bring its processing into compliance with GDPR’s requirements by taking a range of specified remedial actions with a deadline that will expire in three months. The decision of the Irish DPC can be found and read in full here.
In related news, Amazon has also been hit with a record-breaking €746 million (£638 million) fine in July by the Luxembourg National Commission for Data Protection (CNPD) for GDPR violations regarding its targeted behavioural advertising, the largest ever fine issued by an EU data watchdog for GDPR violations.
WhatsApp ‘admins’ monitor private messages – despite end-to-end encryption claims
WhatsApp, which uses end-to-end encryption and makes a big deal about privacy, is not actually as private as owner Facebook claims, according to a new report by ProPublica. Facebook's moderator contract firm, Accenture, employs at least 1,000 moderators who sit in offices in Texas, Austin, Dublin and Singapore and sift through users' private messages, flagged by the service's own algorithms and other users.
The moderators review flagged messages for spam, blackmail, hate speech, disinformation, potential terrorist threats, and "sexually oriented businesses". Based on the content, they can block the account, put it on watch or leave it alone. Once the flagged message reaches them, moderators can see the last five messages in a thread. WhatsApp moderators told ProPublica that the service's machine learning algorithms often misidentify content. For instance, they frequently misunderstand pictures of kids in a bathtub as being abusive.
If true, this arrangement contradicts claims from WhatsApp that it does not read end-to-end encrypted messages sent between users.
In 2018, when US authorities began their initial probe into Facebook, the company's founder and CEO Mark Zuckerberg announced in the Senate that all content on WhatsApp is encrypted. He clearly stated, "We don't see any of the content in WhatsApp, it's fully encrypted." Now, it appears that that just isn't true – even if your conversations are perfectly innocent, if WhatsApp's machine learning system flags as many false positives as the report implies.
43% of all malware downloads are hidden in Office docs
According to researchers at Atlas VPN, nearly 43% of all malware downloads are hidden in infected MS Office documents. Such files are quite popular among threat actors because they can easily evade detection from a majority of antivirus software. To trick users into downloading malware, attackers infect Office docs by creating malicious macros and send these files to unsuspecting users through emails. Usually, people easily get tricked into enabling macros as MS Office, and hence, they open the malicious file without thinking twice.
It is worth noting that Atlas VPN’s findings are based on another report titled Netskope Threat Lab Cloud and Threat Report: July 2021 Edition, which covered how cybercriminals were exploiting Office docs. In their research, Netskope Threat Lab assessed documents from different platforms, including Google Docs and PDF files apart from Microsoft Office 365. According to the report, in the second quarter of 2020, around 14% of all downloadable malware were found hidden in Office documents, and by the third quarter of 2020, this percentage jumped to 38%, mainly due to increased reliance on remote working.
Personal details of 8,700 French visa applicants exposed by hackers
A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the France-Visas website. According to local news reports, the attack was "quickly neutralised" although certain personal details – including names, passport and identity card numbers, nationalities and birth dates – had been leaked. The Ministry of Foreign Affairs and the Ministry of the Interior, who jointly manage France-Visas, announced that the cyber-attack had targeted a section of the site, which receives approximately 1.5 million applications per month.
A spokesperson for the Ministry of Foreign Affairs explained that no details of the nationalities affected or other information about the applicants could be given out to the press. The Ministry of Foreign Affairs worked with the Ministry of the Interior to “secure the platform” and prevent “events of this type from happening again.” The French information science commission, Cnil, was informed about the attack and a judicial investigation is currently underway.
Critical auth bypass bug affect Netgear smart switches
Networking, storage and security solutions provider Netgear on Friday issued patches to address three security vulnerabilities affecting its smart switches that could be abused by an adversary to gain full control of a vulnerable device. The flaws were discovered and reported to Netgear by Google security engineer Gynvael Coldwind. According to Coldwind, the flaws concern an authentication bypass, an authentication hijacking, and a third as-yet-undisclosed vulnerability that could grant an attacker the ability to change the administrator password without actually having to know the previous password or hijack the session bootstrapping information, resulting in a full compromise of the device.
The three vulnerabilities have been given the codenames Demon's Cries (CVSS score: 9.8), Draconian Fear (CVSS score: 7.8), and Seventh Inferno (TBD). In light of the critical nature of the vulnerabilities, companies relying on the aforementioned Netgear switches are recommended to upgrade to the latest version as soon as possible to mitigate any potential exploitation risk.
Hackers playbook leaked
Researchers recently obtained a leaked playbook linked to Conti, the Ransomware-as-a-Service (RaaS) group. It has revealed a plethora of information about the threat actors that also contains the Cobalt Strike manual that was referenced while creating the playbook. The sensitive playbook documents are believed to be leaked by a disgruntled partner of Conti. Talos researchers noted that the level of details included in the documentation could enable any low-skilled cybercriminal to perform cyberattacks.
The attackers use the Net command to list users and tools such as AdFind to identify users with Active Directory access, along with OSINT and LinkedIn to spot users with privileged access. One of the main tools covered in the playbook is the threat emulation software Cobalt Strike. Additionally, other used tools are Armitage, SharpView, SharpChrome and SeatBelt, among others. The Conti playbook could be a crucial contribution to the security community as it offers a glance into the behaviours of these groups and the tools they tend to leverage while performing attacks. For researchers and security analysts, this is an opportunity to deploy the right logic in place to detect and mitigate such threats.
Stay in the know
Subscribe to our monthly Learning Matters newsletter and stay up to date with QA's latest news, views, offers, must-go-to events and more.
And if you want to keep up with the latest cyber news, why not subscribe to our weekly Cyber Pulse newsletter.
Richard BeckRichard Beck is Director of Cyber at QA. He works with customers to build effective and successful learning solutions tailored for business needs, helping to solve business problems. Richard has designed and architected numerous enterprise and nationwide cyber programmes for QA customers. Responsible for the QA cyber portfolio, products, proposition and cyber partner community. He has over 15 years' experience in senior Information Security roles.
More articles by Richard
The Future of Cyber-Enabled Fraud
Deepfake, biometrics and artificial intelligence, QA's Cyber Practice Director, Richard Beck, takes a look at the future of c…15 March 2023
Cyber Pulse: Edition 189 | 05 August 2022
In this week's blog post: Blockchain platform Solana breached - $8 million and counting, Cryptocurrency service drained of $2…05 August 2022
Cyber Pulse: Edition 188 | 27 July 2022
In this edition: Hackers steal $6 million from blockchain music platform, GoMet Backdoor Used in Attacks Targeting Ukraine, C…27 June 2022
Cyber Pulse: Edition 187 | 18 July 2022
In this edition: Lithuania experience geopolitical motivated cyber attacks, Germany bolsters defences against Russian cyber t…18 June 2022
Cyber Pulse: Edition 186 | 23 June 2022
In this edition: PowerShell Advisory from National Security Agency (NSA), Ukrainian cybersecurity officials exposed two new h…23 June 2022
Cyber Pulse: Edition 185 | 23 May 2022
In this edition: Pro-Russian hackers target Italian institutions, Canada bans Huawei and ZTE 5G and 4G equipment, Greenland s…23 May 2022
Cyber Pulse: Edition 184 | 13 May 2022
In this edition: German automotive companies targeted, Docker attacks linked to cryptominers, HP & Intel announce patches for…13 May 2022
Cyber Pulse: Edition 183 | 29 April 2022
In this edition: More than $13 million in crypto stolen, cryptomining campaign has been targeting Docker APIs, Microsoft repo…29 April 2022
Cyber Pulse: Edition 182 | 22 April 2022
In this edition: APT Group targeting blockchain and crypto industry, ransomware targets ProxyShell weakness in MS Exchange Se…22 April 2022
Cyber Pulse: Edition 181 | 13 April 2022
In this edition: Hackers steal $320,000 in Cryptocurrency from NFT & Crypto community platform, ICS-capable malware targets a…13 April 2022