Cyber Attacks, Threats, and Vulnerabilities
Hackers try to attack Merkel's party, security consultants say (Reuters) A group of hackers that cyber-security experts say targets critics of the Russian government has been trying since April to attack the computer systems of German Chancellor Angela Merkel's Christian Democratic Union party, a security research firm said on Wednesday
Chinese Tycoons, Party Officials' Data Leaked on Twitter (Bloomberg News ) Personal information on dozens of Chinese Communist Party officials and captains of industry from Jack Ma to Wang Jianlin may have been exposed on Twitter in one of the country’s biggest online leaks of sensitive information
Hacker Group Anonymous Declares War on Global Banks and the NYSE (LIFARS) The infamous hacking group known as Anonymous has issued a threat to central banks around the world. Its targets include the likes of the Bank of England and even the New York Stock Exchange
Hackers Leak Data of 5 South Asian Banks (BankInfoSecurity) Same group that leaked data from QNB, InvestBank apparently involved
Alert (TA16-132A) Exploitation of SAP Business Applications (US-CERT) At least 36 organizations worldwide are affected by an SAP vulnerability [1] (link is external). Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP business applications
The Tip of the Iceberg: Wild Exploitation & Cyber-Attacks on SAP Business Applications (Onapsis) On May 11, 2016, the first-ever US-CERT Alert for cybersecurity of SAP business applications was released by the Department of Homeland Security (DHS) to forewarn the cybersecurity community about the significance and implications of an SAP vulnerability, which was patched by SAP over five years ago, that is being leveraged to exploit SAP systems of many large-scale global enterprises. Below are some resources to help you better understand this vulnerability, the potential impact to an organization if it is exploited, as well as the mitigation steps to ensure your organization is not at risk
SAP bug returns to cause mischief (CSO) After spending about two decades in the trenches I ran across all sorts of IT implementations. One of the ones that always caused me some heartburn was SAP. The running joke that I heard more than a few times was that when you purchase SAP you receive a large box. When you would open that box several hundred consultants would step out
Act surprised: There’s a new zero-day Flash exploit you need to fix right now (BGR) Flash zero-day vulnerabilities are a dime a dozen these days, so you won’t be surprised to learn there’s another one in the wild. Microsoft and Adobe have independently found two distinct zero-day vulnerabilities for Internet Explorer and Flash, respectively, which means it’s time to update Windows and Flash. Apparently, exploits exist for both that allow for remote code execution
Zero-Day Attacks Pummel IE, Flash (BankInfo Security) Microsoft patches IE, but Adobe's Flash fix still forthcoming
Spanish-Language Infostealer Trojan Uses Legitimate Libraries (IBM Security Intelligence) In April, security researchers at Zscaler came across malware that targets a specific bank and steals user credentials. This infostealer Trojan seems to be Spanish in origin, and so far has targeted users in the U.S. and Mexico
Multiple 7-Zip Vulnerabilities Discovered by Talos (Talos) 7-Zip is an open-source file archiving application which features optional AES-256 encryption, support for large files, and the ability to use “any compression, conversion or encryption method”. Recently Cisco Talos has discovered multiple exploitable vulnerabilities in 7-Zip
Disruption is big business for cybercrims (CSO) The cybercrime landscape is changing as threat actors adopt increasingly targeted and sophisticated tools to attack businesses that are undergoing significant change
Why run a DDoS-for-hire service? Easy money (CSO) Who run so-called ‘booter’ services that are used to knock out websites and are sometimes used for extortion? Young males. Why? Easy money
Locky Ransomware Cybercriminals Continue Email Campaign Innovation, Introduce New RockLoader Malware (Proofpoint) Earlier this year, Proofpoint researchers discovered a new ransomware called Locky. Most notably, the same actors behind many of the largest Dridex campaigns were involved in distributing Locky and were doing it at a scale we'd previously only associated with the Dridex banking Trojan
Infection Minus Interaction? New Android Ransomware Delivers (IBM Security Intelligence) What’s worse than ransomware? Ransomware that installs without any kind of user interaction. It’s a malware-maker’s holy grail — the ability to bypass users entirely and gain access to device functions, files and settings
How ransomware became the cyber criminal's favourite business model (Information Age) Security firm Palo Alto Networks reveals what makes ransomware so lucrative, and explains why it's a business model that will continue to grow
Insidious malware cripples school district websites in Region 11 cyber attack (Wichita Falls Times-Record News) A cyber attack that paralyzed the websites of at least two area school districts for several days — and sidelined the websites of many more in the region — appears to have been quelled. The attack was just one in a disturbing trend of rising ransomware attacks that, locally, also have struck government offices
Kiddicare.com Security Breach (Information Security Buzz) Following a security breach like the recent ‘Kiddicare.com’ hack, the security impact of such exposure isn’t limited to an individual’s personal details; it can also have serious financial and reputational implications for the company. Customers that entrust their private information to an online provider should be able to rest safely in the knowledge it is kept in a secure manner; and all companies who handle private data have a duty to secure it
Lego robot outfitted with Play-Doh finger hacks swipe-screen security (Naked Security) Lately, the authentication wizards have been focusing on gesture recognition: the interpretation of gestures – typically from the face or hand – that can be turned into algorithms to identify people by how they do things like make a face (that would be gurning to you Brits!) or swipe
Scammers impersonate legit cyber-security companies (SC Magazine) A scammer syndicate has been caught impersonating the services of cyber-security companies and charging high fees for doing very little
TTU warns against scammers targeting Dell computer owners (KCBD) The TTU Office of the CIO warns the TTU Community of an active phone-based scam targeting Dell computers purchased between August 15, 2015 and November 15, 2015
Wendy’s: Breach Affected 5% of Restaurants (KrebsOnSecurity) Wendy’s said today that an investigation into a credit card breach at the nationwide fast-food chain uncovered malicious software on point-of-sale systems at fewer than 300 of the company’s 5,500 franchised stores
This Hacker Got Bored, Wanted Some Fun So He Defaced Several Subreddits (Hack Read) Some hack for cause, some hack for money but @TehBVM on Twitter hacks for fun. Yes, this hacker has hacked and defaced several Reddit‘s subreddits just because he felt bored
US Congress Dumps Yahoo Mail Over Phishing Attacks (Hack Read) Symantec’s newest threat report claims that email phishing scams have substantially declined in the last three years but incidences where crypto-ransomware was used to encrypt data and demand payment in exchange to unlock it has increased by 35% just in 2015. This means, instead of phish attacks, we must now fear our data being stolen by malicious actors and then having to pay a hefty sum of cash or digital currency to get the unlocking key so that we become able to access the information
Security Patches, Mitigations, and Software Updates
Microsoft Disabling Controversial Wi-Fi Sense Feature in Windows 10 (Hack Read) Windows 10 users can breathe a sigh of relief because their Wi-Fi passwords will not be shared with other users, which so far was a default feature of the latest version of their favorite operating system. As per the official statement from Gabe Aul, this feature will no more be a part of its default settings
Cyber Trends
Tripwire Study: Financial Services IT Professionals Overconfident in Breach Detection Capabilities (Yahoo! Finance) Industry leader evaluates confidence in seven key security controls required to detect cyber attacks on endpoints
Verizon Breach Report Criticized (BankInfo Security) Experts: Top 10 Vulnerabilities List could mislead administrators
Hackers tear shreds off Verizon's data breach report top 10 bug list (Register) Researchers reckon Verizon's been very lazy and unsophisticated
Healthcare Suffers Estimated $6.2 Billion In Data Breaches (Dark Reading) Nearly 90 percent of healthcare organizations were slammed by a breach in the past two years
Criminals taking a bigger bite of health breaches (CSO) The percentage of health care data breaches due to criminal acts has risen from 20 to 50 percent since 2010
Japanese users not proactive enough about cybersecurity: survey (Japan Today) ESET, a global pioneer in proactive protection for more than two decades, on Wednesday released the ESET Japan Cyber-Savviness Report 2016 showing that while users in Japan are knowledgeable about cybersecurity and take few risks online, they still have some way to go in ensuring that they are adequately protected when they access the Internet
Marketplace
Outcomes from the National Fintech Cybersecurity Summit (Computerworld) Last week an assembly of the nation's who’s who of cyber security came together for a roundtable in Sydney
Financial services 'most trusted' on data: Deloitte (Investor Daily) The financial services industry is the "most trusted" sector when it comes to data privacy, according to a new study by Deloitte
Cyber, M&A and more at PSA-TEC (Security Info Watch) Mergers, acquisitions, cyber security and more were major themes as part of a lively opening day at PSA-TEC that included several panel discussions and the integrator group’s vendor awards ceremony
Infoblox Said to Have Received Buyout Approach From Thoma Bravo (Bloomberg Technology) Infoblox Inc., a U.S. network software and cyber-security company, has received an offer to take the company private, according to people familiar with the matter
Diamond In the Rough: Fortinet Is an Undervalued Cybersecurity Play (The Street) While FireEye's (FEYE) earnings-induced decline last week threw cybersecurity plays across the spectrum into a downturn, Fortinet (FTNT) was able to continue its upward trajectory
Axway, à nouveau reconnu comme un acteur clé de l’économie digitale (Sys-Con Media) Porté par une croissance soutenue, s’appuyant sur une stratégie de développement à l’international marquée par des acquisitions externes, dont la société Appecelerator en 2016, Axway (Euronext : AXW.PA) s’est hissé au rang de leader du marché de solutions d'accompagnement à la transformation digitale des entreprises
CIA veteran joins Darktrace advisory board (Business Weekly) Fast growing Cambridge UK cyber security business Darktrace has added intelligence muscle to its advisory board with the appointment of a former CIA veteran
Products, Services, and Solutions
New Security Measurement Index Designed to Show How Your Info Security Efforts Compare with Your Peers (PRNewswire) Online resource behind benchmark survey promises to help companies measure the effectiveness of cybersecurity and share best practices
Cylance® Formally Establishes Advanced Cyber Threat Prevention in Japan through First OEM Agreement with MOTEX (Cylance) Will integrate CylancePROTECT® with LanScope Cat to deliver advanced threat prevention module
Facebook CTF platform is now open source (Help Net Security) Capture the Flag competitions are a good – not to mention legal – way for hackers to build and hone their skills. But, quality CTF environments are difficult and expensive to build and run
Interview: Mike Tierney, Veriato (Infosecurity Magazine) As insider threats rise, the technologies to spot and defend against them increase, and it is for this reason why user behavior analytics and activity monitoring software become more popular
Blog: CyberFence Protects Critical Infrastructure (SIGNAL) The architecture affords military-grade cyber protection, as well as analysis, modeling and prediction capabilities
New Sophos MSP Connect partner program brings synchronized security benefits to managed service providers (Albawaba) Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced MSP Connect, a new partner program that enhances the capabilities of Managed Service Providers (MSPs) by simplifying the complexities of managing multiple security solutions. The new program is also designed to help increase profitability, lower costs and improve business efficiencies for MSPs
As traditional perimeters are redefined, privileged access security is key to securing the hybrid enterprise (CSO) Centrify, the leader in securing enterprise identities against cyberthreats, overnight released findings from a commissioned study conducted by Forrester Consulting, on behalf of Centrify, indicating that Privileged Identity Management (PIM)-as-a-Service is the ideal approach to securing hybrid IT infrastructures
AppRiver Announces New Secure Electronic Signature Solution for Businesses (GlobeNewswire) New solution enables business users to e-sign documents easily and securely while reducing costs
Wombat Security Enables Utility Company to Reduce Phishing Susceptibility by Over 67% (Marketwired) Wombat's ThreatSim® simulated phishing attacks helped to improve security behaviors throughout the organization
FireMon Security Manager Customers Gain Upwards of $890K Return on Their Security Investment (Marketwired) IANS report demonstrates substantial returns over three years for average FireMon customer using its web-based firewall management platform -- even more for MSSPs
How Visa Threat Intelligence Is Keeping An ‘Eye’ On Cybercrime (PYMNTS) Cybercriminals often work in teams; why shouldn’t the companies that are fighting back against them? That’s the thought process made reality by Visa and FireEye, whose first product together — Visa Threat Intelligence — launched last month
Review: An Undetectable Android Spying Software that No One Can Perceive (Hack Read) In the wake of the latest report that shows that Jihadist groups are using Telegram, Signal, and WhatsApp for chatting, and Gmail for correspondences and clearly declaring that they prefer it to Yahoo Mail, parents and businesspeople need to become more vigilant. One cannot be too sure about risks lurking around, which is why using an undetectable spy app can be the first step in the right direction
Startup XOR Offers Free Protection For Hacked Organizations (Dark Reading) Compromised Identity Exchange designed to shield victims from identity theft and more
Technologies, Techniques, and Standards
NIST Guidance takes on Cyber Physical Systems (Security Ledger) In-brief: The National Institute for Standards and Technology (NIST) released a draft publication that recommends ways to improve the security of systems during the engineering phase, including so-called cyber physical systems on the Internet of Things
The Minimum (CyberPoint) "If the minimum weren't good enough, it wouldn't be the minimum"
How to Tell if Your iPhone Has Been Secretly Hacked (Tripwire: the State of Security) You know you’re living in interesting times when an app designed to tell you if your iOS device has been jailbroken is outselling the likes of Minecraft and Grand Theft Auto
Cyber Beat Live: I'm In! When insiders threaten our security (IBM Big Data & Analytics Hub) How does your organization work to prevent insider threats? Listen as leading cybersecurity experts discuss the following questions while describing how companies can reorient their security posture to thrive in an age in which trust seems inadequate
“The next phase of cyber security at Amity University is Artificial Intelligence”: JS Sodhi, CIO, Amity Education Group (Express Computer) To stop and deflect attacks and targeted malware Amity University has deployed Advance Threat Protection Sensor (ATP). In the next phase, ATP will use artificial intelligence to simulate the IT infrastructure of the entire country
The sport of threat hunting, and who should be in the game (CSO) Though the strategy of threat hunting has been around for over a decade, don’t feel compelled to jump head first into cyber security’s latest fad
Threat Intelligence Sharing: The Only Way to Combat Our Growing Skills Gap (Infosecurity Magazine) Despite phenomenal growth, continued investment and a proliferation of new technologies, the cybersecurity industry is still fighting its biggest challenge yet – that of finding and retaining talented security professionals
Users' Perceptions of Password Security Do Not Always Match Reality (PRNewswire) Think your password is secure? You may need to think again. People's perceptions of password strength may not always match reality, according to a recent study by CyLab, Carnegie Mellon's Security and Privacy Institute
Why Cyber Protection Needs to be at the Scene of the Crime (Infosecurity Magazine) The modus operandi of the new generation of cyber-attackers is best defined by two key facets. The first is that they are using stealthy and more advanced techniques that disguise known malware against static-based detection means such as signatures. The second is that attacks increasingly avoid use of the more traditional file-based delivery mechanisms that all anti-virus, and even some of the newer behavioral-based solutions, focus on
Phishing Fraud BECkons: Will You Fall Victim? (Dark Reading) Why one company got caught in a Business Email Compromise (BEC) Attack -- and how yours can avoid the same fate
Design and Innovation
HHS Wants a Way to Move Patient Data Securely (Nextgov) Want to transfer your health records from one place to the next with a single tap of your phone?
Blog: Viewing Cyber Data in 3-D (SIGNAL) LinQuest Corporation modifies its 3D ICE product to meet cyber needs
Research and Development
Traditional security is dead -- why cognitive-based security will matter (Computerworld) The increasingly complex landscape of threats is leading to one conclusion -- traditional methods of security are not cutting it
IBM to Drill Watson in Cybersecurity (TechNewsWorld) IBM on Tuesday announced Watson for Cyber Security, a cloud-based version of its AI technology, trained in cybersecurity as part of a year-long research project
Academia
NSA, DHS Recognize Top Cyber Defense Schools (Homeland Security Today) Multiple colleges and universities were recently designated National Centers of Academic Excellence in Cyber Defense Education by the National Security Agency (NSA) and the Department of Homeland Security (DHS)
UC School of IT awarded exclusive national designation for cybersecurity program (Soapbox Cincinnati) The University of Cincinnati’s Information Technology School was recently designated by the National Security Administration and Department for Homeland Security as a Center for Academic Excellence in Cyber Defense Education (CAE-CDE), a title awarded to just nine U.S. universities so far. The designation will last until 2021, and in addition to prestige it gives UC’s IT program access to special funding and grants open only to schools with CAE-CDE designation
UD named National Center of Academic Excellence in Cyber Defense Education (University of Delaware Daily) The National Security Agency and the Department of Homeland Security have designated the University of Delaware a National Center of Academic Excellence in Cyber Defense Education (CAE-CDE)
Class of 2016: UVA Army ROTC Cadet Joins New U.S. Cyber Command (UVA Today) Battlefields are changing. Joseph Weate will fight on one in cyberspace. A fourth-year computer engineering major and a United States Army ROTC cadet, Weate is the first from the University of Virginia to be accepted into the U.S. Army’s Cyber Command
Legislation, Policy, and Regulation
Microsoft Tells UN More Can be Done to Combat Digital Terror (AFP via SecurityWeek) Microsoft told the United Nations on Wednesday that technology companies can do more to combat digital terror, but warned there was no single solution to prevent terrorists from using the web
In the Event of the Islamic State’s Untimely Demise… (Foreign Policy) Even a caliphate needs a Plan B. Here's what Baghdadi's might look like
Behind the Carnage in Iraq: ISIS Intends to Divide and Conquer (Daily Beast) At least 150 people were blown up in Iraq’s capital Wednesday as ISIS ratchets up efforts to provoke ethnic cleansing and weaken the overstretched Iraqi security forces
How to Defeat Extremism Without Becoming Egypt’s Microserf (Foreign Policy) As Cairo enlists Microsoft’s help in curbing terrorism, experts say the tech giant must avoid being a prop for Egypt’s crackdown on free expression
America is ‘dropping cyberbombs’ – but how do they work? (Conversation) Recently, United States Deputy Defense Secretary Robert Work publicly confirmed that the Pentagon’s Cyber Command was “dropping cyberbombs,” taking its ongoing battle against the Islamic State group into the online world. Other American officials, including President Barack Obama, have discussed offensive cyber activities, too
Services still adapting to the job of weaponizing the network (Defense Systems) The Defense Department is steadily integrating new cyber operations – both defensive and offensive – under the umbrella of the U.S. Cyber Command, but not without some growing pains
Senate debate over balancing national security, civil liberties swirls over FISA reauthorization (FierceGovernmentIT) The Foreign Intelligence Surveillance Act (FISA) Amendments Act, which allows the National Security Agency to monitor communications of suspected foreign terrorists – and Americans with whom they communicate – isn't up for congressional reauthorization until December 2017
Don’t Panic Making Progress on the “Going Dark” Debate (Berkman Center for Internet & Society at Harvard University) In the last year, conversations around surveillance have centered on the use of encryption in communications technologies. The decisions of Apple, Google, and other major providers of communications services and products to enable end-to-end encryption in certain applications, on smartphone operating systems, as well as default encryption of mobile devices, at the same time that terrorist groups seek to use encryption to conceal their communication from surveillance, has fueled this debate
Dear Senator Wyden (Office of the Director of National Intelligence, Director of Legislative Affairs) At the 9 February 2016 testimony before the Senate Select Committee on Intelligence, you asked that the Intelligence Community (IC) review and provide our assessment of the then-recently released Berkman Center "Don't Panic" report
Setting up a Straw Man: ODNI's Letter in Response to "Don't Panic" (Lawfare) As Paul has noted, the ODNI has responded to the Harvard study "Don't Panic" by observing that widespread use of encryption provides an "impediment that cannot be fully mitigated by other means" (full disclosure: I participated in the study). His Lawfare post says "The IC Thinks Harvard Study is Wrong about Encryption," but instead, it looks to me like ODNI's letter got it wrong
The Second Amendment Case for the Right to Bear Crypto (Motherboard) On November 9, 1994, an American software engineer named Philip Zimmermann was detained by customs agents in Dulles International Airport as he returned from a speaking engagement in Europe
Warning Signs: A Checklist for Recognizing Flaws of Proposed “Exceptional Access” Systems (Lawfare) In the eighteen months since FBI Director James Comey raised alarm bells about encryption and surveillance, there have been many calls for the technology community to solve the problem. Director Comey’s call to action was a genuine statement of law enforcement concern but sparse on operational details. However, technical security analysis of any proposal necessarily relies on such details. Some technologists have begun to offer ideas on how to solve the exceptional access problem
Industry Asks Hill for Foreign Sales Reforms (Defense News) Warnings from top representatives of the US defense industry that the foreign military sales process needs an efficiency upgrade faced scrutiny and skepticism on Capitol Hill on Wednesday from a top Democrat of the House Armed Services Committee
Pentagon Shakes Up Silicon Valley Outreach (Defense One) Defense Secretary Ash Carter gives DIUx new leaders, a new office, and a promotion
Agencies try to predict the future of cybersecurity (Federal News Radio) With the advent of cloud and mobile technology forcing a paradigm shift in IT, leaders in cybersecurity are finding themselves in the position of fortune-tellers, hovering over crystal balls trying to guess what the next big thing is going to be and how to prepare for it
'Security Mom' talks about role of cyber in government agencies (CSO) Getting our own house in order demands more cyber security experts in government agencies
The fragile security of the mobile ecosystem (Help Net Security) Mobile devices such as smartphones and tablets have become indispensable in our daily lives
China’s Very Weird Campaign to Keep Its Citizens From Spying for the West (Daily Beast) The Chinese Communist Party sees spies everywhere and is encouraging the masses to be vigilant, citing the threat posed by 007 and villains from Marvel Comics
Litigation, Investigation, and Law Enforcement
Uzbek citizen arrested for New York-based Islamic State plot (Reuters) An Uzbek citizen has become the sixth individual to be charged for participating in a New York-based conspiracy to provide support to the militant group Islamic State, U.S. prosecutors said on Wednesday
Syrian hacker who urged Marines to refuse orders extradited to US (Federal Times) A member of the Syrian Electronic Army — a group of hackers who support Syrian President Bashar al-Assad — has been extradited to the U.S. to face charges for his alleged part in a cyber campaign against American businesses
FBI Head: Islamic State Brand Losing Power in US (AP) Fewer Americans are traveling to fight alongside the Islamic State and the power of the extremist group's brand has significantly diminished in the United States, FBI Director James Comey said Wednesday
Comey defends FBI’s purchase of iPhone hacking tool (Washington Post) FBI Director James B. Comey said Wednesday that the bureau did not purposely avoid a government process for determining whether it should share with Apple the way it cracked a terrorist’s iPhone
Mozilla fights in court to get info about potential Firefox flaw (Help Net Security) Mozilla has asked a Washington State District Court to compel FBI investigators to provide details about a vulnerability in the Tor Browser with them before they share it with the defendant in a lawsuit, so that they could fix it before the knowledge becomes public
The Ukrainian Hacker Who Became the FBI’s Best Weapon—And Worst Nightmare (Wired) One Thursday in January 2001, Maksym Igor Popov, a 20-year-old Ukrainian man, walked nervously through the doors of the United States embassy in London. While Popov could have been mistaken for an exchange student applying for a visa, in truth he was a hacker, part of an Eastern European gang that had been raiding US companies and carrying out extortion and fraud. A wave of such attacks was portending a new kind of cold war, between the US and organized criminals in the former Soviet bloc, and Popov, baby-faced and pudgy, with glasses and a crew cut, was about to become the conflict’s first defector
The Panamanian Shell Game: Cybercriminals With Offshore Bank Accounts? (Security Intelligence) You may have heard about the Panama Papers—documents from a Panamanian law firm that revealed politicians, businessmen, and prominent individuals from countries all over the world were using offshore companies to cut their tax bills
Anything you keep in your smartphone may be used against you in a court of law (Kaspersky Lab Daily) I was blinded with a strong light and then was asked the life-and-death question: “What did you do on the 5th of the last month between 10 PM and 11:30 PM?
FBI/Apple privacy fight left out a major player: the data carriers (CSO) In the conflict between government surveillance and individual privacy, it is not just the data on devices that is at stake. It is the data that travels to and from the devices. That is where the communications carriers come in
Ex-Skype Crew Sued Developers Of WhatsApp Encryption Over '$2m Extortion' (Forbes) As the fight between Apple and the FBI attested, we’re in the midst of Cryptowars 2.0. But it would be reductive to claim it’s technologists facing off against the government over how to best protect the public from criminal hackers and terrorists. On both sides there are internecine battles being fought, as shown in a quickly-dismissed case between two developers of secure messaging and call services, Wire Swiss and Open Whisper Systems, the organization behind WhatsApp’s end-to-end encryption rollout
First Circuit and FTC Address Definitions of “PII,” While Michigan Amends Privacy Law to Remove Statutory Damages (Davis Wright Tremaine LLP) On April 29, 2016, the U.S. Court of Appeals for the First Circuit handed down its widely anticipated opinion in Yershov v. Gannett Satellite Information Network, Inc., in which it expanded the reach of the Video Privacy Protection Act (“VPPA” or “Act”) by endorsing a considerably expanded view of how the statute applies in the digital media context. In its decision, the court held that (1) “personally identifiable information” (“PII”) includes the GPS coordinates of a device; and (2) a user of a mobile application – even one who does not pay or otherwise register to use the app – qualifies as a “consumer” entitled to the protections of the Act
Germany set to end copyright liability for open Wi-Fi operators (Help Net Security) People who travel to Germany are often surprised at the lack of public, open Wi-Fi networks. That’s because German law (Störerhaftung – “liability of duty”) holds operators of public hotspots liable for everything their users do online, especially when these actions are against the law, and even if the operators weren’t aware of them
