Archive for August 25, 2022

Guest Post: The Top 10 most privacy-invasive educational apps on Android

Posted in Commentary with tags on August 25, 2022 by itnerd

While it is not secret that app manufacturers collect insights and information about their users, it is a much bigger issue among educational apps since they are highly used by children. As study season is approaching, the Atlas VPN team decided to look at the privacy of 50 popular educational apps and see how much user data they gather.

According to the Atlas VPN research, 92% of educational apps on Android collect user data. Language learning app HelloTalk and learning platform Google Classroom developed by the tech giant, top the chart as the most privacy-invasive, collecting user information across 24 segments within 11 data types. 

A segment is a data point such as name, phone number, payment method, and precise location that are grouped in broader data types such as personal information, financial information, and location.

Meanwhile, the online education subscription platform MasterClass collects user information across 17 segments, followed by the interactive learning platform Seesaw, which gathers data from 15 segments.

Other apps in the top ten include the learning management app Canvas Student (14), education communication app Remind (14), digital education app for children ABCmouse (14), and knowledge-sharing student community app Brainly (14).

The most commonly collected data type includes personal information, such as name, email, phone number, address, user ID, gender, or similar. It is collected by 90% of educational apps. 

Over a third (36%) of apps also collect location data, followed by audio (30%), messages (22%), files and documents (16%), calendar (6%), contacts (6%), health and fitness(2%), and web browsing (2%).

70% of educational applications share your data with third parties

While many apps were found to collect user data, some apps go a step further and share user data with third parties. In total, 70% of educational applications on Android were found to disclose some of their user data to third parties. 

Personal information is the most commonly shared type of user data. In total, 46% of apps were found to share this information with third parties.

All in all, while some of the collected user information might be necessary for the provision of the services of these educational apps, we found many of the collection practices excessive. 

Even more problematic is that most apps transfer sensitive data to third parties, ranging from user name to user location, contact details, and photos, that can be later used to create a profile of who you or your children are. 

To read the full article, head over to: https://atlasvpn.com/blog/revealed-top-10-most-privacy-invasive-educational-apps-on-android

Leave a comment »

CISOs Are Most Likely to Outsource Security Program Improvements and 24/7 Protection: Nuspire

Posted in Commentary on August 25, 2022 by itnerd

Nuspire, a leading managed security services provider (MSSP), announced findings from its annual research study, revealing CISO challenges, priorities and key trends as well as the drivers behind purchasing decisions. 

Key findings from the study include:

  • CISOs and IT security decision makers are most concerned about overall security program improvements; monitoring, detecting and responding to threats 24/7; and vulnerability/posture assessments. 
  • The top three outsourced services include overall security program improvements; monitoring, detecting and responding to threats 24/7; and technology optimization and integrations to ensure the best use of existing technology. 
  • Nearly one-quarter of CISOs say they spend the most time on business, IT and security program strategy.
  • Two-thirds believe their organization is vulnerable to attack, especially when it comes to cloud applications, end users and cloud infrastructure.
  • CISOs are highly concerned about end-users and see the need for more education to prevent ransomware and phishing attacks – especially in an era of remote work; however, their likelihood to outsource a solution is low. 

Nuspire’s research methodology involved anonymously surveying over 200 U.S.-based CISO and IT decision makers from large to mid-size enterprise organizations across a variety of industries, including retail, manufacturing, information technology and more. 

To learn more about these findings, join their webinar on August 31, where they will dive into the study and discuss CISOs’ key pain points, their confidence level around their ability to prevent threats and top buying trends.  

Leave a comment »

New Business Email Attack Spoofs CFOs To Lure Finance Employees Into Transfering Money: Avanan

Posted in Commentary with tags on August 25, 2022 by itnerd

Researchers at Avanan, a Check Point Company, have discovered threat actors are spoofing CFOs in order to get finance employees to send money back to hackers. And they have a report analyzing a Business Email Compromise (BEC) attack where hackers spoof domains to impersonate the CFO of a major sports corporation.

This campaign presents employees with an email from the CFO of a major corporation requesting the employee to make a payment to West Bend Mutual, a legitimate insurance company via ACH transfer or Wire Transfer.

Seeing as I have come across businesses losing tens or hundreds of thousands of dollars in scams like these, this report is worth your time to read. It can be found here.

Leave a comment »

Twitter To Be Investigated By The Senate And The EU Over Claims Of Lax Security

Posted in Commentary with tags on August 25, 2022 by itnerd

Twitter has a big problem on its hands. And it’s not named Elon Musk. The Senate Judiciary Committee, following the former head of security of Twitter surfaced with claims of lax security on the platform. The Washington Post has more:

Share

Twitter whistleblower Peiter Zatko will testify before the Senate about his allegations of security failures at the social network, the Senate Judiciary Committee announced on Wednesday.

The hearing is scheduled for Sept. 13, and Zatko, Twitter’s former security chief who is also known as “Mudge,” will appear pursuant to a subpoena. The hearing was announced one day after The Washington Post reported on Zatko’s whistleblower complaint to federal regulators that alleges “extreme, egregious deficiencies” in its defenses against hackers, as well as meager efforts to fight spam.

“Mr. Zatko’s allegations of widespread security failures and foreign state actor interference at Twitter raise serious concerns. If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world,” said Sens. Richard J. Durbin (D-Ill.) and Charles E. Grassley (R-Iowa), the chair and top Republican on the Senate Judiciary Committee.

And that’s not all. The EU is piling on with an investigation of their own:

Two national data protection authorities in the EU, in Ireland and France, have confirmed to TechCrunch that they are following up on the whistleblower complaint.

Ireland, which is Twitter’s lead supervisor for the bloc’s General Data Protection Regulation (GDPR) — and previously led a GDPR investigation of a separate security incident that resulted in a $550,000 fine for Twitter — said it is “engaging” with the company in the wake of the publicity around the complaint.

“We became aware of the issues when we read the media stories [yesterday] and have engaged with Twitter on the matter,” the regulator’s deputy commissioner, Graham Doyle, told us.

While France’s DPA said it is investigating allegations made in the complaint.

“The CNIL is currently investigating the complaint filed in the U.S. For the moment we are not in a position to confirm or deny the accuracy of the alleged breaches,” a spokesperson for the French watchdog told us. “If the accusations are true, the CNIL could carry out checks that could lead to an order to comply or a sanction if breaches are found. In the absence of a breach, the procedure would be terminated.

This is big trouble for Twitter as the EU is pretty harsh when it comes to this sort of thing. And seeing that mid-term elections are coming up, lots of Senators will be wanting to put on a show and use Twitter as a whipping boy to make a point with the people back home. Thus Twitter better have a strategy to deal with this, or they are just going to get destroyed by both of these parties.

Leave a comment »