Strict ‘Do Not Track’ Law Proposed By US Senator

This week a Republican senator “unveiled a ‘Do Not Track’ bill with tough penalties for companies who break its protections,” reports The Hill.

Trailrunner7 shares more information from the security news site Decipher: Senator Hawley’s bill makes the Federal Trade Commission the enforcement authority for the system and any person who violates the measure would be liable for penalties of $50 per user affected by a violation for every day that the violation is ongoing. “Big tech companies collect incredible amounts of deeply personal, private data from people without giving them the option to meaningfully consent. They have gotten incredibly rich by employing creepy surveillance tactics on their users, but too often the extent of this data extraction is only known after a tech company irresponsibly handles the data and leaks it all over the internet,” Hawley said.

Why the US Air Force Is Investigating a Cyber Attack From the US Navy

“The Air Force is investigating the Navy for a cyber intrusion into its network, according to a memo obtained by Military Times.”

Zorro (Slashdot reader #15,797) shares their report: The bizarre turn of events stems from a decision by a Navy prosecutor to embed hidden tracking software into emails sent to defense attorneys, including one Air Force lawyer, involved in a high-profile war-crimes case of a Navy SEAL in San Diego. The tracking device was an attempt to find out who was leaking information to the editor of Navy Times, a sister publication. A similar tracking device was also sent to Carl Prine, the Navy Times editor, who has written numerous stories about the case.

Weekly Update 140

I’m a day and a half behind with this week’s update again – sorry! Thursday and Friday were solid with training in Melbourne so I recorded Saturday and am pushing this out in the early hours of Sunday before going wakeboarding – is that work / life balance? But there’s been a hell of a lot going on, particularly around HIBP and I’ll be talking a lot more about that in the weeks to come.

Neal Stephenson Says Social Media Is Close To A ‘Doomsday Machine’

PC Magazine interviewed Neal Stephenson about his new upcoming book Fall; Or, Dodge in Hell, as well as “the digital afterlife, and why social media is a doomsday machine.” [Possible spoilers ahead]: The hybrid sci-fi/fantasy novel begins in the present day with Richard “Dodge” Forthrast, an eccentric multibillionaire who made his fortune in the video game industry. When a freak accident during a routine medical procedure leaves him brain-dead, his family is left to contend with his request to have his brain preserved until the technology exists to bring him back to life. The near-future world of Fall is full of familiar buzzwords and concepts. Augmented reality headsets, next-gen wireless networks, self-driving vehicles, facial recognition, quantum computing, blockchain and distributed cryptography all feature prominently. Stephenson also spends a lot of time examining how the internet and social media, which Dodge and other characters often refer to in Fall as the Miasma, is irrevocably changing society and altering the fabric of reality

Q: How would you describe the current state of the internet? Just in a general sense of its role in our daily lives, and where that concept of the Miasma came from for you.

Give your career a boost with these online training bundles that are 60% off

Trying to earn a promotion? Memorial Day weekend might be a good place to start. There are tons of e-learning packages that can help you build professional skills a lot quicker (and cheaper) than any technical academy. Whether you want to earn IT certifications, learn to code, become a designer, or anything else, these comprehensive bundles are all on sale. Plus, you can take an additional 60% off the final price by entering the online code WEEKEND60.

First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.

Real estate title insurance company exposed 885,000,000 customers’ records, going back 16 years: bank statements, drivers’ licenses, SSNs, and tax records

First American Financial Corp is a Fortune 500 company that insures titles on peoples’ property; their insecure website exposed 885,000,000 records for property titles, going back 16 years, including bank accounts (with scanned statements), Social Security numbers, wire transaction receipts, scanned drivers’ licenses, tax records, mortgage records, etc — when notified of the error, the company (which employs 18,000 people and grossed more than $5.7B last year) closed the misconfiguration.

First American Financial Corp. Leaked 885 Million Sensitive Title Insurance Records

An anonymous reader quotes a report from Krebs on Security: The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.

Santa Ana, Calif.-based First American is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in more than $5.7 billion in 2018. Earlier this week, KrebsOnSecurity was contacted by a real estate developer in Washington state who said he’d had little luck getting a response from the company about what he found, which was that a portion of its Web site (firstam.com) was leaking tens if not hundreds of millions of records. He said anyone who knew the URL for a valid document at the Web site could view other documents just by modifying a single digit in the link. And this would potentially include anyone who’s ever been sent a document link via email by First American. KrebsOnSecurity confirmed the real estate developer’s findings, which indicate that First American’s Web site exposed approximately 885 million files, the earliest dating back more than 16 years. No authentication was required to read the documents.

How Can Companies And Individuals Best Protect Themselves Against Cybercrime?

Here’s the thing – if a data breach has occurred, it’s already too late. Data breaches typically cost a company several million dollars, not to mention immeasurable (often irreversible) damage to their reputation. In a recent study, one-third of customers that were notified of a vendor breach said they would no longer do business with that company. With cybersecurity, the best medicine is preventative – companies need to protect against cybercrime and data breaches before they happen.

Medical industry struggles with PACS data leaks

In the medical world, sharing patient data between organizations and specialists has always been an issue. X-Rays, notes, CT scans, and any other data or related files have always existed and been shared in their physical forms (slides, paperwork).

Cyber Attacks Remain a High Risk, and More Enterprises are Buying Insurance for Protection

The Society of Actuaries (SOA), the world’s largest actuarial professional organization, recently released its annual survey of emerging risks in conjunction with other partner organizations. The good news for security programs is that cyber risk for the first time in five years was not ranked at the top of the list. The bad news is that cyber security is still a formidable challenge for organizations.