Security Affairs

JULY 7, 2025

Taiwan warns Chinese apps like TikTok and WeChat pose security risks due to excessive data collection and data transfers to China. “The results indicate the existence of security issues, including excessive data collection and privacy infringement. The EU is investigating data theft under GDPR.

Risk

Security Affairs

MARCH 27, 2025

In January, Italys Data Protection Authority Garante asked the AI firm DeepSeek to clarify its data collection, sources, purposes, legal basis, and storage, citing potential risks to user data. Texas and other states banned TikTok on government devices. ” concludes the alert.

Malware

Security Boulevard

FEBRUARY 23, 2025

Home Office Contractor's Data Collection Sparks Privacy Concerns The Home Office faces scrutiny after revelations that its contractor, Equifax, collected data on British citizens while conducting financial checks on migrants applying for fee waivers.

Cybersecurity

Centraleyes

DECEMBER 11, 2024

Governments and regulatory authorities may also mandate compliance with IATA standards to align with broader cybersecurity strategies. Governance and Accountability: Organizations must establish governance structures, including appointing a Chief Information Security Officer (CISO) or equivalent roles, to oversee cybersecurity initiatives.

Risk

Security Affairs

JULY 16, 2025

The report includes details on the tactics, techniques and procedures (TTPS) used by Salt Typhoon, along with a guidance to help National Guard and state governments detect, prevent, and mitigate this threat. government and critical infrastructure entities across 12 sectors, including Energy and Water. ” continues the report.

Telecommunications

Security Affairs

MARCH 7, 2025

This article uses differential privacy in healthcare, finance, and government data analytics to explore the mathematical foundation, implementation strategies, and real-world applications of differential privacy. According to Erlingsson (2014), Google’s RAPPOR system collects user data while maintaining anonymity.

Artificial Intelligence

Security Affairs

JUNE 24, 2025

Canada’s Cyber Centre reports that PRC-linked group Salt Typhoon likely hacked three telecom devices in February 2025, exploiting CVE-2023-20198 to steal configs and set up a GRE tunnel for data collection. The government experts believe the nation-state actor is also targeting organizations that are in other sectors.

Telecommunications

Malwarebytes

MARCH 27, 2025

This week we learned that the US Government uses Signal for communication, after a journalist was accidentally added to a Signal chat. Probably the largest alternative to Signal, WhatsApp is owned by Meta, and has faced criticism for its data-sharing practices. Switching to Signal is justified if privacy is your top priority.

Encryption

Lenny Zeltser

JUNE 27, 2025

Through these discussions, we agreed on the monitoring approaches and established checks and balances to mitigate the risk of data abuse. Data Collection and Retention: Here, both security and privacy want to minimize data, since less data means less risk.

Data privacy

eSecurity Planet

JUNE 25, 2025

Run by a nonprofit and funded by donations, there are no ads, trackers, or data collection in Signal. Key features E2EE on messages, calls, and media Minimal data collection. Open-source code or security audits: Allows the security community to inspect how the app handles encryption and user data.

Encryption

SecureList

MARCH 13, 2025

powershell ntdsutil.exe "'ac i ntds'" 'ifm' "'create full temp'" q q Additionally, manual PowerShell commands were observed for dumping data from these locations. Data Collection and Exfiltration Another new tool in Head Mare’s arsenal was a script running wusa.exe. 360nvidia[.]com; com; 45.156.27[.]115

Energy and Utilities

Zero Day

JUNE 22, 2025

In this world, data is cheap and unnecessarily collected in bulk by companies that don't protect it effectively or govern themselves in data collection practices well. Unfortunately, it is up to individuals to deal with the fallout; knowing you've been involved in a data breach is half the battle.

Passwords

eSecurity Planet

JUNE 25, 2025

Run by a nonprofit and funded by donations, there are no ads, trackers, or data collection in Signal. Key features E2EE on messages, calls, and media Minimal data collection. Open-source code or security audits: Allows the security community to inspect how the app handles encryption and user data.

Encryption

Security Boulevard

MARCH 24, 2025

Android Apps Use Bluetooth and WiFi Scanning to Track Users Without GPS Cyber Insider Researchers found that 86% of apps they analyzed collect sensitive data, including location data stemming from scanning Wi-Fi network details, and collecting device identifiers.

Surveillance

SecureList

JULY 21, 2025

Introduction Some time ago, Kaspersky MDR analysts detected a targeted attack against government IT services in the African region. Data collection Next, the attackers utilized automation tools such as stealers and credential-harvesting utilities to collect sensitive data. We detail these tools below.

Energy and Utilities

Centraleyes

DECEMBER 12, 2024

economy and a key focus of recent federal initiatives aimed at leveling the playing field in government contracting. Enhance operational efficiency: Centraleyes automates data collection, risk assessment, and remediation planning, enabling providers to manage large portfolios with reduced manual effort and improved accuracy.

Small Business

Centraleyes

APRIL 17, 2025

To ensure that internal controls are properly structured, financial institutions, publicly traded companies, healthcare organizations, and even government agencies turn to established frameworksand one of the most widely recognized is the COSO Framework. Accurate Data Collection: Use reliable systems to collect financial data.

Risk

Security Boulevard

MARCH 17, 2025

Of course, personalized in this context means leveraging extensive amounts of data collected on people. US lawmakers urge UK spy court to hold Apple backdoor secret hearing in public TechCrunch This is yet another addition to the Apple vs secret order by the UK government saga.

Surveillance

Centraleyes

OCTOBER 28, 2024

Privacy platforms like OneTrust, TrustArc, BigID, and Centraleyes are popular tools for automating data privacy compliance. These tools facilitate compliance and enhance overall data governance. Data Minimization Best Practices: Limit Data Collection : Only collect personal data that is essential for its specific purpose.

Data privacy

SecureWorld News

JANUARY 15, 2025

With data collected from 121 organizations across diverse industries, BSIMM15 serves as both a benchmarking tool and a strategic guide for improving software security maturity. Government and European Union have passed or drafted regulations that will require companies to secure the software they sell or use.

Software

Zero Day

JUNE 20, 2025

In this world, data is cheap and unnecessarily collected in bulk by companies that don't protect it effectively or govern themselves in data collection practices well. Unfortunately, it is up to individuals to deal with the fallout; knowing you've been involved in a data breach is half the battle.

Passwords

Security Affairs

MARCH 2, 2025

Spreads via Impersonation of Official Email to Target Users in Taiwan Belgian prosecutor probes alleged Chinese hacking of intelligence service Exclusive: Hegseth orders Cyber Command to stand down on Russia planning Cybersecurity Trump 2.0

Cybercrime

Thales Cloud Protection & Licensing

MARCH 19, 2025

In 2024, 44% of consumers globally trusted banks with their personal data, but by 2025, this figure dropped to 32% for those aged 1624. While insurers benefit from regulatory oversight like the banking sector, persistent friction points like opaque claims processes and intrusive data collection eroded goodwill.

Insurance

Malwarebytes

APRIL 9, 2025

Bad vibes are big news in privacy right now, with the public feeling isolated in securing their sensitive information from companies, governments, AI models, and scammers. Elsewhere, 69% of people said they use an ad blocker for online browsing, and 75% of people opt out of data collection, as possible.

Government

Zero Day

JUNE 27, 2025

The company publishes annual security and transparency audit reports, including government requests it has received. I went through the report, which mostly showed that they haven't handed over any user data despite getting several orders to do so. 

VPN

Malwarebytes

JUNE 25, 2025

At the federal level, there is currently no comprehensive law that expressly regulates the use of facial recognition by government agencies. In China, new regulations effective from June 2025 require businesses to be transparent about facial recognition use and allow individuals to refuse biometric data collection in many cases.

Technology

Zero Day

JUNE 26, 2025

We see this already with certain partnerships, like Oura's collaboration with Essence Healthcare , where every Essence patient receives a free Oura Ring to track their health data and take that data to their doctor for medical assessment. What it means for your health, privacy, and wallet HHS secretary RFK Jr.

Government

Centraleyes

JULY 10, 2025

The directive mandates companies to report on Environmental, Social, and Governance (ESG) issues. On top of that, it requires this data to be externally verified. It is recommended to engage external auditors early in your reporting cycle, ideally during the data collection and preparation phases.

Data collection

Zero Day

JUNE 22, 2025

It’s an easy privacy tweak that could improve your Fire TV because it allows it to better focus on streaming instead of data collection. Amazon uses a resettable advertising ID for advertising and analytics purposes, but you can instruct apps not to use this ID. Show more Elyse Betters Picaro / ZDNET 8.

Password Management

Tech Republic Security

MAY 8, 2020

Governments and organizations are unleashing new technologies to fight the spread of the coronavirus, adding to privacy and data collection concerns.

Data collection

Schneier on Security

JUNE 12, 2025

This is news : A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected U.S.

Government

Adam Levin

SEPTEMBER 4, 2020

Bush in the wake of the September 11 attacks, but had been phased out by the NSA between 2018 and 2019 after disuse and technical issues had rendered the data collected unusable. . “[T]he

Surveillance

Schneier on Security

JULY 1, 2021

To overcome these challenges and champion the positive effects of cyber insurance, this paper calls for a series of interventions from government and industry. To date, the UK government has taken a light-touch approach to the cyber insurance industry. Often, that’s paying the ransom.

Insurance

Schneier on Security

MARCH 20, 2020

With that in mind, the EFF has some good thinking on how to balance public safety with civil liberties: Thus, any data collection and digital monitoring of potential carriers of COVID-19 should take into consideration and commit to these principles: Privacy intrusions must be necessary and proportionate. Transparency. Due Process.

Surveillance

Security Affairs

OCTOBER 30, 2023

Canada banned the Chinese messaging app WeChat and Kaspersky antivirus on government mobile devices due to privacy and security risks. The Government of Canada announced a ban on the use of the WeChat and Kaspersky applications on government-issued mobile devices due to privacy and security risks.

Mobile

Joseph Steinberg

FEBRUARY 2, 2021

While we have become somewhat accustomed to the data collection practices of online retailers seeking to analyze our purchase histories in order to better target their marketing efforts, many people may not realize that even some well-known retailers also use data provided by people whose purchases the retailer itself cancelled.

Retail

Schneier on Security

NOVEMBER 9, 2018

The boundaries between research and grey data are blurring, making it more difficult to assess the risks and responsibilities associated with any data collection. Many sets of data, both research and grey, fall outside privacy regulations such as HIPAA, FERPA, and PII.

Data collection