Nearly 250 million Microsoft Customer Service and Support (CSS) records were found exposed to the Internet in five insecure Elasticsearch databases, Comparitech reports.The records on those servers contained 14 years’ worth of logs of conversations between support agents and customers, all of which could be accessed by anyone directly from a browser, without

The National Institute of Standards and Technology (NIST) last week announced version 1.0 of its Privacy Framework, a tool designed to help organizations manage privacy risks.NIST published a preliminary draft of the Privacy Framework in September 2019, when it requested public feedback. The agency had initially hoped to release version 1.0 by the end of 201

California-based data security startup Cyral emerged from stealth mode this week and announced that it has raised $11 million in a Series A funding round. The company previously received $4.1 million in an angel investment round, which brings the total raised to date to over $15 million.Cyral provides a cloud-native service designed to make it easy for organ

Hundreds of Internet-accessible, unprotected medical imaging systems expose data on millions of patients worldwide, German security firm Greenbone reveals.The analysis conducted by Greenbone, a vulnerability analysis and management solutions provider, focused on Picture Archiving and Communication Systems (PACS), which are used by healthcare organizations to

P&N Bank has notifed customers of a data breach that resulted in a large amount of sensitive information being compromised. According to information shared on Twitter by Australian security researcher @vrNicknack, the incident took place on December 12, 2019, during a server upgrade on a third-party hosting provider. P&N has since confirmed

Popular dating apps like Tinder and Grindr are sharing the personal data of their users to third parties in breach of EU regulations, a Norwegian consumer rights group said Tuesday.A new report by the Norwegian Consumer Council (NCC) details how Grindr, which markets itself as the "world's largest social networking app for gay, bi, trans and queer people," s

In May 2020, the GDPR turns two. This European data protection regulation has been obligatory since 2018, and allows fines of up to 4% of a company’s annual global turnover. Since it was implemented, this regulation has been used to hand million-euro fines to such large companies as British Airways and Marriott International. In the last few months, we have

The FBI asked Apple this week to help extract data from iPhones that belonged to the Saudi aviation student who investigators say fatally shot three sailors at a U.S. naval base in Florida last month.Investigators have been trying to access the two devices — an iPhone 7 and an iPhone 5 that belonged to Mohammed Alshamrani, a 21-year-old 2nd Lt. in the Royal

Facebook, Samsung and Ring have unveiled new or improved privacy and security tools at the 2020 CES consumer electronics show taking place this week in Las Vegas.Facebook announced a revamped version of Privacy Checkup, a tool launched in 2014 in an effort to make it easier for users to manage the information they share on the social media network.The improv

Set to be released next week, Firefox 72 will provide users with an option to delete the telemetry data that the browser collects from them, Mozilla says.The new feature was included in the popular browser as a reaction to the California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020, and which aims to provide Californians more contro

ProtonMail has released the beta version of ProtonCalendar, its fully encrypted calendar application that aims to help users both keep track of their plans and keep their data private.Built with end-to-end encryption right from the start, the app can secure and protect users’ sensitive events-related information, ProtonMail says.Data such as event title, des

An unprotected database was found to have exposed the data of all Wyze users who created an account before December 26, 2019.Seattle, Washington-based Wyze Labs is the creator of affordable smart home products that aim to provide users with the same capabilities as more expensive systems. The company’s first product was WyzeCam, a remotely-controlled smart h

Brazil on Monday fined Facebook $1.65 million for improperly sharing users' data in a case linked to the global Cambridge Analytica scandal.Facebook engaged in an "abusive practice" by allowing data from 443,000 users in Brazil to be unduly available to developers of the application "This is Your Digital Life," according to the Ministry of Justice.That appli

OpenSSL has evolved a great deal in terms of security since the disclosure of the Heartbleed vulnerability back in 2014.OpenSSL, an open source library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, is widely used by organizations to protect communications.In April 2014, the world learned that OpenSSL was affecte

An Elasticsearch cluster containing information on Honda owners in North America was recently found to be accessible from the Internet without any authentication.Discovered on December 11, 2019, by security researcher Bob Diachenko, the database was part of Honda North America infrastructure and it contained 976 million records.Of these, around 1 million rec