Daily Digest (5/1)

UK Poll: 77% of Remote Workers Not Concerned About Cybersecurity; Twitter Opens Up Data to Researchers to Study COVID-19 Tweets; EFF Calls on Contact-Tracing App Developers to Consider Privacy Risks; 7.4B Data Records Exposed in Breach at French Newspaper. Click “Continue reading” below.

UK Poll: 77% of Remote Workers Not Concerned About Cybersecurity

Seventy-seven percent of remote workers in the U.K. are not worried about cybersecurity, though two-thirds say their employers have not provided such training in the last year.

According to the survey by Promon, the Norwegian mobile security company, 61% of remote workers said they were using personal devices, IT Security Guru reports.

Promon officials noted that cybercriminals were taking particular advantage of decreased security levels on personal devices connected to corporate networks, jeopardizing sensitive company data along with individual personal information like banking specifics and login details.

“It’s concerning to find that such a large number of workers don’t have the necessary training to spot a potential cyberthreat, such as a phishing email or spoofed website, as these are the main ways in which cybercriminals are executing their attacks,” said Tom Lysemose Hansen, Promon’s co-founder and chief technology officer.

“Organizations must ensure that staff who are working remotely are doing so in secure environments, whether that’s on personal or corporate devices — and it’s critical that they provide the necessary training and tools to ensure corporate data is protected,” he told the website.

Source (external link):

IT Security Guru, Two-thirds of remote workers given no cybersecurity training from employers in the past year 

Twitter Opens Up Data to Researchers to Study COVID-19 Tweets

Twitter Inc. said it would grant researchers and software developers access to a real-time stream of tens of millions of daily public tweets about COVID-19, which can be used to study the spread of the disease or track misinformation.

In a Wednesday blog post, Twitter said the access also could be used by approved applicants working on crisis management, emergency response or communication within communities, along with those developing machine-learning and data tools to help the scientific community understand COVID-19, Reuters reports.

Social media platforms have introduced new policies to curb COVID-19 misinformation and have warned that errors may have resulted from their reliance on more automated moderation systems during the pandemic.

Researchers studying the platforms have argued that the companies must collect data about this period, Reuters reports.

Source (external link):
Reuters, Twitter opens up data for researchers to study COVID-19 tweets 

EFF Calls on Contact-Tracing App Developers to Consider Privacy Risks

Coronavirus contact-tracing app developers must consider the potential privacy and security risks posed by these technologies, the Electronic Frontier Foundation said, warning that no application should be trusted to “solve this crisis or answer all of these questions.”

Google and Apple Inc. are expected to fully release its Bluetooth Low Energy technology-based app this month, while Microsoft Corp. is working on a similar device with the University of Washington and the UW School of Medicine. The app would be designed to inform public-health authorities.

In a Tuesday report, EFF cited fears that hackers could target the data sent from the app to undermine the system.

“Any proximity-tracking system that checks a public database of diagnosis keys against rolling proximity identifiers (RPIDs) on a user’s device — as the Apple-Google proposal does — leaves open the possibility that the contacts of an infected person will figure out which of the people they encountered is infected,” EFF researchers wrote.

“Taken to an extreme, bad actors could collect RPIDs en masse, connect them to identities using face recognition or other tech, and create a database of who’s infected,” they added.

“The whole system depends on trust,” the advocacy group’s researchers cautioned. “If users don’t trust that an app is working in their best interests, they will not use it.

“So, developers need to be as transparent as possible about how their apps work and what risks are involved,” EFF said.

Source:
EFF, Apple and Google’s COVID-19 Exposure Notification API: Questions and Answers 

7.4B Data Records Exposed in Breach at French Newspaper

Approximately 7.4 billion records of private subscriber accounts were exposed in a breach at the French daily newspaper Le Figaro, the oldest newspaper in France.

The server was live when the breach was discovered by the research team at Security Detectives, led by Anurag Sen, the company reported Thursday. The data was from subscribers to private accounts on Le Figaro’s news site.

Customers registered subscriptions to Le Figaro’s website from February to April of this year, along with the records of preexisting users logging into their accounts, the company said.

Among the data leaked was names, emails, addresses, passwords for new users, countries of residence, ZIP codes and login credentials.

“The exact number of people exposed is uncertain due to the structure of the data,” Security Detectives said.

Source (external link):
Safety Detectives, French Subscribers to Famous News Site at Risk from Hacking, Fraud 

By DPN Staff