Start using any ImmuniWeb product instantly after a quick customization and secure online payment. Alternatively, request your free demo.

Total Tests:

Google To Pay Largest Multi-State Data Privacy Settlement in US History

Thursday, November 17, 2022 By Read Time: 2 min.

Read also: An FBI-wanted leader of the “Zeus” gang arrested in Geneva, hundreds of Amazon RDS instances leak personal data, and more.


Google To Pay Largest Multi-State Data Privacy Settlement in US History

Google slapped with $391M privacy fine for illegally tracking users’ location

A mammoth $391.5 million fine was levied by 40 US states against internet giant Google for illegally tracking users’ location in what appears to be the largest settlement by state in the history of the United States.

An investigation into Google’s activities was initiated in 2018 after a report revealed that the tech giant was tracking its users even after they enable a Google account privacy settings that claim to turn off location tracking. It was found that Google violated state consumer protection laws by misleading consumers about its location tracking practices since at least 2014.

Hundreds of Amazon RDS instances expose user data

Hundreds of databases hosted on the popular Amazon Relational Database Service (Amazon RDS) cloud-based platform have been found to be leaking sensitive information such as names, email addresses, phone numbers, dates of birth, marital status, and business data, providing threat actors access to information that potentially can be used in extortion, ransomware and other malicious activities.

The source of the leak was found to be a snapshot feature in Amazon RDS that is used to back up the hosted databases and which allows a user to share public data or a template database to an application.

Over the course of one month, researchers discovered thousands of snapshots being shared publicly - whether by intention or not. Some of them were exposed for one or two days, while others were exposed for up to one month, giving threat actors enough time to steal the data.

Suspected “Zeus” cyber crime ring leader arrested in Switzerland

Vyacheslav “Tank” Penchukov, an alleged leader of the “Zeus” cybercriminal gang that stole millions of dollars from businesses in the US and Europe, has been apprehended in Geneva, and will be extradited to the US, almost eight years after the US authorities unveiled criminal charges against Penchukov and other individuals suspected of targeting multiple organizations with the Zeus malware. All those mentioned in the indictment are accused of racketeering, computer fraud, identity theft and bank fraud.

In related news, 59 suspected scammers have been arrested across Europe for using stolen credit card information to purchase luxury goods from online shops.

Massive brand impersonation scam uses 42K phishing domains

A massive network of phishing websites was discovered that mimic over 400 well-known financial, banking, travel, retail, pharmaceutical, energy, and transport sector brands like Unilever, Coca-Cola, McDonald's, or Knorr, in order to trick victims into visiting sites that deliver Android malware, or lead them to fake gift card imposter scams.

The attackers use WhatsApp to distribute links to the phishing sites, and once a victim clicks on the link in a received message they get redirected through a series of advertising sites, ending up in suspicious destinations serving scams or malware.

Run by a China-based threat actor known as “Fangxiao,” the campaign has been ongoing for almost five years. To date, researchers identified more than 42,000 Fangxiao-controlled domains involved in the scheme.

At least seven Magecart groups target Magento stores in 'TrojanOrders' attacks

Cybersecurity researchers have warned of a surge in 'TrojanOrders' attacks targeting Magento 2 e-commerce websites using a critical flaw (CVE-2022-24086) that allows the threat actors to infect vulnerable sites with a remote access trojan.

Although the fixes for the bug have been available for some time now, it is estimated that at least a third of all Magento and Adobe Commerce stores haven’t applied the patches. The researchers said that at least seven cybercriminal groups were responsible for the rise in the attacks, with the threat actors fighting with each other over control of a compromised website.


What’s next:


Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law.
Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
Your data will stay private and confidential