Google Analytics | Breaking Cybersecurity News | The Hacker News

Google has agreed to settle a lawsuit  filed in June 2020  that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the "incognito" or "private" mode on web browsers. The  class-action lawsuit  sought at least $5 billion in damages. The settlement terms were not disclosed. The plaintiffs had alleged that Google violated federal wiretap laws and  tracked users' activity  using Google Analytics to collect information when in private mode. They said this allowed the company to collect an "unaccountable trove of information" about users who assumed they had taken adequate steps to protect their privacy online. Google subsequently attempted to get the lawsuit dismissed, pointing out the message it displayed when users turned on Chrome's incognito mode, which  informs users  that their activity might still be visible to websites they visit, employer or school, or ...

The Swedish data protection watchdog has warned companies against using Google Analytics due to risks posed by U.S. government surveillance, following similar moves by  Austria, France , and  Italy  last year. The development comes in the aftermath of an audit initiated by the Swedish Authority for Privacy Protection (IMY) against four companies CDON, Coop, Dagens Industri, and Tele2. "In its audits, IMY considers that the data transferred to the U.S. via Google's statistics tool is personal data because the data can be linked with other unique data that is transferred," IMY  said . "The authority also concludes that the technical security measures that the companies have taken are not sufficient to ensure a level of protection that essentially corresponds to that guaranteed within the EU/EEA." The data protection authority also fined $1.1 million for Swedish telecom service provider Tele2 and less than $30,000 for local online marketplace CDON failing to ...

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...

Threat actors behind web skimming campaigns are leveraging malicious JavaScript code that mimics Google Analytics and Meta Pixel scripts in an attempt to sidestep detection. "It's a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and content management systems (CMSs) via vulnerability exploitation, making this threat highly evasive to traditional security solutions," Microsoft 365 Defender Research Team  said  in a new report. Skimming attacks, such as those by Magecart, are carried out with the goal of harvesting and exporting users' payment information, such as credit card details, that are entered into online payment forms in e-commerce platforms, typically during the checkout process. This is achieved by taking advantage of security vulnerabilities in third-party plugins and other tools to inject rogue JavaScript code into the online portals without the owners' knowledge. As skimming attacks h...

French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation (GDPR) laws in the country, almost a month after a  similar decision  was reached in Austria. To that end, the National Commission on Informatics and Liberty (CNIL) ruled that the transatlantic movement of Google Analytics data to the U.S. is not "sufficiently regulated" citing a violation of  Articles 44 et seq.  of the data protection decree, which govern the transfers of personal data to third countries or international entities. Specifically the independent administrative regulatory body highlighted the lack of equivalent privacy protections and the risk that "American intelligence services would access personal data transferred to the United States if the transfers were not properly regulated." "[A]lthough Google has adopted additional measures to regulate data transfers in the context of the Google An...

Researchers reported on Monday that hackers are now exploiting Google's Analytics service to stealthily pilfer credit card information from infected e-commerce sites. According to several independent reports from PerimeterX , Kaspersky , and Sansec , threat actors are now injecting data-stealing code on the compromised websites in combination with tracking code generated by Google Analytics for their own account, letting them exfiltrate payment information entered by users even in conditions where content security policies are enforced for maximum web security. "Attackers injected malicious code into sites, which collected all the data entered by users and then sent it via Analytics," Kaspersky said in a report published yesterday. "As a result, the attackers could access the stolen data in their Google Analytics account." The cybersecurity firm said it found about two dozen infected websites across Europe and North and South America that specialized in...