#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

data collection | Breaking Cybersecurity News | The Hacker News

TikTok Quietly Updated Its Privacy Policy to Collect Users' Biometric Data

TikTok Quietly Updated Its Privacy Policy to Collect Users' Biometric Data
Jun 05, 2021
Popular short-form video-sharing service TikTok quietly revised its privacy policy in the U.S., allowing it to automatically collect biometric information such as faceprints and voiceprints from the content its users post on the platform. The policy change, first spotted by TechCrunch , went into effect on June 2. TikTok users who reside in the European Economic Area (EEA), the U.K., Switzerland, and other geographies (excluding India) where the service operates are exempted from the changes. "We may collect biometric identifiers and biometric information as defined under U.S. laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection," the ByteDance-owned company  said  in a newly introduced section called "Image and Audio Information." On top of this, the company's privacy policy also notes that it may collect information about "the nature of the

Malicious Android SDKs Caught Accessing Facebook and Twitter Users Data

Malicious Android SDKs Caught Accessing Facebook and Twitter Users Data
Nov 26, 2019
Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users' data associated with their connected social media accounts. In a blog post published yesterday, Twitter revealed that an SDK developed by OneAudience contains a privacy-violating component which may have passed some of its users' personal data to the OneAudience servers. Following Twitter's disclosure, Facebook today released a statement revealing that an SDK from another company, Mobiburn , is also under investigation for a similar malicious activity that might have exposed its users connected with certain Android apps to data collection firms. Both OneAudience and Mobiburn are data monetization services that pay developers to integrate their SDKs into the apps, which then collect users' behavioral data and then use it with advertisers for targeted marketing. In general, third-party software development k

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

CCleaner Adds Data Collection Feature With No Way to Opt-Out

CCleaner Adds Data Collection Feature With No Way to Opt-Out
Aug 02, 2018
Like many others, do you also believe that the popular system-cleaning tool CCleaner was performing well before Avast acquired the software from Piriform last year? If yes, then pop-up advertisements in the previous CCleaner software version was not the last thing you have to deal with. Avast has released a new version of CCleaner 5.45 that not only always runs in the background, but also collects information about your system without giving you a way to turn the feature off. CCleaner is a popular application, available in both free and premium versions, with over 2 billion downloads that allow users to clean up their Windows, Mac, and mobile devices to optimize and enhance performance. Last year, CCleaner made headlines when it suffered a massive supply-chain malware attack of all times, wherein hackers compromised its servers for over a month and replaced the original version of the software with the malicious one, infecting over 2.3 million users worldwide. CCleaner

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

WebSites Found Collecting Data from Online Forms Even Before You Click Submit

WebSites Found Collecting Data from Online Forms Even Before You Click Submit
Jun 21, 2017
'Do I really need to give this website so much about me?' That's exactly what I usually think after filling but before submitting a web form online asking for my personal details to continue. I am sure most of you would either close the whole tab or would edit already typed details (or filled up by browser's auto-fill feature) before clicking 'Submit' — Isn't it? But closing the tab or editing your information hardly makes any difference because as soon as you have typed or auto-filled anything into the online form, the website captures it automatically in the background using JavaScript, even if you haven't clicked the Submit button. During an investigation, Gizmodo has discovered that code from NaviStone used by hundreds of websites, invisibly grabs each piece of information as you fill it out in a web form before you could hit 'Send' or 'Submit.' NaviStone is an Ohio-based startup that advertises itself as a service to u
Cybersecurity Resources