After Avast's Malefaction, Data Protection should be High-Priority

SC Magazine UK | February 14, 2020

  • Avast had been harvesting the web browsing data habits from its hundreds of millions of customers to supply some of the world’s biggest firms.

  • Avast's wrongdoings are what many privacy and security experts have long warned about: Attempts to deanonymize data sets.

  • The story stands as a lesson for consumers and calls for them to ensure that their data is protected and safe at all times.

Avast, a free anti-virus software provider, which is being used by millions around the world, has admitted to selling " highly sensitive" web browsing data via a subsidiary company called Jumpshot.


Investigations done by Vice and PC Mag had reported that Avast had been harvesting the web browsing data habits from its hundreds of millions of customers to supply some of the world’s biggest firms.


Soon after the reports came out, Czech authorities bounce into action, to start an investigation of their own. The investigation found that the anonymized web history data could then be traced back to individual users. Avast via Jumpshot was tasked with selling the user data from millions of devices to major brands and e-commerce providers.


Shares in Avast tanked after reports of sale of user data surfaced.


Recap on the Avast's Malefactions


Jumpshot, a US-based marketing company was purchased by Avast back in 2013.


The Czech-based anti-virus giants scraped data from the software it provides to customers and handed the information to the marketing subsidiary Jumpshot, which then repackaged the information and sold it for millions of dollars.


Even though Avast required users to opt into this data sharing, the investigation found many were unaware Jumpshot was then selling on their data. The revelations emerged following a joint investigation by trade publications Motherboard and PCMag.


The data sold include Google searches, Google Maps location searches, activity on companies’ LinkedIn pages, YouTube visits and data on people visiting porn websites.


Avast did not deny the allegations and said it had moved to stop the data-sharing practices.


READ MORE: Privacy experts Skeptical of proposed data protection agency


What the Latest on it?


The expose has led to the Czech data protection authority starting up an investigation into Avast and its activities. In an official statement, the company has said that it has initiated a preliminary investigation of the case based on the information revealed.


At the moment we are collecting information on the whole case. There is a suspicion of a serious and extensive breach of the protection of users’ personal data. Based on the findings, further steps will be taken and general public will be informed in due time.

- Ivana Janu, President, Czech Office for Personal Data Protection.


Lessons for Information Security

The story raises several serious questions about the ethics of processing and selling data. It also stands as a lesson on information security for consumers and calls for them to ensure that their data is protected and safe at all times.


It is an unfortunate fact that in this day and age, consumers must be wary of who they trust with their data. When the antivirus companies are the bad guy, it’s difficult to see who is good. The best course of action is to constantly ensure that your personal data stays secure. This can be done by managing preferences on websites, but when it comes to software as a service (SaaS) it becomes even more sinister and we must be even more wary.

-Robert Ramsden-Board, VP EMEA, Securonix

“As the saying goes, if you're not paying for the product, then you are the product. That wisdom certainly proved true in this case. AVG and Avast abused users' trust and put them at risk, which could well be a death sentence for a business that users rely on for protection,” said Paul Bischoff, a privacy advocate at Comparitech.com, while talking about users preferring to use free anti-virus versions even though availability of paid products by both Avast and AVG.



Boris Cipot, a senior security engineer at Synopsys, while talking about the recent developments and the seriousness amongst the authorities regarding to GDPR said, “I just wonder how many of such cases will need to be uncovered before this type of data trafficking stops and we can finally rest assured that the companies we trust with our data will not reuse it, or in some cases even misuse it.”


Avast's wrongdoings are what many privacy and security experts have long warned about: Attempts to deanonymize data sets. Even data that has been purportedly made anonymous can still often be linked back to individual users. It also highlights a continuing gulf between increasingly strict data protection regulations and user expectations.


Is your anti-virus spying on you?


READ MORE: 3 trends in Data privacy breach laws that will carry over to 2020

Spotlight

Online retailers are threatened by the Internet underbelly of nefarious online actors, including big industry competitors. These threat constituencies are leveraging bad bots in numerous ways that hurt many online retailers. These include bad bots that scrape prices and product data, perform click fraud and endanger the overall security of e-commerce websites, your loyal consumers, and your brands.


Other News
DATA SECURITY,SOFTWARE SECURITY

Quad9 Joins the Cyber Threat Alliance as Leading DNS Service to Improve the Cybersecurity of Our Global Digital Ecosystem

Quad9 | September 22, 2022

Today, Quad9, the leading free recursive DNS service, has joined the Cyber Threat Alliance (CTA) [cyberthreatalliance.org], a global non-profit working to improve the cybersecurity of our global digital ecosystem by enabling near real-time, high-quality cyber threat information sharing among organizations. Quad9 is part of the Contributing Allies program, which involves collaboration on cyber incidents and key cybersecurity topics. Exchange of expertise and threat intelligence with partners within the Cyber Threat Alliance is indispensable to counter online threats like malware, phishing, identity theft and ransomware. "As we expand our global reach, Quad9 is committed to working together with other cybersecurity providers through strategic partnerships and alliances. "Joining CTA's Contributing Allies program certainly fits that goal and enables us to engage more frequently with other like-minded organizations as we work together to improve security and privacy for all." John Todd, General Manager for Quad9 The Domain Name System (DNS) is where malicious domain names can be blocked most effectively preventing users from getting robbed of their money, identity or data. Over the past six years, Quad9 has built its strength developing the best-in-class maximum security and 100% privacy-assured DNS service. In so doing Quad9 has secured its place as one of the most important free cybersecurity providers in the world; protecting many tens of millions of users with servers in almost 100 countries. "We're excited to have Quad9 as a Contributing Ally," said Michael Daniel, President and CEO of the Cyber Threat Alliance. "They provide great security services and have some unique insights into the flow of data across the Internet. We look forward to working with them to continue improving the security of our digital ecosystem." Anyone who wants to boost their privacy and security can configure their device to use Quad9's DNS service, which blocks more than 150 million malicious events each day. Quad9's services are available to both individuals and organizations. About Quad9 Quad9 is a recursive DNS service providing cybersecurity protection against malware and phishing. Quad9 is a Swiss public-benefit foundation which exists for the purpose of improving privacy and security, Quad9 does not collect or resell personal data. Its service is provided to individuals and organizations at no cost and requires no contract. The organization was launched in 2017 and now operates from nearly two hundred locations in ninety countries. Quad9 exists to improve end user protection and privacy worldwide in addition to promoting the stability and security of the Internet.

Read More

PLATFORM SECURITY

Resecurity® Brings Cyber Threat Intelligence to Microsoft Azure

Resecurity | July 01, 2022

Resecurity, a cybersecurity and intelligence company, today announced its award-winning cybersecurity threat intelligence and risk monitoring platform is now available on Microsoft's Azure Marketplace. Microsoft's Azure Marketplace is the most comprehensive marketplace on the planet, offering thousands of certified cloud applications and software to over four million active users and subscribers. With cyber-risk ranking as a top concern for CEOs and business owners1, enterprises are looking for additional support to secure and manage the evolving cyber threatscape. More importantly, they're looking for trusted vendors who provide scalable, secure solutions that can work inside existing operating systems. Today, nearly 70 percent of organizations worldwide use Microsoft Azure for their cloud services.2 By joining the Microsoft Azure marketplace, Resecurity's software solutions will be easily accessible to the millions of Microsoft Azure customers needing comprehensive cybersecurity management and monitoring. "Enterprises continue to battle increasing cyber threats emerging from the Dark Web and ransomware groups targeting cloud services. Trusted partners like Microsoft Azure have enabled organizations to confidently bring in the cybersecurity expertise and solutions they need to protect their ecosystems. "Resecurity is dedicated to helping organizations worldwide mitigate these risks with our reliable, scalable and accessible cybersecurity and threat intelligence software." Gene Yoo, CEO of Resecurity Resecurity's AI-powered solutions provide proactive alerts and comprehensive visibility of digital risks targeting the enterprise ecosystem. The innovative platform allows administrators to reduce potential blind spots and security gaps by quickly seeing in-depth analysis and specific artifacts obtained through the dark web, botnets activity, network intelligence and high-quality threat intelligence data. Microsoft Azure users who integrate Resecurity into their cybersecurity strategy will benefit from: Around-the-clock security monitoring of your cloud workloads and enterprise ecosystem, In-depth risk evaluation of the entire enterprise ecosystem (Dark Web, Compromised Accounts, Data Leaks, Network Hygiene, Cloud Security, etc.), A scalable software solution that can monitor a digital footprint of any size (Domains, Network Ranges, Cloud-based Nodes), AI-powered threat intelligence that leverages Rescurity's Dark Web intelligence repositories with over 3.4 billion records and cyber intelligence analysts deployed across all continents, Contextualized risk alerts and data-backed suggested actions to enable a proactive security strategy.Just recently Resecurity has been named a gold winner by the 2022 Cybersecurity Excellence Awards in North America. Resecurity's products and services received Gold recognition across 3 categories in highly competitive nominations such as cyber threat intelligence (CTI), threat hunting, and third-party risk management (TPRM). Just recently Resecurity has been named a gold winner by the 2022 Cybersecurity Excellence Awards in North America. Resecurity's products and services received Gold recognition across 3 categories in highly competitive nominations such as cyber threat intelligence (CTI), threat hunting, and third-party risk management (TPRM). About Resecurity Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence. Known for providing best-of-breed data-driven intelligence solutions, Resecurity's services and platforms focus on early-warning identification of data breaches and comprehensive protection against cybersecurity risks. Founded in 2016, it has been globally recognized as one of the world's most innovative cybersecurity companies with the sole mission of enabling organizations to combat cyber threats regardless of how sophisticated they are. Most recently, Resecurity was named as one of the Top 10 fastest-growing private cybersecurity companies in Los Angeles, California by Inc. Magazine. An Official Member of Infragard, AFCEA, NDIA, SIA and FS-ISAC.

Read More

SOFTWARE SECURITY

Red Canary and Palo Alto Networks expand collaboration to provide detection and response across security landscape

Red Canary | July 08, 2022

Red Canary, the Managed Detection and Response (MDR) trailblazer, has expanded its collaboration with industry leader Palo Alto Networks to help deliver on a bold vision: unifying threat investigation across a wide range of Palo Alto Networks products. To help achieve this goal Red Canary is now a part of the Palo Alto Networks Cortex® MSSP partner program. Today, Red Canary MDR supports Palo Alto Networks firewalls by integrating with PAN-OS version 9 and higher. This integration allows security alerts and event data generated by firewall appliances to feed into the Red Canary MDR platform for further investigation and remediation. Red Canary is working with Palo Alto Networks as an MDR partner for the Cortex XDR product, which includes built-in endpoint protection. While many MDR offerings simply ingest alerts generated by endpoint security tools, Red Canary is working toward being able to ingest raw telemetry as well as alerts from the Cortex XDR endpoint agent. Red Canary anticipates this will allow it to reduce false positives by up to 99% and significantly increase the detection of confirmed threats compared to what endpoint security tools can identify on their own. "The detailed endpoint telemetry generated by Cortex XDR enables leading scores in actual hands-on tests, such as MITRE's recent ATT&CK® evaluation," said Rick Caccia, SVP of Marketing for Palo Alto Networks. "Red Canary's ability to manage and analyze large volumes of endpoint, network, and other types of telemetry will make them an ideal partner for solving customers' most pressing security challenges. Together, we can help protect organizations from ransomware, phishing, and other modern threats." To complete our vision of unifying threat investigation across the Palo Alto Networks product line, Red Canary is also developing integrations for Prisma® Cloud, Threat Prevention, and the WildFire Analysis Environment. Red Canary's MDR everywhere strategy allows events from Palo Alto Networks products to be combined with multi-vendor events in a unified timeline. To learn more, visit https://redcanary.com/cyber-threat-investigation/. "Red Canary is meeting customer demand for security across the modern IT environment by integrating alert data from network, identity, and SaaS applications – all in a unified timeline. Our collaboration with Palo Alto Networks layers best-in-class managed detection and response across an industry-leading portfolio of cybersecurity solutions. The result is more choice and better security for our customers." Chris Rothe, CTO, Red Canary About Red Canary Red Canary stops cyber threats no one else does so organizations can fearlessly pursue their missions. The company's managed detection and response (MDR) solution works across enterprise endpoints, cloud workloads, network, identities, and SaaS apps. Red Canary operates as a security ally for customers and partners by providing unlimited 24×7 support, deep threat expertise and hands-on remediation to prevent threats from turning into business-defining incidents.

Read More

DATA SECURITY

DoControl Integrates with Box to Transform SaaS Data Access Security

DoControl | August 03, 2022

DoControl, the automated Software as a Service (SaaS) security company, today announced an expanded integration with Box, the leading Content Cloud, that adds a foundational layer of granular controls to protect sensitive data and provide comprehensive data access security. The solution further secures cross-application, business-critical data, and files accessed by every identity and entity, both internal employees and external collaborators, allowing for content collaboration to be achieved securely. Recent research found that nearly half of enterprise tech leaders find too much time is spent on manually provisioning and managing apps. In addition, it found other pain points around managing SaaS, including a lack of visibility, data exposure, and unmanageable access. DoControl No-Code SaaS Security Workflows Engine supports organizations in mitigating ongoing risk consistently, with the customization level required to effectively balance security with business enablement. "By partnering with Box, we will help customers confidently maintain business continuity and mitigate the risk of data breaches, overexposure, and exfiltration. "Security teams can effectively extend least privilege to the SaaS data layer and utilize a risk-based approach in securing their Box instances through the prioritization of identities that present higher levels of risk." Adam Gavish, CEO and Co-Founder of DoControl "Organizations today need products that are inherently secure to support employees working from anywhere," said Fred Klein, Vice President of Business and Corporate Development at Box. "At Box, we continuously strive to improve our integrations with third-party apps so that it's easier than ever for customers to use Box alongside best-in-class solutions. With today's integration with DoControl, we are taking that mission one step further to enable our joint customers to have more granular security controls over who has access to their business-critical content." Key joint solution capabilities include: Comprehensive asset management: Gain full awareness of every entity that is accessing corporate data within Box to identify what needs to be protected; Real-time monitoring and control: Monitor every user activity in real-time, with self-service tooling to detect and respond to immediate threats; Automated remediation: Establish data access control workflows that are future-proofed, consistently enforced, and allow for secure file sharing between all internal and external users. About DoControl Founded in 2020 and headquartered in New York, DoControl is an automated data access controls platform for SaaS applications, improving security and operational efficiency with ease for enterprises. DoControl is backed by investors Insight Partners, StageOne Ventures, Cardumen Capital, RTP Global and global cybersecurity leader CrowdStrike's early stage investment fund, the CrowdStrike Falcon Fund. The company's leadership team combines product, engineering and sales experience across cybersecurity, enterprise and SaaS innovators.

Read More

Spotlight

Online retailers are threatened by the Internet underbelly of nefarious online actors, including big industry competitors. These threat constituencies are leveraging bad bots in numerous ways that hurt many online retailers. These include bad bots that scrape prices and product data, perform click fraud and endanger the overall security of e-commerce websites, your loyal consumers, and your brands.

Resources