California Considers Pushing Data Disclosure Envelope Again

California, which set the standard for data breach notifications nationwide, is again seeking to set a precedent by becoming the first state in the nation to require companies upon request disclose to California consumers the data they’ve collected and to whom it was shared during the past year. They would be required to respond within 30 days and provide the report for free.

Firefox 20 Fixes 11 Critical Flaws, Adds Per-Tab Private Browsing

Mozilla has added a new privacy feature to Firefox that enables users to begin a new private browsing session in a separate tab while still running a normal session in other tabs. Firefox 20 also includes patches for 11 critical security vulnerabilities.The new version of Firefox expands the capabilities of the private browsing function in the browser, a feature that allows users to browse without any cookies, logs or any other data retention.

Tibetan activists in China as well as those living in exile around the world are being targeted by dangerous malware that not only steals data from infected computers, but also has graduated to reporting location data from mobile devices for surveillance purposes.

The CIO of the U.S. Army failed to put in place a comprehensive security program capable of protecting data stored on commercial mobile devices such as iPhones and Androids, leaving sensitive information in key Army installations exposed. The Inspector General of the Department of Defense took the Army CIO to task in a new report, saying that the CIO “did not implement an effective cybersecurity program for [commercial mobile devices]”.

The call-center equivalent of network-based denial-of-service attacks, known as telephony denial-of-service (TDoS), have targeted emergency services among other industries, enough to garner attention from the Department of Homeland Security, Federal Bureau of Investigation, Federal Communications Commission and others in an confidential alert memo, Krebs on Security reported.

Alma Whitten, the director of privacy at Google, is stepping down from that role and leaves behind her a complicated legacy in regards to user privacy. Whitten has been the company’s top product and engineering privacy official since 2010 and was at the helm as the company navigated a number of serious privacy scandals and controversies.

It’s the ultimate what-if scenario: What if an attacker could own all the customer premises equipment (CPE) doled out by ISPs such as routers and modems? Would it be trivial with available scanning equipment and other tools to find vulnerable gear, and then modify and re-upload the firmware to be able do anything such as control Web traffic, launch DDoS attacks, or even disconnect large blocks of machines from the Internet?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.