“We believe this may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers,” explains the company. “The only apps affected by this bug were ones that Facebook approved to access the photos API and that individuals had authorized to access their photos.”

Bug

As long as the user permits it, Facebook allows third-party apps to access their timeline photos. As a result of the bug, third-party apps were able to access non-public photos without permission. Facebook says that developers were able to access other photos, such as those shared on Marketplace or Facebook Stories. Photos uploaded to Facebook that weren’t posted are stored on the site, and as such, they were also impacted.

Facebook is apologizing and is taking steps to alleviate the damages by urging users to delete affected photos.

“We’re sorry this happened. Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”

If you see an alert on your Facebook profile, it means that you might be one of the impacted users, and should follow Facebook’s instructions to delete the affected photos. The developers have also recommended all users to double check which apps have access to their photos.

Over the past few months, there has been a significant rise in data breaches, and Facebook has been in the spotlight more than once.

The post Facebook Has Another Slip Up, Exposes Millions of Private Photos to Third-Party Devs appeared first on Appuals.

If you aren’t already aware, Google plans on completely getting rid of third-party cookies till the second half of 2024, and replace it with Privacy Sandbox, Google’s solution for targeted ads. What this will do is essentially provide required information to the advertisers, limiting access to the data they don’t need.

These APIs are designed to provide a more privacy-preserving way for websites to collect and use data about users.

Google has earlier announced that it will roll out these changes when the stable version of Chrome 115 becomes available, and with that, we’re seeing how the company is currently shifting its focus to features, that mainly focus on the privacy aspect, and user safety.

In addition to the rollout, Google also plans on updating the ad privacy controls, which would then be shipped alongside the next update in mid-August. These controls would give you more control over how your data is used in advertising.

In this update, Google plans on shipping six APIs, like the Topics API, which allows websites to collect information about the interests of their users.

There’s also the Protected Audience API, which allows websites to target ads to users who have opted in to receiving ads based on their interests. And the Attribution Reporting API, which allows websites to track the effectiveness of their advertising campaigns.

For us, it means that you can still see personalized ads, but your data will be collected and used in a way that is more transparent and gives you more control over your privacy.

Shipping these APIs is another key milestone in the ongoing Privacy Sandbox timeline. This marks the beginning of the transition from sites testing in the origin trial to integrating these APIs in production. We will be keeping you updated as we progress through enabling the APIs, to the opt-in testing with labels in Q4 2023, the 1% third-party cookie deprecation in Q1 2024, heading towards the full third-party cookie phaseout in Q3 2024.”

Google

At the moment, however, it is important to note that the Privacy Sandbox will be used ALONGSIDE the third-party cookies, as Google will not get rid of these cookies until 2024. Even then, these cookies will depreciate for only 1% of the users, but the company says that the process will speed up afterwards.

This is all we know for now, but rest assured that we will keep you updated as new information becomes available.

The post Privacy Sandbox API Rolls Out in Chrome 115, Giving Users More Control Over Their Data appeared first on Appuals.

The NVIDIA account includes photos of Elon Musk, CEO of Twitter, as well as references to the event that is officially recognised as the Dogeathon. In addition to this, it announces that it will temporarily triple the number of Dogecoin in circulation and provide extra benefits to investors in cryptocurrencies. The presence of the verification checkmark demonstrates that this channel belongs to the genuine NVIDIA brand, in contrast to the many fake accounts that are currently operating on Twitter. The action in and of itself is most likely insecure.

Whether done via the Taiwanese account or another official route, NVIDIA has not yet commented on the suspected breach. On Twitter, two of the famous crypto promotions are still active. However, it is unlikely that the account’s hijacked access would mislead widespread NVIDIA fans: As of this writing, @NVIDIATaiwan has a little more than 1,000 followers. The surprise tweets will probably not be seen frequently, given the additional almost three years of dormancy.

This security lapse is not the only one NVIDIA has had this year; this, despite seeming less serious. In the first three months of 2022, a hacker collective said that they had stolen the source code for DLSS, among other things, and utilized this information to threaten NVIDIA. Please don’t click on any links provided by this account. This goes without saying. In addition, this serves as a helpful reminder to change your passwords regularly and use two-factor authentication wherever possible. This is of utmost significance when it comes to official corporate handles.

The post NVIDIA Taiwan Twitter Account Faces Security Breach, Starts Promoting Cryptocurrencies appeared first on Appuals.

According to research, a broad range of applications, including those from the U.S. Army and the Centers for Disease Control and Prevention (CDC), had Pushwoosh malware installed. An app analytics company called Appfigures claims that approximately 8,000 applications in the Apple App Store and Google Play Store had Pushwoosh code.

Thousands of smartphone applications in Apple and Google’s online stores contain computer code developed by a technology company, Pushwoosh, that presents itself as based in the United States, but is Russian, Reuters has found.

The Centers for Disease Control and Prevention (CDC), the United States’ central agency for fighting major health threats, said it had been deceived into believing Pushwoosh was based in the U.S. capital. After learning about its Russian roots from Reuters, it removed Pushwoosh software from seven public-facing apps, citing security concerns.

The U.S. Army said it had removed an app containing Pushwoosh code in March because of the same concerns.”

-Reuters 

Software developers may deliver push alerts to users with Pushwoosh, which offers code and data processing tools. The company’s website states that it does not gather sensitive data, and a Reuters investigation found no proof that Pushwoosh mishandled user data. There is still a potential security risk for businesses that employ the code. According to corporate records, Pushwoosh is based in the Siberian city of Novosibirsk. However, it promotes itself as a U.S. corporation on social media and in regulatory filings in the United States.

The Army told Reuters it removed an app containing Pushwoosh in March, citing “security issues.” It did not say how widely the app, which was an information portal for use at its National Training Center (NTC) in California, had been used by troops.

The NTC is a major battle training center in the Mojave Desert for pre-deployment soldiers, meaning a data breach there could reveal upcoming overseas troop movements”

The business claims it has data on 2.3 billion devices, and the code has been included in almost 8,000 applications overall. The article emphasizes that there is no proof that the Pushwoosh code was created with evil or deceitful purpose, but it was worrying that it went to such efforts to claim to be US-owned. The business also made two bogus executives with purported Washington, DC addresses and false LinkedIn accounts.

Source: Reuters

The post US Army Becomes a Victim of Bogus Russian App Raising Security Concerns appeared first on Appuals.