Source URL: https://www.theregister.com/2024/12/23/uk_ico_not_happy_with/
Source: The Register
Title: UK ICO not happy with Google’s plans to allow device fingerprinting
Feedly Summary: Also, Ascension notifies 5.6M victims, Krispy Kreme bandits come forward, LockBit 4.0 released, and more
in brief Google has announced plans to allow its business customers to begin “fingerprinting" users next year, and the UK Information Commissioner’s Office (ICO) isn’t happy about it. …
AI Summary and Description: Yes
Summary: The text discusses significant developments in data privacy, highlighting Google’s controversial pivot towards user fingerprinting for ad targeting, which raises concerns from the UK’s Information Commissioner’s Office (ICO). It also covers vulnerabilities in security products and ransomware attacks affecting companies like Krispy Kreme and Ascension Healthcare. The insights are crucial for professionals focused on privacy compliance, risk management, and security strategies in an evolving digital landscape.
Detailed Description:
– **Google’s Fingerprinting Plans:**
– Google plans to enable user “fingerprinting” for its business customers in 2025, allowing user profiles to be built without using traditional cookies.
– This approach has drawn criticism from the ICO, emphasizing that it undermines user choice and may not be compliant with UK privacy standards.
– ICO executive director Stephen Almond insists businesses must deploy advertising technologies lawfully and transparently.
– **BeyondTrust Vulnerability:**
– BeyondTrust faces a critical vulnerability (CVE-2024-12356) that allows unauthenticated attackers to execute commands due to a flaw in its Privileged Remote Access and Remote Support products.
– Immediate patches are available, and organizations are urged to update systems before the holiday break.
– **Ransomware Attacks on Krispy Kreme and Ascension:**
– The Play Ransomware gang claims responsibility for a hack affecting Krispy Kreme but details remain sparse as the company has not disclosed whether it was a ransomware attack.
– Ascension Healthcare’s breach, attributed to Black Basta ransomware, exposed data from approximately 5.6 million patients, including sensitive personal and medical information. Ascension is offering credit monitoring and insurance reimbursement to affected individuals.
– **Lazarus Group’s New Malware Threat:**
– The North Korean-linked Lazarus Group is targeting professionals with malware disguised as job-related tools, specifically a new variant called “CookiePlus” that operates stealthily.
– CookiePlus mimics legitimate software to facilitate further attacks and retrieve system information, complicating detection for security teams.
Key Insights:
– **Privacy Compliance Concerns:**
– Organizations must navigate the balance between advertising technology and user privacy. The ICO’s strict stance signals the need for compliance frameworks that prioritize transparency.
– **Urgent Vulnerability Management:**
– The critical nature of the vulnerabilities described highlights the need for timely updates and proactive security measures, especially in environments reliant on remote access solutions.
– **Adapting to Ransomware Trends:**
– Ransomware remains a prevailing threat, necessitating robust cyber defense strategies and employee training on identifying phishing attempts and other danger signals.
– **Proactive Threat Detection:**
– The emergence of sophisticated malware like CookiePlus underscores the necessity for advanced monitoring solutions and threat intelligence capabilities within organizations.
Overall, the intersection of user privacy, evolving cyber threats, and management strategies emerges as vital focal points for security and compliance professionals in the current landscape.