Top news: CNIL fines Dedalus Biology, Bug in Android devices, and more


Otonomo hit with class-action

Vehicle data platform, Otonomo, is facing a class-action lawsuit in California for harvesting and selling real-time location data from more than 50 million cars worldwide. The company could face legal consequences for the way it handles consent and its data. Read More


CNIL fines Dedalus Biology

France’s CNIL imposed a fine of €1.5 million on medical software company Dedalus Biology for a security lapse that exposed the data of nearly 500,000 individuals. The leaked data included full name, social security number, name of the prescribing doctor, date of the examination, and medical information of patients. Read More


iOS apps still tracking users despite ATT

An independent research has claimed that apps could still be collecting personal data even if users decline to give tracking permission on Apple’s ATT. As per the researchers, certain loopholes in ATT’s framework could allow companies like Google and Facebook, to work their way around the protections and collect more user data. Read More


Hackers steal OAuth access tokens to target firms

GitHub has revealed that hackers breached several organizations using stolen OAuth access tokens. The company claimed that it found evidence of an unnamed attacker capitalizing on third-party OAuth user tokens maintained by Heroku and Travis CI to unauthorizedly download private data from dozens of companies. Read More


Android devices with bug vulnerable to takeover

Check Point Research (CPR) has discovered a bug in the Apple Lossless Audio Codec (ALAC) that affects two-thirds of Android devices sold in 2021. The unpatched vulnerability was included in chipsets made by Qualcomm and Mediatek and could be exploited by hackers for a remote code execution attack (RCE). Read More


US to establish Global Cross Border Privacy Rules forum with 6 other nations

The US Department of Commerce is partnering with six other nations (Canada, Japan, South Korea, Singapore, the Philippines and Taiwan) to develop privacy and cybersecurity standards for cross-border data transfers. The group will establish a Global Cross Border Privacy Rules forum to create a new international certification system for private businesses and other organizations. Read More