Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/14/2019
12:30 PM
50%
50%

US Prosecutors Investigate Facebook's Data-Sharing Deals

The news follows a long, tumultuous period of scandal around Facebook and its privacy practices.

Facebook is under criminal investigation by federal prosecutors, who are looking into the social giant's data-sharing deals with major technology companies, The New York Times reports.

In December 2018, the NYT revealed how Facebook shared unknowing users' data with Microsoft, Amazon, Netflix, and more than 150 other tech firms, retailers, entertainment sites, and media outlets. The companies participating in these data-sharing deals owned applications seeking information on hundreds of millions of people each month. As part of the deals, partnering companies have been allowed to view users' friends, contact info, and other data, sometimes without consent. Most have been shut down in the past two years.

Now, a New York grand jury has subpoenaed records from "at least two prominent makers of smartphones and other devices," the NYT says, citing two people familiar with the requests. The two companies had reportedly made data-sharing agreements with Facebook, which is also under scrutiny by the Federal Trade Commission and the Securities and Exchange Commission, as well as the Justice Department, following the 2018 Cambridge Analytica incident.

This news follows a long, tumultuous period of scandal around Facebook and its privacy practices. Last week CEO Mark Zuckerberg published a lengthy essay detailing his plans for a more privacy-oriented future. But as this new investigation shows, the company still has a long way to go to address the decisions it has made in the past.

Read more details here.

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-0532
PUBLISHED: 2021-06-21
In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196177
CVE-2021-0533
PUBLISHED: 2021-06-21
In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193932
CVE-2021-26461
PUBLISHED: 2021-06-21
Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2021-0478
PUBLISHED: 2021-06-21
In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for explo...
CVE-2021-0504
PUBLISHED: 2021-06-21
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: ...