Google is set to pay $29.5M for privacy breach / Poland warns of incoming Russian cyberattacks / Chinese hackers are targeting Chinese international students

Plus: Matrix acquires Israel-based Zebra Technologies

Inside.com Part of   Network January 02, 2023

Google is set to pay $29.5M in two settlements over location tracking. The company was sued by the state of Indiana and Washington D.C. More: The company will pay $20M to the state of Indiana and $9.5M to Washington D.C. over its location tracking technology which was considered suspicious by the two states. Specifically, this case has to do with the controversy over a decision made in 2018 that Google made to track users' whereabouts on Android and iOS through a setting called Web & App Activity despite turning Location History options off. Google was also accused of using dark patterns, which allegedly deceive users into carrying out actions that violate their privacy and overshare information without their knowledge or affirmation. The company has been ordered to notify users with Location History and Web & App Activity enabled about whether location data is being collected, alongside steps users can take to disable the settings and delete the data.

Poland has warned that Russia-based cyberattacks targeting the country's digital infrastructure may be imminent. The announcement was made on the Polish government's official website. More: According to the statement, Poland has been targeted by Russian cyberattacks since the beginning of the Russian invasion of Ukraine. The statement mentions examples such as the attack against the Polish parliament by the NoName057(16) group and against other private companies in the country. According to Polish intelligence, the attacks against the country are partly due to the support it provided to Ukraine and are an attempt to destabilize one of the largest economies in the Eastern Europe region. In July, the pro-Russia Killnet hacker crew hit multiple government resources in Poland, including the Ministry of Foreign Affairs, the Senate, Border Control, and the Police. In October, Microsoft reported that a new ransomware variant, Prestige ransomware, is being used to attack transportation and logistics organizations in Ukraine and Poland.

Chinese hackers are targeting Chinese students in the U.K. with fake voicemails that lead them to confess their banking information. The campaign is named RedThief. More: The voicemails impersonate organizations like the Bank of China and China Mobile, and the Chinese embassy to convince Chinese international students to give away their private banking information. The hackers use a new pay-as-you-go U.K. phone number for each call, so users cannot predict the scam call. The threat actor uses sim cards from companies such as Three, O2, EE, Tesco Mobile, and Telia. Chinese students are believed to have been targeted by this campaign since at least August 2019.

Matrix has acquired Israel-based cybersecurity company Zebra Technologies at an $18.5M valuation. Zebra Technologies reportedly has around $70M in annual revenue. More: Zebra Technologies specializes in providing efficiency and security software to companies across different verticals, such as: Retail, Healthcare, Manufacturing, Hospitality, Energy, Public governance, etc. The company has worked with clients such as Juniper Networks, Trend Micro, Palo Alto Networks, Pulse Secure, Forcepoint, Imperva, RSA, Forescout, Gigamon, Tenable, Vasco, F5, and Cato. Zebra Technologies, founded in 2008, has around 30 employees. Matrix, which has 11,000 employees and is traded on the Tel Aviv Stock Exchange, will acquire 70% of the company.

The Pytorch Machine Learning framework has been breached, according to its administrators. Users have been told to uninstall and download the latest versions of the software. More: PyTorch is an open-source machine learning framework that Meta Platforms originally developed. The platform is written in Python. The malware, deployed sometime between Dec. 25 and Dec. 30, can exfiltrate system information such as environment variables, the current working directory, and the hostname. According to security researchers, the administrator of the domain to which the stolen data is being redirected has claimed that the breach is part of an ethical hacking exercise and that the stolen data is not being used in any harmful way. PyTorch's administrators have told its users to delete and re-install the latest update to mitigate any potential risk.

Quick Hits: This year, try a resolution that sticks - going to therapy with BetterHelp. Save 25% off your first month.* The LockBit ransomware gang has formally apologized for cyberattacking the Hospital for Sick Children and released a free decryptor. CISA has warned organizations using controllers made by Rockwell Automation of several security flaws that could make them vulnerable to remote code execution attacks. A new report claims that more than 200 hundred organizations in the U.S. public sector were hit by ransomware cyberattacks. The bipartisan fiscal 2023 omnibus spending agreement includes a $2.9B budget for the Cybersecurity and Infrastructure Security Agency, a $320M YoY increase. *This is sponsored content.

Upcoming events at Inside: January 05 - AMA with Gun.io - Building and managing software development teams w/ Deividi Silva (Watch On Demand) January 06 - AMA with LinearB - Improving workflow for developers w/ Ori Keren (Watch On Demand) January 10 - Inside Startups Coffee Break (Register Here) January 17 - Inside Marketing Coffee Break (Register Here) January 31 - Growth Summit 2023 (Register Here)

Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. Editor Vibha Chapparike is a Freelance Writer & Editor at Inside.com. With her post-graduation in Management and Finance completed, Vibha is expanding her knowledge in venture capital, business, startups, and technology. She has had a career in public relations and communications. An ardent reader and writer currently residing in Singapore, you can follow Vibha on Twitter @VChapparike.

767 Bryant St. #203, San Francisco, CA 94107 Copyright © 2023 Inside.com

Did someone forward this email to you? Head over to inside.com to get your very own free subscription! You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.