Apple and Microsoft are both taking steps to better explain how they handle customers' personal information

Apple hasn't changed its privacy policy in over a year -- but on Tuesday morning the company updated its website with a fresh explanation of what that policy means, product by product, service by service.

The update comes just a day after Microsoft chose to reexplain its privacy policy and how it relates to Windows 10.

Read more ...

A Latvian cybercriminal who helped in the creation of malware that infected over one million machines globally and resulted in tens of millions of dollars in losses, has pleaded guilty to conspiring to commit computer intrusion.

Read more ...

Six individuals have been arrested by British law enforcement as part of an operation targeting those who have used the Lizard Squad's LizardStresser distributed denial-of-service (DDoS) tool.

According to the U.K. National Crime Agency (NCA), six males aged between 15 and 18 are suspected of using LizardStresser to launch attacks on a national newspaper, a school, gaming companies, and several online retailers. The teens are said to have used Bitcoin and other alternative payment methods to rent the service without exposing their true identity.

The six suspects targeted in the law enforcement initiative dubbed "Operation Vivarium" are based in Manchester, Stockport, Northampton, Milton Keynes, and Huddersfield. Investigators seized computer equipment from one of the alleged LizardStresser users. The suspects have been released on bail.

The NCA noted that two other suspects from Cardiff and Northolt were arrested earlier this year. The agency says officers are visiting roughly 50 addresses linked to individuals believed to have registered on the LizardStresser website, but without actually carrying out any attacks.

"By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services," said Tony Adams, Head of Investigations at the NCA's National Cyber Crime Unit. "This multi-agency operation illustrates the commitment of the NCA and its partners to pursuing people who think they can criminally disrupt important public services or legitimate businesses."

"One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cyber crime and how they can channel their abilities into productive and lucrative legitimate careers," Adams added.

The notorious Lizard Squad collective started advertising LizardStresser in late 2014, when the service was used to disrupt Microsoft's Xbox Live and Sony's PlayStation Network.

It's not surprising that people who used the service -- and even those who simply registered on the LizardStresser website -- are targeted by police. The service was hacked in January and the details of more than 14,000 users were leaked.

Last month, a 17-year-old Finnish teenager named Julius Kivimäki, suspected of being a member of the Lizard Squad, got a two-year suspended prison sentence. However, Kivimaki was convicted for computer crimes carried out in 2012 and 2013, not activities involving Lizard Squad.

LizardStresser currently appears to be offline, and all tweets except one have been deleted from the Lizard Squad's main Twitter account.

Yesterday the FBI warned the world that Business Email Scams (BEC) victims are growing, making companies losing money. The law enforcement highlights that frauds use to start with crooks spoofing communications from high management and executives and deceive them to authorize international wire transfers. The numbers provided by the FBI are alarming, from October 2013 to August 2015, $750 million were lost by companies due to Business Email Scams, nearly 7,000 companies just in the USA felt victim of the scams. Back in January of this year, the FBI had released some statistics about Business Email Scams, the law enforcement reported that between Oct. 1, 2013 and Dec. 1, 2014, 1198 companies had lost $179 million with the “CEO fraud”, aka business e-mail compromise (BEC). This is worrying because from January until now the number increase around 270 percent, the overall losses jumped from $179 million in January up to the current $750 million. “The scam has been reported in all 50 states and in 79 countries,” “Fraudulent transfers have been reported going to 72 countries; however, the majority of the transfers are going to Asian banks located within China and Hong Kong.” States the alert issued by the FBI, How the Business Email Scams works Normally all starts with a phishing email specifically crafted to a company executive, or employees of the targeted company. The emails look like as a legitimate message sent from a look-alike domain, let’s say that an original company is called, the crook will send an email to the victim from Since it is a crafted email, the crooks pay attention to the details so this type of emails will not set off spam traps, because it’s a targeted email. Crooks compose the emails by using the information on the target company available on open sources on the Internet (i.e. social media, press releases, and news). The FBI highlights that the Business Email Scams is very effective and a profitable practice for cyber criminals. “On the surface, business email compromise scams may seem unsophisticated relative to moneymaking schemes that involve complex malicious software, such as Dyre and ZeuS. But in many ways, the BEC attack is more versatile and adept at sidestepping basic security strategies used by banks and their customers to minimize risks associated with account takeovers. In traditional phishing scams, the attackers interact with the victim’s bank directly, but in the BEC scam the crooks trick the victim into doing that for them.” wrote the popular investigator Brian Krebs on the Business Email Scams attacks. The following image shows differences between a normal malware-based attack (i.e. like Zeus) and the BEC scheme: Business Email Scams vs malware Using again the example of as the original company and as the fake company, the crook, will forge the sender’s email address displayed to the recipient, for the victim to see that the email was sent from, but when the victim replies, the reply is going to Some known victims Already in August a tech company called Ubiquiti Networks disclosed in their financial report that they lost $46.7 million because of Business Email Scams. In February, The Scoular Co lost $17.2 million, just because an employee received an e-mail with the order to transfer money to a bank in China The list of successfully Business Email Scams is very long. Advises to prevent Business Email Scams Implement two-step authentication to emails When possible call to the person who sent the email, to verify what is asking Inform employees not to publish/share job-related activities on social media and forums Educate your employee, have a security awareness program

The German weekly Die Zeit disclosed documents that reveal how the German Intelligence did a deal with the NSA to get the access to the surveillance platform XKeyscore.

Internal documents show that Germany's domestic intelligence agency, the Federal Office for the Protection of the Constitution (BfV), received the software program XKeyscore from the NSA in return of data from Germany.

Back in 2o11, the NSA demonstrated the capabilities of the XKeyscore platform of the BfV agency. After two years of negotiation, the BfV signed an agreement to receive the NSA spyware software and install it for analyzing metadata collected on German citizens.

In return, the German Agency promised to share metadata collected.

The NSA tool collects 'nearly everything a user does on the internet', XKeyscore gives 'widest-reaching' collection of online data analyzing the content of emails, social media, and browsing history.

In 2013, documents leaked by Edward Snowden explained that a tool named DNI Presenter allows the NSA to read the content of stored emails and it also enables the intelligence analysts to track the user's activities on Facebook through a system dubbed XKeyscore.

XKeyscore map

According to Die Zeit, the document "Terms of Reference" stated: "The BfV will: To the maximum extent possible share all data relevant to NSA's mission".

The BfV didn't provide the details of the agreement to Germany's data protection commissioner, nor it informed the Parliamentary Control Panel.

The report highlights that Bundesnachrichtendienst BfV is not allowed to set up a mass surveillance activity, differently from the BND, instead it can spy suspect individuals.

The agreement with the NSA doesn't allow BfV to spy on American suspect individuals.

"The term US persons includes US citizens, an alien lawfully admitted for permanent residence in the US, groups and associations a substantial number of the members of which are US citizens, or corporations incorporated in the US," reads the Terms of Reference.

Die Zeit sustains that the agreement "proves what exactly German intelligence agencies give to the NSA in exchange for technical support. We believe it potentially violates the fundamental rights of German citizens, and that the danger of such violations remains clear and present."

The collaboration between the German Intelligence and the NSA is not new, in April, it was reported that the BND agency had helped the NSA spy on the European Commission and French government with the support of the Deutsche Telekom.

It is important to remark that the access granted to the BfV is a lower level of access compared to the one assigned to the Intelligence agencies belonging to the "Five Eyes" alliance.

Russian lawyers have filed a complaint calling for restricting the sale of Windows 10 in Russia, the action urges because the newborn OS spy on users violating Russian laws.

Starting July 29, and for the next 12 months, the new Windows 10 operating system can be installed for free on computers running previous versions of Windows OS, it has been estimated that more than 14 million users installed it within the first 24 hours of the release.

Moscow lawyers report Windows 10 data privacy risks to the Prosecutor General, the new Windows OS collects user location, credentials, browsing history.

The lawyers affirm that the uploading of the information to Microsoft's cloud, debated by many experts and privacy advocates, violates current Russian privacy legislation.

Of course, there are also groups of experts that defend Microsoft and its technology. The Russian Association for Electronic Communications sustains that it is possible to avoid Windows 10 collecting user data by applying the necessary settings, in other words it doesn't violate any privacy law.

Vadim Solovyov, a Communist Party deputy called for the Prosecutor General's Office to review Microsoft's technology due to the accusations of espionage on its users.

Solovyov sustains that Windows OSs are the primary choice for many Russian government agencies, for this reason it is important to assess the Microsoft technology and information circulating on the Windows 10 OS demonstrates that it could represent a threat to homeland security. The adoption of Windows 10 in government agencies could result in the leakage of classified information.

A spokesman for Microsoft denied the allegations to RIA Novosti.

"The new operating system offers users the choice of how they want it to handle their data and users can change the settings at any point," a Microsoft spokesman said a Microsoft spokesman to the news agency.