Top infosec trends in the social media spotlight this week

French regulators hit Google with a €50 million ($57 million) fine after finding it in breach of European Union privacy laws.

Google was faulted for lack of transparency and consent over the personalization of its adverts by French regulators at CNIL.

The internet giant responded promptly to a ruling, announced on Monday, that it was in breach of GDPR (General Data Protection Regulation) by lodging an appeal.

Infosec Twitter responded to the fine by setting it against Google’s massive revenue – 'tis but a drop in the ocean.

Some observers viewed the fine as a righteous comeuppance for Google.

Secure email provider Protonmail described the penalty as a warning to companies that make “surveillance their business model”, pointing out that under the rules of GDPR, fines could be much higher – up to 4% of revenue – than those imposed by Google’s contested punishment.


Elsewhere in France, the ‘official’ Android app of the Gilets Jaunes (Yellow Vests) movement was exposed as buggy this week.

Local security researcher ‘Elliot Alderson’ discovered that lack of authentication mechanisms associated with the app made it easy to manipulate download figures.

Developers responded by resetting the counter and putting the app in maintenance mode.

/


There were mixed reactions after the Daily Mail was flagged as “fake news” this week.

A third-party tool recently incorporated into the mobile version of Microsoft's Edge browser confronts surfers with a caution if a website appears to be spreading false information.

It warned that the Daily Mail website “generally fails to maintain basic standards of accuracy and accountability”.

The (optional and not offered by default) NewsGuard plugin at the centre of the controversy gave Mail Online one out of five on credibility – the same lowly mark as the Kremlin-backed Sputnik news service.

The Mail Online is demanding a retraction to the warning, which has (predictably) delighted liberal-leaning critics of the site.

Last week Facebook took down hundreds of pages and accounts linked to Russia and, in particular, its state-sponsored Sputnik news service.

A Twitter thread by the Atlantic Council’s Ben Nimmo explains how the dissemination of alleged propaganda worked in practice.

Moving over onto more positive news, a report by a security researcher saw URLhaus log its 100,000th malicious URL earlier this week.

The Swiss-based service, which has been operating for 10 months, helps to fight malware and botnets.

Many of the malicious URLs indexed by the site host payloads for the Emotet and Gozi trojans or point to sites associated with the GrandCrab ransomware.

And finally, Google received a much warmer reception this week with a quiz to help you check if users are on top of their phishing game.

Surfers were asked to decide whether emails were genuine or not through the challenging, and well received, exercise that was put together by Google’s Jigsaw division.

Not even well-established internet experts aced the test.

Others pointed out that phishing remains one of the biggest of all internet security threats.

One security expert at PortSwigger advised surfers not to enter your passwords after following links in emails at all.

An incoming email might be malicious, but this is hard to determine. Rather than following links, for example from your bank or from Facebook, in emails surfers should bookmark the sites they frequently use, and click on those links instead.