Recent research found that package managers containing obfuscated and malicious JavaScript was being used to harvest sensitive information from websites and web applications. In addition to improperly placed web trackers, client-side security researchers are warning about the risks associated with JavaScript code pulled from third-party repositories, like NPM. The security industry has repeatedly proven how easy it is to re-identify anonymized data by combining several datasets to create a clear picture of the end user's identity. The government agency points out that sensitive health information combined with the shadowy data security practices used by technology companies is extremely problematic, with most customers having little or no knowledge of how their data is collected, what data is collected, how it is used, or how it is protected. The FTC indicated they also plan to target false claims about data anonymization. Last week, the FTC announced its plans to crack down on tech companies' improper or illegal use and sharing of highly sensitive data. Journalists and client-side security researchers aren't the only ones looking at data privacy issues. The data was not necessarily anonymized, because the data was connected to an IP address, and both the IP address and the appointment information get delivered to Facebook. They found a Facebook tracker on one-third of the hospital websites which sent Facebook highly personal healthcare data whenever the user clicked the "schedule appointment" button. To highlight the risks with misplaced trackers, a recent study by The Markup (a non-profit news organization) examined Newsweek's top 100 hospitals in America. Two client-side risks dominate the problems with data loss and data exfiltration: improperly placed trackers on websites and web applications and malicious client-side code pulled from third-party repositories like NPM.Ĭlient-side security researchers are finding that improperly placed trackers, while not intentionally malicious, are a growing problem and have clear and significant privacy implications when it comes to both compliance/regulatory concerns, like HIPAA or PCI DSS 4.0.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |