The Trustworthy Accountability Group announced an industrywide anti-fraud program, Verified by TAG, to “fight digital ad fraud and bring new transparency across the digital ad ecosystem,” a TAG news release said Thursday. Companies can apply to be verified by TAG as a trusted advertising party, it said. Registered companies will receive a TAG-issued identifier they can share with partners and pass with every ad they buy, process, place or run, it said. TAG is also developing a Payment ID system to create a record of who gets paid for every impression, to prevent criminals from receiving ad spend, it said. “The TAG Registry and upcoming Payment ID system will act like a ‘two-factor authentication’ for the digital ad supply chain,” said TAG CEO Mike Zaneis. “Through the TAG Registry, buyers will be able to ensure that they are working with trusted parties at every step of their campaigns, while the Payment ID system will ensure that payments only go to legitimate players, choking off the cash to criminals.” Registration is open, and "it’s time for every company in digital advertising to get TAG’ed,” Zaneis said. TAG’s registration program has been endorsed by the “big five” ad agency holding companies, plus AOL, Google and other major programmatic ad players, the release said.
The FCC and the University of Colorado-Boulder Interdisciplinary Telecom Program will co-sponsor a summit on cybersecurity issues in the communications and public safety sectors Dec. 7, the agency said Tuesday. “The event will feature industry, public safety, academic and government thought leaders in the field of cybersecurity in a series of moderated panels, considering technical, practical, and policy issues related to the cybersecurity threats facing our commercial and public safety networks,” said a notice from the commission. The event will be in Boulder. More details are to follow.
Adobe released a security update for its Shockwave Player Tuesday that addresses a vulnerability that could allow an attacker to take control of an affected system, a U.S. Computer Emergency Readiness Team alert said.
Facebook has “not advocated publicly or privately for” the Cybersecurity Information Sharing Act (S-754), a spokesman said Monday. Leading S-754 opponent Fight for the Future claimed in a blog post Saturday that Facebook lobbyists are secretly lobbying in favor of S-754 “even though Facebook has been lauded as opposing the bill” due to its membership in the Computer & Communications Industry Association (CCIA), which recently opposed S-754 (see 1510150038). The Senate is to take a final vote Tuesday on S-754 and on a series of amendments to the bill after voting 83-14 Thursday to end debate on a manager's amendment (see 1510220062). The Senate's consideration of S-754 had earlier stalled amid concerns from Fight for the Future and other entities about the bill's effect on privacy and civil liberties, but consolidation of several proposed amendments into the manager's amendment appeared to pave the way for progress on the bill. The White House and Secretary of Homeland Security Jeh Johnson have since repeated their earlier support for S-754. Facebook “has declined to take a public position on CISA, but in recent days sources have confirmed that in fact Facebook is quietly lobbying the Senate to pass it, Fight for the Future said. The group has launched a petition to force Facebook to “take a public position” on S-754. “If Facebook wants to reclaim their credibility on user privacy, they need to take a stand against CISA,” said Fight for the Future Co-director Tiffiniy Cheng in the blog post. A Facebook spokesman didn't comment on what Facebook's position on S-754 is. Facebook's Q3 lobbying report indicates the company lobbied the White House and Capitol Hill on general cybersecurity issues, but unlike on other topics it doesn't detail any specific legislation. Harbinger Strategies, Peck Madigan, Subject Matter and Stewart Strategies & Solutions all indicated they lobbied on cybersecurity issues for Facebook during the quarter.
Apple released several security updates to address critical vulnerabilities in multiple Apple products, a U.S. Computer Emergency Readiness Team alert said Wednesday. Updates are available for, among others, iTunes 12.3.1 for Windows 7 and later, Apple Watch, Apple Watch Sport, Apple Watch Hermes, iPhones 4s and later, iPod touch 5th generation and later, and iPad 2 and later, the alert said. Exploitation of the vulnerabilities may allow a remote attacker to take control of an affected system, it said.
Individuals who play massive multiplayer online games should be on the lookout for email phishing scams, said FTC Consumer and Business Education Division’s Andrew Johnson in a blog post Thursday. Often, the emails warn an individual his or her account is about to be suspended because “you tried to sell your in-game character or virtual goods for real money,” Johnson said. “It claims the gaming company may sue you for as much as $2,700 if you ignore the notice and continue selling virtual goods for real money,” he said. The email tells users to check the status of their accounts or challenge the suspension by clicking a link that will allegedly take them to a verification page, Johnson said. But in reality, “it’s all a trap to try to steal your personal info, like your account or credit card numbers,” Johnson said. To better identify phishing emails, Johnson recommended users: don’t reply and don’t click on links or call phone numbers provided; search the company’s real contact information and reach out on your own if you’re concerned the message is legit; make sure to use a security software from a trusted source and have it update automatically; and don’t open attachments or download files from unexpected emails.
The FTC and National Credit Union Administration will host a live Twitter chat to discuss cybersecurity tips and ways to protect information Thursday at 11 a.m., said FTC Consumer and Business Education Counsel Carol Kando-Pineda in a blog post Tuesday. “Join the conversation at #NCUAChat,” or submit questions beforehand to socialmedia@ncua.gov, Kando-Pineda said.
Most Americans now use PINs or passwords to protect their smartphones, according to a survey by Harris Poll, paid for by CTIA. With the amount of personal data stored on phones increasing, Harris found that 61 percent of wireless consumers use PINs/passwords, up 20 percent from a survey in 2012. The survey also found that 40 percent installed anti-virus software on their smartphones, up 29 percent from the 2012 survey. The new survey also found that more than one-third of consumers installed locks and wipe apps, and 12 percent said they had lost devices in the past year. Almost 50 percent of those said they used a program to locate their phones and nearly 40 percent contacted their carriers. “These results demonstrate that the consumer education programs developed by the wireless industry and by individual companies are improving Americans’ cybersecurity behaviors,” said CTIA Vice President-Technology & Cybersecurity John Marinho. Harris did an online survey with more than 1,500 respondents.
Voxx International’s recent $20.2 million purchase of a majority stake in biometric security supplier EyeLock is important to Voxx because the IoT “has made security a critical part of daily life, demanding more efficient means of protecting identities and assets,” Voxx CEO Pat Lavelle said last week on an earnings call. EyeLock boasts a portfolio numbering more than 100 patents, which includes items “with technology that can potentially create the most powerful cybersecurity solution available as well as logical and perimeter access solutions,” Lavelle said. With its acquisition of a controlling interest in EyeLock, Voxx now controls “all of their IP and substantially all of their assets,” he said. “Their technology and business model enables them to scale across multiple markets and there was no doubt in our minds that iris biometrics will be one of, if not the, chosen method for authentication in the future,” he said. By the end of the decade, iris authentication “will become commonplace” for consumers, financial institutions and government and defense contractors, he said. Moreover, automakers and tech companies “may look to integrate iris authentication into routers, switches, set-top boxes, PCs and mobile devices,” he said. “Blue chip partners and global brands” are evaluating or have already adopted EyeLock's iris authentication technology “as a means to improve system and infrastructure security and for embedded technology applications,” he said. EyeLock also is in talks “with leading PC, tablet and laptop makers about embedding their technology in these devices,” he said.
Mozilla released Firefox 41.0.2 to address a security vulnerability that may allow a remote attacker to obtain sensitive information from an affected system, said a Thursday alert from the U.S. Computer Emergency Readiness Team. US-CERT also issued an alert Thursday saying Apple released security updates for Keynote, Pages and Numbers for OS and for iOS to address multiple vulnerabilities that may allow a remote attacker to take control of an affected system.