New evidence to an ongoing GDPR complaint shows how ad categories used by Google and the Internet Advertising Bureau (IAB) profile you and apply potentially sensitive labels to you. Credit: Thinkstock Happy Data Privacy Day! You will likely be hearing a lot about how companies care about your privacy, but as the Washington Post pointed out, it’s 2019 and “big tech firms still don’t care your privacy.”Evidence: Websites need to make money, and many do that via ads that use your data for money. While you likely know ad tracking is creepy as can be, privacy-focused browser Brave added new evidence to an ongoing GDPR complaint that shows how ad categories used by Google and the Internet Advertising Bureau (IAB) profile you and apply potentially sensitive labels to you. This new evidence describes how “ad auction companies, including Google, unlawfully profile Internet users’ religious beliefs, ethnicities, diseases, disabilities, and sexual orientation.”When you visit a website that uses ad auctions, personal data about you is broadcast in “bid requests.” Loading one web page can trigger numerous bid request broadcasts. In fact, it was estimated that “ad auction companies broadcast intimate profiles about an average U.K. internet user 164 times per day. These are received by thousands of companies, and there is no way of knowing what then is done with these intimate data.”According to Michael Veale, University College London technology policy researcher, “Actors in this ecosystem are keen for the public to think they are dealing in anonymous, or at the very least non-sensitive data, but this simply isn’t the case. Hugely detailed and invasive profiles are routinely and casually built and traded as part of today’s real-time bidding system, and this practice is treated though it’s a simple fact of life online. It isn’t: and it both needs to and can stop.” Other cybersecurity and privacy newsJapanese government will hack into citizens’ vulnerable IoT devicesVint Cerf, one of the father’s of the internet, is concerned about the Internet of Things, specifically about all the buggy and insecure IoT devices being hacked. And he’s “enthusiastic” about development tools that Google and other companies are working on that will help expose software bugs in the devices. On that note, thanks to a new law amendment, the Japanese government plans to hack into citizens’ IoT devices. In February, the National Institute of Information and Communications Technology will begin testing the password security of more than 200 million IoT devices by using default passwords and password dictionaries. Easy-to-hack devices will be added to a list and shared with ISPs which are to notify users about making the devices secure. Although the goal is to better cybersecurity before the Tokyo Summer Olympics in 2020, the new law allows authorities to try to gain access to IoT devices over a five-year period.Cisco RV320/RV325 routers under attack; update firmware nowAs you know, routers are a part of the IoT, and two Cisco routers, Cisco RV320 and RV325 WAN VPN routers, are under attack. After Cisco released advisories for CVE-2019-1652 and CVE-2019-1653, thanks to RedTeam Pentesting for reporting the command injection and two information disclosure flaws, security researcher David Davidson released proof-of-concept code and the search was on to find and exploit these routers.Bad Packets published an interactive map of vulnerable devices that were found in 122 countries and on the network of 1,619 unique ISPs – a hefty portion of which are in the U.S. Bad Packets explained, “Using data provided by BinaryEdge, we’ve scanned 15,309 unique IPv4 hosts and determined 9,657 Cisco RV320/RV325 routers are vulnerable to CVE-2019-1653. 6,247 out of 9,852 Cisco RV320 routers scanned are vulnerable and 3,410 out of 5,457 Cisco RV325 routers scanned are vulnerable.”Affected users are urged to upgrade to the latest firmware version and change the device password ASAP.Dailymotion suffers credential stuffing attack The video-sharing platform Dailymotion admitted to being a victim of “a large-scale computer attack aimed at compromising the data of its users.” Affected users have been contacted, were part of a forced log out, and were told to change their password.Uncover agents target internet watchdog CitizenLabInternet watchdog group CitizenLab has been targeted by “international undercover operatives” intent on honing in on CitizenLab’s work, which repeatedly revealed details about surveillance by Israeli surveillance vendor NSO Group. NSO denied having anything to do with the undercover operations.Citizen Lab said, “This failed operation against two Citizen Lab researchers is a new low. Citizen Lab research is public, and the evidence that we use to draw our conclusions is public as well. We have always welcomed debate and dialogue about our work, but we condemn these sinister, underhanded activities in the strongest possible terms. Such a deceitful attack on an academic group like the Citizen Lab is an attack on academic freedom everywhere.” To help you smileSince there’s little to make you smile about today’s news, I’ll leave you with this funny tidbit that was shared by security researcher Ankit Anubhav.https://t.co/l1bqobWykN Offensive security deployed by using offensive words on hacker. 😂 pic.twitter.com/sXnUCz51eC— Ankit Anubhav (@ankit_anubhav) January 28, 2019 Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe