The UK’s Information Commissioner’s Office announced today that it has levied a nearly $16 million fine against TikTok for “a number of breaches” of the country’s data protection law.

Central to the ICO’s decision to fine TikTok are the estimated 1.4 million UK children under 13 years of age, who were allowed to sign up for the platform in 2020, despite the company’s own rules barring such use.

That’s a violation of UK’s General Data Protection Regulation (similar to the EU’s GDPR), the ICO said in a statement. The UK GDPR requires that companies that use personal data to offer services to children under 13 need a parent or guardian’s permission to do so. The regulator also noted that “senior employees” at TikTok were aware of underage users on the platform, and did not respond adequately to the issue.

To read this article in full, please click here

Read More

Cybersecurity application provider Snyk has added fresh capabilities to its flagship developer security platform to improve programming productivity and help secure software supply chains.

The series of enhancements to Snyk’s namesake platform includes security support for C/C++ applications, new capabilities for infrastructure as code (IaC), automated security for  container supply chains, and new devsecops collaboration features.

Using an in-house built, AI-based engine, Snyk scans C/C++ codes in development to identify all open source dependencies, associated vulnerabilities, and license compliance issues. The new capability offers features to help developers identify and fix issues as they code.

To read this article in full, please click here

Read More

Researchers warn of a new strain of ransomware dubbed Rorschach that doesn’t appear to be related to previously known threats and uses several unique features in its implementation, including one of the fastest file encryption routines observed so far.

“A behavioral analysis of the new ransomware suggests it is partly autonomous, spreading itself automatically when executed on a domain controller (DC) while it clears the event logs of the affected machines,” researchers from security firm Check Point said in a new report. “In addition, it’s extremely flexible, operating not only based on a built-in configuration but also on numerous optional arguments which allow it to change its behavior according to the operator’s needs.”

To read this article in full, please click here

Read More

The UK’s data regulator has issued a warning to tech companies about protecting personal information when developing and deploying large language, generative AI models.

Less than a week after Italy’s data privacy regulator banned ChatGPT over alleged privacy violations, the Information Commission’s Office (ICO) published a blog post reminding organizations that data protection laws still apply when the personal information being processed comes from publicly accessible sources.

To read this article in full, please click here

Read More