Morgan Stanley Improper Data Disposal
by Artie Kaye
The financial company was issued a civil money penalty by the SEC regarding improper disposal of their data storage. Unwiped storage found its way into the hands of private citizens. Personal identifying information was still on drives and network devices. Not all devices believed to be unwiped have been recovered. There are rules to follow when decommissioning old hardware. It is best to do it in house, but if that is not feasible then finding a respected organization in the industry is critical. Destruction of the devices is also an option.
https://www.sec.gov/news/press-release/2022-168
https://www.sec.gov/litigation/admin/2022/34-95832.pdf
OAuth Update
by Artie Kaye
Microsoft has announced they have removed all the malicious apps.
This is an update to news originally posted on September 23, 2022.
https://www.securityweek.com/microsoft-dismantles-spam-campaign-abusing-oauth-applications
FitBits to Require Google Account In Future
by Artie Kaye
The fitness tracking company was purchased by Google and will require users to link the device and a Google account in the coming years. The cutoff date will be 2025. Google states that personal data will not be used for targeted advertising.
https://www.theverge.com/2022/9/26/23372438/fitbit-changes-update-google-account-new-2025
https://gizmodo.com/fitbit-users-will-soon-be-required-to-have-a-google-log-1849582655
https://thehackernews.com/2022/09/google-to-make-account-login-mandatory.html