In brief
Data protection: French retail giant, Carrefour, faces a €3.05 million fine for multiple violations of the GDPR, including keeping records too long and failing to provide accurate, simple information about data protection. The French regulator's announcement is a good checklist for what not to do. CNIL
Data Protection 2: The Spanish regulator was also active, with a tangled tale of Instagram, WhatsApp, Tinder...and stolen photos. Someone copied the photos from Instagram and Facebook and used them to create a profile on Tinder. The result; a €1,200 fine. AEPD
Exposed: Another week, another example of stunning incompetence; this time from a US company paid to manage electronic health and patient records. The problem; it stored the records online, in plain text, without a password. TechCrunch
Apple fine: If you've had cause to test Apple's claims that iPhones are 'water-resistant', you'll know this is a feature with room for improvement. Now, the Italian competition authority says it intends to fine Apple €10 million for "misleading" and "aggressive" commercial practices related to its claims. Reuters
BEC: Business Email Compromise cost organisations $26 billion between 2016 and 2019. The BBC explains how it works, and interviews one Nigerian scammer who talks about his business...and his victims. "I wanted to be like Mark Zuckerberg," he says. BBC
Telepathic: The US army is spending $6.25 million on research into whether brain signals could be analysed and decoded to create a silent way for military personnel to communicate. Really! C4ISRnet
Facial recognition: The limitations of facial recognition are well documented and now the file has grown a bit bigger. Emails show that a solution used by a New York school frequently misidentifies Black people, and identifies broom handles as guns. Motherboard
Updates
Oracle: The critical vulnerability in WebLogic that was patched in October. is being actively exploited. Update now!
iCloud for Windows: Updates to address vulnerabilities that could allow an attacker to take control of an affected system.
DocuShare: Security updates for DocuShare 6.6.1, 7.0, and 7.5 to address a vulnerability that could allow an unauthenticated attacker to obtain sensitive information.
iPhones: Good news and bad news for iPhone owners. Among the features in iOS 14.2 is support for HD (1080p) FaceTime calls on iPhone 8 and later devices. Less welcome are persistent reports from iPhone 12 owners of poor battery performance and dropped cellular connections.
Windows 10: New cumulative update for Windows 10 20H2 fixes an issue that created problems with some types of upgrades. Bleeping Computer
Thunderbird: Version 78.5.1 is a bug fix and security release which addresses serious vulnerabilities.
Google Authenticator: There are plenty of apps that generate the codes used for two-factor authentication and Google's is the elder statesman of the group. It's fallen out of favour in recent years, not least because of a painful process when changing phones. An update fixes that for iOS users, and adds support for Dark Mode.