Information Management Today

Airline Booking System Exposed Passenger Details

Data Breach Today

JANUARY 17, 2019

Vulnerability Highlights Poor Security Controls for Passenger Name Records Airline booking system provider Amadeus - whose system is used by 500 airlines - is investigating a software vulnerability that exposed passenger name records, which is the bundle of personal and travel data that gets collected when booking a flight.

Security

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Krebs on Security

MARCH 22, 2024

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep , an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. Nor is collecting and selling data on Americans. Mozilla Monitor.

Healthcare

Healthcare Privacy Data breaches Government

OnionPoison: malicious Tor Browser installer served through a popular Chinese YouTube channel

Security Affairs

OCTOBER 5, 2022

The experts also discovered that the libraries bundled with the malicious Tor Browser is infected with spyware. “More importantly, one of the libraries bundled with the malicious Tor Browser is infected with spyware that collects various personal data and sends it to a command and control server. “The file freebl3.dll

Libraries

Libraries Personal data Passwords Cloud

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Introducing 'Secure Access Service Edge'

Dark Reading

JULY 3, 2020

The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service.

Access

Access Security Cloud

Breach Exposes Users of Microleaves Proxy Service

Krebs on Security

JULY 28, 2022

Microleaves claims its proxy software is installed with user consent, but data exposed in the breach shows the service has a lengthy history of being supplied with new proxies by affiliates incentivized to distribute the software any which way they can — such as by secretly bundling it with other titles.

Computer and Electronics

Computer and Electronics Sales Marketing Blockchain

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

Security Affairs

JUNE 23, 2022

The loader was bundled with a Chinese language greyware “SMS Bomber” tool that is most likely distributed in the Chinese underground. Therefore the entire bundle works as a trojanized binary. This version gather information collected by the original Yahoyah (i.e. ” reads the post published by Check Point experts.

Military

Military Encryption Passwords IT

Experts uncovered novel Malware persistence within VMware ESXi Hypervisors

Security Affairs

SEPTEMBER 30, 2022

In the attack investigated by Mandiant, threat actors relied on malicious vSphere Installation Bundles (“VIBs”) to install two backdoors on the ESXi hypervisors, tracked as VIRTUALPITA and VIRTUALPIE. ” reads the report published by Mandiant. We call these backdoors VIRTUALPITA and VIRTUALPIE.”

Metadata

Metadata Archiving Access IT

Accelerating Data Security and Manufacturing Production for Medical Sensors by 20x with nTropy.io and Thales

Thales Cloud Protection & Licensing

AUGUST 21, 2023

Each device relies on wireless data transmission to relay collected data back to the patient’s phone or other monitoring tool. Using rTery, manufacturers can perform mass pre-generated key bundle installations during production time up to 20x faster than before.

Manufacturing

Manufacturing IoT Encryption Security

China Issues the Measures for the Supervision and Administration of Online Transactions

Hunton Privacy

MARCH 31, 2021

The online transaction operator is prohibited from adopting one-time general authorization, implied authorization and bundled authorization, as well as from stopping installation, or using other means, to force consumers to consent to providing information not directly related to its business operation. Protection of Personal Information.

Sales

Sales Marketing IT Personal data

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

net available at the Wayback Machine shows that in 2016 this domain was used for the “ ExE Bucks ” affiliate program, a pay-per-install business which catered to people already running large collections of hacked computers or compromised websites. Others are fairly opaque about their data collection and retention policies.

Computer and Electronics

Computer and Electronics Sales Marketing Access

CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog

Security Affairs

JANUARY 23, 2024

In the attack investigated by Mandiant in September 2022, threat actors relied on malicious vSphere Installation Bundles (“VIBs”) to install two backdoors on the ESXi hypervisors, tracked as VIRTUALPITA and VIRTUALPIE.

IT

IT Cybersecurity Cloud Risk

EDPB Releases Guidelines on Virtual Voice Assistants

Hunton Privacy

MARCH 13, 2021

These tools are available on most smartphones and other devices and collect significant amounts of personal data, such as through user commands. Virtual voice assistants (“VVAs”) understand and execute voice commands or coordinate with other IT systems.

Personal data

Personal data Compliance GDPR Privacy

China-linked APT UNC3886 exploits VMware zero-day since 2021

Security Affairs

JANUARY 19, 2024

In the attack investigated by Mandiant in September 2022, threat actors relied on malicious vSphere Installation Bundles (“VIBs”) to install two backdoors on the ESXi hypervisors, tracked as VIRTUALPITA and VIRTUALPIE.

Authentication

Authentication Access Cloud IT

Masad Stealer Malware exfiltrates data via Telegram

Security Affairs

SEPTEMBER 29, 2019

“ Masad Stealer sends all of the information it collects – and receive commands from – a Telegram bot controlled by the threat actor deploying that instance of Masad. MiB, but experts revealed that it is possible to find larger executables bundled into other applications. .

Passwords

Passwords Marketing Sales Authentication

CHINA: Draft Rules on Privacy Policies Released – Is Your Privacy Policy Compliant?

DLA Piper Privacy Matters

AUGUST 8, 2022

Personal Information Collection List : a list setting out the types of personal data collected or processed by services and business functions. The list should differentiate and list separately essential and non-essential personal information types collected by each business function.

Privacy

Privacy Personal data Data collection Access

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

OCTOBER 31, 2022

For example, the indictment includes a photo that investigators subpoenaed from Sokolovsky’s iCloud account that shows him posing with several stacks of bundled cash. gov — that allows visitors to check whether their email address shows up in the data collected by the Raccoon Stealer service. Image: USDOJ.

Military

Military Passwords Data collection Ransomware

Rapid7 InsightIDR Review: Features & Benefits

eSecurity Planet

SEPTEMBER 24, 2021

Rapid7 combines threat intelligence , security research, data collection, and analytics in its comprehensive Insight platform, but how does its detection and response solution – InsightIDR – compare to other cybersecurity solutions? Bundling with the Rapid7 Insight Platform. InsightIDR: Advanced Detection and Response.

Analytics

Analytics Cloud Cybersecurity Honeypots

Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts

Security Affairs

NOVEMBER 26, 2019

The SDK was designed to display ads, experts noticed that once users of the social networks were logged into either service using one of these applications, the SDK silently accessed their profiles to collect information. “No data from Facebook is collected, shared or monetised by MobiBurn,” reads the statement.

Personal data

Personal data IT Access Marketing

LibTech EdTech – transition, challenges and contradictions

CILIP

APRIL 15, 2024

The e-book market still stumbles along riddled by prohibitive pricing, bundling reducing choice and unstable access. Libraries will need to navigate the ethical implications of collecting and managing user data while ensuring user privacy and data security,” says Ken.

Libraries

Libraries Education Analytics Marketing

Windows App runs on Mac to download MacOS malware

Security Affairs

FEBRUARY 17, 2019

EXE file bundled with the app that was responsive for the malicious payload. “When the installer is executed, the main file also launched the executable as it is enabled by the mono framework included in the bundle. Experts noticed inside the installer the strange presence of a. ” continues the report.

Security

Security IT

Cybersecurity Services combat an APT with NDR

OpenText Information Management

MARCH 28, 2024

Security teams can quickly assess, collect, and work to mitigate threats to minimize the impact of potential security incidents. This granular visibility is crucial for understanding the nature of threats. Incident response : The solution facilitates rapid incident response by providing actionable insights and alerts.

Cybersecurity

Cybersecurity Military IoT Security

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

The malware supports multiple commands, including collecting system information, starting an interactive shell, listing network connections, creating SOCKS proxy, uploading and downloading files, and other basic file operations (listing, deleting, renaming, and creating a directory). The backdoor uses AES-ECB encryption for C2 communications.

IT

IT Encryption Authentication Communications

Privacy Act Review report

Data Protection Report

FEBRUARY 23, 2023

These include enhanced data subject rights and increased accountability requirements for organisations collecting and processing Australians’ personal information, as well as the introduction of a right of direct action for individuals and a new tort of serious invasion of privacy.

Privacy

Privacy Data collection Data breaches Government

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

Security Affairs

APRIL 25, 2023

The second stage malware doesn’t use AppleScript, it masquerades as a legitimate Apple bundle identifier and is signed with an ad-hoc signature. Upon executing, the malware collects system information, including the process listing, current time and whether or not it’s running within a VM.

Education

Education Communications Marketing Cloud

Trojanized Super Mario Bros game spreads malware

Security Affairs

JUNE 25, 2023

The threat actors bundled a legitimate installer file of super-mario-forever-v702e with the malicious codes. The researchers pointed out that attackers target gamers because they often use powerful hardware for gaming, which is excellent for mining cryptocurrencies. ” concludes the report.

Mining

Mining Passwords IT Security

Experts shared PoC exploit code for RCE in Zoho ManageEngine ADAudit Plus tool

Security Affairs

JULY 2, 2022

The experts noticed a feature in the ADAudit Plus which collects security events from agents running on other machines in the domain. “One of the features of ADAudit Plus is the ability to collect security events from agents running on other machines in the domain. .” By default ADAudit Plus ships with Java 8u051.

Libraries

Libraries Authentication Security Access

CHINA: important new developments in PRC data privacy regulations

DLA Piper Privacy Matters

OCTOBER 31, 2019

Bundled consent will be banned. Separate consent may now be required for each specific scope of collection (e.g. Mobile app providers are encouraged to minimise personal information collection via their apps, i.e. avoid excessive data collection. Amended PIS Specification.

Data Privacy

Data Privacy Privacy Data collection Data breaches

German antitrust authority prohibits Facebook from combining users’ personal data

Data Protection Report

FEBRUARY 12, 2019

The FCO said that Facebook abused its market dominance in: collecting, merging and using personal data; and. failing to provide a choice to its customers to prevent collection of their data. The German antitrust authority used typical antitrust arguments from bundling decisions.

Personal data

Personal data Data collection GDPR Marketing

56.25 million US residents records collected by CheckPeople exposed on a Chinese server

Security Affairs

JANUARY 9, 2020

The size of the NoSQL database is 22GB and included metadata that links the collection to CheckPeople.com. The data are likely collected by the service from public sources. .” million US residents records collected by CheckPeople exposed on a Chinese server appeared first on Security Affairs. Pierluigi Paganini.

Archiving

Archiving Metadata Government IT

Navigating China: The digital journey

DLA Piper Privacy Matters

NOVEMBER 5, 2019

Bundled consent will be banned. Separate consent may now be required for each specific scope of collection (e.g. Mobile app providers are encouraged to minimize personal information collection via their apps, (i.e., avoid excessive data collection). Amended PIS Specification.

Data collection

Data collection Data breaches Privacy Information Security

China-linked APT likely linked to Fortinet zero-day attacks

Security Affairs

MARCH 17, 2023

Once obtained access to the Fortinet devices, the attackers targeted ESXi servers to deploy malicious vSphere Installation Bundles which contained VIRTUALPITA and VIRTUALPIE backdoors. ” concludes Mandiant.

Manufacturing

Manufacturing Access Government Communications

China-linked APT UNC3886 used VMware ESXi Zero-Day

Security Affairs

JUNE 14, 2023

In the attack investigated by Mandiant in September 2022, threat actors relied on malicious vSphere Installation Bundles (“VIBs”) to install two backdoors on the ESXi hypervisors, tracked as VIRTUALPITA and VIRTUALPIE.

Cleanup

Cleanup Authentication Access Communications

Here’s Some Bitcoin: Oh, and You’ve Been Served!

Krebs on Security

JANUARY 10, 2024

The IC3 collects reports on cybercrime and sometimes bundles victim reports into cases for DOJ/FBI prosecutors and investigators. The hard truth is that most victims will never see their stolen funds again.

Blockchain

Blockchain Government Metadata IT

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The details of any organization’s plan to become fully GDPR compliant will vary based on the data the organization collects and what it does with that data. A data controller is any organization, group, or person that collects personal data and determines how it is used. Consents cannot be bundled, either.

GDPR

GDPR Compliance Personal data Privacy

Top 10 Open Source Vulnerability Assessment Tools

eSecurity Planet

APRIL 15, 2022

Some of the tools we’ll see in this top 10 list are bundled in Kali Linux , a super-charged security distribution that can run both pentests and vulnerability tests. The tool collects insights from a massive range of sources, allowing almost blind tests. Probably the most comprehensive tool in the list. No graphical interface.

Security

Security Access Risk Marketing

Italian Garante Fines Telecom Company 27.8 Million Euros for Unlawful Marketing Practices

Hunton Privacy

FEBRUARY 4, 2020

In particular, the Garante found that the information TIM provided to users via its apps was incorrect and not transparent, and that TIM was using invalid methods to collect users’ consent ( e.g. , bundled consent was used for various processing purposes, including marketing). The fine corresponds to 0.2%

Marketing

Marketing Communications Data collection Data breaches

Experts detected a new variant of North Korea-linked RUSTBUCKET macOS malware

Security Affairs

JULY 3, 2023

The second stage malware doesn’t use AppleScript, it masquerades as a legitimate Apple bundle identifier and is signed with an ad-hoc signature. Upon executing, the malware collects system information, including the process listing, current time and whether or not it’s running within a VM.

Security

Security Communications Cloud IT

How to simplify the data mapping process under the GDPR

IT Governance

JULY 11, 2018

You must run through the information lifecycle to identify all uses of data (even unforeseen or unintended uses), enabling you to minimise what data needs to be collected. Get a complete overview of your compliance projects with the Data Flow Mapping Tool and Compliance Manager bundle >> Data Flow Mapping Tool: Compliance Manager:

GDPR

GDPR Compliance Privacy Information Security

Achieve GDPR compliance with our software tools

IT Governance

APRIL 27, 2018

Compliance Manager provides a list of information security clauses from UK law and a collection of curated GDPR articles that require data controllers and processors to take action to achieve compliance. Achieve GDPR compliance with the Data Flow Mapping Tool and Compliance Manager bundle >>

GDPR

GDPR Compliance Personal data Information Security

3 GDPR compliance tips for small businesses

IT Governance

MAY 22, 2019

The only people who need an in-depth understanding of the GDPR’s requirements are managers, as they are the ones who determine the way personal data is collected and processed. Organisations can get all the help they need to complete these steps with our GDPR Compliance Solution – The Essentials bundle.

GDPR

GDPR Compliance Personal data Information Security

Research confirms rampant sale of SSL/TLS certificates on darkweb

Security Affairs

MARCH 7, 2019

Experts analyzed 60 marketplaces hosted by the Tor network and 17 websites on the I2P network collecting data on SSL and TLS certificates and related services. A study sponsored by Venafi and conducted by researchers from Georgia State University in the U.S. and the University of Surrey in the U.K.

Sales

Sales Marketing Ransomware Security

China-linked APT3 was able to modify stolen NSA cyberweapons

Security Affairs

SEPTEMBER 8, 2019

The APT3 has developed a collection of exploits and tools dubbed ‘UPSynergy,’ many of which appear to be based on malicious code belonging to the NSA’s Equation Group APT. Evidence collected by CheckPoint implies that both states have similar expertise. ” continues the analysis. Experts pointed out that the U.S.

Military

Military Security IT Government

Is your organisation equipped for long-term GDPR compliance?

IT Governance

MAY 28, 2019

A privacy notice is a document that organisations give to individuals to describes the way their personal data is being collected and used. Organisations must therefore explain in simple terms what data they’re collecting, why they need it, what it’s being used for and whether any third parties will have access to the data.

GDPR

GDPR Compliance Personal data Risk

How Ireland became Europe’s data protection watchdog

IT Governance

JUNE 14, 2019

The majority of the DPC’s investigations concern organisations’ inability to: Justify and document a lawful basis for processing personal data; Provide individuals with information about what data is collected and how it will be used; and. Inform individuals about their data subject rights. Fast-track your compliance project.

GDPR

GDPR Personal data Compliance Privacy

Airline Booking System Exposed Passenger Details

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

Webinars

Trending Sources

OnionPoison: malicious Tor Browser installer served through a popular Chinese YouTube channel

Webinars

Introducing 'Secure Access Service Edge'

Breach Exposes Users of Microleaves Proxy Service

Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor

Experts uncovered novel Malware persistence within VMware ESXi Hypervisors

Accelerating Data Security and Manufacturing Production for Medical Sensors by 20x with nTropy.io and Thales

China Issues the Measures for the Supervision and Administration of Online Transactions

A Deep Dive Into the Residential Proxy Service ‘911’

CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog

EDPB Releases Guidelines on Virtual Voice Assistants

China-linked APT UNC3886 exploits VMware zero-day since 2021

Masad Stealer Malware exfiltrates data via Telegram

CHINA: Draft Rules on Privacy Policies Released – Is Your Privacy Policy Compliant?

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Rapid7 InsightIDR Review: Features & Benefits

Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts

LibTech EdTech – transition, challenges and contradictions

Windows App runs on Mac to download MacOS malware

Cybersecurity Services combat an APT with NDR

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Privacy Act Review report

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

Trojanized Super Mario Bros game spreads malware

Experts shared PoC exploit code for RCE in Zoho ManageEngine ADAudit Plus tool

CHINA: important new developments in PRC data privacy regulations

German antitrust authority prohibits Facebook from combining users’ personal data

56.25 million US residents records collected by CheckPeople exposed on a Chinese server

Navigating China: The digital journey

China-linked APT likely linked to Fortinet zero-day attacks

China-linked APT UNC3886 used VMware ESXi Zero-Day

Here’s Some Bitcoin: Oh, and You’ve Been Served!

How to implement the General Data Protection Regulation (GDPR)

Top 10 Open Source Vulnerability Assessment Tools

Italian Garante Fines Telecom Company 27.8 Million Euros for Unlawful Marketing Practices

Experts detected a new variant of North Korea-linked RUSTBUCKET macOS malware

How to simplify the data mapping process under the GDPR

Achieve GDPR compliance with our software tools

3 GDPR compliance tips for small businesses

Research confirms rampant sale of SSL/TLS certificates on darkweb

China-linked APT3 was able to modify stolen NSA cyberweapons

Is your organisation equipped for long-term GDPR compliance?

How Ireland became Europe’s data protection watchdog

Stay Connected