eSecurity Planet

AUGUST 21, 2023

August 18 , 2023 Vulnerability Allows Code Execution When Opening WinRAR Archives Vulnerability CVE-2023-40477 in the popular WinRAR utility allows for arbitrary code execution (ACE) to automatically occur during the opening of the archive container. Organizations are urged to scan, remediate, and patch these NetScaler devices.

Archiving 90

Archiving Cybersecurity Encryption Privacy 90

eSecurity Planet

OCTOBER 30, 2023

See the Top Patch and Vulnerability Management tools October 23, 2023 Citrix NetScaler Vulnerability Under Active Attack Type of attack: Active exploitation of the high-risk Sensitive Information Disclosure vulnerability ( CVE-2023-4966 ) disclosed on October 10, 2023 and now known as Citrix Bleed.

Authentication 102

Authentication Cloud Access Cybersecurity 102

eSecurity Planet

AUGUST 28, 2023

August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform. The latest — CVE-2023-38035 — affects the Sentry secure mobile gateway, part of Ivanti’s UEM platform and is being exploited as a zero-day.

Authentication 95

Authentication Ransomware Passwords Cybersecurity 95

eSecurity Planet

SEPTEMBER 5, 2023

August 28, 2023 Ransomware Group Exploits Citrix NetScaler Vulnerability In July, Citrix released a patch for a critical remote code execution vulnerability ( CVE-2023-3519 ), which affected the company’s NetScaler ADC and NetScaler Gateway products and carried a severity rating of 9.8 out of 10 on the CVSS vulnerability scale.

Ransomware 103

Ransomware Authentication Cybersecurity Access 103

Hunton Privacy

FEBRUARY 7, 2023

On January 26, 2023, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth responded to a call for input from the UK’s Digital Regulation Cooperation Forum (DRCF) on its workplan for 2023 – 2024. The ICO, for example, has already developed an accountability framework.

Data Privacy 61

Data Privacy Blockchain Compliance Privacy 61

eSecurity Planet

SEPTEMBER 18, 2023

This week, the following active exploits of vulnerabilities were announced: Iranian advanced persistent threat (APT) group exploits January 2023 vulnerabilities in Fortinet firewalls and ManageEngine software to perform remote code execution (RCE) on U.S. Read More: The 8 Best Vulnerability Scanner Tools for 2023 What is Patch Management?

Cybersecurity 104

Cybersecurity Ransomware Libraries Risk 104

Collibra

NOVEMBER 28, 2023

Together, we enable organizations to foster a data-driven culture that unlocks the full potential of their multi/hybrid cloud data landscape while mitigating data privacy and security risks.

Cloud 64

Cloud Data Privacy Privacy Risk 64

eSecurity Planet

NOVEMBER 6, 2023

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Ransomware 101

Ransomware Authentication Cybersecurity Education 101

eSecurity Planet

OCTOBER 9, 2023

This vulnerability, identified as CVE-2023-42793 , can give unauthenticated attackers remote code execution (RCE) abilities without requiring user input by exploiting an authentication bypass flaw. The problem: Arm has issued a security alert on CVE-2023-4211 , an actively exploited vulnerability in its Mali GPU drivers.

Libraries 102

Libraries Ransomware Access Security 102

eSecurity Planet

AUGUST 28, 2023

August 21, 2023 Ivanti finds another vulnerability For the third time in a month, Ivanti’s has reported a vulnerability in a mobile device management platform. The latest — CVE-2023-38035 — affects the Sentry secure mobile gateway, part of Ivanti’s UEM platform and is being exploited as a zero-day.

Authentication 79

Authentication Ransomware Passwords Cybersecurity 79

Hunton Privacy

FEBRUARY 8, 2021

On January 28, 2021, international Data Privacy Day, the newly formed Brazilian data protection authority ( Agência Nacional de Proteção de Dados , the “ANPD”) published its regulatory strategy for 2021-2023 and work plan for 2021-2022 (in Portuguese). Regulatory strategy for 2021-2023. ANPD Regulatory Strategy. ANPD Staff.

Data breaches 138

Data breaches Data Privacy Compliance Privacy 138

eSecurity Planet

AUGUST 14, 2023

August 12 , 2023 Ford Auto’s TI Wi-Fi Vulnerability The Internet of Things (IoT) continues to expand and become a threat to connected businesses. August 11 , 2023 DEFCON and Black Hat Vulnerabilities Security researchers at DEFCON and Black Hat discussed a number of vulnerabilities with significant impact for affected organizations.

Cybersecurity 95

Cybersecurity Access IoT Manufacturing 95

Data Matters

JULY 13, 2023

The post FTC’s New Biometric Policy Statement Articulates New Governance Standards and an Expansive View of Biometric Data appeared first on Data Matters Privacy Blog.

Government 148

Government Risk Compliance Privacy 148

Data Matters

SEPTEMBER 6, 2022

Privacy never sleeps in California. In recent days and as California’s legislative session comes to a close, there have been a number of significant legislative and regulatory developments in the state, each of which will likely (again) change the privacy landscape in California and, by extension, the rest of the country.

Privacy 197

Privacy B2B Sales Compliance 197

Data Matters

NOVEMBER 7, 2023

On October 30, 2023, President Joe Biden issued an executive order (EO or the Order) on Safe, Secure, and Trustworthy Artificial Intelligence (AI) to advance a coordinated, federal governmentwide approach toward the safe and responsible development of AI.

Artificial Intelligence 122

Artificial Intelligence Privacy Security IT 122

IT Governance

NOVEMBER 6, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Records breached: According to the library’s 4 November update , there is “no evidence that the personal information of our staff or customers has been compromised”.

Data Privacy 97

Data Privacy Privacy Libraries Security 97

Hunton Privacy

DECEMBER 14, 2023

On December 12, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP (“CIPL”) released a white paper on Privacy-Enhancing and Privacy-Preserving Technologies: Understanding the Role of PETs and PPTs in the Digital Age.

Paper 118

Paper Privacy Data Privacy Education 118

Thales Cloud Protection & Licensing

MAY 3, 2023

Meet Thales at the KuppingerCole European Identity and Cloud Conference 2023 madhav Wed, 05/03/2023 - 08:08 From May 9 to May 12, 2023, Berlin will host the European Identity and Cloud Conference (EIC), organized by industry analyst KuppingerCole. This session will take place on Thursday, May 11, 2023, from 11:00—11:40.

Cloud 71

Cloud B2B Authentication Phishing 71

Hunton Privacy

JANUARY 3, 2023

On December 21, 2022, the Colorado Attorney General published an updated version of the draft rules to the Colorado Privacy Act (“CPA”). Stakeholders can submit comments to the second draft until January 18, 2023. The CPA will take effect on July 1, 2023.

Privacy 118

Privacy Personal data 118

Data Matters

SEPTEMBER 7, 2023

The National Association of Insurance Commissioners (NAIC) held its Summer 2023 National Meeting (Summer Meeting) from August 12–16, 2023. The post Regulatory Update: National Association of Insurance Commissioners Summer 2023 National Meeting appeared first on Data Matters Privacy Blog.

Insurance 88

Insurance Artificial Intelligence Privacy Security 88

Krebs on Security

MARCH 20, 2023

Until recently, AT&T also shared CPNI data with Xandr , whose privacy policy in turn explains that it shares data with hundreds of other advertising firms. T-Mobile customers can opt out by logging into their account and navigating to the profile page, then to “Privacy and Notifications.”

Customer Experience 284

Customer Experience Privacy Data collection Marketing 284

Data Protection Report

JANUARY 4, 2024

December tends to be a busy time for everyone, so you may have missed a privacy update or two. 1. As of December 18, 2023, unless the U.S. 5. Headlines in 2023 also had many references to artificial intelligence. For those making this quiz a competitive event, we have included a tie-breaker/bonus question.)

Privacy 110

Privacy Cybersecurity Artificial Intelligence e-Discovery 110

Data Matters

FEBRUARY 15, 2024

Policymakers around the world took significant steps toward regulating artificial intelligence (AI) in 2023. leadership on cybersecurity rules and governance—and unlike the policy void on privacy that the federal government has allowed the EU to fill.” The post The U.S.

Artificial Intelligence 88

Artificial Intelligence Government Privacy Cybersecurity 88

eSecurity Planet

FEBRUARY 12, 2024

This week saw some repeat products from previous vulnerability recaps, such as Ivanti Policy Secure and JetBrains TeamCity servers. The RCE vulnerability is tracked as CVE-2023-40547 and has a severity rating of 8.3. Policy Secure 9.1R17.3 Policy Secure9.1R18.4 Policy Secure 22.5R1.2 versions 7.4.0 versions 7.2.0

Authentication 108

Authentication Cybersecurity Security Access 108

Data Protection Report

NOVEMBER 28, 2023

To help provide some guidance, Norton Rose Fulbright Canada hosted its 2023 technology, privacy and cybersecurity virtual summit. Our leading lawyers were joined by prominent industry leaders to discuss and explore the latest developments, challenges and opportunities in the technology, privacy, and cybersecurity landscape.

Cybersecurity 136

Cybersecurity Risk Artificial Intelligence Privacy 136

ARMA International

AUGUST 7, 2023

In 2023, we see six significant trends that considerably impact the legal industry. These include artificial intelligence (AI), hybrid and remote work collaboration, cloud, workflow automation and customization, mail processing and digitization, and security and data privacy. AI can be a valuable tool.

Artificial Intelligence 52

Artificial Intelligence Cloud Data Privacy Privacy 52

Hunton Privacy

JULY 3, 2023

On July 3, 2023, U.S. Data Privacy Framework (the “Framework”). Intelligence Community has adopted its policies and procedures pursuant to Executive Order 14086. Secretary of Commerce Gina Raimondo issued a statement confirming that the U.S. has fulfilled its commitments for implementing the EU-U.S.

Data Privacy 119

Data Privacy Privacy IT 119

The Last Watchdog

AUGUST 7, 2023

Compliance and Data Privacy Enforcement (CAPE) Mustafa Data compliance and privacy enforcement is a daunting task that involves multiple, complex processes and requires the ability to sieve through large volumes of data at a very high rate both, on-premises and across multi-cloud environments. San Jose, Calif.,

Data Privacy 100

Data Privacy Compliance Privacy Information Security 100

Schneier on Security

JULY 20, 2023

The Atlantic Council released a detailed commentary on the White House’s new “Implementation Plan for the 2023 US National Cybersecurity Strategy.” ” Lots of interesting bits. That many of the milestones are still hazy might be less important than the commitment. But there are missed opportunities as well.

Cybersecurity 61

Cybersecurity Risk Cloud Privacy 61

Hunton Privacy

AUGUST 15, 2022

On June 10, 2022, New York became the first state to require attorneys to complete at least one credit of cybersecurity, privacy and data protection training as part of their continuing legal education (“CLE”) requirements. The new requirement will take effect July 1, 2023.

Cybersecurity 114

Cybersecurity Privacy Data Privacy Data breaches 114

Security Affairs

DECEMBER 23, 2023

In March of 2023, T-Mobile US acquired the mobile virtual network operator. On December 22, 2023, Mint Mobile started notifying impacted customers. “Mint’s data collection policy is one of the most important ways in which we ensure the privacy and security of our subscribers.

Data breaches 117

Data breaches Data collection Passwords Access 117

The Last Watchdog

NOVEMBER 29, 2023

November 29, 2023 – Kiteworks , which delivers data privacy and compliance for sensitive content communications through its Private Content Network (PCN), released today its Sensitive Content Communications 2024 Forecast Report. San Mateo, Calif., The evolution and growth in compliance will become increasingly important.

Risk 100

Risk Data Privacy Compliance Communications 100

Hunton Privacy

MAY 11, 2023

On May 10, 2023, the Texas Senate passed H.B. 4 , also known as the Texas Data Privacy and Security Act (“TDPSA”). If the TDPSA is signed into law, Texas could become the tenth state to enact comprehensive privacy legislation. The TDPSA now heads to Texas Governor Greg Abbott for a final signature.

Data Privacy 128

Data Privacy Privacy Security Personal data 128

Hunton Privacy

OCTOBER 26, 2022

On October 20, 2022, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth published a white paper entitled Protecting Children’s Data Privacy, Policy Paper I, International Issues and Compliance Challenges. Policy Paper I sets the stage for a second policy paper in 2023?Protecting

Paper 96

Paper Data Privacy Privacy Compliance 96

eSecurity Planet

FEBRUARY 5, 2024

The Known Exploited Vulnerabilities list also added the previously disclosed issues CVE-2023-36846 and CVE-2023-36851 , emphasizing the importance of immediate fix. The fix: Microsoft already issued a fix in October 2023 to address this vulnerability. Both affect J-Web and all Junos OS versions. CVE-2024-21888 (CVSS score: 8.8)

Risk 105

Risk Authentication Cybersecurity Access 105

Data Matters

SEPTEMBER 8, 2023

*This article first appeared on Law360 on September 5, 2023. Model on AI Governance appeared first on Data Matters Privacy Blog. The post Schumer Framework May Forge U.S.

Government 88

Government Artificial Intelligence Privacy 88

Hunton Privacy

OCTOBER 27, 2023

On October 17, 2023, the Office of the Privacy Commissioner of Canada (“OPC”) announced the release of two companion documents that provide further guidance on protecting the privacy of young people.

Privacy 72

Privacy Access IT Information Security 72