eSecurity Planet

SEPTEMBER 18, 2023

This week, the following active exploits of vulnerabilities were announced: Iranian advanced persistent threat (APT) group exploits January 2023 vulnerabilities in Fortinet firewalls and ManageEngine software to perform remote code execution (RCE) on U.S. Read More: The 8 Best Vulnerability Scanner Tools for 2023 What is Patch Management?

Cybersecurity 109

Cybersecurity Ransomware Libraries Risk 109

IT Governance

NOVEMBER 3, 2023

IT Governance’s research has discovered the following for October 2023: 114 publicly disclosed security incidents. Our monthly blogs will provide analysis of the data we’ve collected and we’ll continue to discuss the biggest breaches on our 2023 overview of publicly disclosed data breaches and cyber attacks.

Data breaches 87

Data breaches Insurance Ransomware Education 87

IT Governance

JULY 10, 2023

Welcome to our second quarterly review of cyber attacks and data breaches for 2023. Overview IT Governance discovered 297 security incidents between April and June 2023, which accounted for 116,933,247 breached records. There were 82 such instances in Q2 2023, which represents a 16% decrease compared to last quarter.

Data breaches 73

Data breaches Ransomware Encryption Government 73

eSecurity Planet

APRIL 28, 2023

In this article, we will define automatic patch management, explain how it operates, go through its benefits and drawbacks, and list some of the best practices and top automated patch management tools of 2023. How Automated Patch Management Works Patch management is one of the most important aspects of cybersecurity.

IT 98

IT Compliance Risk Security 98

Hunton Privacy

APRIL 28, 2022

On April 11, 2022, Virginia Governor Glenn Youngkin signed into law three bills that amend the Virginia Consumer Data Protection Act (“VCDPA”) ahead of the VCDPA’s January 1, 2023 effective date.

Personal data 78

Personal data Privacy Compliance IT 78

Krebs on Security

SEPTEMBER 13, 2023

11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus , while promising to visit the same treatment on top U.S. In June 2023, the FBI seized the BreachForums domain name , but the forum has since migrated to a new domain. But on Sept. defense contractors.

Passwords 293

Passwords Authentication Sales Data breaches 293

Hunton Privacy

JANUARY 3, 2023

The draft, which follows the first iteration of the proposed rules published on October 10, 2022, solicits comments on five topics: (1) new and revised definitions; (2) the use of IP addresses to verify consumer requests; (3) a proposed universal opt-out mechanism; (4) streamlining the privacy policy requirements; and (5) bona fide loyalty programs.

Privacy 118

Privacy Personal data 118

IT Governance

APRIL 12, 2023

Welcome to our first quarterly review of security incidents for 2023, in which we take a closer look at the information gathered in our monthly list of data breaches and cyber attacks. Overview IT Governance discovered 310 security incidents between January and March 2023, which accounted for 349,171,305 breached records.

Data breaches 59

Data breaches Ransomware Government Encryption 59

Hunton Privacy

MARCH 2, 2023

On February 28, 2023, the Colorado Office of the Attorney General announced that revised draft Colorado Privacy Act (“CPA”) rules were adopted for review by the Colorado Attorney General prior to finalization and publication in the Colorado Register. The revised rules are not final, and, as drafted, will take effect on July 1, 2023.

Privacy 107

Privacy Personal data Cybersecurity 107

Security Affairs

OCTOBER 6, 2023

Researchers published PoC exploits for CVE-2023-4911 vulnerability (aka Looney Tunables) impacting most popular Linux distributions. The vulnerability CVE-2023-4911 (CVSS score 7.8) ” Below is the disclosure timeline: 2023-09-04: Advisory and exploit sent to secalert@redhat.

Libraries 115

Libraries Risk Security IT 115

eSecurity Planet

MAY 19, 2023

Read next: Software Supply Chain Security Guidance for Developers This updates a November 2020 article by Sean Michael Kerner The post Top 5 Application Security Tools & Software for 2023 appeared first on eSecurityPlanet.

Security 104

Security Cloud Compliance Risk 104

Troy Hunt

DECEMBER 30, 2023

This was a very impromptu end of 2023 weekly update as we balanced family time with doing the final video for the year. Anecdotally, this seems to have really ramped up over 2023 so on that basis, 2024 will bring. well, let's wait and see, this industry is nothing if not full of surprises.

Ransomware 103

Ransomware IT 103

IT Governance

NOVEMBER 28, 2023

9 million records breached through decade-long data leak A former temporary employee of a subsidiary of NTT West (Nippon Telegraph and Telephone West Corp) illegally accessed about 9 million personal data records over the course of a decade (2013 to 2023). Only 3 definitely haven’t had data breached.

Data Privacy 52

Data Privacy Privacy Energy and Utilities Data breaches 52

Hunton Privacy

DECEMBER 20, 2023

On December 18, 2023, the updated response from UK Information Commissioner John Edwards to the Data Protection and Digital Information (No 2) Bill (the “Bill”) was published on the website of the Information Commissioner’s Office (ICO). The Commissioner’s original response was published in March 2023.

GDPR 72

GDPR Data breaches Personal data Government 72

Hunton Privacy

AUGUST 29, 2023

On August 29, 2023, the California Privacy Protection Agency (“CPPA”) Board issued draft regulations on Risk Assessment and Cybersecurity Audit (the “Draft Regulations”). The CPPA Board will discuss the Draft Regulations during a public meeting on September 8, 2023.

Risk 114

Risk Cybersecurity Artificial Intelligence Privacy 114

Data Matters

JUNE 22, 2022

Connecticut has passed a new state data privacy law slated to go into effect on July 1, 2023. The task force will need to submit a report of their findings in short order, by January 1, 2023. We will be watching for additional developments in the Connecticut and other state data privacy laws as they continue to unfold.

Data Privacy 88

Data Privacy Privacy Personal data Sales 88

Security Affairs

JANUARY 24, 2024

At present, Tietoevry cannot provide a definite timeframe for the complete restoration process due to the complexity of the security breach. Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. The overall duration may span several days, possibly weeks.

Ransomware 125

Ransomware Government Retail Cloud 125

Security Affairs

JANUARY 12, 2023

pic.twitter.com/PC8b9frmA9 — Germán Fernández (@1ZRR4H) January 11, 2023. The exploitation attempts began on January 6, 2023, after a proof-of-concept (PoC) exploit code was published online. Make sure to patch – [link] — Shadowserver (@Shadowserver) January 11, 2023. This is an unauthenticated RCE.

Security 98

Security IT Information Security 98

Hunton Privacy

MAY 11, 2023

On May 10, 2023, the Texas Senate passed H.B. 4 , also known as the Texas Data Privacy and Security Act (“TDPSA”). The TDPSA now heads to Texas Governor Greg Abbott for a final signature. If the TDPSA is signed into law, Texas could become the tenth state to enact comprehensive privacy legislation. In addition to the provisions of H.B.

Data Privacy 128

Data Privacy Privacy Security Personal data 128

Hunton Privacy

OCTOBER 25, 2023

On October 8, 2023 and October 10, 2023, California Governor Gavin Newsom signed A.B. 947 amends the California Consumer Privacy Act of 2018’s (“CCPA”) definition of “sensitive personal information” to include personal information that reveals a consumer’s “citizenship or immigration status,” while A.B. 1194 , S.B. 362 and S.B.

Manufacturing 72

Manufacturing Personal data Privacy Access 72

Hunton Privacy

NOVEMBER 27, 2023

On November 27, 2023, the California Privacy Protection Agency (“CPPA”) published its draft regulations on automated decisionmaking technology (“ADMT”).

Privacy 121

Privacy Artificial Intelligence Access IT 121

Security Affairs

DECEMBER 12, 2023

Talos believes that NineRAT was built around May 2022, but was first spotted on March 2023 as part of Operation Blacksmith. The experts observed the use of NineRAT at around September 2023 against a European manufacturing entity. In March, the threat actors hit a South American agricultural organization.

Agriculture 117

Agriculture Data collection Access Manufacturing 117

Security Affairs

JANUARY 19, 2023

The exploitation attempts began on January 6, 2023, after a proof-of-concept (PoC) exploit code was published online. CENTOS Web Panel RCE CVE-2022-44877 Attempt Tag is live and we're definitely seeing activity [link] pic.twitter.com/CXo8WSSRag — GreyNoise (@GreyNoiseIO) January 11, 2023 Heads up!

IT 98

IT Risk Security Information Security 98

Hunton Privacy

MARCH 3, 2023

On February 24, 2023, Representative Patrick T. McHenry of North Carolina introduced a bill proposing the creation of the Data Privacy Act of 2023.

Privacy 58

Privacy Data collection Data Privacy Access 58

Data Matters

MAY 4, 2023

On April 13, 2023, the United States Department of Commerce National Telecommunication and Information Administration (“NTIA”) published a request for comment (“RFC”) seeking public input on Artificial Intelligence (“AI”) accountability. The post U.S.

Artificial Intelligence 88

Artificial Intelligence Privacy Government 88

eSecurity Planet

MAY 10, 2023

Microsoft’s Patch Tuesday for May 2023 addresses 38 vulnerabilities, the smallest Patch Tuesday in quite a while. ” Action1 vice president of vulnerability and threat research Mike Walters noted in a blog post that additional steps are required to mitigate CVE-2023-24932, as noted in the Microsoft support article KB5025885.

Security 97

Security Access Risk IT 97

OpenText Information Management

MARCH 15, 2024

Most definitions of the word include the concept of good things happening by chance. In September 2023, we introduced the L.O.V.E™ Our six-stage Success Planning Framework ensures attention is paid at every phase of the process, from value definition to growth and expansion. ™ by OpenText™ Customer Success Model.

IT 67

IT 67

Hunton Privacy

MAY 11, 2023

On May 10, 2023, the Texas Senate passed H.B. 4 , also known as the Texas Data Privacy and Security Act (“TDPSA”). The TDPSA now heads to a conference committee between the Texas Senate and House to rectify the differences between the Senate and House versions. In addition to the provisions of H.B.

Data Privacy 97

Data Privacy Privacy Security Personal data 97

ARMA International

APRIL 18, 2022

Definition and Purpose of a Records Retention Schedule. These four areas are the following: Definition of Personal Data : Personal information is generally defined as “ any information relating to an identified or identifiable natural person. ” Code § 1798.105 (State of California, Effective January 1, 2023). Bill C-11, Sec.

Personal data 100

Personal data GDPR Privacy Records Management 100

Data Protection Report

NOVEMBER 14, 2022

Unless otherwise indicated, most changes would take effect 180 days from NYDFS’ adoption of the final regulations (which will be sometime after the close of the comment period on January 9, 2023, so no earlier than July 8, 2023). Revised Definition of Class A Companies and other Key Requirements.

Cybersecurity 116

Cybersecurity Passwords Risk Compliance 116

Security Affairs

MAY 31, 2023

The vulnerability, tracked as CVE-2023-2868, resides in the module for email attachment screening, the issue was discovered on May 19 and the company fixed it with the release of two security patches on May 20 and 21. Barracuda identified a vulnerability ( [link] ) in our Email Security Gateway appliance (ESG) on May 19, 2023.

Security 98

Security Compliance Access Cloud 98

Hunton Privacy

MAY 25, 2023

On May 18, 2023, the Federal Trade Commission announced it is seeking comment to proposed changes to the Health Breach Notification Rule (the “Rule”).

Cybersecurity 61

Cybersecurity Marketing Access Security 61

Schneier on Security

OCTOBER 12, 2023

Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed away in early 2023 leaving behind a cryptographic mystery, some conspiracy theories, and an historical password cracking challenge. How were the seeds generated? So there’s a $12K prize to recover the hash seeds.

Passwords 120

Passwords IT 120

Hunton Privacy

MAY 11, 2023

On May 11, 2023, at a plenary session, the European Parliament voted to adopt a resolution on the adequacy of the protection afforded by the EU-U.S. This resolution follows the draft motion (summary available here ) which was published in February 2023 and urged the Commission not to adopt adequacy based on the Framework.

Data Privacy 144

Data Privacy Privacy Data collection Access 144

Data Protection Report

MAY 18, 2023

On 11 May 2023, members of the European Parliament passed their compromise text of the AI Act (the AI Act ) at the committee stage, taking this law a step closer to being finalised. This aligns more closely to the European Council’s definition of AI than the original Commission’s definition, which was criticised as being overly broad.

Artificial Intelligence 144

Artificial Intelligence Risk Compliance Government 144

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. The two definitions from Section 500.1 a)), this new term applies. Most changes will take effect in 180 days (500.22(c)), c)), or Monday, April 29, 2024. d) and 500.22(e)),

Cybersecurity 105

Cybersecurity Compliance Financial Services Government 105

Krebs on Security

MARCH 20, 2023

In January 2023, T-Mobile disclosed that someone stole data on 37 million customer accounts , including customer name, billing address, email, phone number, date of birth, T-Mobile account number and plan details. .” The FCC is accepting public comments on the matter until March 24, 2023. In January, regulators at the U.S.

Customer Experience 290

Customer Experience Privacy Data collection Marketing 290