Security Affairs

DECEMBER 12, 2021

Quebec shut down nearly 4,000 of its sites as a preventative measure after the disclosure of a PoC exploit for the Log4Shell flaw ( CVE-2021-44228 ) in the Apache Log4j Java-based logging library. Query our API for "tags=CVE-2021-44228" for source IP addresses and other IOCs. Tags available to all users and customers now.

Libraries 105

Libraries Digital transformation Education Government 105

Hunton Privacy

FEBRUARY 11, 2022

On February 9, 2022, the SEC proposed new cybersecurity compliance and disclosure rules for the investment management industry in a three to one vote. 2) substantial harm to a client, or an investor in a private fund, whose information was accessed.

Cybersecurity 102

Cybersecurity Risk Access Insurance 102

Data Matters

MARCH 11, 2022

Securities and Exchange Commission (SEC) proposed new cybersecurity rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. The proposed rules includes a nonexclusive list of cybersecurity events that may require disclosure, such as.

Cybersecurity 88

Cybersecurity Risk Government e-Discovery 88

Data Protection Report

APRIL 30, 2024

that “uses cookies, pixel tags, and other storage and tracking technology to collect or receive information from [Cerebral’s] [w]ebsites and [a]pps based on [consumers’] usage activity.” The complaint alleged that the company’s data handling practices also resulted in unauthorized disclosures of personal information.

Personal data 85

Personal data Privacy Information governance Compliance 85

Hunton Privacy

MARCH 11, 2022

On March 9, 2022, the Securities and Exchange Commission (“SEC”) held an open meeting and proposed new cybersecurity disclosure rules for public companies by a 3-1 vote. In proposing the rules, the SEC hopes to improve the consistency and comparability of cybersecurity disclosures among public companies.

Cybersecurity 108

Cybersecurity Risk Government Security 108

eSecurity Planet

OCTOBER 9, 2023

or later), and examine and update their security configurations to prevent unauthorized access. Targeted Attacks Exploit Arm’s Mali GPU Vulnerabilities Type of attack: Remote code execution (RCE) vulnerability, Out-of-Bounds Write Weakness, and Information Disclosure vulnerability.

Libraries 103

Libraries Ransomware Access Security 103

Security Affairs

FEBRUARY 9, 2021

The flaw was exploited by threat actors to obtain SYSTEM-level access after gaining access to a Windows system. ” The lists of security updates released by Microsoft is available on the Security Update Guide portal : Tag CVE ID CVE Title.NET Core CVE-2021-26701.NET

IoT 96

IoT Libraries Encryption Security 96

eDiscovery Daily

MARCH 28, 2024

While FOIA requests aim to access government records, eDiscovery deals with electronic information for legal proceedings, both necessitating efficient data organization and retrieval mechanisms. Tools and techniques are employed to protect sensitive details, including personal identifiable information (PII) before disclosure.

FOIA 41

FOIA Compliance Cloud Government 41

eSecurity Planet

MARCH 16, 2023

According to Crowdstrike researchers , 40 percent of the patched vulnerabilities are remote code execution flaws, down from 48 percent last month; 31 percent are elevation of privilege flaws, up from almost 16 percent last month; and 22 percent are information disclosure flaws, up from 10 percent last month. is being actively exploited.

Energy and Utilities 98

Energy and Utilities Authentication Ransomware Military 98

Security Affairs

JULY 8, 2020

Unfortunately, threat actors in the wild were already using the bypass technique before its public disclosure. A few days after the disclosure of the vulnerability in the F5 Networks BIG-IP product threat actors started exploiting it in attacks in the wild. reads the advisory published by F5.

Education 113

Education Government Authentication Passwords 113

Security Affairs

MAY 7, 2021

In practice, I had access to everything I needed to easily figure out where the NRF52’s SWD pins are located, without even messing with Microscope, GIMP and Multimeter in continuity mode. RFID Feature: One clue still left (from a hardware security POV) was about the RFID tag. Thanks Hideez ). meh…). Pierluigi Paganini.

Security 97

Security Passwords Encryption Access 97

Information Management Resources

JUNE 25, 2019

The company’s disclosure in September that hackers exploited several software bugs to obtain login access to accounts was tagged as Facebook’s worst security breach ever.

Data breaches 32

Data breaches Access Security 32

Security Affairs

FEBRUARY 9, 2022

Successful exploitation of this vulnerability could allow attackers to elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. In order to exploit this flaw, an attacker needs to take additional actions prior to prepare the target environment.

Security 73

Security Libraries Access IT 73

Data Protection Report

NOVEMBER 29, 2023

The proposed rules revolve around providing notice of the technology’s use, opting out, and consumer access to business information. How the disclosure, opt-out, and access rights play out between businesses leveraging in-house models versus businesses relying on third-party foundational models will likely spark debate.

Access 64

Access Privacy Personal data Authentication 64

Security Affairs

FEBRUARY 14, 2019

The fixes address flaw in the following SAP products: Business Client, HANA XSA, ABAP Platform (SLD Registration), Disclosure Management, Solution Tools Plug-In (ST-PI), Note Assistant, Business Objects, Manufacturing Integration and Intelligence, Business One Mobile Android App, and WebIntelligence BILaunchPad (Enterprise).

Security 69

Security Manufacturing Authentication Access 69

Security Affairs

JANUARY 6, 2021

According to the vendor, the hidden account was used to deliver automatic firmware updates to connected access points through FTP. Unfortunately a few days after the disclosure of the flaw threat actors started attempting exploiting it. Tags available for all users via the GreyNoise web interface and API now.

Passwords 106

Passwords Cloud Security Access 106

IBM Big Data Hub

APRIL 21, 2023

There are several data-intensive disclosures within the European Sustainability Reporting Standards (ESRS) covering greenhouse gas emissions, energy, waste, water, recycling and social metrics. Not only do these disclosures need to be made publicly available and easily accessible, but the CSRD now also mandates independent auditing.

Risk 43

Risk Government Compliance Marketing 43

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. com) aimed at siphoning credentials for a target organization’s access to the software development platform Github. Image: urlscan.io.

Phishing 360

Phishing Authentication Access Security 360

Security Affairs

JULY 25, 2020

Immediately after the disclosure of the issue, the US Cyber Command posted a message on Twitter urging organizations using the F5 product to immediately patch their installs. Immediately after the public disclosure of the flaw, that several proof-of-concept (PoC) exploits have been released, some of them are very easy to use.

Education 99

Education Government Authentication Passwords 99

Security Affairs

MARCH 8, 2022

Below is the complete list of vulnerabilities addressed by Microsoft: Tag CVE ID CVE Title Severity.NET and Visual Studio CVE-2022-24512.NET Below is the complete list of vulnerabilities addressed by Microsoft: Tag CVE ID CVE Title Severity.NET and Visual Studio CVE-2022-24512.NET

Libraries 91

Libraries IoT Cloud Security 91

eSecurity Planet

MAY 18, 2022

No-code data pipelines used in the research are particularly attractive for an attacker, as “the data flow never transits through any type of firewall or scanning device before it is processed and ultimately gains access to a vulnerable system.” buckets), and ETL (extract, transform, load) applications.

Risk 120

Risk Libraries Analytics Big data 120

Security Affairs

JANUARY 9, 2019

The tech giant also fixed a vulnerability in Skype for Android ( CVE-2019-0622 ) that could have allowed a local attacker with physical access to an Android device to bypass the lock screen and potentially expose victim’s data. Tag CVE ID CVE Title.NET Framework CVE-2019-0545.NET Tag CVE ID CVE Title.NET Framework CVE-2019-0545.NET

Authentication 73

Authentication Security Cybersecurity Access 73

Security Affairs

MAY 13, 2020

Below a list of the most severe issues fixed by Microsoft with May 2020 Patch Tuesday security updates: – CVE-2020-1071 – Windows Remote Access Common Dialog Elevation of Privilege Vulnerability – An attacker could exploit the bug in the Remote Access Common Dialog to run arbitrary code with elevated privileges.

Security 68

Security Access Information Security IT 68

Security Affairs

AUGUST 16, 2018

Principal type of vulnerabilities fixed by SAP security notes are SQL Injection and Information Disclosure flaws as reported in the following graph. Another High Priority Note reported by the Onapsis Research Labs, # 2644154 , is tagged with a CVSS v3 base score: 7.7/10. ” reads the advisory published by SAP.

Security 54

Security MDM Access Risk 54

Security Affairs

JUNE 13, 2019

“A logical coding error made it is possible to break domain-isolation mechanisms and execute code on behalf of the user – granting access to sensitive user information not limited to Evernote’s domain.” Malicious website silently loads hidden, legitimate iframe tags (link) of targeted websites.

Security 63

Security Access IT Information Security 63

Collibra

SEPTEMBER 20, 2022

ESG requires energy and utilities providers to establish detailed metrics and controls, aggregate ESG data from across the enterprise, track and analyze progress against ESG goals and provide regular ESG disclosures in the form of reports and dashboards with comprehensive audit trails. Volatile markets, environmental and geo-political risks.

Energy and Utilities 52

Energy and Utilities Government Cloud Customer Experience 52

Hunton Privacy

JUNE 14, 2011

According to a post on The Facebook Blog , the Tag Suggestions feature matches uploaded “new photos to other photos [the user is] tagged in.” In addition, EPIC alleges that Facebook has not stopped application developers, the government or other third parties from accessing “Photo Comparison Data” the company compiles.

Privacy 40

Privacy Government Access IT 40

ARMA International

AUGUST 19, 2020

The third category of tags includes those that are reflective of terms we really should have included in the development of our taxonomy, but didn’t (nobody’s perfect). While we’ve always flagged those sessions for full disclosure, we’re now also including the term in our taxonomy.

ROT 65

ROT Records Management Metadata Artificial Intelligence 65

Reltio

MARCH 17, 2020

Noncompliance could carry a hefty price tag. Today’s business data comes in through multiple customer touch points, resides in multiple silos in multiple formats, is accessed through multiple applications, and moves to multiple data lakes, data warehouses, and other storage systems and applications.

GDPR 78

GDPR Compliance Personal data Privacy 78

Data Matters

AUGUST 19, 2020

maintain and implement data governance and classification policies for NPI suitable to its business model and associated risks and maintain an appropriate, risk-based policy governing access controls for applications that contain or transmit NPI (23 NYCRR § 500.03).

Financial Services 68

Financial Services Cybersecurity Insurance Risk 68

DLA Piper Privacy Matters

JUNE 18, 2020

distributing company-wide communications to ensure that personnel are highly attuned to complaints of non-compliance and know how to contact the privacy office. a statement that at some point in the future businesses will need to honor “do not sell” signals, after those have been deployed. Data breach class action risk for email account credentials.

Privacy 84

Privacy Compliance Sales Risk 84

eSecurity Planet

MARCH 9, 2023

Acunetix is offered as an annual subscription based upon the number of websites or web applications scanned and length of the contract.

Compliance 98

Compliance Cloud Security Authentication 98

eDiscovery Daily

JANUARY 7, 2020

Oh, and a photo on social media can be discoverable simply because you’re “tagged” in it. One of those cases was certainly unique in that it involved “clawback” of an inadvertent disclosure of privileged ESI (which was granted), but the inadvertently disclosed ESI was still used to determine sanctions against that party.

e-Discovery 48

e-Discovery Metadata Privacy Mining 48

Data Protection Report

AUGUST 27, 2018

By removing the name requirement and instead including specific data elements such as IP address, browser history and geolocation data as PI, the CCPA requires companies to reexamine how data is tagged and risks related to data is analyzed and mitigated. Look out for our next blog article which will address the CCPA’s disclosure requirements.

GDPR 40

GDPR Privacy Data breaches Sales 40

Krebs on Security

SEPTEMBER 2, 2018

“Looks like somebody tagged you on Twitter pretending to be from ProxyPipe — likely the attacker? But as their conversations continue over several weeks, Nexus Zeta intimates that he has much deeper access to Satori. He was only hung around by few for the servers he had access to. In this conversation from Nov.

IoT 123

IoT Communications IT Security 123

Troy Hunt

MARCH 21, 2018

Transparency has been a huge part of that effort and I've always written and spoken candidly about my thought processes, how I handle data and very often, the mechanics of how I've built the service (have a scroll through the HIBP tag on this blog for many examples of each).

Data breaches 72

Data breaches Passwords Government IT 72

Troy Hunt

MARCH 3, 2021

A few years ago I wrote about how to construct a breach disclosure notice and paid particular attention to how well the Red Cross Blood Service handled theirs. The comment is intended to normalise the data breach and downplay its significance, the exact opposite of what we want to encourage in this industry.

Passwords 145

Passwords Data breaches Mining Risk 145