Hunton Privacy

JANUARY 19, 2021

On January 18, 2021, the European Data Protection Board (“EDPB”) released draft Guidelines 01/2021 on Examples regarding Data Breach Notification (the “Guidelines”). This assessment should be made at the time the organization becomes aware of the breach.

Data breaches 99

Data breaches Personal data GDPR Risk 99

Security Affairs

MAY 2, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link, Apache, and Oracle vulnerabilities to its Known Exploited Vulnerabilities catalog. Working exploits for LAN and WAN interface accesses were respectively reported by Team Viettel and Qrious Security. in TP-Link Archer AX21 Wi-Fi routers.

IT 89

IT Cybersecurity Education Access 89

Security Affairs

MAY 15, 2021

“We strongly recommend users act immediately to protect their data.” Unfortunately, the bad news for NAS owners are not ended, the vendor also issued another security advisory to warn of an actively exploited zero-day vulnerability affecting Roon Labs’ Roon Server 2021-02-01 and earlier versions.

Ransomware 98

Ransomware Passwords IoT Security 98

Security Affairs

DECEMBER 13, 2021

Microsoft has observed activities including installing coin miners, Cobalt Strike to enable credential theft and lateral movement, and exfiltrating data from compromised systems.” Earliest evidence we’ve found so far of #Log4J exploit is 2021-12-01 04:36:50 UTC. — Matthew Prince (@eastdakota) December 11, 2021.

Mining 121

Mining Honeypots Libraries IT 121

Security Affairs

MARCH 13, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a remote code execution (RCE) vulnerability in the Plex Media Server, tracked as CVE-2020-5741 (CVSS score: 7.2), to its Known Exploited Vulnerabilities Catalog. CISAgov added #CVE -2020-5741 & CVE-2021-39144 to the Known Exploited Vulnerabilities Catalog.

Libraries 83

Libraries Data breaches Cybersecurity Passwords 83

Hunton Privacy

MARCH 13, 2021

On March 12, 2021, the European Data Protection Board (“EDPB”) published its Guidelines 01/2021 on Virtual Voice Assistants for consultation (the “Guidelines”). These tools are available on most smartphones and other devices and collect significant amounts of personal data, such as through user commands.

Personal data 105

Personal data Compliance GDPR Privacy 105

Security Affairs

MARCH 8, 2023

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. The variant spotted by Microsoft spreads by exploiting vulnerabilities in Apache and Apache Spark ( CVE-2021-42013 and CVE-2022-33891 respectively) and also supports new DDoS attack capabilities.

IoT 96

IoT Cybersecurity Risk IT 96

Security Affairs

MARCH 14, 2021

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. Below the timeline for these vulnerabilities: 01 Sep 2020 – First contact with the vendor. 17 Sep 2020 – Netgear published a security advisory for the most critical issue.

Authentication 134

Authentication Security IT Access 134

DLA Piper Privacy Matters

NOVEMBER 29, 2021

On 16 November 2021, the French data protection supervisory authority (the “CNIL”) published a practical guide (“Guide”) on Data Protection Officers (“DPOs”). The DPO is the key contact for the CNIL and data subjects. The CNIL notes that nearly 30,000 DPOs have been appointed in France, covering over 80,000 organizations.

GDPR 116

GDPR Compliance Personal data Communications 116

Security Affairs

FEBRUARY 11, 2022

CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen more flaws to the Known Exploited Vulnerabilities Catalog. ” reads the advisory published by Microsoft. Pierluigi Paganini.

IT 112

IT IoT Cybersecurity Authentication 112

Security Affairs

MARCH 8, 2022

Cybersecurity and Infrastructure Security Agency (CISA) added recently disclosed Firefox zero-days to its Known Exploited Vulnerabilities Catalog. The post CISA urges to fix actively exploited Firefox zero-days by March 21 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Cybersecurity 95

Cybersecurity Authentication Cloud Security 95

Security Affairs

MAY 16, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added seven new flaws to its Known Exploited Vulnerabilities catalog. CVE-2021-3560 – Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation. We are in the final!

IT 87

IT Cybersecurity Communications Security 87

Security Affairs

AUGUST 10, 2020

She says “this (decision) is based on a holistic evaluation, including privacy considerations, as user data on attempted access is outside of Myanmar’s jurisdiction”. Registry Domain ID: D180106494-CNIC Registrar WHOIS Server: whois.namesilo.com Registrar URL: [link] Updated Date: 2020-03-31T03:01:23.0Z Domain Name: URLBLOCKED.PW

Military 76

Military Communications Access Risk 76

Security Affairs

APRIL 15, 2021

The simple nature of such attacks combined with the use of malicious JavaScript code for intercepting payment data attract more and more cybercriminals, and JS-sniffers became one of the most prominent sources of stolen bank cards on underground markets. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

e-Discovery 115

e-Discovery IT Marketing Security 115

Thales Cloud Protection & Licensing

JANUARY 19, 2021

Tue, 01/19/2021 - 10:28. By now everyone in the security world has heard of the chaos surrounding the SolarWinds breach and the ensuing mess that has erupted. National Security Agency (NSA) have recommended. This is true for your data. You surely capture access and network logs, but what about data access?

Encryption 77

Encryption Access Ransomware Digital transformation 77

Security Affairs

MAY 6, 2021

Figure 1 shows two email templates distributing QakBot in Portugal in early May 2021. Figure 1: Email template of QakBot malware targeting Portuguese Internet end users – May 2021. xlsm MD5 : f86c6670822acb89df1eddb582cf0e90 Creation time: 2021-04-29 22:18:33. h/t @MiguelSantareno – malware submitted on 0xSI_f33d.

Encryption 103

Encryption Libraries Ransomware IT 103

Security Affairs

FEBRUARY 16, 2021

#Spy #Ousaban I Found old sample that work in same way of mentioned tweet Reference [link] Run [link] cc @ffforward @lazyactivist192 @sirpedrotavares @sugimu_sec @verovaleros @Jan0fficial @guelfoweb @1ZRR4H @__4ndr3y [link] pic.twitter.com/szw5ngFr6z — JAMESWT (@JAMESWT_MHT) February 3, 2021. MSI file – The Javali Dropper.

Libraries 119

Libraries Communications Phishing Encryption 119

ForAllSecure

FEBRUARY 10, 2021

To answer these questions, Paul Roberts, Editor-in-Chief of the Security Ledger, has founded securepairs.org , a group of infosec experts who are volunteering their free time to fight for the digital right to repair in local legislation. As Stuart Brand said back in 1984 “information wants to be free.”

Manufacturing 52

Manufacturing Agriculture IT Access 52