π΄ Start Preparing Now for the Post-Quantum Future π΄
π Read
via "Dark Reading: ".
Quantum computing will break most of the encryption schemes on which we rely today. These five tips will help you get ready.π Read
via "Dark Reading: ".
Dark Reading
Start Preparing Now for the Post-Quantum Future
Quantum computing will break most of the encryption schemes on which we rely today. These five tips will help you get ready.
β How to protect your Facebook account: a walkthrough β
π Read
via "Naked Security".
We walk you through the important settings you can change and behaviors you can implement to lock down your privacy on Facebook. π Read
via "Naked Security".
Naked Security
How to protect your Facebook account: a walkthrough
We walk you through the important settings you can change and behaviors you can implement to lock down your privacy on Facebook.
β Guardzilla Home Cameras Open to Anyone Watching Their Footage β
π Read
via "Threatpost | The first stop for security news".
The home surveillance cams have hard-coded credentials.π Read
via "Threatpost | The first stop for security news".
Threat Post
Guardzilla Home Cameras Open to Anyone Wanting to Watch Their Footage
The home surveillance cams have hard-coded credentials.
<b>π³ The Path of Privacy β 2019 Privacy Predictions by TrustArc CEO Chris Babel π³</b>
<code>MediaPrivacy was ubiquitous in 2018. The General Data Protection Regulation (GDPR) deadline on May 25, 2018 came and went as companies scrambled to meet and maintain compliance under the new regulation. Data protection had a strong presence in the media as large companiesβ handling of user data was widely discussed and reviewed. New privacy regulations were introduced β such as the California Consumer Privacy Act (CCPA) and Brazilβs General Data Protection Law (LGPD) β meaning more and more companies will fall under the scope of at least one enforceable privacy regulation. So whatβs in store for privacy in 2019? TrustArc CEO Chris Babel breaks down next yearβs predictions for the path of privacy.
1) Managing privacy will be the new normal, like securing data or paying taxes Privacy will continue on a similar path as the evolution of cybersecurity. The number of breaches and privacy-related incidents will continue to rise, up and to the right. This rise will be comprised of peaks and valleys. Like with security, a standard of constant privacy will become the new normal. For example, while many organizations treated GDPR as a project, with a finite end, compliance is a continuous exercise that requires the same focus and vigilance as security or taxes.
Automating aspects of this continuous process using Assessment Manager will save your company time. Assessment Manager is built on powerful technology that identifies where and why your practices donβt align with regulations, and defines the path to remediation. The workflow tools and Intelligence Engine detect the need for, and then streamline assessments.
2) Ethics will become increasingly important to data-driven innovationOnce a focus only in health care, research, and highly regulated organizations, GDPR and similar laws are driving businesses across sectors to consider ethics by showing that the benefits they claim that new tech and other innovations will bring do not outweigh the potential for data misuse and other risks. While companies may start with a check-the-box compliance exercise, in 2019 the more innovative players will look to differentiate themselves from their competition by setting up ethical review committees, ethics teams and data ethics officers to formally consider the implications of algorithms and machine learning on customer trust and business outcomes.
Determining whether processing is ethical can be done at scale by automating manual processes. TrustArc offers the expertise and technology to complete these assessments, build a sustainable DPIA & PIA program if needed, automate the process using the TrustArc Platform, and produce reporting needed to show accountability on demand.
3) Consumers will exercise their right to privacy In 2019, consumers will become more aware of and better understand the rights and mechanisms that regulations like the GDPR have made available to them to manage and protect their data. As a result, we will see consumers become more engaged and active in controlling their privacy settings, sharing less information, unsubscribing from marketing communications and requesting copies of their data or that companies delete their data entirely from marketing databases.
Individual Rights Manager helps with the requirements of the GDPR and CCPA, which require that organizations provide data subjects and individuals with a variety of rights, including: right of access by the data subject; rectification or erasure; restriction of processing; data portability.
4) To be or not to be β 2019 privacy laws at a glanceA U.S. federal privacy law will be much discussed but not passed. The trade deal replacing NAFTA β USMCA β will drive new discussions around cross-border data sharing between the U.S., Canada and Mexico. A handful more states in the U.S. will seek to adopt state privacy laws such as the California Consumer Privacy Act, and 2-3 statesβ¦
<code>MediaPrivacy was ubiquitous in 2018. The General Data Protection Regulation (GDPR) deadline on May 25, 2018 came and went as companies scrambled to meet and maintain compliance under the new regulation. Data protection had a strong presence in the media as large companiesβ handling of user data was widely discussed and reviewed. New privacy regulations were introduced β such as the California Consumer Privacy Act (CCPA) and Brazilβs General Data Protection Law (LGPD) β meaning more and more companies will fall under the scope of at least one enforceable privacy regulation. So whatβs in store for privacy in 2019? TrustArc CEO Chris Babel breaks down next yearβs predictions for the path of privacy.
1) Managing privacy will be the new normal, like securing data or paying taxes Privacy will continue on a similar path as the evolution of cybersecurity. The number of breaches and privacy-related incidents will continue to rise, up and to the right. This rise will be comprised of peaks and valleys. Like with security, a standard of constant privacy will become the new normal. For example, while many organizations treated GDPR as a project, with a finite end, compliance is a continuous exercise that requires the same focus and vigilance as security or taxes.
Automating aspects of this continuous process using Assessment Manager will save your company time. Assessment Manager is built on powerful technology that identifies where and why your practices donβt align with regulations, and defines the path to remediation. The workflow tools and Intelligence Engine detect the need for, and then streamline assessments.
2) Ethics will become increasingly important to data-driven innovationOnce a focus only in health care, research, and highly regulated organizations, GDPR and similar laws are driving businesses across sectors to consider ethics by showing that the benefits they claim that new tech and other innovations will bring do not outweigh the potential for data misuse and other risks. While companies may start with a check-the-box compliance exercise, in 2019 the more innovative players will look to differentiate themselves from their competition by setting up ethical review committees, ethics teams and data ethics officers to formally consider the implications of algorithms and machine learning on customer trust and business outcomes.
Determining whether processing is ethical can be done at scale by automating manual processes. TrustArc offers the expertise and technology to complete these assessments, build a sustainable DPIA & PIA program if needed, automate the process using the TrustArc Platform, and produce reporting needed to show accountability on demand.
3) Consumers will exercise their right to privacy In 2019, consumers will become more aware of and better understand the rights and mechanisms that regulations like the GDPR have made available to them to manage and protect their data. As a result, we will see consumers become more engaged and active in controlling their privacy settings, sharing less information, unsubscribing from marketing communications and requesting copies of their data or that companies delete their data entirely from marketing databases.
Individual Rights Manager helps with the requirements of the GDPR and CCPA, which require that organizations provide data subjects and individuals with a variety of rights, including: right of access by the data subject; rectification or erasure; restriction of processing; data portability.
4) To be or not to be β 2019 privacy laws at a glanceA U.S. federal privacy law will be much discussed but not passed. The trade deal replacing NAFTA β USMCA β will drive new discussions around cross-border data sharing between the U.S., Canada and Mexico. A handful more states in the U.S. will seek to adopt state privacy laws such as the California Consumer Privacy Act, and 2-3 statesβ¦
ATENTIONβΌ New - CVE-2018-1000890
π Read
via "National Vulnerability Database".
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000889
π Read
via "National Vulnerability Database".
Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration. This attack appears to be exploitable via the victim opening a specially crafted circuit file. This vulnerability appears to have been fixed in 2.14.4.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000888
π Read
via "National Vulnerability Database".
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000887
π Read
via "National Vulnerability Database".
Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. This attack appears to be exploitable if the malicious user has access to the administration account.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000631
π Read
via "National Vulnerability Database".
Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::user_info() function, which could allow the attacker to view, add, modify or delete information in the back-end database.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000630
π Read
via "National Vulnerability Database".
Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000629
π Read
via "National Vulnerability Database".
Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000628
π Read
via "National Vulnerability Database".
Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding "[]" to the end of "key" in the URL when accessing API functions, an attacker could exploit this vulnerability to execute API functions.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000627
π Read
via "National Vulnerability Database".
Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000626
π Read
via "National Vulnerability Database".
Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000625
π Read
via "National Vulnerability Database".
Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-1000624
π Read
via "National Vulnerability Database".
Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2I_HUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system.π Read
via "National Vulnerability Database".
π΄ US Petroleum Employee Charged with Stealing Trade Secrets for Chinese Firm π΄
π Read
via "Dark Reading: ".
Longtime US resident allegedly stole information for petroleum firm in China that had offered him a position.π Read
via "Dark Reading: ".
Dark Reading
US Petroleum Employee Charged with Stealing Trade Secrets for Chinese Firm
Longtime US resident allegedly stole information for petroleum firm in China that had offered him a position.
β First-Ever UEFI Rootkit Tied to Sednit APT β
π Read
via "Threatpost | The first stop for security news".
Researcher at ESET outlines research on the first successful UEFI rootkit used in the wild.π Read
via "Threatpost | The first stop for security news".
Threat Post
First-Ever UEFI Rootkit Tied to Sednit APT
Researcher at ESET outlines research on the first successful UEFI rootkit used in the wild.
β How to secure your Twitter account β
π Read
via "Naked Security".
There's no need to make it easier for someone who wants to hijack your Twitter account. Here's how to lock it down in just a few minutes.π Read
via "Naked Security".
Naked Security
How to secure your Twitter account
Thereβs no need to make it easier for someone who wants to hijack your Twitter account. Hereβs how to lock it down in just a few minutes.
β βSnowden Refugeeβ Has No Regrets for Helping Whistleblower β
π Read
via "Threatpost | The first stop for security news".
Woman who helped hide Edward Snowden faces uncertain future and says she has no regrets.π Read
via "Threatpost | The first stop for security news".
Threat Post
βSnowden Refugeeβ Has No Regrets for Helping Whistleblower
Woman who helped hide Edward Snowden faces uncertain future and says she has no regrets.
β How Facebooks Tracks Non-Users via Android Apps β
π Read
via "Threatpost | The first stop for security news".
Facebook tracks Android users via apps, even if they arenβt Facebook users.π Read
via "Threatpost | The first stop for security news".
Threat Post
How Facebook Tracks Non-Users via Android Apps
Facebook tracks Android users via apps, even if they arenβt Facebook users.