Tag: privacy
-
Security researchers find deep flaws in CVSS vulnerability scoring system
by
in SecurityNewsThe industrywide method for assessing the severity of vulnerabilities in software and hardware needs to be revised because it provides potential misleading severity assessment, delegates at Black Hat Europe were told Thursday.The Common Vulnerability Scoring System (CVSS) makes use of various metrics to quantify vulnerability severity. A presentation at Black Hat by cybersecurity experts from…
-
Texas adds data broker specializing in driver behavior to list of alleged privacy law violators
by
in SecurityNewsArity, a data broker, is accused by Texas’ attorney general of sharing drivers’ behavior data without clear notice or consent. The notice follows several others to app companies in recent weeks. First seen on therecord.media Jump to article: therecord.media/arity-data-broker-texas-data-privacy-violation-notice
-
3 Common GDPR Challenges and How to Overcome Them
by
in SecurityNewsPractical tips for GDPR compliance Responsible for data protection and EU GDPR (General Data Protection Regulation) compliance? Chances are you’ve come across these 3 common challenges: Data privacy trainer Andy Snow hears about these challenges a lot, having trained over 4,000 people on the GDPR. Here are his practical tips for overcoming them. In this…
-
Trump FTC pick seen as mixed bag for data privacy enforcement
by
in SecurityNewsFerguson has voted in favor of every privacy-related enforcement since he began his tenure as a commissioner in April, but a leaked memo he wrote to Trump suggest he will diverge from the current approach in important ways.]]> First seen on therecord.media Jump to article: therecord.media/trump-ftc-pick-ferguson-seen-as-mixed-bag-on-privacy
-
El Salvador’s cyber laws threaten media freedom and privacy, human rights experts warn
by
in SecurityNewsNew laws in El Salvador “could be used to delete online publications that are critical of the government under the guise of data protection,” said Juanita Goebertus of Human Rights Watch. “This is a recipe for censorship and opacity.”]]> First seen on therecord.media Jump to article: therecord.media/el-salvador-cyber-data-protection-laws-human-rights-concerns
-
Websites and HIPAA: Navigating Online Tracking Technologies
by
in SecurityNewsToday, healthcare providers, insurers, and other HIPAA-covered entities are increasingly relying on websites to share information, engage with patients, and streamline operations. While websites offer numerous benefits, it’s crucial to understand the implications of online tracking technologies for the privacy and security of protected health information (PHI). This blog post examines the intersection of websites,…The…
-
Symmetrical Cryptography Pioneer Targets the Post-Quantum Era
by
in SecurityNewsResearchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can’t gain enough information to breach. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/symmetrical-cryptography-post-quantum-era
-
Traveling for the Holidays? Your Digital Identity Is Along for the Ride
by
in SecurityNewsTraveling for the Holidays? Your Digital Identity Is Along for the Ride andrew.gertz@t“¦ Tue, 12/10/2024 – 14:20 Identity & Access Management Access Control Thales – Cloud Protection & Licensing Solutions More About This Author > Thales Contributors: Frederic Klat, Sales Acceleration Director, and Ward Duchamps, Director of Strategy and Innovation, CIAM If you’re one…
-
Court Ruling Provides Clarity on Appeals Against ICO Fines
by
in SecurityNewsThe UK’s privacy regulator the Information Commissioner’s Office has welcomed a Court of Appeal ruling First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/court-clarity-appeals-against-ico/
-
Let’s Encrypt to End Support for Online Certificate Status Protocol (OCSP)
by
in SecurityNewsLet’s Encrypt has officially announced its timeline to phase out support for the Online Certificate Status Protocol (OCSP). The nonprofit Certificate Authority (CA) plans to fully transition to Certificate Revocation Lists (CRLs) by mid-2025, citing privacy concerns and efficiency gains as primary reasons for the change. Phased Timeline for Transition Let’s Encrypt rolled out a…
-
Texas flags Sirius XM, three others for data privacy law violations
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/texas-flags-sirius-xm-three-others-for-data-privacy-law-violations
-
WhatsApp fixes bug that let users bypass ‘View Once’ privacy feature
by
in SecurityNews
Tags: privacyWeeks after a researcher reported the bug to WhatsApp, the company says it rolled out a long-term fix. First seen on techcrunch.com Jump to article: techcrunch.com/2024/12/09/whatsapp-fixes-bug-that-let-users-bypass-view-once-privacy-feature/
-
Gen AI use cases rising rapidly for cybersecurity, but concerns remain
by
in SecurityNews
Tags: ai, attack, automation, awareness, ceo, ciso, compliance, control, cybersecurity, data, detection, finance, framework, fraud, GDPR, governance, grc, group, guide, Hardware, HIPAA, incident response, intelligence, international, malware, middle-east, monitoring, phishing, privacy, RedTeam, regulation, risk, risk-assessment, risk-management, soc, software, strategy, technology, threat, tool, training, usaGenerative AI is being embedded into security tools at a furious pace as CISOs adopt the technology internally to automate manual processes and improve productivity. But research also suggests this surge in gen AI adoption comes with a fair amount of trepidation among cybersecurity professionals, which CISOs must keep in mind when weaving gen AI…
-
Web hosting providers have started to accept crypto payments: Here’s why
by
in SecurityNewsCryptocurrencies, from Bitcoin to altcoins and meme coins, revolutionize payments by offering privacy, reduced fees, faster transactions, enhanced… First seen on hackread.com Jump to article: hackread.com/web-hosting-providers-crypto-payments-heres-why/
-
Microsoft Expands Access to Windows Recall AI Feature
The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured in its gradual rollout, which is still in preview mode. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-expands-access-windows-recall-ai-feature
-
Ethyca Raises $10 Million for Data Privacy Platform
by
in SecurityNewsData privacy solutions provider Ethyca has raised $10 million in a funding round led by Aspenwood Ventures and AVP. The post Ethyca Raises $10 Million for Data Privacy Platform appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ethyca-raises-10-million-for-data-privacy-platform/
-
Experts Warn DHS Surveillance Tech Lacks Privacy Protections
by
in SecurityNewsPrivacy Advocates Warn of Risks from Expanding DHS Use of AI and Facial Recognition. The U.S. Department of Homeland Security is reportedly expanding its use of emerging surveillance tools, including drones and artificial intelligence, without proper safeguards as experts warn of potential privacy violations and risks involving facial recognition and third-party data usage. First seen…
-
CISA Issues Guidance to Telecom Sector on Salt Typhoon Threat
by
in SecurityNewsIndividuals concerned about the privacy of their communications should consider using encrypted messaging apps and encrypted voice communications, CISA and FBI officials say. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cisa-issue-guidance-telecoms-salt-typhoon-threat
-
63% of companies plan to pass data breach costs to customers
by
in SecurityNews
Tags: breach, business, ceo, ciso, compliance, cybersecurity, data, data-breach, finance, ibm, privacy, risk, serviceConsumers may be more on the hook for paying for the rising costs of data breaches than they realize, as companies increasingly turn to price hikes as part of their post-breach cost-recovery strategies. According to a report from IBM earlier this year, nearly two-thirds of companies plan to pass along data breach costs directly to…
-
GoodRx Agrees to Pay $25M to Settle Web Tracker Lawsuit
by
in SecurityNewsTelehealth Firm Previously Paid $1.5M Fine to FTC for Similar Privacy Issues. GoodRx has reached a $25 million preliminary settlement of proposed class action litigation alleging the telehealth company violated privacy and an assortment other laws and statues when it previously collected and shared consumers’ information with third-parties through online tracking tools. First seen on…
-
PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts
Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated learning (FL) to improve the efficiency and privacy of training large language models (PLMs) on specific tasks. However, this approach introduces a new security risk called >>PEFT-as-an-Attack
-
Apple Faces Privacy Lawsuit: Employee Alleges Invasive Device Monitoring
by
in SecurityNewsA current Apple employee has filed a lawsuit against the tech giant, accusing the company of using invasive surveillance tactics on its workers’ personal devices. The Apple lawsuit, filed on Sunday evening in California state court, puts allegations that Apple monitors employees’ private iCloud accounts and non-work-related devices without their consent. First seen on thecyberexpress.com…
-
Top US Consumer Watchdog Has a Plan to Fight Predatory Data Brokers
by
in SecurityNewsA new proposal by the Consumer Financial Protection Bureau would use a 54-year-old privacy law to impose new oversight of the data broker industry. But first, the agency must survive Elon Musk. First seen on wired.com Jump to article: www.wired.com/story/cfpb-fcra-data-broker-oversight/
-
Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform
by
in SecurityNewsReports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation platform. Alleged by a tweet from DailyDarkWeb, the breach is said to have compromised sensitive user data, including names, email addresses, phone numbers, and reservation details. This incident has raised significant alarm over the security and privacy measures in place to…
-
EU enacts new laws to strengthen cybersecurity defenses and coordination
by
in SecurityNews
Tags: ai, compliance, cyber, cybersecurity, data, defense, framework, healthcare, infrastructure, law, network, penetration-testing, privacy, regulation, risk, service, soc, technology, threat, vulnerabilityThe European Union has enacted two new laws to bolster its cybersecurity defenses and coordination mechanisms. The measures, part of the cybersecurity legislative package, include the Cyber Solidarity Act and amendments to the Cybersecurity Act (CSA).These steps aim to improve the EU’s ability to detect, prepare for, and respond to cyber threats while fostering uniformity…
-
CFPB proposes new rule to regulate expansive data broker industry
by
in SecurityNewsIn an era where personal data is increasingly commodified, the Consumer Financial Protection Bureau (CFPB) is attempting to regulate the sprawling industry of data brokers. A newly proposed rule released Tuesday aims to put data brokers in line with the Fair Credit Reporting Act (FCRA), ensuring accountability and consumer privacy amid widespread security issues. Initially…
-
Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams
by
in SecurityNewsNextcloud has unveiled Nextcloud Talk, an open-source alternative to Microsoft Teams. It’s a privacy-compliant collaboration platform for hybrid teams that gives … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/03/nextcloud-talk-open-source-microsoft-teams-alternative/