Lucene search
K

396 matches found

The Hacker News
The Hacker News
added 2024/04/16 8:36 a.m.27 views

FTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations

The U.S. Federal Trade Commission FTC has ordered mental telehealth company Cerebral from using or disclosing personal medical data for advertising purposes. It has also been fined more than $7 million over charges that it revealed users' sensitive personal health information and other data to...

6.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/04/04 11:7 a.m.25 views

Surveillance by the New Microsoft Outlook App

The ProtonMail people are accusing Microsofts new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a lot of data: The window informs users that Microsoft and those 801 third parties use their data for a number of purposes, including to:...

7AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2024/03/20 6:25 p.m.14 views

Some of the Most Popular Websites Share Your Data With Over 1,500 Companies

Cookie pop-ups now show the number of “partners” that websites may share data with. Here's how many of these third-party companies may get your data from some of the most popular sites online...

7.3AI score
Exploits0
OSV
OSV
added 2024/03/06 11:3 a.m.27 views

BIT-REDASH-2021-41192

Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both that is the same across all installations. In such cases, th...

7.1AI score
Exploits0References3
The Hacker News
The Hacker News
added 2024/01/22 7:2 a.m.37 views

FTC Bans InMarket for Selling Precise User Location Without Consent

The U.S. Federal Trade Commission FTC is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data. The settlement is part of allegations that the Texas-based company did not inform or seek consent from consumers before using their...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/01/18 6:0 p.m.15 views

Privacy, Security, and Connected Devices: Key Takeaways From CES 2024

The topic of data privacy has become so relevant in our age of smart technology. With everything becoming connected, including our homes, workplaces, cities, and even our cars, those who develop this technology are obligated to identify consumers' expectations for privacy and then find the best...

7.4AI score
Exploits0
OSV
OSV
added 2024/01/12 1:15 a.m.4 views

CVE-2024-21589

An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0...

7.5CVSS5.8AI score0.00431EPSS
Exploits0References2
Schneier on Security
Schneier on Security
added 2024/01/11 12:9 p.m.13 views

Pharmacies Giving Patient Records to Police without Warrants

Add pharmacies to the list of industries that are giving private data to the police without a warrant...

7.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/01/10 10:3 p.m.3 views

CVE-2022-46710

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet...

4.7AI score0.00211EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/10 12:0 a.m.5 views

Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 16.2 and iPadOS version 16.2, which arises from the ability to share...

5.5CVSS6.5AI score0.00211EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2024/01/04 3:46 p.m.21 views

23andMe blames “negligent” breach victims, says it’s their own fault

In a surprising move, in a letter to legal representatives of victims of the recent 23andMe data breach, the company has laid the blame at the feet of victims themselves. 23andMe even goes as far as to claim that this wasn’t a data breach at 23andMe at all. The reasoning: “… unauthorized actors...

7.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/12/04 12:0 a.m.13 views

CDS with Spring Framework 6.1

As a follow-up to the Runtime efficiency with Spring blog post, I am happy to share that our exploration of Project Leyden optimizations has led to some interesting discoveries regarding the JDK's little-used CDS "Class Data Sharing" feature and has materialized into a new feature that we have be...

7.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/10/20 4:14 p.m.63 views

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.1 release and security update

Red Hat AMQ Streams 2.5.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.5CVSS7AI score0.99999EPSS
Exploits19References3
Malwarebytes
Malwarebytes
added 2023/06/27 3:0 a.m.15 views

Software company accused of illegally profiling millions of mobile phone users

A digital rights and privacy organization has filed a complaint against software company TeleSign for gathering and selling information on millions of mobile phone users. The organization that filed the complaint is nyob. nyob is an Austrian based digital right organization that focusses on...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/22 1:15 p.m.22 views

Generative-AI apps & ChatGPT: Potential risks and mitigation strategies

Losing sleep over Generative-AI apps? You're not alone or wrong. According to the Astrix Security Research Group, mid size organizations already have, on average, 54 Generative-AI integrations to core systems like Slack, GitHub and Google Workspace and this number is only expected to grow. Contin...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/07 1:21 p.m.4 views

Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids' Data on Xbox

Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission FTC charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents' knowledge or consent. "Our proposed order makes i...

6.4AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2023/05/22 2:38 p.m.16 views

Meta’s $1.3 Billion Fine Is a Strike Against Surveillance Capitalism

The record-breaking GDPR penalty for data transfers to the US could upend Meta's business and spur regulators to finalize a new data-sharing agreement...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/02 11:40 a.m.2 views

Why Telecoms Struggle with SaaS Security

The telecom industry has always been a tantalizing target for cybercriminals. The combination of interconnected networks, customer data, and sensitive information allows cybercriminals to inflict maximum damage through minimal effort. It's the breaches in telecom companies that tend to have a...

6.5AI score
Exploits0
OSV
OSV
added 2023/03/30 8:15 p.m.13 views

AZL-25858 CVE-2023-27537 affecting package rust for versions less than 1.72.0-2

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

5.9CVSS6.5AI score0.01856EPSS
Exploits1References1
OSV
OSV
added 2023/03/30 8:15 p.m.8 views

AZL-38114 CVE-2023-27537 affecting package tensorflow for versions less than 2.16.1-1

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

5.9CVSS6.7AI score0.01856EPSS
Exploits1References1
Rows per page
Query Builder