396 matches found
FTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations
The U.S. Federal Trade Commission FTC has ordered mental telehealth company Cerebral from using or disclosing personal medical data for advertising purposes. It has also been fined more than $7 million over charges that it revealed users' sensitive personal health information and other data to...
Surveillance by the New Microsoft Outlook App
The ProtonMail people are accusing Microsofts new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a lot of data: The window informs users that Microsoft and those 801 third parties use their data for a number of purposes, including to:...
Some of the Most Popular Websites Share Your Data With Over 1,500 Companies
Cookie pop-ups now show the number of “partners” that websites may share data with. Here's how many of these third-party companies may get your data from some of the most popular sites online...
BIT-REDASH-2021-41192
Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the REDASHCOOKIESECRET or REDASHSECRETKEY environment variables, a default value is used for both that is the same across all installations. In such cases, th...
FTC Bans InMarket for Selling Precise User Location Without Consent
The U.S. Federal Trade Commission FTC is continuing to clamp down on data brokers by prohibiting InMarket Media from selling or licensing precise location data. The settlement is part of allegations that the Texas-based company did not inform or seek consent from consumers before using their...
Privacy, Security, and Connected Devices: Key Takeaways From CES 2024
The topic of data privacy has become so relevant in our age of smart technology. With everything becoming connected, including our homes, workplaces, cities, and even our cars, those who develop this technology are obligated to identify consumers' expectations for privacy and then find the best...
CVE-2024-21589
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0...
Pharmacies Giving Patient Records to Police without Warrants
Add pharmacies to the list of industries that are giving private data to the police without a warrant...
CVE-2022-46710
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet...
Apple iOS and iPadOS Security Vulnerabilities
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 16.2 and iPadOS version 16.2, which arises from the ability to share...
23andMe blames “negligent” breach victims, says it’s their own fault
In a surprising move, in a letter to legal representatives of victims of the recent 23andMe data breach, the company has laid the blame at the feet of victims themselves. 23andMe even goes as far as to claim that this wasn’t a data breach at 23andMe at all. The reasoning: “… unauthorized actors...
CDS with Spring Framework 6.1
As a follow-up to the Runtime efficiency with Spring blog post, I am happy to share that our exploration of Project Leyden optimizations has led to some interesting discoveries regarding the JDK's little-used CDS "Class Data Sharing" feature and has materialized into a new feature that we have be...
Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.1 release and security update
Red Hat AMQ Streams 2.5.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Software company accused of illegally profiling millions of mobile phone users
A digital rights and privacy organization has filed a complaint against software company TeleSign for gathering and selling information on millions of mobile phone users. The organization that filed the complaint is nyob. nyob is an Austrian based digital right organization that focusses on...
Generative-AI apps & ChatGPT: Potential risks and mitigation strategies
Losing sleep over Generative-AI apps? You're not alone or wrong. According to the Astrix Security Research Group, mid size organizations already have, on average, 54 Generative-AI integrations to core systems like Slack, GitHub and Google Workspace and this number is only expected to grow. Contin...
Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids' Data on Xbox
Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission FTC charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents' knowledge or consent. "Our proposed order makes i...
Meta’s $1.3 Billion Fine Is a Strike Against Surveillance Capitalism
The record-breaking GDPR penalty for data transfers to the US could upend Meta's business and spur regulators to finalize a new data-sharing agreement...
Why Telecoms Struggle with SaaS Security
The telecom industry has always been a tantalizing target for cybercriminals. The combination of interconnected networks, customer data, and sensitive information allows cybercriminals to inflict maximum damage through minimal effort. It's the breaches in telecom companies that tend to have a...
AZL-25858 CVE-2023-27537 affecting package rust for versions less than 1.72.0-2
A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...
AZL-38114 CVE-2023-27537 affecting package tensorflow for versions less than 2.16.1-1
A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...