Malicious code in fastgrc-openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 158457237168ef50e3a6c4cd33f51e23f6aec642593745a3d11b9b4870ef36ce The package is an AI agent policy-check plugin. When a consumer does not configure their own API key, resolveApiKey returns a hardcoded BUNDLEDAPIKEY...

Online portal exposed car and personal data, allowed anyone to remotely unlock cars

A carmaker’s online dealership portal has been found leaking the private information and vehicle data of its customers. This also meant that anyone with access could remotely break into a car. Researcher Eaton Zveare shared his discovery with TechCrunch. Although he said he has chosen not to...

Linux Distros Unpatched Vulnerability : CVE-2023-28427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can...

Nearly a Year Later, Mozilla is Still Promoting OneRep

In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnershi...

Texas scrutinizes four more car manufacturers on privacy issues (updated)

The Texas Attorney General’s Office has started an investigation into how Ford, Hyundai, Toyota, and Fiat Chrysler collect, share, and sell consumer data, expanding an earlier probe launched last year into how modern automakers are potentially using customer driving data. We've addressed cars and...

Your location or browsing habits could lead to price increases when buying online

Companies are showing customers different prices for the same goods and services based what data they have on them, including details like their precise location or browser history. The name for this method is surveillance pricing, and the FTC has just released initial findings of a report lookin...

“Simply staggering” surveillance conducted by social media and streaming services, FTC finds

The US Federal Trade Commission FTC released a report that examines the data collection and use practices of major social media and video streaming services, finding that—and this will not come as a surprise to our regular readers—the companies engaged in vast surveillance of consumers in order t...

National Public Data Published Its Own Passwords

New details are emerging about a breach at National Public Data NPD, a consumer data broker that recently spilled hundreds of millions of Americans Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the sam...

FTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations

The U.S. Federal Trade Commission FTC has ordered mental telehealth company Cerebral from using or disclosing personal medical data for advertising purposes. It has also been fined more than $7 million over charges that it revealed users' sensitive personal health information and other data to...

A Close Up Look at the Consumer Data Broker Radaris

If you live in the United States, the data broker Radaris likely knows a great deal about you, and they are happy to sell what they know to anyone. But how much do we know about Radaris? Publicly available data indicates that in addition to running a dizzying array of people-search websites, the...

Facebook’s Extensive Surveillance Network

Consumer Reports is reporting that Facebook has built a massive surveillance network: Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in th...

Adobe Real-Time CDP: Personalized Customer Experience

By Owais Sultan In the current high-tech age, consumer data is a businesss most important asset as they progressively shifts towards… This is a post from HackRead.com Read the original post: Adobe Real-Time CDP: Personalized Customer Experience...

ID Theft Service Resold Access to USInfoSearch Data

One of the cybercrime undergrounds more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned. Since at least February 2023, a service advertised on Telegram...

Meta subsidiaries must pay $14m over misleading data collection disclosure

Meta has run into yet another bout of court related issues--two subsidiaries have been ordered to pay $14 million regarding undisclosed data collection. The Australian case, which has rumbled on for the best part of two and a half years, has focused on claims related to a now discontinued Virtual...

Google to pay $40m for "deceptive and unfair" location tracking practices

Google is going to pay $39.9 million to Washington State to put to rest a lawsuit about its location tracking practices which has been in play since last year. Google was accused of "misleading consumers" by State Attorney General Bob Ferguson. From the AG press release: Attorney General Bob...

Fedora 38 : thunderbird (2023-a9c17dff60)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a9c17dff60 advisory. Update to 102.9.1 ; https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/ ; https://www.thunderbird.net/en-US/thunderbird/102.9.1/releasenotes/...

Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels

An investigation into data safety labels for Android apps available on the Google Play Store has uncovered "serious loopholes" that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its Privacy Not Included initiative, compar...

SaaS Security Best Practices: Safeguard Consumer Data

By Owais Sultan In todays SaaS market, security is of utmost importance. Online commerce has undergone major changes over the past… This is a post from HackRead.com Read the original post: SaaS Security Best Practices: Safeguard Consumer Data...

ai.preferred:venom (>=4.0.1 <=4.2.7), ai.stainless:grails-tika (=0.1.0) +8665 more potentially affected by CVE-2022-36033 via org.jsoup:jsoup (>=0.2.2 <=1.15.2)

org.jsoup:jsoup MAVEN version =0.2.2, =4.0.1, =3.4.0, =3.4.0, =0.9.6, =0.9.6, =0.1.1, =0.5.0, =2021.9.1, =2023.1.1 and more Source cves: CVE-2022-36033 Source advisory: OSV:GHSA-GP7F-RWCX-9369...

How to Cover 6 Core Areas of PCI Compliance with Armis and Akamai

The joint security solution from Akamai Guardicore Segmentation and Armis supports PCI compliance requirements to protect consumer data across entire networks...