43 matches found
CVE-2025-66080
CVE-2025-66080 affects Cookie Banner for GDPR / CCPA – WPLP Cookie Consent (WordPress plugin) and is a Missing Authorization vulnerability. Wordfence reports affected versions up to 4.0.3 with Patched status in later updates; exploitation would involve access-control bypass via misconfigured secu...
PT-2025-51421
Name of the Vulnerable Software and Affected Versions WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions through 4.0.7 Description An authorization issue exists in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent. The issue involves incorrectly configured...
Malicious code in ccpa-jurisdiction-sdk (npm)
The package ccpa-jurisdiction-sdk was found to contain malicious code...
WordPress plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
“We will hold them accountable”: General Motors sued for selling customer driving data to third parties
Texas Attorney General Ken Paxton has sued General Motors GM for the unlawful collection and sale of over 1.5 million Texans’ private driving data to insurance companies without their knowledge or consent. In June, the Attorney General AG announced he had opened an investigation into several car...
US pharmacy Rite Aid banned from operating facial recognition systems
Pharmacy chain Rite Aid has been denied the right to run facial recognition systems in its stores for five years, by a Federal Trade Commission FTC ruling. The regulator found so many flaws in the retailers surveillance program that it concluded Rite Aid had failed to implement reasonable...
Snapchat gives Californians more power over their personal data
There's a new toggle switch in Snapchat that, once enabled, limits the use of sensitive personal information. TechCrunch reports that the switch is a new privacy feature Snapchat will be rolling out to comply with the California Privacy Rights Act CPRA, also known as Proposition 24. The act, whic...
Simplify privacy protection with Microsoft Priva Subject Rights Requests
The General Data Protection Regulation GDPR came into effect in 2018 and set a new standard for the level of control individuals in the European Union had on the personal data they shared online. Since then, the number of privacy regulations around the world has flourished and impacted the privac...
The FTC will go after companies misusing location, health, and other sensitive data
After the overturning of Roe V Wade, many feared that using, having access to, and sharing reproductive and sexual health data—once done freely—would be outlawed with the practice of abortion in many states. To protect such data from falling into the wrong hands, Congresswoman Sara Jacobs D-CA...
Privacy compliance for smart meter infrastructure with Microsoft Information Protection and Azure Purview
Smart meters and smart grid infrastructure have been deployed in many of the world’s electric distribution grids. They promise energy conservation, better grid management for utilities, electricity theft reduction, and a host of value-added services for consumers. To deliver on this promise, they...
Privacy predictions for 2021
2020 saw an unprecedented increase in the importance and value of digital services and infrastructure. From the rise of remote working and the global shift in consumer habits to huge profits booked by internet entertainers, we are witnessing how overwhelmingly important the connected infrastructu...
California Proposition 24 Passes
Californias Proposition 24, aimed at improving the California Consumer Privacy Act, passed this week. Analyses are very mixed. I was very mixed on the proposition, but on the whole I supported it. The proposition has some serious flaws, and was watered down by industry, but voting for privacy fee...
Fitbit Spyware Steals Personal Data via Watch Face
A wide-open app-building API would allow an attacker to build a malicious application that could access Fitbit user data, and send it to any server. Kev Breen, director of cyber threat research for Immersive Labs, created a proof-of-concept for just that scenario, after realizing that Fitbit...
Out of the Grace Period: Trust and Communication Rises in a Post-CCPA World
Six months ago, the California Consumer Privacy Act CCPA was put into effect, granting California residents increased rights over how their personal data is gathered and shared by the companies they interact with. Leading up to its launch, organizations expressed concern over whether they were...
Another California Data Privacy Law
The California Consumer Privacy Act is a lesson in missed opportunities. It was passed in haste, to stop a ballot initiative that would have been even more restrictive: In September 2017, Alastair Mactaggart and Mary Ross proposed a statewide ballot initiative entitled the "California Consumer...
FCC Proposes to Fine Wireless Carriers $200M for Selling Customer Location Data
The U.S. Federal Communications Commission FCC today proposed fines of more than $200 million against the nation's four largest wireless carriers for selling access to their customers' location information without taking adequate precautions to prevent unauthorized access to that data. While the...
Facebook Alleges Company Infiltrated Thousands for Ad Fraud
Facebook has sued a Chinese company that it alleges used malware to compromise hundreds of thousands of user accounts – and then used them to run “deceptive ads” promoting counterfeit goods. The company in question is Hong Kong-based ILikeAd Media International Company Ltd., which was incorporate...
Top 5 Cybersecurity and Cybercrime Predictions for 2020
We distilled 30 independent reports dedicated to cybersecurity and cybercrime predictions for 2020 and compiled the top 5 most interesting findings and projections in this post. Compliance fatigue will spread among security professionals Being a source of ongoing controversy and debate, the...
California's Domino Effect on U.S. Privacy Regulation
LAS VEGAS – The California Consumer Privacy Act CCPA, which goes into effect in January 2020, will implement strict requirements for companies to create more transparency about how user data is being used and disseminated. Microsoft’s acknowledgement this week that it will extend CCPA to all of i...
Microsoft to Apply California’s Privacy Law to All U.S. Users
Microsoft is extending a California law aimed at protecting users privacy to all of its users in the United States, an unexpected move supporting tougher requirements to disclose exactly how the company uses the consumer data it collects. The California Consumer Privacy Act, known as CCPA, is...