Microsoft SDL: Evolving security practices for an AI-powered world

As AI reshapes the world, organizations encounter unprecedented risks, and security leaders take on new responsibilities. Microsoft’s Secure Development Lifecycle SDL is expanding to address AI-specific security concerns in addition to the traditional software security areas that it has...

Cybercrime and Computer Forensics in Epoch of Artificial Intelligence in India

The integration of generative Artificial Intelligence into the digital ecosystem necessitates a critical re-evaluation of Indian criminal jurisprudence regarding computational forensics integrity. While algorithmic efficiency enhances evidence extraction, a research gap exists regarding the Digit...

The Privacy Gap in API Security: Why Protecting APIs Shouldn’t Put Your Data at Risk

The more critical APIs become, the more sensitive data they carry identities, payment details, health records, customer preferences, tokens, keys, and more. And this is where organizations face a painful, often invisible problem: To protect APIs, many organizations end up exposing the very data...

Mars: Publicly accessible `█████████` endpoint exposing internal user identifiers and email addresses

A publicly accessible JSON API endpoint was found to expose sensitive user information, including internal identifiers and email addresses. The vulnerability was classified as an information disclosure issue with a medium severity rating. The problem was remediated by implementing proper...

Weblate: exposure of personal IP address via email.

The exposure of personal IP addresses through email messages has been identified as a potential security issue. Email messages can pass through multiple servers, which may store or record the content, including the user's IP address, even if the email is encrypted during transit. The user's IP...

GDPRShield: AI-Powered GDPR Support for Software Developers in Small and Medium-Sized Enterprises

With the rapid increase in privacy violations in modern software development, regulatory frameworks such as the General Data Protection Regulation GDPR have been established to enforce strict data protection practices. However, insufficient privacy awareness among SME software developers...

An Alignment between the CRA'S Essential Requirements and the ATT&CK'S Mitigations

The paper presents an alignment evaluation between the mitigations present in the MITRE's ATT&CK framework and the essential cyber security requirements of the recently introduced Cyber Resilience Act CRA in the European Union. In overall, the two align well with each other. With respect to the...

E.U. Court Limits Meta's Use of Personal Facebook Data for Targeted Ads

Europe's top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious consequences for ad-driven companies operating ...

Indian Government Publishes Draft of Digital Personal Data Protection Bill 2022

The Indian government on Friday released a draft version of the much-awaited data protection regulation, making it the fourth such effort since it was first proposed in July 2018. The Digital Personal Data Protection Bill, 2022, as it's called, aims to secure personal data, while also seeking...

New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing

A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. Dubbed Peekaboo by researchers from Carnegie Mellon University, the system "leverages an...

Build a privacy-resilient workplace with Microsoft Priva

Today, we celebrate international Data Privacy Day. This day reminds us of the importance of respecting privacy, safeguarding data, and enabling trust. However, annual reminders are insufficient to drive material change, which can be seen in the effectiveness rates of one-off trainings. According...

Build a privacy-resilient workplace with Microsoft Priva

Today, we celebrate international Data Privacy Day. This day reminds us of the importance of respecting privacy, safeguarding data, and enabling trust. However, annual reminders are insufficient to drive material change, which can be seen in the effectiveness rates of one-off trainings. According...

Groups Call for Ethical Guidelines on Location-Tracking Tech

The Locus Charter asks companies to commit to 10 principles, including minimizing data collection and actively seeking consent from users...

ICANN Launches GDPR Lawsuit to Clarify the Future of WHOIS

The WHOIS internet domain directory is at the center of a GDPR-related lawsuit that should clarify at least one of the many unknowns when it comes to achieving compliance with the data-privacy regulation. The suit was filed last week by ICANN, the nonprofit body responsible for administering the...

Leveraging Imperva Solutions for GDPR Compliance Part II: Pseudonymization

Down to the wire- the GDPR compliance deadline is here. It’s May 25 and the EU’s General Data Protection Regulation GDPR is live. As you know by now, the risk and potential costs associated with a failure to comply with the EU’s General Data Protection Regulation GDPR are substantial. GDPR...

Data Security Solutions for GDPR Compliance

Enforcement of the new EU General Data Protection Regulation GDPR adopted in 2016 starts on May 25, 2018. It requires all organizations that do any business in the EU or that collect or process personal data originating in the EU to comply with the regulation. Organizations that do not have a...

Three Reasons Why GDPR Encourages Pseudonymization

The General Data Protection Regulation GDPR is the European Union’s new data regulation designed to provide individuals with rights and protections over their personal data that is collected or created by businesses or government entities. It unifies data protection regulation across all member...

FTC Urges IoT Privacy, Security at Consumer Electronics Show

In her keynote address yesterday at the Consumer Electronics Show in Las Vegas, Federal Trade Commission Chairwoman Edith Ramirez imagined the dystopic convergence of big data conglomerates and a ceaseless information gathering machine fueled by the constant connectivity ushered in by the so-call...

Senators Propose Bill Of Rights To Protect Personal Information Online

Senators John Kerry D-Mass. and John McCain R-Ariz. don’t agree on much in the policy arena, except when it comes to protecting online privacy. The incongruous couple are political bedfellows on a piece of legislation introduced yesterday called The Commercial Privacy Bill of Rights Act of 2011...