waf-engine

WAF & SOAR Engine A cloud-native Web Application Firewall and...

EUVD-2023-2866

Malicious code in bioql PyPI...

How to comply with GDPR requirements

Understanding the Basics of GDPR Compliance Within the sphere of cybersecurity, significant strides were made as the European Union EU introduced an innovative legislative tool called the General Data Protection Regulation GDPR, unveiled on May 25, 2018. This regulation highlights the EU's unifie...

GHSA-82VR-5769-6358 Ethyca Fides Cryptographically Weak Generation of One-Time Codes for Identity Verification

Impact The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller users of the Fides web application. Privacy requests allow data subjects to submit a request to access all person data held by the data controller, or delete/erase it. Consent reque...

CVE-2023-48224

CVE-2023-48224 affects Fides (Privacy Center) where one-time verification codes are generated using Python’s weak random module. The root cause is a cryptographically weak pseudo-random number generator, allowing an attacker who observes several hundred codes to predict future codes within the ba...

PT-2023-30741 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.24.0 Description: The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller users of the Fides web application. If subject identity verification required is set to...

HTML Injection

ethyca-fides is vulnerable to HTML Injection. The vulnerability arises due lack of of input validation coming from connected systems and data stores which is reflected in the downloaded data. This results in an HTML injection that can be abused to perform phishing attacks or malicious JS executio...

CVE-2023-47114

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the...

Input validation

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the...

CVE-2023-47114

CVE-2023-47114 affects Fides HTML-formatted Data Subject Request packages. Root cause: lack of input validation for data from connected systems/data stores, enabling HTML injection when a data subject opens the downloaded package (typically HTML files in ZIP) in a browser via file://. Existence o...

CVE-2023-47114 Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the...

GHSA-3VPF-MCJ7-5H38 Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages

Impact The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject's personal data can then retrieved from connected systems and data stores before being...

When data privacy and protection are rights, don’t get it wrong

Twenty-one years ago, Latanya Sweeney showed that it’s possible to uniquely identify 87% of Americans with just three pieces of personal data: gender, ZIP code and full date of birth. Long before anyone had heard the words ‘data lake’, ‘cloud storage’ or ‘big data’, nevermind ‘social media’, it w...

How Can Akamai Identity Cloud Help With Regulatory Compliance?

Regulatory compliance related to personal identifiable information PII is continuously being enacted around the world as the amount of breaches and data abuse continues to grow. Understanding the variances between the many different privacy and data protection laws can be challenging for companie...