A Comprehensive Assessment of the General Personal Data Protection Law (LGPD)

Most nations need to protect sensitive data for any number of reasons. Assuring legal compliance, protecting national security, preventing abuse and prejudice, improving global competitiveness, and upholding ethical standards are all vital requirements. Data privacy enhances the safety, security,...

CVE-2024-24309

In the module "Survey TMA" ecomizsurveytma up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts, and product image scaling. A security vulnerability exists in Ecomiz for PrestaShop 2.0.0 and prior versions, which originated from a...

CVE-2024-23674

The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from...

CVE-2024-23674

The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from...

CVE-2024-24311

Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" lgsitemaps module for PrestaShop before version 1.6.6, a guest can download personal information without restriction...

CVE-2024-1079

The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aysshowresults function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain P...

PT-2024-16548 · WordPress · Quiz Maker

Name of the Vulnerable Software and Affected Versions: The Quiz Maker plugin for WordPress versions up to, and including, 6.5.2.4 Description: The issue arises from a missing capability check on the ays show results function, allowing unauthenticated attackers to access arbitrary quiz results,...

How to comply with GDPR requirements

Understanding the Basics of GDPR Compliance Within the sphere of cybersecurity, significant strides were made as the European Union EU introduced an innovative legislative tool called the General Data Protection Regulation GDPR, unveiled on May 25, 2018. This regulation highlights the EU's unifie...

CVE-2024-0685 Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter...

Ninja Forms Contact Form < 3.7.2 - Unauthenticated Second Order SQL Injection

Description The plugin is vulnerable to Second Order SQL Injection via the email address value submitted through forms due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...

ChatGPT accused of breaking data protection rules

Italys Data Protection Authority GPDP has uncovered data privacy violations related to collecting personal data and age protections after an inquiry into OpenAI’s ChatGPT. OpenAI has 30 days to respond with a defense. ChatGPT is an artificial intelligence AI chatbot that can engage in conversatio...

CFPB’s Proposed Data Rules

In October, the Consumer Financial Protection Bureau CFPB proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. The rules put control of that data back in the hands of ordinary Americans, while at the same time undermini...

Italian Data Protection Watchdog Accuses ChatGPT of Privacy Violations

Italy's data protection authority DPA has notified ChatGPT-maker OpenAI of supposedly violating privacy laws in the region. "The available evidence pointed to the existence of breaches of the provisions contained in the E.U. GDPR General Data Protection Regulation," the Garante per la protezione...

NSA Admits Secretly Buying Your Internet Browsing Data without Warrants

The U.S. National Security Agency NSA has admitted to buying internet browsing records from data brokers to identify the websites and apps Americans use that would otherwise require a court order, U.S. Senator Ron Wyden said last week. "The U.S. government should not be funding and legitimizing a...

Dark web threats and dark market predictions for 2024

An overview of last years predictions 1. Increase in personal data leaks; corporate email at risk A data leakage is a broad term encompassing various types of information that become publicly available, or published for sale on the dark web or other shadow web sites. Leaked information may includ...

CVE-2024-21666 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list

The Customer Management Framework CMF for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...

Pimcore Access Control Error Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. An Access Control Error vulnerability exists in...

Pimcore Access Control Error Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. An Access Control Error vulnerability exists in...

PT-2024-19008 · Pimcore · Pimcore Customer Management Framework

Name of the Vulnerable Software and Affected Versions: Pimcore Customer Management Framework versions prior to 4.0.6 Description: The issue allows an authenticated and unauthorized user to access the list of potential duplicate users and see their data. This occurs because permissions are not...