CVE-2021-25009

The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses...

Ban Pegasus spyware, urges European Union Data Protection Supervisor

The European Data Protection Supervisor EDPS has urged the EU to ban the development and deployment of spyware with the capabilities of Pegasus to protect fundamental rights and freedoms. What is Pegasus? On July 18, a group of 17 newspaper and media organizations—aided by Amnesty International’s...

CVE-2022-22765

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable information...

Build a privacy-resilient workplace with Microsoft Priva

Today, we celebrate international Data Privacy Day. This day reminds us of the importance of respecting privacy, safeguarding data, and enabling trust. However, annual reminders are insufficient to drive material change, which can be seen in the effectiveness rates of one-off trainings. According...

Five Data Privacy Tips for Consumers

As a consumer, you must assume that your personal information is not 100% safe online. Hackers cause data breaches every single day, exposing our email addresses, passwords, credit card numbers, social security numbers and other sensitive personal data in the process. Most people don’t think abou...

The Data-Centric Approach to Data Privacy

All organizations understand how critical it is to have access to their customers and prospects’ sensitive personal data. This intelligence is essential to helping them create and maintain relationships so they can deliver tailored experiences and recommendations. Having this sensitive personal...

‘Be Afraid:’ Massive Cyberattack Downs Ukrainian Gov’t Sites

Cyberattackers brought down around 70 Ukrainian government websites on Friday, defacing the site of the foreign ministry with a message to “Be afraid and expect the worst.” The huge attack hit on Friday, unfolding hours after Russia and Western allies wrapped up fruitless talks intended to...

Europol Ordered to Delete Data of Individuals With No Proven Links to Crimes

The European Union's data protection watchdog on Monday ordered Europol to delete a vast trove of personal data it obtained pertaining to individuals with no proven links to criminal activity. "Datasets older than six months that have not undergone this Data Subject Categorisation must be erased,...

Why I’m Proud to Protect Billions of People Worldwide

I decided to pursue a career in IT after working as a support engineer for internal employees as part of my very first job. It immediately opened my eyes to something that I found as interesting as I did shocking: Lots of people don’t understand information security — and what’s more, they don’t...

Anubis malware resurfaces targeting crypto wallets and banking apps

By Waqas So far, 394 malicious apps have been identified that are spreading Anubis malware to steal financial and personal data from Android users. This is a post from HackRead.com Read the original post: Anubis malware resurfaces targeting crypto wallets and banking apps...

Grindr fined for selling user data to advertisers

Dating network Grindr has been slapped with a US$7.7 million fine by Norwegian regulator Datatilsynet for sharing data with advertisers. Grindr—which call itself the worlds largest social networking app for gay, bi, trans, and queer people—sold data which includes GPS, IP address, age, and gender...

400 Banks’ Customers Targeted with Anubis Trojan

Customers of Chase, Wells Fargo, Bank of America and Capital One, along with nearly 400 other financial institutions, are being targeted by a malicious app disguised to look like the official account management platform for French telecom company Orange S.A. Researchers say this is just the...

7 data privacy solution features your organization needs to have

The worldwide data privacy regulation landscape is changing National laws and state/provincial laws continue to be enacted and strengthened to ensure their citizens’ data is protected and give individuals more control over how personal data is collected, used, and shared. No matter what industry...

DNA testing service data breach impacting 2.1 million users

By Waqas DNA Diagnostics Center DDC has revealed that hackers managed to access highly sensitive and personal data of users including payment card data. This is a post from HackRead.com Read the original post: DNA testing service data breach impacting 2.1 million users...

ICO challenges adtech to step up privacy protection

The UK Information Commissioners Office ICO wants the advertising industry to come up with new initiatives that address the risks of adtech, and take account of data protection requirements from the outset. The ICO is an independent body set up to uphold information rights. The technology that is...

Not Punny: Angling Direct Breach Cripples Retailer for Days

The U.K.’s largest fishing retailer, Angling Direct, experienced a system breach on Nov. 5 that resulted in their domain being redirected to Pornhub. The jokes almost wrote themselves, but days later the site is still down and the extent of the damage to the company’s bottom line is remains uncle...

CVE-2020-23126

Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends...

Simplifying the complex: Introducing Privacy Management for Microsoft 365

The data privacy regulation landscape is more complex than ever. With new laws emerging in countries like China and India, shifts in Europe and the United Kingdom, and currently 26 different laws across the United States, staying ahead of regulations can feel impossible. But this work is...

CVE-2021-42330

The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters...

Input validation

Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports Statistics & BAG MED contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get...