Syft 安全漏洞

Syft is an open-source remote data analysis tool developed by OpenMined, designed for protecting data privacy. Versions of Syft 0.9.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from inadequate validation of Python code submitted by users and insufficient sandbox...

A LINDDUN-Based Privacy Threat Modeling Framework for GenAI

As generative AI GenAI systems become increasingly prevalent across various technological stacks, the question of how such systems handle sensitive and personal data flows becomes increasingly important. Specifically, both the ability to harness and process large swaths of information as well as...

A Novel Approach to Differential Privacy with Alpha Divergence

As data-driven technologies advance swiftly, maintaining strong privacy measures becomes progressively difficult. Conventional $ε, δ$-differential privacy, while prevalent, exhibits limited adaptability for many applications. To mitigate these constraints, we present alpha differential privacy AD...

Improving Statistical Privacy by Subsampling

Differential privacy DP considers a scenario, where an adversary has almost complete information about the entries of a database This worst-case assumption is likely to overestimate the privacy thread for an individual in real life. Statistical privacy SP denotes a setting where only the...

The benefits of using the new Data Privacy Framework

After the Schrems II ruling by the Court of Justice of the European Union, legal cross-border transfers of personal data from the EU to the U.S. became a key issue for U.S. businesses. After years of negotiations with the EU, the EU and U.S. have developed and agreed upon an adequate system for...

Swedish Data Protection Authority Warns Companies Against Google Analytics Use

The Swedish data protection watchdog has warned companies against using Google Analytics due to risks posed by U.S. government surveillance, following similar moves by Austria, France, and Italy last year. The development comes in the aftermath of an audit initiated by the Swedish Authority for...

Data Privacy Day

January 28 is Data Privacy Day DPD, an annual effort promoting data privacy awareness and education. This year’s DPD events, sponsored by the National Cyber Security Alliance NCSA, focus on how to Own Your Privacy. The NCSA teaches users how to protect valuable data online, while encouraging...

Quality is Job One When it Comes to the HITRUST CSF Assurance Program

The HITRUST CSF® remains an essential security and privacy controls framework that addresses the multitude of security, privacy, and regulatory challenges facing both public and private sector organizations. As framework adoption increases across all industries, maintaining integrity is crucial,...

The Significance of the NIST Privacy Framework

Kudos to the NIST Privacy Team! Privacy Framework v.1.0 has finally been released. Ive been tracking the growth of this initiative since the focus group was kicked off in September 2018 and respect its thoroughly explored yet fundamentally grass roots approach. A few points worth bringing to your...

Facebook Agrees to Pay $5 Billion Fine and Setup New Privacy Program for 20 Years

The Federal Trade Commission FTC today officially confirmed that Facebook has agreed to pay a record-breaking $5 billion fine over privacy violations surrounding the Cambridge Analytica scandal. Besides the multibillion-dollar penalty, the company has also accepted a 20-year-long agreement that...

A week in security (May 27 – June 2)

Last week on Malwarebytes Labs, we took readers through a deep dive—way down the rabbit hole—into the novel malware called “Hidden Bee.” We also looked at the potential impact of a government agency’s privacy framework, and delivered to readers everything they needed to know about ATM attacks and...

NIST’s privacy framework lets privacy tell its own story

Online privacy remains unsolved. Congress prods at it, some companies fumble with it while a small handful excel, and the public demands it. But one government agency is trying to bring everyone together to fix it. As the Senate sits on no fewer than four data privacy bills that their own members...

RSA Conference 2019: NIST's Privacy Framework Starts to Take Shape

Data privacy has been thrust into the limelight with the passage of the General Data Protection Regulation in Europe last year and a string of high-profile consumer privacy snafus. The National Institute of Standards and Technology has plans to help companies address data privacy with the...

Leading in Privacy

On September 24, I was pleased to represent Coalfire and private-sector expertise by attending the kickoff for the Privacy Framework at the Brookings Institute in Washington, D.C. The event was attended by notable leaders in the industry and government: The Departments of Transportation and...

Mapping the Journey to GDPR Compliance: Who’s got the wheel?

With so many different areas of the company involved in our journey to becoming compliant with the General Data Protection Regulation GDPR by May 25th, it was essential for us to have a strong program manager mapping our route. The GDPR enforces the idea that every company should to be aware of...