CISA Pushing U.S. Agencies to Adopt Vulnerability Disclosure Policies

The U.S. government’s cybersecurity agency has issued a draft directive mandating all agencies to develop vulnerability disclosure policies, which would give ethical hackers clear guidelines for submitting bugs found in government systems. Security experts hope that the directive will light a fir...

James Clapper: Lessons Learned in a Post-Snowden World

LAS VEGAS – The 2013 leaks by Edward Snowden highlight holes in the U.S. government around transparency and proactively dealing with insider threats, former national intelligence director James Clapper acknowledged. The U.S. intelligence community needs to be more transparent with the public, whi...

California's Domino Effect on U.S. Privacy Regulation

LAS VEGAS – The California Consumer Privacy Act CCPA, which goes into effect in January 2020, will implement strict requirements for companies to create more transparency about how user data is being used and disseminated. Microsoft’s acknowledgement this week that it will extend CCPA to all of i...

Microsoft to Apply California’s Privacy Law to All U.S. Users

Microsoft is extending a California law aimed at protecting users privacy to all of its users in the United States, an unexpected move supporting tougher requirements to disclose exactly how the company uses the consumer data it collects. The California Consumer Privacy Act, known as CCPA, is...

Execs Could Face Jail Time For Privacy Violations

A new data privacy bill threatens large tech firms, like Facebook, with tough penalties – including monetary fines and up to 20 years of jail time for executives – if they violate user privacy policies. The “Mind Your Own Business Act,” proposed by Sen. Ron Wyden D-Ore. on Thursday, gives the...

Google Assistant Audio Privacy Controls Updated After Outcry

Google is unveiling new privacy controls for the Google Assistant virtual assistant, after the company came under fire earlier this year for eavesdropping on users’ personal audio snippets – without their permission. The tech giant on Monday promised more transparency around the audio data that i...

Understanding CCPA: It's Time to Action a Plan for Compliance

Notice to all procrastinators: The final countdown to the California Consumer Privacy Act CCPA has begun. On January 1, 2020, companies or organizations that do business in California will be required to comply with the state's strict new privacy legislation that establishes a legal and enforceab...

Sublert - Security And Reconnaissance Tool Which Leverages Certificate Transparency To Automatically Monitor New Subdomains Deployed By Specific Organizations And Issued TLS/SSL Certificate

Sublert is a security and reconnaissance tool that was written in Python to leverage certificate transparency for the sole purpose of monitoring new subdomains deployed by specific organizations and issued TLS/SSL certificate. The tool is supposed to be scheduled to run periodically at fixed time...

Google Launches Open-Source Browser Extension for Ad Transparency

Google is launching an experimental, open-source browser extension aimed at increasing transparency around online advertising by displaying information about the ads that are shown to users. The browser extension is an integral part of a new Google initiative announced Thursday to develop a set o...

Use This Privacy Tool to View and Clear Your 'Off-Facebook Activity' Data

Well, here we have great news for Facebook users, which is otherwise terrible for marketers and publishers whose businesses rely on Facebook advertisement for re-targeted conversations. Following the Cambridge Analytica scandal, Facebook has taken several privacy measures in the past one year wit...

openSUSE Security Update : LibreOffice (openSUSE-2019-1929)

This update for libreoffice and libraries fixes the following issues : LibreOffice was updated to 6.2.5.2 fate327121 bsc1128845 bsc1123455, bringing lots of bug and stability fixes. Additional bugfixes : - If there is no firebird engine we still need java to run hsqldb bsc1135189 - PPTX: Rectangl...

Facebook Records User Audio, Sparking Privacy Questions

Facebook has admitted that it has been transcribing audio chats between its users on its Messenger platform. Sources said that it’s paying hundreds to third-party outside contractors to do so. The latter calls into question Facebook’s data-handling practices when it comes to being open with its...

Findomain v0.2.1 - The Fastest And Cross-Platform Subdomain Enumerator

The fastest and cross-platform subdomain enumerator. Comparision It comparision gives you a idea why you should use findomain instead of another tools. The domain used for the test was microsoft.com in the following BlackArch virtual machine: Host: KVM/QEMU Standard PC i440FX + PIIX, 1996...

Evaluating the NSA's Telephony Metadata Program

Interesting analysis: "Examining the Anomalies, Explaining the Value: Should the USA FREEDOM Act's Metadata Program be Extended?" by Susan Landau and Asaf Lubin. Abstract: The telephony metadata program which was authorized under Section 215 of the PATRIOT Act, remains one of the most controversi...

iNSYNQ Ransom Attack Began With Phishing Email

A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around...

Findomain - A Cross-Platform Tool That Use Certificate Transparency Logs To Find Subdomains

A cross-platform tool that use Certificates Transparency logs to find subdomains. We currently support Linux, Windows and MacOS. How it works? It tool doesn't use the common methods for subdomains discover, the tool uses Certificate Transparency logs to find subdomains and it method make it tool...

Apple Transparency Report Now Includes App Store Takedown Requests

For the first time Apple added to its transparency report the number of App Store takedown requests it has received from governments. The report, released Tuesday, also puts some hard numbers on how often law enforcement and governments request device and user data. App Takedown Request Apple’s...

The Concept of "Return on Data"

This law review article by Noam Kolt, titled "Return on Data," proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. Yet, the relationship between the utility U consumers gain and the data D...

br.net.woodstock.rockframework:rockframework-core (>=1.2.1 <=1.2.4), com.day.cq.dam:cq-dam-commons (>=5.4.0 <=5.5.0) +84 more potentially affected by CVE-2018-17202 via org.apache.sanselan:sanselan (=0.97-incubator)

org.apache.sanselan:sanselan MAVEN version =0.97-incubator is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.sanselan:sanselan and may be impacted: - br.net.woodstock.rockframework:rockframework-core =1.2.1, =5.4.0, =0.3.11, =2.0.0-alpha,...

Findomain - A Cross-Platform Tool That Use Certificate Transparency Logs To Find Subdomains

A cross-platform tool that use Certificates Transparency logs to find subdomains. We currently support Linux, Windows and MacOS. How it works? It tool doesn't use the common methods for subdomains discover, the tool uses Certificate Transparency logs to find subdomains and it method make it tool...