Washington Privacy Act welcomed by corporate and nonprofit actors
The steady parade of US data privacy legislation continued last month in Washington with the introduction of an improved bill that would grant state residents the rights to access, control, delete, and port their data, as well as opting out of data sales. The bill, called the Washington Privacy...
0.4AI Score
Tampa Bay Times hit with Ryuk ransomware attack
Florida newspaper _The Tampa Bay Times _suffered a Ryuk ransomware attack Thursday, making it the latest major victim of the notorious ransomware family that continues to rise in popularity. Curiously, the paper is at least the third Florida-based Ryuk victim in the past year. The attack, which...
7AI Score
Deepfakes laws and proposals flood US
In a rare example of legislative haste, roughly one dozen state and federal bills were introduced in the past 12 months to regulate deepfakes, the relatively modern technology that some fear could upend democracy. Though the federal proposals have yet to move forward, the state bills have found...
7.1AI Score
Rules on deepfakes take hold in the US
For years, an annual, must-pass federal spending bill has served as a vehicle for minor or contentious provisions that might otherwise falter in standalone legislation, such as the prohibition of new service member uniforms, or the indefinite detainment of individuals without trial. In 2019, that.....
6.6AI Score
Online privacy in 2019: a legislative review
For decades, the United States treated data privacy like an aging home, patching individual leaks and drafts only when a new storm hit. The country passed a law protecting healthcare-related information, and not much else. It then passed a law protecting video rental information, and not much...
-0.1AI Score
gear4music.ie Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1043763 Security Researcher metamorfosec Helped patch 1969 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting gear4music.ie website.....
0.3AI Score
New Consumer Online Privacy Rights Act (COPRA) would empower American users
Despite the already dizzying number of comprehensive data privacy proposals before the US Senate—nearly 10 have been introduced since mid-2018—yet another bill has entered the conversation: the Consumer Online Privacy Rights Act. This time, the bill, called COPRA for short, is sponsored by a...
-0.2AI Score
Please don’t buy this: smart doorbells
Though Black Friday and Cyber Monday are over, the two shopping holidays were just precursors to the larger Christmas season—a time of year when online packages pile high on doorsteps and front porches around the world. According to some companies, it's only logical to want to protect these...
0.1AI Score
‘Data as property’ promises fix for privacy problems, but could deepen inequality
In mid-November, Democratic presidential hopeful Andrew Yang unveiled a four-prong policy approach to solving some of today’s thornier tech issues, such as widespread misinformation, technology dependence, and data privacy. Americans, Yang proposed, should receive certain, guaranteed protections...
-0.2AI Score
Jalios JCMS 10 Backdoor Account / Authentication Bypass Vulnerabilities
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account using any username and a specific...
1.5AI Score
0.062EPSS
Today, Malwarebytes is announcing its participation in a joint effort to stop invasive digital surveillance: the Coalition Against Stalkerware. For years, Malwarebytes has detected and warned users about the potentially dangerous capabilities of stalkerware, an invasive threat that can rob...
-0.2AI Score
Stalkerware’s legal enforcement problem
Content warning: This piece contains brief descriptions of domestic violence and assault against women and children. In the past five years, only two stalkerware developers, both of whom designed, marketed, and sold tools favored by domestic abusers to pry into victims’ private lives, have faced...
AI Score
ACCESS Act might improve data privacy through interoperability
Data privacy is back in Congressional lawmakers’ sights, as a new, legislative proposal focuses not on data collection, storage, and selling, but on the idea that Americans should be able to more easily pack up their user data and take it to a competing service—perhaps one that better respects...
-0.2AI Score
Stalkerware developer dealt new blow by FTC
Last week, the US Federal Trade Commission (FTC) interpreted its broad consumer protection mandate to file a first-of-its-kind enforcement action against the developer of three mobile stalkerware applications. The developer was banned from further selling the apps unless significant changes were...
0.1AI Score
Why all organizations must better protect sensitive data
About two weeks ago, National Cybersecurity Awareness Month (NCSAM) kicked off with a new message stressing personal responsibility for users keeping themselves safe online: “Own IT. Secure IT. Protect IT.” NCSAM asked users to consider best practices for both securing their own devices and...
-0.2AI Score
Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content
An ex-Yahoo! employee has pleaded guilty to misusing his access at the company to hack into the accounts of nearly 6,000 Yahoo users in search of private and personal records, primarily sexually explicit images and videos. According to an press note released by the U.S. Justice Department,...
1.6AI Score
Insurance data security laws skirt political turmoil
Across the United States, a unique approach to lawmaking has proved radically successful in making data security stronger for one industry—insurance providers. The singular approach has entirely sidestepped the prolonged, political arguments that have become commonplace when trying to pass...
0.2AI Score
CEOs offer their own view of a US data privacy law
Last week, the chief executives of more than 50 mid- and large-sized companies urged Congress to pass a national data privacy law to regulate how companies collect, use, and share Americans’ data. Buried deep within the chief executives’ recommendations for such a law, presented as a policy...
0.2AI Score
5 simple steps to securing your remote employees
As remote working has become standard practice, employees are working from anywhere and using any device they can to get the job done. That means repeated connections to unsecured public Wi-Fi networks—at a coffee shop or juice bar, for example—and higher risks for data leaks from lost, misplaced,....
-0.1AI Score
Data and device security for domestic abuse survivors
For more than a month, Malwarebytes has worked with advocacy groups, law enforcement, and cybersecurity researchers to deliver helpful information in fighting stalkerware—the disturbing cyber threat that enables domestic abusers to spy on their partners’ digital and physical lives. While we’ve...
0.5AI Score
Backdoors are a security vulnerability
Last month, US Attorney General William Barr resurrected a government appeal to technology companies: Provide law enforcement with an infallible, “secure” method to access, unscramble, and read encrypted data stored on devices and sent across secure messaging services. Barr asked, in more...
6.5AI Score
How to get your Equifax money and stay safe doing it
UPDATE August 2, 2019: The US Federal Trade Commission has warned consumers that, due to the high number of claims made for a cash payout regarding the Equifax data breach, the actual value that will be paid out might be "far less" than the originally-stated $125. You can read the FTC's full...
AI Score
Changing California’s privacy law: A snapshot at the support and opposition
This month, the corporate-backed, legislative battle against California privacy met a blockade, as one Senate committee voted down and negotiated changes to several bills that, as originally written, could have weakened the state’s data privacy law, the California Consumer Privacy Act. Though the.....
0.6AI Score
FaceApp scares point to larger data collection problems
Last week, if you thumbed your way through Facebook, Instagram, and Twitter, you likely saw altered photos of your friends with a few extra decades written onto their faces—wrinkles added, skin sagged, hair bereft of color. Has 2019 really been that long? Not really. The photos are the work of...
0.1AI Score
Your device, your choice: AdwCleaner now detects preinstalled software
For years, Malwarebytes has held firm to a core belief about you, the user: You should be able to decide for yourself which apps, programs, browsers, and other software end up on your computer, tablet, or mobile phone. Basically, it’s your device, your choice. With the latest update to...
0.3AI Score
Parental monitoring apps: How do they differ from stalkerware?
In late June, Malwarebytes revived its long-running campaign against a vicious type of malware in use today. This malware peers into text messages. It pinpoints victims’ movements across locations. It reveals browsing and search history. Often hidden from users, it removes their expectation of,...
-0.1AI Score
What should a US federal data privacy law ideally include?
In the constant David-and-Goliath struggle between digital privacy advocates and corporate privacy invaders, the question of how to legally protect Americans with a comprehensive, federal data privacy law provides conflicting answers. Advocates want protections, which Big Tech interprets as...
0.2AI Score
Helping survivors of domestic abuse: What to do when you find stalkerware
We’re going to talk about something different today. We’re going to talk about domestic abuse. Earlier this year, cybersecurity company Kaspersky Lab announced that the latest upgrade to its Android app would inform users about whether their devices were running stealthy, behind-the-scenes...
0.2AI Score
Radiohead’s ransom response shows novel approach for ransomware victims
Last week, British rock band Radiohead thwarted an attempted digital ransom, in which unnamed hackers stole roughly 18 hours of unreleased music dating back to the band’s recording of its studio album OK, Computer, revealing some less-than-ok computer security (sorry). Instead of paying a ransom...
6.1AI Score
Apple iOS 13 will better protect user privacy, but more could be done
Last week, Apple introduced several new privacy features to its latest mobile operating system, iOS 13. The Internet, predictably, expressed doubt, questioning Apple’s oversized influence, its exclusive pricing model that puts privacy out of reach for anyone who can’t drop hundreds of dollars on a....
-0.7AI Score
Maine governor signs ISP privacy bill
Less than one week after Maine Governor Janet Mills received one of the nation’s most privacy-protective state bills on her desk, she signed it into law. The move makes Maine the latest US state to implement its own online privacy protections. The law, which will go into effect July 1, 2020,...
AI Score
Maine inches closer to shutting down ISP pay-for-privacy schemes
Maine residents are one step closer to being protected from the unapproved use, sharing, and sale of their data by Internet service providers (ISPs). A new state bill, already approved by the state House of Representatives and Senate, awaits the governor’s signature. If signed, the bill would...
AI Score
NIST’s privacy framework lets privacy tell its own story
Online privacy remains unsolved. Congress prods at it, some companies fumble with it (while a small handful excel), and the public demands it. But one government agency is trying to bring everyone together to fix it. As the Senate sits on no fewer than four data privacy bills that their own...
-0.1AI Score
Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing.....
8.8CVSS
3.3AI Score
0.045EPSS
Adobe Acrobat Pro DC JPEG File Parsing Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the.....
6.5CVSS
1.8AI Score
0.033EPSS
Adobe Acrobat Pro DC Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing.....
8.8CVSS
3.5AI Score
0.045EPSS
Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
6.5CVSS
1.6AI Score
0.47EPSS
The top six takeaways for user privacy
Last week, Malwarebytes Labs began closing out our data privacy and cybersecurity law blog series, a two-month long exploration spanning five continents, 50 states, just as many data breach notification laws, three non-universal definitions of personal information and personal data, five pending...
6.7AI Score
The top six takeaways for corporate data privacy compliance
For nearly two months, Malwarebytes Labs has led readers on a journey through data privacy laws around the world, exploring the nuances between “personal information” and “personal data,” as well as between data breach notification laws in Florida, Utah, California, and Iowa. We explored the...
6.8AI Score
Mozilla urges Apple to make privacy a team sport
We often say cybersecurity is a team sport, but, pending a public advocacy campaign from one major tech developer to another, the same might be true for online privacy. Mozilla is currently getting people around the world to lend their voices toward Apple, asking that the company place some extra.....
0.2AI Score
Consumers have few legal options for protecting privacy
There are no promises in the words, “We care about user privacy.” Yet, these words appear on privacy policy after privacy policy, serving as disingenuous banners to hide potentially invasive corporate practices, including clandestine data collection, sharing, and selling. This is no accident. It...
6.6AI Score
OMRON CX-One CX-Programmer CXP File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
6.6CVSS
4AI Score
0.015EPSS
What is personal information? In legal terms, it depends
In early March, cybersecurity professionals around the world filled the San Francisco Moscone Convention Center’s sprawling exhibition halls to discuss and learn about everything infosec, from public key encryption to incident response, and from machine learning to domestic abuse. It was RSA...
0.5AI Score
EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-Programmer within CX-One Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the...
6.6CVSS
6.9AI Score
0.015EPSS
The global data privacy roadmap: a question of risk
For most American businesses, complying with US data privacy laws follows a somewhat linear, albeit lengthy, path. Set up a privacy policy, don’t lie to the consumer, and check the specific rules if you’re a health care provider, video streaming company, or kids’ app maker. For American businesses....
-0.1AI Score
US Congress proposes comprehensive federal data privacy legislation—finally
The United States might be the only country of its size—both in economy and population—to lack a comprehensive data privacy law protecting its citizens’ online lives. That could change this year. Never-ending cybersecurity breaches, recently-enacted international privacy laws, public outrage, and.....
6.5AI Score
Facebook’s history betrays its privacy pivot
Facebook CEO Mark Zuckerberg proposed a radical pivot for his company this month: it would start caring—really—about privacy, building out a new version of the platform that turns Facebook less into a public, open “town square” and more into a private, intimate “living room.” Zuckerberg promised...
6.7AI Score
Google’s Nest fiasco harms user trust and invades their privacy
Technology companies, lawmakers, privacy advocates, and everyday consumers likely disagree about exactly how a company should go about collecting user data. But, following a trust-shattering move by Google last month regarding its Nest Secure product, consensus on one issue has emerged: Companies.....
-1.1AI Score
The not-so-definitive guide to cybersecurity and data privacy laws
US cybersecurity and data privacy laws are, to put it lightly, a mess. Years of piecemeal legislation, Supreme Court decisions, and government surveillance crises, along with repeated corporate failures to protect user data, have created a legal landscape that is, for the American public and...
-0.1AI Score
Labs survey finds privacy concerns, distrust of social media rampant with all age groups
Before Cambridge Analytica made Facebook an unwilling accomplice to a scandal by appropriating and misusing more than 50 million users’ data, the public was already living in relative unease over the privacy of their information online. The Cambridge Analytica incident, along with other, seemingly....
-0.2AI Score