Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Privacy posted in November 2016
Petition Forces Parliament To Reconsider Surveillance Bill
Quick Hits  |  11/28/2016  | 
100,000 signatures require MPs to consider debating Snoopers' Charter again.
Time For Security & Privacy To Come Out Of Their Silos
Commentary  |  11/28/2016  | 
By working separately, these two teams aren't operating as efficiently as they could and are missing huge opportunities.
European Regulator Probes Yahoos 2015 Secret Email Scan
Quick Hits  |  11/23/2016  | 
Dublin-based Data Protection Commissioner trying to ascertain if Yahoo broke Europes privacy laws.
Symantec To Buy LifeLock At $2.3 Billion
Quick Hits  |  11/22/2016  | 
Deal set to be finalized by Q1 2017 and financed by cash and $750 million of new debt.
WindTalker Attack Finds New Vulnerabilities in Wi-Fi Networks
News  |  11/21/2016  | 
White hat researchers show how hackers read keystrokes to potentially compromise cellphone and tablet users on public Wi-Fi and home networks.
China's Jinping Opens Tech Meet With Calls For 'Fair & Equitable' Internet
Quick Hits  |  11/18/2016  | 
The third Wuzhen World Internet Conference had a strong presence of US tech companies despite criticism of Chinas Internet laws.
Teenager Admits To TalkTalk Hack
Quick Hits  |  11/18/2016  | 
A 17-year-old boy exploited flaws in ISPs web pages to steal confidential data of 150,000 customers.
Insider Threat: The Domestic Cyber Terrorist
Commentary  |  11/17/2016  | 
It is dangerously naive for business and government leaders to dismiss the risk of radicalized privileged users inside our critical industries.
8 Public Sources Holding 'Private' Information
Slideshows  |  11/17/2016  | 
Personal information used for nefarious purposes can be found all over the web from genealogy sites to public records and social media.
Adobe To Pay $1 Million Compensation In Data Breach Case
Quick Hits  |  11/17/2016  | 
Personal data of more than 500,000 consumers from 15 states were stolen in the 2013 breach of Adobe server.
'Snoopers Charter' Set To Become Law In UK
Quick Hits  |  11/17/2016  | 
Surveillance bill goes through British Parliament and awaits only the Royal assent to become law before the year ends.
Firmware Secretly Sent Text, Call Data On Android Users To China
News  |  11/15/2016  | 
Several Android models sold in the US likely impacted, says Kryptowire
The 7 Most Significant Government Data Breaches
Slideshows  |  11/15/2016  | 
Mega compromises at federal and state agencies over the past three years has compromised everything from personal data on millions to national security secrets.
412 Million Users Exposed In Adult Friend Finder, Penthouse Breach
Quick Hits  |  11/14/2016  | 
16 million deleted accounts are among the victims in breach that's 'ten times worse' than that of Ashley Madison.
Shoppers Up Their Online Security Game, Survey Says
News  |  11/10/2016  | 
While they check SSL certificates and liability policies more often, many remain wary of biometric authentication, Computop reports
75,000 Data Protection Officers Needed By 2018 To Handle EU Law
News  |  11/9/2016  | 
US alone will need 9,000 DPOs to meet GDPR mandates, says International Association of Privacy Professionals - but don't expect that many new job listings.
Stay Vigilant To The Evolving Threat Of Social Engineering
Commentary  |  11/8/2016  | 
Even the most cyber-savvy individuals can easily get tripped up by a social engineering attack. But users can trip-up a threat simply by paying attention.
Election 2016 & WikiLeaks: Bad, But Not Your Worst Nightmare
Commentary  |  11/4/2016  | 
John Podesta may be the poster child for poor user security practices but the real problem is rigid regulatory compliance frameworks that perpetuate ineffective perimeter defenses.
7 Reasons Consumers Dont Take Action on Cybersecurity
Slideshows  |  11/1/2016  | 
Security awareness is high but its hard to turn personal knowledge into effective practices.


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...