Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-33085PUBLISHED: 2022-06-30ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates.
CVE-2022-33087PUBLISHED: 2022-06-30A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2022-31115PUBLISHED: 2022-06-30
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML...
CVE-2022-33082PUBLISHED: 2022-06-30An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2013-5683PUBLISHED: 2022-06-30** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.
User Rank: Ninja
6/29/2019 | 6:04:58 PM
14/06/2019
Facebook's EU regulator says it 'remains to be seen' if Mark Zuckerberg is serious about privacy
Country: Ireland
Company: Facebook
Industry: Social Media
The Irish regulator conducting nearly one dozen investigations into Facebook isn't convinced by Mark Zuckerberg's privacy push.
12/06/2019
Austrian Supreme Court green-lights GDPR case against Facebook
Country: Austria
Privacy Regulator: Datenschutzbehörde
Company: Facebook
Industry: Social Media
A potential landmark case against Facebook for violating General Data Protection Regulation rights has been given the go-ahead by the Austrian Supreme Court
22/05/2019
Data protection watchdog launches statutory inquiry into Google's Ad Exchange
Country: Ireland
Industry: Adtech
Company: Google
Non-compliance: GDPR Compliance
The purpose of the inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the relevant provisions of the General Data Protection Regulation (GDPR), including the lawful basis for processing, the principles of transparency and data minimisation, as well as Google's retention practices
26/04/2019
Ireland's data watchdog to investigate Facebook passwords leak
Country: Ireland
Industry: Social Media
Company: Facebook
Non-compliance: Data Breach/Passwords
Ireland's Data Protection Commission (DPC) has launched a statutory investigation into the revelation that Facebook stored hundreds of millions of user passwords insecurely.
16/11/18
Microsoft menaced with GDPR mega-fines in Europe for 'large scale and covert' gathering of people's info via Office
Country: Netherlands
Industry: Software
Company: Microsoft
Non-compliance: Consent. Microsoft broke Euro privacy rules by carrying out the "large scale and covert" gathering of private data through its Office apps.
It seems like the organizations from the list are Microsoft, Facebook and Google. There have been a number of hacks in the US that are not listed (HPE, Apple, IBM, SuperMicro, NorthrupGrumman, Accenture Federal, Lockheed Martin, NSA, and the list goes on)
Lets look at the timelines - https://carnegieendowment.org/specialprojects/protectingfinancialstability/timeline
From a compliance standpoint, I don't see HSBC, US Credit Union, City of Atlanta, Baltimore, Florida (small cities), OPM, Albany NY (https://www.cnn.com/2019/05/10/politics/ransomware-attacks-us-cities/index.html).
It is good to have policy in place but if we continue to have organizations that don't feel the sting of GDPR, then what are we gaining?
T