Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196PUBLISHED: 2023-05-26Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879PUBLISHED: 2023-05-26GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
User Rank: Ninja
6/29/2019 | 6:04:58 PM
14/06/2019
Facebook's EU regulator says it 'remains to be seen' if Mark Zuckerberg is serious about privacy
Country: Ireland
Company: Facebook
Industry: Social Media
The Irish regulator conducting nearly one dozen investigations into Facebook isn't convinced by Mark Zuckerberg's privacy push.
12/06/2019
Austrian Supreme Court green-lights GDPR case against Facebook
Country: Austria
Privacy Regulator: Datenschutzbehörde
Company: Facebook
Industry: Social Media
A potential landmark case against Facebook for violating General Data Protection Regulation rights has been given the go-ahead by the Austrian Supreme Court
22/05/2019
Data protection watchdog launches statutory inquiry into Google's Ad Exchange
Country: Ireland
Industry: Adtech
Company: Google
Non-compliance: GDPR Compliance
The purpose of the inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the relevant provisions of the General Data Protection Regulation (GDPR), including the lawful basis for processing, the principles of transparency and data minimisation, as well as Google's retention practices
26/04/2019
Ireland's data watchdog to investigate Facebook passwords leak
Country: Ireland
Industry: Social Media
Company: Facebook
Non-compliance: Data Breach/Passwords
Ireland's Data Protection Commission (DPC) has launched a statutory investigation into the revelation that Facebook stored hundreds of millions of user passwords insecurely.
16/11/18
Microsoft menaced with GDPR mega-fines in Europe for 'large scale and covert' gathering of people's info via Office
Country: Netherlands
Industry: Software
Company: Microsoft
Non-compliance: Consent. Microsoft broke Euro privacy rules by carrying out the "large scale and covert" gathering of private data through its Office apps.
It seems like the organizations from the list are Microsoft, Facebook and Google. There have been a number of hacks in the US that are not listed (HPE, Apple, IBM, SuperMicro, NorthrupGrumman, Accenture Federal, Lockheed Martin, NSA, and the list goes on)
Lets look at the timelines - https://carnegieendowment.org/specialprojects/protectingfinancialstability/timeline
From a compliance standpoint, I don't see HSBC, US Credit Union, City of Atlanta, Baltimore, Florida (small cities), OPM, Albany NY (https://www.cnn.com/2019/05/10/politics/ransomware-attacks-us-cities/index.html).
It is good to have policy in place but if we continue to have organizations that don't feel the sting of GDPR, then what are we gaining?
T