Vulnerabilities / Threats

9/11/2017
04:50 PM
50%
50%

Spain Slaps Facebook with a 1.2 Million Euro Privacy Violation Fine

Three infringements - one 'very serious' - of the country's data protection law are cited by the Spanish regulatory agency.

Facebook got slapped with a 1.2 million euro fine by Spain's data and privacy enforcement agency, the Spanish Data Protection Agency (AEPD).

The AEPD, which enforces the Organic Law on Data Protection (LOPD) regulations, claims Facebook raked up one "very serious" LOPD infringement and two "serious" infringements.

In the "very serious" case, the AEPD alleges Facebook collected privacy protected data, such as religious beliefs, sex, ideology, personal tastes, and sites visited, without clearly notifying users beforehand.

The AEPD issued the second infringement over Facebook's alleged use of cookies to process members' information when they are browsing non-Facebook pages, and when non-Facebook members come to visit the site. The information collected is then applied to that specific user's social network account, AEPD alleges. The enforcement agency also claims Facebook retains users' site navigation information beyond the period of its stated purpose.

Read more about the Facebook fine here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Melissa Anders
50%
50%
Melissa Anders,
User Rank: Apprentice
9/12/2017 | 9:27:57 AM
Re: Facebook-->Apple
I absolutely agree with you.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/12/2017 | 7:35:06 AM
Facebook-->Apple
Facebook needs to take a lesson from Apple and everytime a function is changed to gather more data, hit the user with an agreement page during sign-in. Especially if they intend to apply this functionality without user input.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11763
PUBLISHED: 2018-09-25
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
CVE-2018-14634
PUBLISHED: 2018-09-25
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerabl...
CVE-2018-1664
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
CVE-2018-1669
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...
CVE-2018-1539
PUBLISHED: 2018-09-25
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.