A cybersecurity insurer predicts that a 13% growth to 1,900 CVEs monthly would include 270 high-severity and 155 critical-severity vulnerabilities. The predictions are based on data collected over the last ten years. For most CVEs, the time to exploit is within 90 days of public disclosure, while the majority of exploits take place within the […]
The EDPS – European Data Protection Supervisor states in an opinion that in order to act as a controller, the entity / involved party must determine the purposes & essential means of the processing. “Essential means” are closely linked to the purpose and the scope of the processing.On the other hand, “non-essential means” concern more […]
Irish university MTU Cork has decided to close all four campuses for two days and cancel all classes due to an intrusion into its IT systems. The attack took place last weekend and would have been detected at an early stage. The university gives no details about what kind of attack it is exactly and […]
Google AI was promoted in an advert designed to show off its new AI bot (Bard). Unfortunately Bard answered a query incorrectly. On Twitter last Monday, the bot was asked about what to tell a nine-year-old about discoveries from the James Webb Space Telescope. It offered the response that the telescope was the first to […]
The Italian privacy regulator has ordered a popular AI chatbot to cease processing data on domestic citizens after breaking GDPR rules. The ‘virtual friend’ app tries to improve users’ emotional well-being and help users understand their thoughts and calm anxiety through stress management, socialization and the search for love,” but doesn’t seem to comply with […]
Privacy by Design (PbD) is about to become an international privacy standard for the protection of consumer products and services. This will have a huge impact. As a guideline, Privacy by Design applies to IT systems, accountable business practices, and physical design and networked infrastructure.
Public bodies should take into account the possible sensitive nature and large amounts of data processed by public bodies. But how to guarantee the fundamental right to the protection of personal data? The EDPB therefore underlines the need for public bodies to act in full compliance with the GDPR when using cloud-based products or services. […]
T-Mobile said a “bad actor” abused an application programming interface (API) to hoover up data on roughly 37 million current postpaid and prepaid customer accounts. The data stolen included customer name, billing address, email, phone number, date of birth, T-Mobile account number, as well as information on the number of customer lines and plan features. […]
According to a PayPal notice of security incident dated January 18, attackers got unauthorized access to the accounts of thousands of users between December 6 and 8, 2022. The total number of accounts that were accessed by threat actors using a credential stuffing attack is reported as being 34,942.
NortonLifeLock warns customers that criminals have broken into their Norton Password Manager, an online password manager, and advises that all stored credentials be changed immediately. The password manager can be used via a Norton account and can generate passwords and store them in an “online vault”. The password manager is available as a browser extension […]