Tag: privacy
-
Cybersecurity Snapshot: CISA Highlights Vulnerability Management Importance in Breach Analysis, as Orgs Are Urged To Patch Cisco Zero-Days
Tags: 2fa, access, advisory, api, attack, authentication, breach, business, cisa, cisco, cloud, control, credentials, crime, cve, cyber, cybersecurity, data, defense, endpoint, exploit, fido, finance, firewall, framework, github, grc, guide, identity, incident response, infrastructure, Internet, ISO-27001, kev, law, lessons-learned, malicious, malware, mfa, mitigation, monitoring, network, open-source, phishing, privacy, ransomware, risk, saas, scam, security-incident, service, soc, software, supply-chain, tactics, threat, update, vpn, vulnerability, vulnerability-management, worm, zero-dayCISA’s takeaways of an agency hack include a call for timely vulnerability patching. Plus, Cisco zero-day bugs are under attack, patch now. Meanwhile, the CSA issued a framework for SaaS security. And get the latest on the npm breach, the ransomware attack that disrupted air travel and more! Here are six things you need to…
-
TruSources to show off its on-device identity-checking tech at TechCrunch Disrupt 2025
Age-verification laws are a privacy and security nightmare. This startup performs age checks on-device, without users having to upload their IDs to the internet. First seen on techcrunch.com Jump to article: techcrunch.com/2025/09/26/trusources-to-show-off-its-on-device-identity-checking-tech-at-techcrunch-disrupt-2025/
-
Okta introduces Identity Security Fabric to secure AI agents
Tags: ai, backup, control, credentials, data, deep-fake, government, identity, infrastructure, malicious, mobile, okta, privacy, vulnerabilityDigital credentials round out the platform: The third fabric component is digital credentials capabilities through the Okta Verifiable Digital Credentials (VDC) platform, scheduled for fiscal 2027 release.The system would allow organizations to issue cryptographically secure versions of government IDs, employment records, and professional certifications.”Built on open standards for maximum control and future interoperability, VDCs will…
-
Okta introduces Identity Security Fabric to secure AI agents
Tags: ai, backup, control, credentials, data, deep-fake, government, identity, infrastructure, malicious, mobile, okta, privacy, vulnerabilityDigital credentials round out the platform: The third fabric component is digital credentials capabilities through the Okta Verifiable Digital Credentials (VDC) platform, scheduled for fiscal 2027 release.The system would allow organizations to issue cryptographically secure versions of government IDs, employment records, and professional certifications.”Built on open standards for maximum control and future interoperability, VDCs will…
-
Top 5 Essential Privacy Tools for 2024: Stay Safe Online
Discover the most effective privacy tools for protecting your digital life in 2024. From encrypted messaging apps to secure password managers, learn which tools First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/top-5-essential-privacy-tools-for-2024-stay-safe-online/
-
Qantas cutting CEO pay signals new era of cyber accountability
Tags: ai, attack, breach, ceo, ciso, cyber, cybersecurity, data, data-breach, finance, governance, incident, incident response, malicious, privacy, ransomware, riskWhat should CISOs and CEOs do now?: CISOs, who have historically borne the brunt of breaches and malicious cyber incidents, should take heed of this emerging trend. “Be aware of the environment and expectations today, and where they’re headed,” Redgraves’ Tully says. “Try to get out in front of that. You need to work with…
-
The Definitive Guide to Compliance Costs: Where Your Budget Goes
Key Takeaways Businesses are managing compliance on multiple fronts: cybersecurity standards, privacy regulations, third-party oversight, and sector-specific rules that change faster than budgets can adapt. Each requirement adds to the total cost of compliance. It’s easy to pinpoint your audit fees or the price of their GRC platform. But those are only part of the……
-
The Definitive Guide to Compliance Costs: Where Your Budget Goes
Key Takeaways Businesses are managing compliance on multiple fronts: cybersecurity standards, privacy regulations, third-party oversight, and sector-specific rules that change faster than budgets can adapt. Each requirement adds to the total cost of compliance. It’s easy to pinpoint your audit fees or the price of their GRC platform. But those are only part of the……
-
USENIX 2025: PEPR ’25 Remediating Systemic Privacy Incidents
Creator, Author and Presenter: Sam Havron, Meta Our thanks to USENIX for publishing their Presenter’s outstanding USENIX ’25 Conference content on the organization’s’ YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/usenix-2025-pepr-25-remediating-systemic-privacy-incidents/
-
Google, Flo Health, Flurry to Pay $59.5M in Privacy Lawsuit
Settlement Ends Litigation Alleging Unlawful Sharing of Consumers’ Fertility Data. Flo Health, Google and Flurry have agreed to shell out millions of dollars to fund a nearly $60 million settlement for proposed class action lawsuit that accused Flo of using tracking codes in its fertility app that shared women’s sensitive information with Google and Flurry…
-
USENIX 2025: PEPR ’25 Privacy Paradigms For Law Enforcement Response
Creators, Authors and Presenters: Lukas Bundonis, Netflix; Ben Ballard, MITRE Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/usenix-2025-pepr-25-privacy-paradigms-for-law-enforcement-response/
-
Cloud Security Alliance launches framework to improve SaaS security
Tags: access, business, ceo, cloud, compliance, control, firewall, framework, governance, international, Internet, monitoring, network, privacy, risk, risk-assessment, saas, zero-trustChange control and configuration managementData security and privacy lifecycle managementIdentity and access managementInteroperability and portabilityLogging and monitoringSecurity incident management, e-discovery, and cloud forensicsThese domains are designed to map high-level business requirements into tangible SaaS security features that customers can actually configure and rely on, such as log delivery, SSO enforcement, secure configuration guidelines, and incident…
-
Dem report concludes Department of Government Efficiency violates cybersecurity, privacy rules
DOGE is “bypassing cybersecurity protections” at three agencies, Senate Homeland Security and Governmental Affairs Committee Democrats concluded. First seen on cyberscoop.com Jump to article: cyberscoop.com/senate-democrats-report-doge-cybersecurity-privacy-violations/
-
Google, period-tracking app to pay combined $56 million to settle privacy claims
According to court documents filed this week by the plaintiffs, Google will set up a $48 million fund for Flo app users who entered information about menstruation or pregnancy from November 2016 until the end of February 2019. First seen on therecord.media Jump to article: therecord.media/google-flo-health-settle-privacy-class-action
-
Thales Named a Leader in the Data Security Posture Management Market
Tags: access, ai, attack, breach, cloud, compliance, container, control, cybersecurity, data, data-breach, defense, detection, encryption, finance, GDPR, google, Hardware, identity, intelligence, law, microsoft, monitoring, network, office, privacy, regulation, resilience, risk, soc, software, strategy, technology, threat, toolThales Named a Leader in the Data Security Posture Management Market madhav Thu, 09/25/2025 – 06:15 Most breaches begin with the same blind spot: organizations don’t know precisely what data they hold, or how exposed it is. Value and risk sit side by side. Data Security Todd Moore – Global VP of Data Security Products…
-
Check your own databases before asking to see our passport photos, Home Office tells UK cops
Guidance follows privacy complaints over sharp increase in police searches of travel doc and visa pic libraries First seen on theregister.com Jump to article: www.theregister.com/2025/09/25/uk_passport_photo_cache_block_rules/
-
Google’s $425 Million Fine a Win for Privacy, But Will it Stick?
Google must pay $425M for violating California privacy laws by tracking 98M users despite opt-outs. A major win for data privacy, though appeals loom. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/googles-425-million-fine-a-win-for-privacy-but-will-it-stick/
-
Google’s $425 Million Fine a Win for Privacy, But Will it Stick?
Google must pay $425M for violating California privacy laws by tracking 98M users despite opt-outs. A major win for data privacy, though appeals loom. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/googles-425-million-fine-a-win-for-privacy-but-will-it-stick/
-
The CISO’s guide to rolling out generative AI at scale
Tags: access, ai, best-practice, chatgpt, ciso, communications, governance, guide, jobs, lessons-learned, network, privacy, risk, technology, tool, trainingSet the stage for success Before launch, host an organization-wide lunch and learn to introduce the platform, explain the rollout’s goals, and connect the initiative to real work. This is not a marketing event; it’s an operational alignment session. Bring the vendor in to walk through the platform, show what it does, and answer questions.…
-
The CISO’s guide to rolling out generative AI at scale
Tags: access, ai, best-practice, chatgpt, ciso, communications, governance, guide, jobs, lessons-learned, network, privacy, risk, technology, tool, trainingSet the stage for success Before launch, host an organization-wide lunch and learn to introduce the platform, explain the rollout’s goals, and connect the initiative to real work. This is not a marketing event; it’s an operational alignment session. Bring the vendor in to walk through the platform, show what it does, and answer questions.…
-
Microsoft DCU’s Takedown of RaccoonO365
When I saw the name of the Microsoft Digital Crime Unit’s latest target, “RaccoonO365” I probably reacted to it differently than most. With the help of a friend in Lagos, we’ve been watching the money launderers and things have reached a point that they now refer to what we previously called “Business Email Compromise” or…
-
TDL 005 – A Defender’s Journey: From Passion Project to Protecting Children Online
Tags: access, business, control, corporate, country, cyber, cybersecurity, data-breach, defense, dns, encryption, endpoint, finance, github, government, group, guide, identity, Internet, jobs, microsoft, network, open-source, privacy, risk, service, technology, tool, zero-trustSummary A Defender’s Journey: From Passion Project to Protecting Children Online In a recent episode of “The Defender’s Log,” host David Redekop sat down with cybersecurity expert Will Earp to discuss his unconventional path into the industry and his current mission-driven career. Earp, a self-proclaimed “tinkerer” from a young age, shared how his early fascination…
-
Top 10 Best Cybersecurity Compliance Management Software in 2025
Cybersecurity compliance has become a mission-critical part of modern business operations. With the rise of data privacy laws, global regulations, and increasing cyber threats, organizations need reliable compliance management software to stay secure and audit-ready. The best compliance platforms streamline frameworks like SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, and more while automating workflows,…
-
As scientists show they can read inner speech, brain implant ‘pioneers’ fight for neural data privacy, access rights
With scientists now demonstrating that they can decode attempted speech based on the neural data they collect from Brain Computer Interface (BCI) research subjects with implants, patients and advocates say the importance of adequate data protections has grown. First seen on therecord.media Jump to article: therecord.media/neural-data-privacy-brain-implants
-
CSO Awards winners highlight security innovation and transformation
Tags: ai, attack, automation, awareness, best-practice, business, ciso, cloud, compliance, conference, control, cyber, cybersecurity, data, defense, detection, finance, flaw, framework, governance, group, guide, infrastructure, intelligence, login, malicious, metric, mitre, network, penetration-testing, phishing, privacy, programming, risk, risk-management, service, siem, skills, soc, software, technology, threat, tool, training, update, vulnerability, vulnerability-managementFSU tackles third-party risk with tighter vendor management program: Organization: Florida State UniversityProject: Third-Party Risk Management ProgramSecurity leader: Bill Hunkapiller, CISOOfficials at Florida State University wanted to ensure that data shared with outside entities was well protected. To achieve that, CISO Bill Hunkapiller and his team revamped its third-party risk management program so that the…
-
Breach Roundup: Microsoft, Cloudflare Dismantle RaccoonO365
Tags: ai, breach, china, data, data-breach, hacker, microsoft, phishing, privacy, service, spear-phishing, technologyAlso, Colt Services Outage Persists, Finland Charges Americans in Vastaamo Hack. This week, Microsoft hit RaccoonO365, Colt Technology Services, Finland charged a U.S. citizen in Vastaamo hack. RevengeHotels hackers used AI, Meta can’t overturn a privacy case verdict. Chinese hackers unleashed spear phishing emails. Prosper confirmed a data breach, as did Kering fashion houses. First…
-
LinkedIn now uses your data for AI by default, opt out now!
LinkedIn is making major changes to its User Agreement and Privacy Policy, effective November 3, 2025. Among the most notable updates, the company will now use member data by … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/18/linkedin-ai-data-privacy-policy/
-
LinkedIn now uses your data for AI by default, opt out now!
LinkedIn is making major changes to its User Agreement and Privacy Policy, effective November 3, 2025. Among the most notable updates, the company will now use member data by … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/18/linkedin-ai-data-privacy-policy/
-
South Korea Personal Information Privacy Act
What is the Data Privacy Act (DPA)? The Philippines Data Privacy Act of 2012 (Republic Act No. 10173), commonly referred to as the DPA, is the country’s primary data protection law. Enacted in August 2012, the Act was designed to safeguard the fundamental right to privacy of every Filipino while ensuring the free flow of……
-
PureVPN Vulnerability Reveals IPv6 Address While Reconnecting to Wi-Fi
A critical security vulnerability has been discovered in PureVPN’s Linux clients that exposes users’ real IPv6 addresses during network reconnections, undermining the privacy protections that users expect from their VPN service. The vulnerability affects both the graphical user interface (GUI version 2.10.0) and command-line interface (CLI version 2.0.1) on Linux systems, specifically tested on Ubuntu…