Category: AI in news
US Federal Court Rules Against Geofence Warrants This is a big deal. A US Appeals Court ruled that geofence warrants—these are general warrants demanding information about all people within a geographical boundary—are unconstitutional. The decision seems obvious to me, but you can’t take anything for granted. Tags: courts, data privacy, geolocation, laws Posted on August…
Read More
Die richtigen Fragen im Bewerbungsgespräch können CISO-Kandidaten dabei unterstützen, besser abzuschätzen, was beim neuen Arbeitgeber auf sie zukommen könnte. Foto: N Universe | shutterstock.com Der Bewerbungsprozess ist nicht für Unternehmen eine Gelegenheit, den passenden Kandidaten zu finden. Auch die Job-Aspiranten sollten abwägen, ob die in Aussicht stehende Stelle beziehungsweise das dazugehörige Unternehmen wirklich zu ihnen…
Read More
“The biggest issue they had [was] that they couldn’t pay their people, and it was like on a weekly or fortnightly basis. And if you’re not paying your drivers and stuff, that business stops, right?” says Haigh. “The person that was under the most stress was the CFO. [He] could see themselves going into a…
Read More
Aug 26, 2024Ravie LakshmananSoftware Security / Vulnerability Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution under certain circumstances. Both the vulnerabilities are path traversal flaws and could be weaponized if guest registration is enabled, which is the…
Read More
2. Von einer Krise zur nächsten CSOs mit schlechtem Sicherheits-Management fehlt nicht nur das vorausschauende, strategische und methodische Vorgehen. Sie tun sich außerdem schwer, potenzielle Probleme zu erkennen oder Krisen vorherzusehen. Daher verbringen schlechte Security-Manager die meiste Zeit damit, von einer Krise zur nächsten zu hecheln – und hindern somit ihr Team daran, gezielt Fortschritte…
Read More
Aber: Nur, weil man die Vorschriften einhält, heißt das noch lange nicht, dass man auch sicher ist. Erfahrene Sicherheitsexperten betrachten die Einhaltung von Vorschriften als das absolute Minimum und gehen in ihren Empfehlungen weit über die erforderlichen Komponenten zum Schutz ihrer Unternehmen hinaus. Einhaltung der Vorschriften als Voraussetzung für Geschäftstätigkeit Ein Sicherheitsmanager kann zwar Investitionen…
Read More
Getting bug reports through can be challenging Another significant barrier to adequate coordinated vulnerability disclosure is simply reaching the relevant vendor personnel, a difficult task compounded by the fact that communicating with bug reporters might be low on the vendors’ priorities list. “Getting information back from the vendor about the bug’s status can be challenging,”…
Read More
Aug 26, 2024Ravie LakshmananFinancial Fraud / Mobile Security Cybersecurity researchers have uncovered new Android malware that can relay victims’ contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as NGate, stating it observed the crimeware…
Read More
Aug 25, 2024Ravie LakshmananLaw Enforcement / Digital Privacy Pavel Durov, founder and chief executive of the popular messaging app Telegram, was arrested in France on Saturday, according to French television network TF1. Durov is believed to have been apprehended pursuant to a warrant issued in connection with a preliminary police investigation. TF1 said the probe…
Read More
Aug 24, 2024Ravie LakshmananVulnerability / Government Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the “Change Favicon”…
Read More