Dropping security updates for WordPress versions 3.7 through 4.0

Read Time:45 Second

As of December 1, 2022 the WordPress Security Team will no longer provide security updates for WordPress versions 3.7 through 4.0.

These versions of WordPress were first released eight or more years ago so the vast majority of WordPress installations run a more recent version of WordPress. The chances this will affect your site, or sites, is very small.

If you are unsure if you are running an up-to-date version of WordPress, please log in to your site’s dashboard. Out of date versions of WordPress will display a notice that looks like this:

In WordPress versions 3.8 – 4.0, the version you are running is displayed in the bottom of the “At a Glance” section of the dashboard. In WordPress 3.7 this section is titled “Right Now”.

The Make WordPress Security blog has further details about the process to end support.

Read More

Guide to the best data privacy certifications for 2022

Read Time:5 Minute, 47 Second

This blog was written by an independent guest blogger.

According to research by Statista, over 80% of internet users in the US fear that their personal information is vulnerable to hackers. Data privacy defines how organizations and other entities collect data on other individuals, how they process it, for what purposes they collect and process it, how long they keep it, and how they protect it, to name a few.

In the modern digital environment, data privacy certifications are essential since they impart the skills needed to become privacy specialists. Decision-making, employee training, determining business constraints, managing risk assessment, and streamlining a company’s privacy program are all part of the job of privacy experts.

Organizations increasingly rely on privacy professionals to provide a strategic framework that can adapt to the changing technological landscape, market demands, and constantly changing legislative framework.

Since privacy is a serious concern amongst organizations across the globe due to the growing number of data privacy obligations. These privacy laws have been enacted to protect the rights and freedom of data owners.

How privacy certifications can advance your career

Here, having a data privacy certification enables organizations to demonstrate how well they implement best practices as recommended by privacy laws to uphold the privacy and security of their users’ data. Furthermore, these certifications enable organizations to validate privacy by design and privacy by default when integrating new technologies and processes into their operations. They are making an effort to ensure that their personnel are on the same page as well.

For a long time, certifications have been used to demonstrate an individual’s excellence, expertise, and knowledge in a specific domain. In fact, certifications can make a reasonable differentiation between a person with a certification and a person without one. Certifications have also been seen to help individuals get promoted and even get a significant raise.

When it comes to data privacy certification, these certifications are beneficial for those who are associated with implementing privacy technologies, strategizing privacy frameworks, or consulting the legal matters when it comes to protecting the data privacy of their users or customers. Privacy-specific certifications enable privacy enthusiasts, privacy professionals, and aspiring individuals to get a grip on the changing privacy laws across the globe, the complex modern privacy framework, or privacy considerations in the data lifecycle.

Top data privacy certifications for 2022

There are different types of privacy certifications available. Some certifications are designed to help beginners or aspiring privacy professionals, while other certifications are designed to help professional practitioners implement technical controls around privacy frameworks, assist with legal issues, build policies and procedures, etc.

Therefore, it is imperative that you first decide how a particular certification will enable you to perform your job better and become “a cut above the rest”. Let’s take a look at some of the best privacy certifications, designed by some of the renowned privacy professionals and organizations in the industry.

IAPP Certified Information Privacy Manager (CIPM) certification

The certified information privacy manager (CIPM) certification is designed by one of the renowned names in the data privacy and protection community, the International Association of Privacy Professionals (IAPP). The CIPM certification enables privacy professionals to understand how privacy obligations work for any organization, how the obligations can be implemented, how teams are structured, and how systems are developed around a robust privacy framework.

The CIPM certification is a 2.5-hour long exam, containing 90 questions. The certification exam costs approximately $550, and $375 if it is retaken. Amongst the many reasons why you might want to enroll in CIPM certification includes the following:

It is an industry-standard privacy management program.
It helps individuals manage and develop privacy management programs across the data lifecycle.
It elevates an individual’s leadership profile in data privacy.

To learn more about this course, please click here.

Securiti PrivacyOps certification

Another prominent certification in the data privacy community includes the PrivacyOps certification by Securiti. The PrivacyOps certification discusses the differences between traditional privacy framework vs the modern privacy framework, and how the latter enables organizations to streamline their privacy operations by powering their privacy framework with Artificial Intelligence (AI) and Machine Learning (ML) technologies.

The course outline includes an introduction to the modern privacy framework, global privacy laws, such as GDPR, LGPD, PIPL, CPRA, or PDPL, data mapping and data subject requests automation, consent lifecycle management, vendor assessment, privacy notice management, breach notification automation, and more.

The PrivacyOps certification is completely free. It includes 11 modules, with 9 quizzes, and then the main certification exam. By completing this certification, you also get to earn 4 IAPP CPE credits for free.

To learn more about this course, please click here.

ISACA Certified Data Privacy Solutions Engineer (CDPSE) certification

Developed by Information Systems Audit and Control Association (ISACA), the CDPSE is a technical certification that enables individuals to understand how they enable privacy by design and privacy by default in any organization. The certification is ideal for people who are performing IT job roles like data scientists, data analysts, privacy advisors, and privacy solution architects, to name a few. It intends to educate technologists in privacy by design integration so that they may confidently and thoroughly apply it to all aspects of their work, including the creation of new technologies, products, or procedures.

The Certified Data Privacy Solutions Engineer program also teaches professionals to maintain compliance cost-effectively and to consider data privacy when engaging with other professionals. The three CDPSE work-related domains are covered in the exam in the following ratios:

Privacy governance: 34%
Privacy architecture: 36%
Data lifecycle: 30%

The exam price is $575 for ISACA members and $760 for non-members. After passing the exam, you must formally apply for CDPSE certification. This application costs $50.

To learn more about this course, please click here.

IAPP Certified Information Privacy Professional (CIPP) certification

This certification program, which emphasizes the implementation of data privacy rules and regulations, is provided by the International Association of Privacy Professionals (IAPP).

Anyone working in or looking for a position in legal compliance, information management, data governance, or human resources is encouraged to get this certification. The CIPP program also offers four concentrations, each pertinent to a particular worldwide region, because compliance rules differ depending on where you are. The following are just a few of the numerous reasons you might wish to sign up for CIPM certification:

Models for territorial regulations, standards, and enforcement.
Basic privacy notions and principles.
Laws governing the handling and transfer of data.

The CIPP certification exam costs approximately $550 and $375 if it is retaken. If you currently hold one or more IAPP certificates and are considering obtaining additional, you can take any upcoming exams for $375, saving you $175.

To learn more about this course, please click here.

Conclusion

Certifications can help individuals not only with getting a good raise but also allow them to better help organizations implement privacy standards and practices.

Read More

CVE-2021-36783

Read Time:18 Second

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.

Read More

CVE-2021-36782

Read Time:16 Second

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.

Read More

4 strategy game-changers for finding cybersecurity talent

Read Time:41 Second

Dave Stirling, CISO of Zions Bancorporation, isn’t waiting for a shakeup in the talent pool or some big shift in the job market to solve the cybersecurity skills gap. Instead, he’s making his own luck. How? By changing up his own staffing strategy, “by trying different things and seeing what sticks.”

That approach has Stirling recruiting candidates from the bank’s IT and operations staff, working with local colleges, investing more in training and rethinking how he posts open jobs. He acknowledges that such moves, even when taken all together, aren’t a silver bullet to the well-publicized challenges in finding, hiring and keeping staff. However, he says they’re making incremental improvements in his ability to recruit and retain hard-to-find cybersecurity talent.

To read this article in full, please click here

Read More

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Read Time:25 Second

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.

Read More

A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:30 Second

A vulnerability has been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights

Read More