UK fines TikTok $15.8 million for GDPR violation of children’s privacy

Read Time:47 Second

The UK’s Information Commissioner’s Office announced today that it has levied a nearly $16 million fine against TikTok for “a number of breaches” of the country’s data protection law.

Central to the ICO’s decision to fine TikTok are the estimated 1.4 million UK children under 13 years of age, who were allowed to sign up for the platform in 2020, despite the company’s own rules barring such use.

That’s a violation of UK’s General Data Protection Regulation (similar to the EU’s GDPR), the ICO said in a statement. The UK GDPR requires that companies that use personal data to offer services to children under 13 need a parent or guardian’s permission to do so. The regulator also noted that “senior employees” at TikTok were aware of underage users on the platform, and did not respond adequately to the issue.

To read this article in full, please click here

Read More

Snyk bolsters developer security with fresh devsecop, cloud capabilities

Read Time:33 Second

Cybersecurity application provider Snyk has added fresh capabilities to its flagship developer security platform to improve programming productivity and help secure software supply chains.

The series of enhancements to Snyk’s namesake platform includes security support for C/C++ applications, new capabilities for infrastructure as code (IaC), automated security for  container supply chains, and new devsecops collaboration features.

Using an in-house built, AI-based engine, Snyk scans C/C++ codes in development to identify all open source dependencies, associated vulnerabilities, and license compliance issues. The new capability offers features to help developers identify and fix issues as they code.

To read this article in full, please click here

Read More

FedEx Ship Manager (FSM) v3704 Insecure Use of .NET Remoting

Read Time:23 Second

Posted by Harrison Neal on Apr 04

Vulnerable Software Download URL:
https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4

FSM 3704 (and some earlier versions) use .NET Remoting in a way that can
lead to unauthenticated remote code execution attacks as SYSTEM. Tools that
can successfully attack affected services are freely available.
Administrators should block or otherwise limit access to TCP ports opened
by services installed by this software wherever possible.

Read More

New Rorschach ransomware hits with unique features and very fast encryption

Read Time:38 Second

Researchers warn of a new strain of ransomware dubbed Rorschach that doesn’t appear to be related to previously known threats and uses several unique features in its implementation, including one of the fastest file encryption routines observed so far.

“A behavioral analysis of the new ransomware suggests it is partly autonomous, spreading itself automatically when executed on a domain controller (DC) while it clears the event logs of the affected machines,” researchers from security firm Check Point said in a new report. “In addition, it’s extremely flexible, operating not only based on a built-in configuration but also on numerous optional arguments which allow it to change its behavior according to the operator’s needs.”

To read this article in full, please click here

Read More

UK data regulator issues warning over generative AI data protection concerns

Read Time:24 Second

The UK’s data regulator has issued a warning to tech companies about protecting personal information when developing and deploying large language, generative AI models.

Less than a week after Italy’s data privacy regulator banned ChatGPT over alleged privacy violations, the Information Commission’s Office (ICO) published a blog post reminding organizations that data protection laws still apply when the personal information being processed comes from publicly accessible sources.

To read this article in full, please click here

Read More