Security News > 2022

The European Data Protection Supervisor, an EU privacy and data protection independent supervisory authority, has ordered Europol to erase personal data on individuals that haven't been linked to criminal activity. The decision follows an own-initiative inquiry started on April 30, 2019, regarding the EU police body's use of Big Data Analytics for personal data processing activities.

The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance. The set includes an SQL injection on WP Query, a blind SQL injection via the WP Meta Query, an XSS attack via the post slugs, and an admin object injection.

Now, Hornung is CEO at Xact IT Solutions and has 15 years of security auditing and other IT services under his belt. In the pharmaceutical industry, Hornung said, there's an incentive to deal with regulations-beyond the FDA-to avoid "Dealing with the PR nightmare of a breach on their company."

A team of security researchers has discovered serious flaws in the way the modern internet parses URLs: Specifically, that there are too many URL parsers with inconsistent rules, which has created a worldwide web easily exploited by savvy attackers. We don't even need to look very hard to find an example of URL parsing being manipulated in the wild to devastating effect: The late-2021 Log4j exploit is a perfect example, the researchers said in their report.

American budget retailer Walmart was cited for 19 alleged cybersecurity breaches in China, state-sponsored media reported last week. The timing of the announcement is curious, as earlier in the week reports emerged in the Middle Kingdom that Walmart subsidiary Sam's Club was not stocking Xinjiang-produced goods.

Electromagnetic emanations can be recorded and used to detect and identify malware running on IoT devices, a group of researchers working at IRISA have proven. This novel malware detection approach also offers additional advantages: as no specific software has to be installed on the monitored device, it can hardly be detected by the malware and evaded by the malware authors.

Former foreign secretary Dominic Raab rebuked GCHQ for secretly halting internal compliance audits that ensured the spy agency was obeying the law, a government report has revealed - while just 0.06 per cent of spying requests made by Britain's public sector were refused by its supposed overseer. Explaining how GCHQ's COVID excuse "Deviated from our expectations," IPCO said: "The IPC and the Foreign Secretary made clear to GCHQ that, in future, they expect GCHQ to inform them of any changes relevant to the handling of warranted data."

The City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites.

The knowledge necessary to build viruses was practically the same as that needed for antivirus software, and the conspiracy theory arose that less-than-scrupulous AV vendors were generating viruses as well to spice up the market. At the same time as AV software got worse, computers got better.

DeleteMe releases its privacy predictions for 2022, based on developments seen in 2020/2021 as well as original research conducted for its 2021 PII Marketplace Report. "A lot of things related to online privacy have changed in the last 2 years, and we see significant new developments coming in 2022 in areas like browser-tracking, digital identity, regulatory compliance, and how online PII gets exploited by both threat actors as well as industry," said Rob Shavell, CEO at DeleteMe.