Under the GDPR (General Data Protection Regulation), all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. Additionally, there are circumstances in which…
NoxPlayer Android Emulator Supply-Chain Attack
It seems to be the season of sophisticated supply-chain attacks. This one is in the NoxPlayer Android emulator: ESET says that based on evidence its researchers gathered, a threat actor compromised one of the company’s…
Extracting Personal Information from Large Language Models Like…
Researchers have been able to find all sorts of personal information within GPT-2. This information was part of the training data, and can be extracted with the right sorts of queries. Paper: “Extracting Training Data…
Backdoor in Zyxel Firewalls and Gateways
This is bad: More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the…
Have you met the DSP Toolkit deadline?
Earlier this year, NHS Digital confirmed that it was extending the 2020/2021 compliance deadline for DSP (Data Security and Protection) Toolkit until 30 September in light of the COVID-19 pandemic. If you’re not already compliant,…
Your DPO questions answered
Organisations have had to get a lot more serious about data processing and information security since the EU GDPR (General Data Protection Regulation) came into effect earlier this year. For many, that has included the…
What is data loss and how does it…
Data loss refers to the destruction of sensitive information. It’s a specific type of data breach, falling into the ‘availability’ category of data security (the other two categories being ‘confidentiality’ and ‘integrity’). Data can be…
GDPR data transfer rules: what you need to…
If you’re transferring data outside of the EEA, the GDPR (General Data Protection Regulation) imposes some restrictions. These apply to all data transfers, no matter the size of the transfer or how often you carry them…
GDPR data subject access requests (DSARs): How to…
The GDPR (General Data Protection Regulation) grants data subjects the right to access their personal data. This is known as a DSAR (data subject access request). This is not a new concept, but the GDPR introduced several changes…