Peloton’s leaky API has allowed any hacker to obtain any user’s account data — even if that user had set their profile to private.
The vulnerability, which was discovered by security research firm Pen Test Partners, allowed requests to go through for Peloton user account data without checking to make sure the request was authenticated. As a result, the exposed API could let anyone access any Peloton user’s age, gender, city, weight, workout stats, and birthday.
Recently, TalentLMS partnered with Kenna Security to survey 1,200 employees on their cybersecurity habits, knowledge of best practices, and ability to recognize security threats. Here are some of the staggering results that offer some explanation as to why cybercrime has grown into such a lucrative business:
In the United States, February is often considered the last peak month of flu season. We are all accustomed to the unpleasant coughing fits and runny noses that accompany winter’s chill. However, in a turn of events, the common flu has been relatively uncommon across the country this winter. Instead, we continue to deal with the fallout from the far more contagious—and far less forgiving—SARS-CoV-2 virus.
Apple announced it will start enforcing a new privacy notification rule that digital advertising firms such as Facebook have warned will hurt their profits.
Those on the cyber threat frontlines may view the entire FireEye-SolarWinds catastrophe through a very different lens. It’s a mile-high view that proves a thesis: why data must be smart and able to protect itself from cybercriminals – no matter where it goes, where it’s stored or who has it.
New research on California consumers shows that nearly half of privacy requests sent in 2020 were to stop the sale of personal data to a third-party. In addition, companies are dealing with an overwhelming number of privacy requests costing money and time.
Rather than be caught off-guard and left to play catch-up, security and IT professionals should begin planning now for the many new and updated regulations, standards and proposed pieces of legislation that will be sweeping over the financial services industry and other sectors in the near future.
The pandemic has accelerated digital transformation for many organizations. Global remote work and increased digital interactions means an exponential growth in digital footprint for individuals, as well as corporations. Having to store, process and move this much data quickly into the cloud and manage the expanded digital footprint requires agility of decision making and security and privacy by design implementation and operation.
On March 15, 2021, the California Attorney General’s office announced that the Office of Administrative Law has approved the Attorney General’s proposed changes to the CCPA regulations. The new regulations make three general changes relating to the right to opt out of sales and one change to authorized agent requests. In addition, the Attorney General’s press release reaffirms that enforcement activities are proceeding.
