Archive for the ‘Uncategorized’ Category

Europe Cookie Law Comparison Tool Launched

Europe Cookie Law Comparison Tool Launched

Global law firm Dentons has created a free tool to help users understand their obligations regarding the use of internet cookies across 28 European countries. 



The Europe Cookie Law Comparison tool was launched today with the support of the Nextlaw Referral Network. Its authors hope the tool will bring users greater clarity with respect to their legal and data privacy responsibilities in an ever-changing regulatory context.



Inspiration for the tool came partly from the frustration of trying to navigate the requirements for obtaining consent for the use of cookies, a grievance experienced by both website owners and visitors. Current confusion concerning cookies comes from the fact that different countries have introduced different regulations regarding their use.



“Pending the adoption of the new e-Privacy Regulation, various European data protection authorities have decided to take autonomous action on cookies by issuing additional specific local guidelines and measures,” commented Giangiacomo Olivi, Dentons partner and co-head of its Europe Data Privacy and Security team.



“The tool will help to navigate the fragmented regulations across 28 countries in Europe.”



Users of the tool are able to compare and contrast the regulations set by up to three countries at a time and immediately share the results with their colleagues via email. The tool has been designed to draw from up-to-the-minute information to keep up with the fast pace of regulatory change. 



“We see this tool as the first point of call for the legal and compliance personnel of globally active companies, who need to comply with privacy and other laws applicable to cookies and similar technologies across multiple jurisdictions in Europe,” said Dentons partner and co-head of the firm’s Europe Data Privacy and Security team, Marc Elshof.



Dentons lawyers contributed the legal analysis for Belgium, the Czech Republic, France, Germany, Hungary, Italy, Luxembourg, the Netherlands, Poland, Romania, Slovakia, Spain, and the UK. In addition, several law firms from the Nextlaw Referral Network contributed content for specific jurisdictions: CHSH (Austria), Wolf Theiss (Bulgaria), Antoniou McCollum & Co. (Cyprus), Cacic & Partners (Croatia), Lundgrens (Denmark), Derling (Estonia), Krogerus (Finland), Kyriakides Georgopoulos (Greece), LK Shields (Ireland), Kronbergs Čukste Levin (Latvia), Ellex Valiunas (Lithuania), GVZH Advocates (Malta), PLMJ (Portugal), Karanovic & Partners (Slovenia), and Setterwalls (Sweden).


Source: Infosecurity
Europe Cookie Law Comparison Tool Launched

Under Half of Teachers Think Schools Have “Done Enough” to Tackle Cybersecurity Issues

Under Half of Teachers Think Schools Have “Done Enough” to Tackle Cybersecurity Issues

Over half (51%) of UK school teachers are either unsure or disagree that their school is well-equipped to tackle cybersecurity issues, according to a new study published by ESET.


This follows a period in which many schools have provided online classes with most pupils unable to attend in person due to COVID-19 lockdown restrictions which were introduced in the UK since 23 March.


Yet in a survey of 1000 teachers conducted by Internet Matters, just 49% felt that their school had “done enough” to avoid problems. More than a third (36%) said they’ve had no information from schools on cybersecurity in the past year, while just 20% have received training after lockdown began.


Additionally, 31% have not had any training on how to talk to children about data and identity protection issues and more than a quarter (26%) had not been given any guidance on cybersecurity best practice in the past year.


Nearly half (45%) even feel their pupils had a better knowledge of cybersecurity issues than they do.


The findings suggest that there should be a much greater focus on educating teachers about cybersecurity issues – particularly as 96% of those who have received such training found it useful.


Julian Roberts, head of marketing at ESET, said: “Now, more than ever, tackling cybersecurity needs to be a top priority for schools as they may be increasingly forced to turn to the online world to support their pupils and their educational needs.


“Cyber-criminals are constantly evolving their methods and organizations that oversee young people using technology must be fully equipped to not just tackle potential issues but educate as well.


“With education entering the virtual world, whether in the physical classroom or at home, we would advise that cybersecurity training for teachers and pupils is crucial and that teachers are equipped by their school or IT teams with the right tools and advice to provide to parents too.”


ESET and Internet Matters are currently collaborating to provide guidance on the most effective ways of delivering online safety advice to parents and children within the school environment.




Source: Infosecurity
Under Half of Teachers Think Schools Have “Done Enough” to Tackle Cybersecurity Issues

CVE-2020-6070

An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability.
Source: NIST
CVE-2020-6070

CVE-2020-13295

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
Source: NIST
CVE-2020-13295

CVE-2020-6145

An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Source: NIST
CVE-2020-6145

CVE-2020-8224

A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
Source: NIST
CVE-2020-8224

CVE-2020-8229

A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
Source: NIST
CVE-2020-8229

CVE-2020-13293

In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.
Source: NIST
CVE-2020-13293

CVE-2020-13294

In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.
Source: NIST
CVE-2020-13294

CVE-2020-13292

In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.
Source: NIST
CVE-2020-13292