January 15, 2024 at 10:40AM
The FTC secures settlement with X-Mode Social, prohibiting sale of sensitive location data. Outlogic to delete previously collected data and honor opt-out requests, under FTC settlement. Critical vulnerabilities in Cisco, Siemens, Rapid Software, and Fortinet products. iOSpionage campaign exploited Apple’s ECC. HMG hit by data breach, unable to identify compromised data.
From the meeting notes provided, the key takeaways are:
1. The US Federal Trade Commission secured its first data broker settlement agreement with X-Mode Social, prohibiting the sharing or selling of sensitive location data. Outlogic, which acquired X-Mode’s assets, is now required to delete all previously collected data and honor opt-out requests.
2. Critical vulnerabilities have been identified in various products such as Cisco, Siemens SIMATIC, Rapid Software’s Rapid SCADA, and Fortinet’s FortiOS and FortiProxy HA cluster. These vulnerabilities could lead to unauthorized access, root login, denial of service, and privilege escalation.
3. Several previously identified vulnerabilities are under active exploitation, including those in Adobe ColdFusion, Apache Superset, and Microsoft SharePoint Server.
4. A concerning malware campaign known as TriangleDB, which exploited Apple’s error correction code, was discovered. The campaign aimed at gaining access to sensitive data and device functionalities.
5. Texas-based healthcare services provider HMG experienced a data breach in August, but it was not identified until November. The breach compromised unencrypted medical records, patient names, dates of birth, SSNs, and other sensitive personal and healthcare data, with HMG unable to determine the specific data that was compromised.
These are the main points of discussion from the provided meeting notes.