#sensitive-information

#sensitive-information

Photo by Denys Nevozhai on Unsplash As we build interactive web applications using React and React Router, security becomes a crucial aspect to consider.It is essential to ensure that only authorized users can access sensitive information by protecting certain routes.While there are various mechanisms such as access tokens or role management libraries to implement a comprehensive authentication system, in this tutorial, we will focus on implementing route access validation using React Router.

As web developers, we often work with various HTML elements to create interactive and dynamic user interfaces.One of the most commonly used elements is the <input> element, which allows users to input data.While most of us are familiar with its basic attributes like type, value, and placeholder, there are several lesser-known attributes that can enhance our understanding and utilization of this versatile element.

Think about the different APIs and databases your application works with.Every one of them requires either an API key or a database connection string that itself contains a password.How do you let your application access this sensitive information without storing it in source code or putting in other compromising locations?

Django is a powerful and popular web framework that makes it easy to build robust and secure web applications.One of the key features of Django is its ability to manage user sessions, which are essential for many web applications.However, you may be wondering if Django sessions are secure.In this article, we'll explore the security of Django sessions and see how they can be made even more secure.

Amazon agreed on Wednesday to pay a civil penalty of $25 million to settle federal charges that it kept sensitive information collected from children for years, including their precise locations and voice recordings, in violation of a children's online privacy law.It was the latest legal action in an intensifying regulatory effort to require some of the world's largest tech platforms to better safeguard their younger users.

Greg Gianforte, the Republican governor of Montana, has signed into law the first state-wide TikTok ban in the United States.Depending on which side of the argument you fall on, the ban is being hailed as a way to protect citizens from the Chinese Communist Party or is an assault on the freedom of speech that all Americans are guaranteed.

The US Department of Justice (DoJ) has revealed details of a joint operation in which Western agencies used a custom tool to destroy a decades-old Russian malware operation.Use of a tool named 'PERSEUS' nullified a worldwide network of devices that had been infected with the Snake malware by threat actors in the group Turla.

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails Sign up to our free breaking news emails Chinese-owned social media app TikTok has been banned from British government phones and tablets in a precautionary' security move.It comes after similar moves by the United States and the European Commissions, and comes amid deteriorating relations between western nations and Beijing.

The United Kingdom government has banned use of Chinese social media platform TikTok among ministers and officials on their work devices as a "precautionary" measure over worries the app is used to snoop on Brits.Speaking to Parliament this afternoon, Oliver Dowden, chancellor of the Duchy of Lancaster and Secretary of State who oversees Cabinet Office policy, said the ban would have immediate effect and applied to devices issued within ministerial and non-ministerial departments, but not to "personal devices for government employees or ministers or the general public."

In today's ExchangeWire news digest: Meta lobbied Irish ministers over data transfers; JioCinema usurps Disney to break streaming world record; and Nvidia announces it is building Israel's most powerful supercomputer.Meta lobbied Irish authorities over EU-US transfers
Facebook-parent Meta has reportedly lobbied Taoiseach Leo Varadkar, Tánaiste Micheál Martin and Minister for Enterprise Simon Coveney over the transfer of EU users' data to the US.

Notice and choice just got dragged at a House subcommittee hearing on privacy.The hearing, hosted by the House Subcommittee on Innovation, Data and Commerce, convened on Wednesday in Washington, DC, to discuss the need for a national data privacy standard in the US ...
... something we nearly had.The American Data Privacy and Protection Act (ADPPA), co-sponsored by Reps.

ByteDance Ltd.'s TikTok is on track with its undertaking to have all U.S. user data hosted and overseen by Oracle Corp., as the Chinese tech behemoth struggles to win over critics worried about the national security implications of its hit video app.TikTok Chief Executive Officer Shou Zi Chew said the American software company has begun a review of TikTok's source code and is now the default destination for U.S. user data.

In times of economic uncertainty and big tech companies laying off staff left and right, there's room only for people working with AI.After all, AI is all the craze lately and big corporations don't want to be left behind.That's why Apple is following the footsteps of other tech firms and has opened a total of 176 new positions related to machine learning and artificial intelligence.

Android 14 beta is already available for some smartphones and Google recently pushed the second beta update, so people had time to play around with Google's upcoming OS and explore some new features.And it appears that the search giant is planning to make screen recording a more privacy-oriented feature.

Following a similar decision by the US, Canada, Belgium and the European Commission, the UK is also banning TikTok from government devices over security concerns.The ban takes immediate effect.Here's what the Cabinet Office minister Oliver Dowden has to say about it.The security of sensitive government information must come first, so today, we are banning this app on government devices.

So Apple has restricted the use of OpenAI's ChatGPT and Microsoft's Copilot, The Wall Street Journal reports.ChatGPT has been on the ban list for months, Bloomberg's Mark Gurman adds.It's not just Apple, but also Samsung and Verizon in the tech world and a who's who of banks (Bank of America, Citi, Deutsche Bank, Goldman, Wells Fargo, and JPMorgan).

While many workers worry AI bots will take their jobs, Samsung employees are no longer allowed to use them.The company banned generative AI tools, like ChatGPT and Google Bard, after discovering staff had added sensitive code to them, Bloomberg reported.This revelation followed last month's incident in which Samsung engineers uploaded internal source code and meeting notes to ChatGPT and accidentally leaked it.

Compliance Concerns
JP Morgan is cracking down on the use of OpenAI's ChatGPT in the workplace, Bloomberg reports - though apparently not in response to a particular incident, and it remains unknown how many employees might have been fooling around the AI-powered chatbot while on the clock.Instead, the restriction, which applies to the bank's global staff, was enacted to limit third-party software "due to compliance concerns," according to CNN's reporting.

Businesses using ExtraHop's Reveal(x) 360 can now gain visibility into employees' use of generative AI tools, thanks to the latest update to the network detection and response (NDR) platform.The cyber security provider said the functionality will better protect organizations against accidental misuse of AI tools, such as OpenAI ChatGPT, helping them to better understand their risk exposure and whether AI tools are being used in compliance with AI policies.

Servers running software sold by Salesforce are leaking sensitive data managed by government agencies, banks, and other organizations, according to a post published Friday by KrebsOnSecurity.At least five separate sites run by the state of Vermont permitted access to sensitive data to anyone, Brian Krebs reported.

The Air Force suspended two leaders of suspected classified document leaker Jack Teixeira's unit, it said in a statement Wednesday, one week after the unit stopped performing its intelligence mission amid an investigation into the leaks.The commander of the 102nd Intelligence Support Squadron, part of the Massachusetts Air National Guard in which the 21-year-old Teixeira served, was suspended from his leadership position, as was the detachment commander overseeing administrative support, the Air Force said.

Nearly four in 10 (39%) older people are not managing their money online and could therefore be at risk of financial exclusion, according to Age UK.A survey found a high level of support for in-person banking, with three-quarters (75%) of over-65s with a bank account wanting to undertake at least one banking task in person at a bank branch, building society or Post Office.

The Duke of Sussex has made a surprise appearance at a High Court hearing in London as the Daily Mail's publisher makes a bid to throw out a set of claims over alleged unlawful information gathering at its titles.Associated Newspapers Limited (ANL) is bringing a bid to end High Court claims brought by people including Harry, Sir Elton John and Baroness Doreen Lawrence over the allegations which include the hiring of private investigators to secretly place listening devices inside cars and homes and the recording of private phone conversations.

Lawyers acting on behalf of the Government have defended the exceptional disclosure delays in the Russian-state Salisbury poisonings inquiry, saying sensitive information has been found in more than 1,000 documents.The counsel to the Dawn Sturgess inquiry, Andrew O'Connor KC, said there is still some way to go and his team would not be ready for substantive hearings until the middle or end of next year.

Sign up for the View from Westminster email for expert analysis straight to your inbox Get our free View from Westminster email Rishi Sunak has committed to giving Tory MPs the freedom to decide Boris Johnson's fate ahead of his live TV grilling on whether he lied over Partygate.The prime minister suggested on Monday he would not use the Tory whip to exert pressure on his colleagues to go easy on his predecessor as he faces a possible suspension.

A collection of the latest and hottest design and development resources (Javascript libraries, CSS snippets, DeveloGraphic Design Resources, etc.) on the web from the last week (Week 20, 2023).Web Design & Development News: Collective #502
react-llm
Easy-to-use headless React Hooks to run LLMs in the browser with WebGPU.

A vulnerability discovered in the official website of luxury sports car maker Ferrari could have exposed potentially sensitive information, according to a cybersecurity firm.The issue was discovered in March by researchers at Char49, a company that provides penetration testing, auditing and training services.

A group of academic researchers with Northeastern University in Boston and KU Leuven in Belgium have devised a new attack that can intercept Wi-Fi traffic at the MAC (media access control) layer, even between clients that are not allowed to communicate with one another.The attack exploits a Wi-Fi client isolation bypass vulnerability tracked as CVE-2022-47522 and impacts Wi-Fi networks with malicious insiders, but can also be used to bypass Dynamic ARP inspection (DAI), the academics say in their research paper (PDF).

Organizations that use human-machine interface (HMI) and supervisory control and data acquisition (SCADA) products from UK-based industrial software maker Aveva have been informed about the existence of several potentially serious vulnerabilities.Security advisories published last week by Aveva and the US Cybersecurity and Infrastructure Security Agency (CISA) inform users about three vulnerabilities in the InTouch Access Anywhere HMI and Plant SCADA Access Anywhere products.

Apple on Monday updated several of its recent security advisories to add new iOS and macOS vulnerabilities, including ones belonging to a new class of bugs.The iOS 16.3 and macOS Ventura 13.2 advisories, originally released on January 23, have been updated to add three vulnerabilities.One of them is CVE-2023-23520, a race condition affecting the crash reporter component, which can allow an attacker to read arbitrary files as root.

Every new parent imagines watching their precious baby sleeping soundly in a beautiful nursery, but rarely do they realize how stressful it can be to actually leave your baby alone while you go into another room (or outside!)With all of the scary scenarios playing in parents' heads, it can be hard to choose which baby monitor will help you keep an eye on your little bundle of joy while also ensuring that they stay safe on their own.

If you need to protect sensitive information and follow data privacy regulations, it's critical to obfuscate your log data, which means obscuring personally identifiable information (PII).But effectively concealing PII in logs might take time to implement, can increase compute resources, and might not work well with all types of logs.

HOUR BY HOUR Issued on: 03/05/2023 - 07:08Modified: 03/05/2023 - 07:11 Ukrainian President Volodymyr Zelensky speaks during a joint press conference with Estonian Prime Minister after their meeting in Zhytomyr on April 24, 2023.Genya Savilov, AFP Washington did not warn Kyiv about the top-secret documents leaked to internet chat rooms containing sensitive information about Ukraine's war effort before the news broke in the media last month, President Volodymyr Zelensky told the Washington Post.

German IT services provider Bitmarck has shut down all of its customer and internal systems, including entire datacenters in some cases, following a cyberattack.The company, one of the largest service providers for German health insurers, said no customer, patient, or insured individuals' data had been accessed in the security breach - at least not according to "the current state of knowledge," according to an April 30 update posted on its temporary website.

Today's NFL rumors surround Andy Reid divulging some sensitive information, Kyle Shanahan kicking himself for a draft choice, and Jim Irsay doing Jim Irsay things.The NFL Draft never ceases to shock the public as year after year there's always one team that makes a jaw-dropping trade or takes the player no one thought they would.

Google this week announced that it has obtained a court order that helped it disrupt the CryptBot information stealer's distribution.Initially designed to harvest and exfiltrate sensitive information such as credentials, cryptocurrency wallets, and more, CryptBot was also seen distributing banking trojans.

Hey everyone 👋!If you have been living under a rock and have no idea what envio is, check out another article that I wrote:
After that article envio went from 0 to 245 stars on github!With the release of version v0.2.0, envio now includes a new envio launch subcommand that makes it even easier to manage your environment variables.

REUTERS/Sarah Meyssonnier
It's no shock to see another country banning TikTok from government phones, but France is taking the restrictions a step further.Le Monde reports the French government is banning "recreational" apps like TikTok, Twitter, Netflix and even Candy Crush from public servants' devices.

32 minutes ago32 minutes ago New Zealand is now the latest country to ban the popular video-sharing app from government-related phones to protect sensitive information.New Zealand on Friday banned the short-video sharing app TikTok from devices with access to the country's parliamentary network, citing cybersecurity concerns.

Top Data Analytics Skills and Platforms for 2023 We looked at over 25,000 job descriptions, and these are the data analytics platforms, tools, and skills that employers are looking for in 2023.PyTorch 2.0 Officially Released PyTorch 2.0 is official at last, and this update brings a multitude of changes designed to make PyTorch more powerful, versatile, and stable.

On January 1, 2023, Apple sunsetted (pun intended) the Dark Sky mobile app on iOS.Apple purchased the company behind the popular weather application in early 2020, then announced that it would be shutting down the Dark Sky applications (first on Android, then on iOS and web), and finally stated in 2022 that the forecast technology would be integrated into the Apple Weather app with iOS 16.

A cancer patient whose nude treatment photos and medical records were posted online after they were stolen in a ransomware attack, has sued the health-care provider for allowing a "preventable" and "seriously damaging" invident.The proposed class-action lawsuit stems from a February intrusion during which ransomware gang BlackCat (also known as ALPHV) broke into one of the Lehigh Valley Health Network (LVHN) physician's networks, stole images of patients undergoing radiation oncology treatment along with other sensitive health records belonging to more than 75,000 people, and then demanded a ransom payment to decrypt the files and prevent it from posting the health data online.

The UK's National Cyber Security Centre (NCSC) has issued advice and guidance for users of AI tools such as ChatGPT that rely on large language model (LLM) algorithms, saying that while they present some data privacy risks, they are not necessarily that useful currently when it comes to deploying them in the service of cyber criminal activity.

Sign up for the View from Westminster email for expert analysis straight to your inbox Get our free View from Westminster email Rishi Sunak has hinted that the UK could follow in the US and the European Union's footsteps by banning the popular social media app TikTok on Government phones and devices.

/
The mental health startup says it exposed patient names, birth dates, insurance information, and their responses to mental health self-evaluations.Cerebral, a telehealth startup specializing in mental health, says it inadvertently shared the sensitive information of over 3.1 million patients with Google, Meta, TikTok, and other third-party advertisers, as reported earlier by TechCrunch.

Businesses, regardless of their size and industry, are vulnerable to cyber attacks.Hackers are getting more sophisticated, and exploiting vulnerabilities in the systems to their advantage.The threat landscape is constantly evolving, and organisations must update their cyber security strategies to better protect their data.

Cloud computing vendor Blackbaud has been slapped with a $3 million civil penalty by the Securities and Exchange Commission (SEC) for making misleading disclosures about a 2020 ransomware attack that impacted more than 13,000 customers.According to a statement from the SEC, the South Carolina-based Blackbaud was not forthcoming about the extent of the data-extortion malware attack and left out material information about the scope of the incident.

(Image credit: Bryn Colton/ Getty Images)
The National Security Agency (NSA) has published some new advice for those working from home to secure their work devices and home networks.In issuing some fairly basic and standard advice, it noted that those in telecommunications specifically should make sure their user and networking devices are kept up to date to prevent compromises to their own and their organization's security posture.

02/09/2023February 9, 2023 Canberra has made it clear that it is not concerned about how China might react.Last year, both the UK and the US banned several similar Chinese tech products.Australia has decided to examine and remove Chinese-made surveillance technology used in government buildings.Defense Minister Richard Marles on Thursday said the Chinese-made cameras could pose a security risk for the country.

OAKLAND The city of Oakland has been hit with a ransomware attack, police said Friday.The city's Information Technology Department is working with law enforcement and investigating the scope and severity of the attack, the Oakland Police Department said in a statement.The police department said the attack has not affected its ability to receive 911 emergency calls and members of the public can still complete online crime reports.

Get the free Morning Headlines email for news from our reporters across the world Sign up to our free Morning Headlines email When Dame Sally Mapstone, the newly appointed principal of St Andrews University, banned her fellow academics from starting emails with I hope this finds you well, she did not expect it would one day ouwit hackers from the Russian state.

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails Sign up to our free breaking news emails A British embassy spy was caught on camera hedging his bets with a fake Russian operative during an undercover sting, a court has heard.David Ballantyne Smith, 58, had been collecting documents from the Berlin embassy where he worked as a security guard some four years before his arrest in August 2021.

Get the free Morning Headlines email for news from our reporters across the world Sign up to our free Morning Headlines email Watch as a former British embassy security guard is sentenced for spying.David Smith, 58, has been convicted of spying for Russia after he pleaded guilty to eight offences under the Official Secrets Act.

The US Marshals Service has fallen victim to a ransomware attack, according to reports from NBC News, The New York Times, and Reuters.On February 17th, hackers gained access to and stole sensitive information related to the agency's employees and the subjects that it's investigating.In a statement to NBC News, Drew Wade, the Marshals Service public affairs chief, called the ransomware attack a "major incident," while adding that the affected system "contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees."

/
The UPHOLD Privacy Act would ban the sale of sensitive health and location data for advertising.Democrats introduced a bill Thursday to protect sensitive health and location data from being sold to online advertisers.The Upholding Protections for Health and Online Location Data (UPHOLD) Privacy Act aims to resolve lingering concerns over the online safety of abortion-seeking patients.

Image: SOPA Images/Contributor Hacking.Disinformation.Surveillance.CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.LastPass, the popular password manager, is out of good will.Ever since the company first disclosed a breach in August, it has slowly provided consumers with drips of information, and the new details that do come out increasingly paint a picture of a company that should not be trusted with your passwords.

WASHINGTON DC - A popular online counseling company has agreed to a settlement with the federal government following allegations that the company shared consumer data with social media platforms for targeted advertising.The Federal Trade Commission (FTC) said the settlement requires BetterHelp, Inc. to pay $7.8 million to impacted consumers.