Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

vendredi 30 mars 2018

Unauthorized Personal Data Sharing (CERT-EU Security Advisory 2018-007)

CERT-EU has recently observed the usage of software tools and components that might lead to unauthorized personal data leakage. These components are often available in the form of browser extensions or plugins, or e-mail clients plugins. Examples include: Zoominfo, Data.com, InsideView,  NetProspex, DiscoverOrg, or LeadIQ. Depending on the machine configuration and policy, these components may be often installed by the users themselves -- without any need for administrator access. Once installed, these components typically gather contact information (address books, etc.), which are then exfiltrated and shared with third parties. Such indiscriminate sharing of corporate address books and other similar data creates potential issues under the new European GDPR directive, and hence should be avoided.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 252

x

Événements SSI