Security
  • Menu
  • All Tips
  • FAQs
  • Categories
  • Guidelines
  • Data Security Support
  • Tools
  • Have I Been Pwned?
  • Pwned Passwords
  • Email Checker
  • Password Generator
  • My IP
  • Privacy
DATA PRIVACY NOTICE AND CONSENT FORM

Cloudstaff is committed to protecting the privacy of its data subjects, and ensuring the safety and security of personal data under its control and custody. This policy provides information on what personal data is gathered by Cloudstaff Security Tips about its current, past, and prospective employees; how it will use and process this; how it will keep this secure; and how it will dispose of it when it is no longer needed. This information is provided in compliance with the Philippine Republic Act No. 10173, also known as, the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (DPA-IRR). It sets out Cloudstaffs’ data protection practices designed to safeguard the personal data of individuals it deals with, and also to inform such individuals of their rights under the Act.

The personal data obtained from this application is entered and stored within the Cloudstaff system and will only be accessed by the Cloudstaff’s authorized personnel. Cloudstaff have instituted appropriate organizational, technical and cloud security measures (Amazon Web Services Shared Responsibility) to ensure the protection of the users personal data.

Information collected will be automatically deleted after three (3) years inactivity.

Furthermore, the information collected and stored in the application are as follows:
  • Given Name
  • Family Name
  • Avatar [Profile Picture]

USER CONSENT

I have read the Data Privacy Statement and expressed my consent for Cloudstaff to collect, record, organize, update or modify, retrieve, consult, use, consolidate, block, erase or destruct my personal data as part of my information.

I hereby affirm my right to be informed, object to processing, access and rectify, suspend or withdraw my personal data, and be indemnified in case of damages pursuant to the provisions of the Republic Act No. 10173 of the Philippines, Data Privacy Act of 2012 and its corresponding Implementing Rules and Regulations.

If you want to exercise any of your rights, or if you have any questions about how we process your personal data, please contact Cloudstaff’s Data Protection Officer, through the following channel:

Email to privacy@cloudstaff.com

  • Log in Now
Critical Security Vulnerability Exposes Android, Linux, macOS, and iOS Devices to Bluetooth Hijacking

A critical Bluetooth security vulnerability, identified and tracked as CVE-2023-45866, has emerged as a significant threat, potentially giving malicious actors the ability to exploit an authentication bypass and take control of a broad spectrum of devices, including Android, Linux, macOS, and iOS systems. Discovered by security researcher Marc Newlin in August 2023, this flaw exposes a concerning case of authentication bypass that allows attackers to connect to vulnerable devices without user confirmation and inject keystrokes, ultimately achieving code execution as the victim.

The specific nature of the vulnerability involves multiple Bluetooth stacks possessing authentication bypass vulnerabilities, enabling unauthorized access to a discoverable host. This vulnerability allows attackers to manipulate the target device into believing it is connected to a Bluetooth keyboard, capitalizing on an "unauthenticated pairing mechanism" defined in the Bluetooth specification.

Notably, the attack doesn't require specialized hardware and can be executed using a regular Bluetooth adapter from a Linux computer. While the full technical details are yet to be released, the attack vector presents a serious risk, as it allows adversaries in close physical proximity to connect to a vulnerable device and transmit keystrokes. This opens the door for attackers to install applications and execute arbitrary commands, potentially compromising the security and integrity of the affected devices.

The scope of this vulnerability is extensive, affecting a wide range of devices running Android, with the impact reaching back to version 4.2.2, released in November 2012. Additionally, iOS, Linux, and macOS systems are also susceptible. Notably, even devices using Apple's LockDown Mode, designed to enhance security against sophisticated digital threats, are not immune to this Bluetooth flaw.

In response to the discovery, Google released an advisory this month, stating that CVE-2023-45866 "could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed." This underscores the severity of the issue, emphasizing the urgency for users and organizations to implement security measures and updates to mitigate the potential risks posed by this critical Bluetooth security vulnerability.

Source: https://thehackernews.com/2023/12/new-bluetooth-flaw-let-hackers-take.html

Caitlin Joyce (CaitlinG) Galanza | News
Created: December 11 2023 | Updated: on 12/11/23
Comments

  2021 © Mazer

Security Tips v2.0.1 | Crafted with by Saugi