The General Data Protection Regulation (GDPR) provides a variety of rights to individual’s whose data is collected in the European Union, however, human error makes it possible for these rights to be abused. Humans cause the majority of security breaches because software can be patched at the speed of your internet connection while humans take much longer to adapt. A cyber security researcher was able to obtain copies of his fiance’s data from several EU companies by posing as her using a fabricated email address. Some companies asked for a strong form of verification such as a passport while many provided him with a copy of all data they possessed. Some even deleted all of their data and the account in question in response to the request, which in itself may be a violation of the GDPR. The researcher was able to do so with no more than an email address, phone number, and address. All of this information is easy for anyone to find and a widescale attack using similar methods could see information given to malicious actors.
Source: Researcher: GDPR’s Right of Access policy can be abused to steal others’ personal info
A vulnerability for Steam allowed an attacker to run any software installed was released into the public after Valve marked the vulnerability as a non-risk. The vulnerability gives the attacker root access to all of Steam’s features and software, which would normally only be video games. However, it would be possible for an attacker to get an executable into users’ Steam folders and then use the vulnerability to launch the program. Steam has taken the view that the vulnerability is not a threat because it requires physical access to the device and has not issued a patch for it. Steam is the most popular game service for PCs and has a user base in the hundreds of millions of users. Someone in that userbase is likely worth the effort of getting access to their device and using Steam to help crack it.
Source: Zero-day privilege escalation vulnerability in gaming platform Steam could impact over 100 Million users
