The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application.



CVE-2023-29109

In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can can have limited impact on confidentiality and integrity of non-critical user or application data and application availability.



CVE-2023-27897

The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.



CVE-2023-29108

SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data.



CVE-2023-1903

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the privileges of the BI user, the attacker can perform operations that can completely compromise the application.



CVE-2023-28765

Red Hat Security Advisory 2023-1549-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: tigervnc security update  
Advisory ID:       RHSA-2023:1549-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1549  
Issue date:        2023-04-03  
CVE Names:         CVE-2023-1393   
=====================================================================

1. Summary:

An update for tigervnc is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Virtual Network Computing (VNC) is a remote display system which allows  
users to view a computing desktop environment not only on the machine where  
it is running, but from anywhere on the Internet and from a wide variety of  
machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local  
Privilege Escalation Vulnerability (CVE-2023-1393)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2180288 - CVE-2023-1393 xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
tigervnc-1.9.0-15.el8_2.3.src.rpm

aarch64:  
tigervnc-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-module-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.aarch64.rpm

noarch:  
tigervnc-icons-1.9.0-15.el8_2.3.noarch.rpm  
tigervnc-license-1.9.0-15.el8_2.3.noarch.rpm  
tigervnc-server-applet-1.9.0-15.el8_2.3.noarch.rpm

ppc64le:  
tigervnc-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-module-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm

s390x:  
tigervnc-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-server-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.s390x.rpm

x86_64:  
tigervnc-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-module-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
tigervnc-1.9.0-15.el8_2.3.src.rpm

aarch64:  
tigervnc-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-module-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.aarch64.rpm

noarch:  
tigervnc-icons-1.9.0-15.el8_2.3.noarch.rpm  
tigervnc-license-1.9.0-15.el8_2.3.noarch.rpm  
tigervnc-server-applet-1.9.0-15.el8_2.3.noarch.rpm

ppc64le:  
tigervnc-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-module-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm

s390x:  
tigervnc-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-server-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.s390x.rpm

x86_64:  
tigervnc-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-module-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
tigervnc-1.9.0-15.el8_2.3.src.rpm

aarch64:  
tigervnc-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-module-1.9.0-15.el8_2.3.aarch64.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.aarch64.rpm

noarch:  
tigervnc-icons-1.9.0-15.el8_2.3.noarch.rpm  
tigervnc-license-1.9.0-15.el8_2.3.noarch.rpm  
tigervnc-server-applet-1.9.0-15.el8_2.3.noarch.rpm

ppc64le:  
tigervnc-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-module-1.9.0-15.el8_2.3.ppc64le.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm

s390x:  
tigervnc-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-server-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.3.s390x.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.s390x.rpm

x86_64:  
tigervnc-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-debugsource-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-minimal-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-module-1.9.0-15.el8_2.3.x86_64.rpm  
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1393  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDE1l9zjgjWX9erEAQj8Fg//diYgICEnqTMf1csN3bfDt+nKgiBXRzNO  
/8JZ8pkHelA+x35XpPrvABYiNfnqDd3GZqrKOhBpOME50LsOAy2FsoAu7YVZEpSe  
7NwDzA302hATDoHAcUqMi5FV+RyYb8/IY/MkcUHSK6WbjMB/DOQi9XxSeZYlIyau  
nOUts4A2gb6Bilm2c2lxGOKWbgDidjpTvmV5QPg+IZ5675kVRvjXdKpOOZ0HCsv+  
8IR0DdEmZK29611A/+DebXUYbIvzFJBCjkKiDsy634LxZ8DyaUiUmsxZxFTWZmJT  
xvxZiSM7PD1bEH+v1SZDk8GNIakqyJxd45S6/EPf3d0uOpFGio/7RJIv9HLU5PbG  
uDk9WJdKS7G0Pdy3AV71EY28JW00xe8LlFvIDOlYOYmVNImzylWZcfgn2Lrmrk30  
uFaWXx6chVsWD+j82b8isJsPR/+PAhrv9cGR0iNUoE928eLr84cNI1oCkgG0EvE/  
7DIYuorMOu0RL0emENBlWxjDney9vo7ZbzqcOSREGfBbugGjrYIvKe8OMUvS4fCz  
MKRmeg7jyqg7vlPg4EsrWRJ06F2EMcH/WMqdWoE+FOiZaibih9QY4GoyhOLo938l  
Ywg32HbPRgAMvNEt0gV58xIVfu5Edh249+61F+F4ADLt8VKwoZGhbUyaAQoqUlU9  
mZUEFPgIzvI=  
=ApGa  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1549-01

An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter.

**Code execution exists in Super Secuirty（CVE-2023-27650）**

Vendor：APUS Group(https://www.apusapps.com/en/launcher)

Affected product：APUS Launcher(com.apusapps.launcher)

Version：3.10.88, 3.10.73

Download link： https://play.google.com/store/apps/details?id=com.apusapps.launcher

Description of the vulnerability for use in the CVE：An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT\_FILE parameter.

Additional information：APUS Launcher allows unauthorized applications to launch its Activity and control the font files loaded on the APP desktop by adding additional information. Specifically, APUS Launcher has an open Activity that receives the path to the font file carried in the intent and then loads the APP desktop icon font based on that path, and by specifying the font file path the attacker is able to make APUS Launcher load the malicious font file. It is worth noting that the above attack is persistent, because the path will be stored in the SharedPreference file by APUS Launcher.

APUS Launcher's HiFontCooperationActivity receives the "com.apus.launcher.extra.FONT\_FILE" field information carried in the intent and uses this value as the file path to load the APP desktop icon font file path. However, HiFontCooperationActivity is exposed, the attacker can cause APUS Launcher to load malicious fonts by sending an intent carrying malicious file path information, resulting in display exceptions or security vulnerabilities (such as data leakage, application crashes, denial of service attacks, etc.).

poc：

private void attack() {
        Intent intent = new Intent();
        ComponentName componentName = new ComponentName("com.apusapps.launcher", "com.apusapps.launcher.launcher.HiFontCooperationActivity");
        intent.setComponent(componentName);
        intent.putExtra("com.apus.launcher.extra.FONT\_FILE", "/data/local/tmp/方正胖头鱼.TTF");
        try {
            System.out.println("start activity");
            startActivity(intent);
        } catch (Exception e) {
        }
}

CVE-2023-27650: SODA/CVE detail.md at main · LianKee/SODA

By Owais Sultan
You’re sitting with your iPhone in hand, gazing at the screen with annoyance, fury, and helplessness. You need…
This is a post from HackRead.com Read the original post: How to Create and Manage Groups on iPhone

You’re sitting with your iPhone in hand, gazing at the screen with annoyance, fury, and helplessness. You need to send an email to multiple people, but this fancy gadget seems to fall short – you can’t create groups on the iPhone.

You sigh, wondering what’s the point of having such a fancy phone if it can’t help you. But hold on! Before you toss your phone in frustration, listen to some good news. We have a solution for you! This article will guide you on how to create groups on your iPhone.

While the iPhone itself doesn’t have a built-in feature to create groups, you can use iCloud or third-party apps to achieve the same result. Once you create a group in your Contacts, managing your contacts becomes much easier. Not only does it help you organize scattered contacts, but it also allows you to send emails to multiple people in the group with just a few taps. No more scrolling through a long list to find the right contacts!

And that’s not all! Even with the ‘Do Not Disturb‘ mode on, people in the group can still reach out to you in case of emergencies. Exciting, right? So, if you’re eager to create and manage your very first group on your iPhone, let’s dive into the steps below.

**How to Make a Group**

Follow the steps below to create a group and reap the benefits of this feature:

**1** **First Create a Group on iCloud.com**

When you create an account, it is generally added to an All Contacts group in alphabetical order. However, you can send a message or email to a specific group of people.

*   To create a special group in iCloud.com, click the plus sign + in the sidebar.

*   Now a group will be created with an option to name it.

**2** **Type a Name**

Type the group’s name in the text field, and then click “Enter”.

*   To change the Group’s name, double-click, and you can also change the name. 

**3** **Add Contacts to Form a Group**

Once you have made a group, adding a name to that group is a simple process.

*   Drag the names from the All Contacts Group and add them to the newly created blog.

*   You can put names in as many groups as you want through a simple drag-and-drop process. 

**4 The process to Remove a Contact**

Contact can be easily deleted through a simple process. No rocket science is required.

*   Just select the contact and delete it from the group. Simple! 

**5** **Delete a Group**

Deleting a group is also a simple method, not a brainy formula.

*   In iContacts.com Contacts, select the Group you want to delete and press the Delete Key. The special contact group will be gone.

**6** **Restoring Accidentally Deleted Contacts**

If you accidentally delete a contact, it is easier to recover it. There are two ways:

*   You can again drag and drop the contact from the main All Contacts group. 

*   In case the whole group gets deleted, you can restore the archived store. 

**Important Points to Remember**

Making a group on iPhone is easier, and you can enjoy various benefits of this functionality. However, there are some important points to remember:

1.  You can use a laptop or tablet to access iCloud.com
2.  Once you remove a name from the group, it remains in the main Contacts group.
3.  Similarly, removing the whole group doesn’t impact the contacts in the main group.
4.  You can make as many groups as possible. 
5.  It is possible to place the same name in different groups at a time.
6.  iCloud.com has the capacity to accommodate a large group of special groups, so it is best suited for businesses and people who deal with multiple individuals.

**How to Access the Group?**

Now, you know how to create and manage groups on an iPhone. Next, you might be wondering how to access the group. Don’t worry, this blog will shed light on that as well.

Follow these steps to access the group:

1.  First, open the Contacts app.
2.  Second, look at the upper-left corner and tap ‘Groups.’
3.  Once the Groups tab opens, it will show all the Groups you have created. 
4.  Type the name of the group you want to open.
5.  It will reach you to the required group.

**How to Manage Contacts in Groups?**

After creating Groups on the iPhone, it is easier to manage contacts in a group. You can manage alphabetically, either by the first name’s alphabet or the second name’s alphabet.

Here are steps to choose the alphabet:

1.  First, go to Settings. 
2.  Now, select ‘Contacts.’
3.  You will have two options: sort order or display order. 
4.  Sort Order: Sort alphabets by first or last name.
5.  Display Order: sort the first name either before or after the last name

It makes managing and searching alphabets easier for the owner.

The Contact Groups feature on an iPhone provides an efficient and convenient way to manage and communicate with multiple contacts simultaneously, saving time and improving organization.

1.  How to fix iPhone keeps restarting issue
2.  iPhone Calendar Events spam: Here’s how to get rid of it
3.  How to fix the iPhone boot loop and iPhone black screen
4.  How to transfer data between iPhone and computer safely
5.  MobileTrans: Transfer Whatsapp data from iPhone to Android

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

How to Create and Manage Groups on iPhone

By Owais Sultan
In today’s world, censorship and suppression of free speech are rampant in many parts of the globe. Governments…
This is a post from HackRead.com Read the original post: Meet Anthalon, fighting for freedom of the press

In today’s world, censorship and suppression of free speech are rampant in many parts of the globe. Governments and non-governmental organizations (NGOs) are constantly struggling to get their message across to audiences in these areas, where traditional communication channels are restricted or non-existent. Enter Anthalon, a new company that vows to fight censorship and stimulate freedom of the press.

Anthalon enables governments and NGOs to deploy information in virtually any country, communicating with and gathering intelligence from audiences while fighting censorship and stimulating freedom of the press.

The company has developed a unique platform that allows them to serve ads in hard-to-publish places anywhere in the world. These ads are for example intended to, through intelligence gathering, find missing and wanted people.

One of the noticeable features of Anthalon’s platform is its broad range of high-end technology that it is capable of. By deploying programmatic advertising techniques, the company can detect user patterns and identify device IDs. This technology makes it possible for Anthalon to target its ads more precisely and efficiently, and gather intelligence more effectively.

In some cases, Anthalon serves as an intermediary for parties that offer rewards to encourage people to provide information. For instance, they may offer a reward for information leading to the reunification of a missing person with their families or the capture of a wanted criminal. This approach has proven highly effective in many cases, as it incentivizes people to come forward with valuable information that they may otherwise be hesitant to share.

Anthalon says its mission is to promote freedom of the press and human rights around the world. By enabling governments and NGOs to get their message out in areas where traditional communication channels are restricted, Anthalon wants to create a more open and transparent society.

Moreover, by gathering intelligence and targeting ads more precisely, the company is making it possible to find missing and wanted people more quickly and efficiently.

In conclusion, Anthalon can be a game changer for freedom of the press and human rights. With its innovative platform, the company is empowering governments and NGOs to fight censorship, stimulate freedom of the press, and gather intelligence more effectively.

One can only hope that more companies follow in Anthalon’s footsteps, and work to create a more open and transparent world for all. Visit anthalon.com for more information or read its founder, Isua Botman’s interview with FOX 40.

_Editor’s note: This article was contributed by Anthalon._

1.  How Internet Censorship Affects You – Pros and Cons
2.  WhatsApp Subverts Censorship with New Proxy Feature
3.  Top 10 worst countries for Internet freedom & censorship
4.  Researchers develop AI tool to evade Internet censorship
5.  Geneva tool bypasses censorship by merely doing nothing

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Meet Anthalon, fighting for freedom of the press

App developers are ignoring laws and guidelines regulating data protection measures aimed at minors, putting their monetization plans in jeopardy and risking user trust.

The popular and increasingly controversial social media app TikTok must pay a fine of 12.7 million pounds (equivalent to around $16 million) in the UK for disregarding data protection for children.

The British data protection authority Information Commissioner's Office (ICO) announced this week that TikTok had allowed up to 1.4 million children under the age of 13 in the country to open accounts in 2020, despite the app's own rules prohibiting it.

Children's personal data had also been used without parental consent, it said, despite UK law requiring it.

"TikTok also failed to implement adequate controls to identify and remove underage children from its platform," an ICO statement added.

While some senior TikTok executives had raised concerns internally, the company had not responded appropriately, the ICO said.

Meanwhile, a new report from Pixalate analyzing the privacy policy of every US-registered child-directed app in the Apple App Store found that the majority (54%) of those apps appear to violate the Children's Online Privacy Protection Act (COPPA).

COPPA is a US federal law enacted in 1998 to protect the privacy of children under the age of 13 on the Internet. COPPA applies to websites and online services that collect personal information from children under the age of 13, such as their name, address, email address, phone number, and other identifiable information.

They must also post a clear and comprehensive privacy policy on their website or online service and provide parents with the option to review and delete their children's personal information.

**Privacy for Kids**

Due to skyrocketing online activity by children and teens, protecting their privacy and security online has become one of the most discussed topics in 2023.

The Biden administration has called on Congress to strengthen privacy protections, ban targeted advertising to children, and demand technology companies stop collecting personal data on children.

In children’s privacy enforcement actions against publishers and advertising platforms, the FTC has imposed hefty fines, customer refunds, and lengthy compliance and auditing obligations.

**App Violations Widespread**

According to the Pixalate report, 21% of apps in the Apple Store don't even have a privacy policy, despite Apple's claim that all apps in the store are required to have a privacy policy.

Among the US-registered, child-directed apps that do have a privacy policy, 34% are missing a Children's Privacy Disclosure, and 13% are missing contact information.

Jalal Nasir, CEO of Pixalate, explains there are multiple risks for app developers who ignore the regulations and names three that stand out.

"The first involves FTC fines, settlements, oversight and other similar remedies, and the second concerns losing the ability to monetize, for example undergoing business practices scrutiny, or being dropped by ad partners as they look to shed risk," he says. "The third involves losing your customers' trust."

Krishna Vishnubhotla, vice president of product strategy at Zimperium, says the penalties for violating the COPPA Rule can be substantial.

"The FTC has the authority to bring enforcement actions against violators, and it may seek civil penalties of up to $43,280 per violation," he explains.

In addition to monetary penalties, violators may also be required to take corrective action, such as deleting the personal information of children that was collected in violation of COPPA.

"The larger issue is that it can also harm a company's reputation and lead to a loss of trust among customers and partners," Vishnubhotla says.

**Holes in Apple Oversight**

Nasir says for smaller developers, lack of awareness or lack of resources are likely two of the biggest factors when it comes to failing COPPA compliance. But the biggest factor may be Apple's failure to provide reasonable oversight.

Apple, as the gatekeeper of its app ecosystem, needs to take a much stronger stance in protecting children’s privacy, he says.

"Apple not only needs to do a much better job of giving its developers the resources necessary to be compliant with the latest privacy laws, but it also seems to need to step up monitoring and enforcement of its own app store policies," Nasir says.

He adds that if app developers work with any third parties — including any advertising partners — they must ensure that those partners also have compliant privacy policies and practices.

"It creates a complicated web," Nasir says.

The real problem concerns the vast number of apps and frequent releases, he says, which makes it difficult for the Federal Trade Commission or any organization to check for noncompliance.

"Stores must provide these regulatory organizations with a dashboard or notifications in order to make it viable," he notes. "Public stores may not allow that. It's almost impossible to accomplish this in a proactive, feasible, and structured manner."

**"Technical Debt" for App Developers**

Melissa Bischoping, director of endpoint security research at Tanium, says development of applications must balance available resources, regulatory requirements, and competing business priorities in their planning and execution.

"While almost no one would disagree that privacy and protection of children's data is always a priority, the technical debt and workload can make engineering the compliance a long and expensive process," she says.

She adds that complying with these, and other regulations and security best practices requires not only the talent to implement the solutions but also adequate staff to test and review that the designed solution meets the desired outcome.

"This is, effectively, engineering a safer airplane while it's in flight," she explains. "It takes the work of multiple teams to engineer and assure. This effort, and others like it that are centered around protecting vulnerable populations, cannot be ignored."

Tag

#sap