An open letter, written to service providers of video conferencing platforms, has been published this week reminding them of their responsibilities and obligations towards data protection and privacy laws around the world.

The letter advises the VTC providers on how they could identify and address some of the key privacy risks, and how to better protect people’s personal information who are using their products.

The open letter is signed by six authorities brought together through the Global Privacy Assembly’s International Enforcement Cooperation Working Group

The NCSC has published guidance for individuals and organisations on using video conferencing services securely. It offers practical advice on securely setting up services, hosting and joining calls and supporting staff with the use of these services.

Cisco release patch for Read-Only Path Traversal Vulnerability

Cisco have identified a vulnerability affecting the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software (CVE-2020-3452).

This could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. In this case there are currently no workarounds that address the vulnerability.

The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities. In this case, the most important aspect is to install the latest patches as soon as practicable.