لرن سرا

دسته: هسته اصلی سیستم‌عامل

  • Data Discovery and Classification for Modern Enterprises

    Data Discovery and Classification for Modern Enterprises


    In today’s high-stakes digital arena, data is the lifeblood of every enterprise. From driving strategy to unlocking customer insights, enterprises depend on data like never before. But with significant volume comes great vulnerability.

    Imagine managing a massive warehouse without labels, shelves, or a map. That’s how most organizations handle their data today—scattered across endpoints, servers, SaaS apps, and cloud platforms, much of it unidentified and unsecured. This dark, unclassified data is inefficient and dangerous.

    At Seqrite, the path to resilient data privacy and governance begins with two foundational steps: Data Discovery and Classification.

    Shedding Light on Dark Data: The Discovery Imperative

    Before protecting your data, you need to know what you have and where it resides. That’s the core of data discovery—scanning your digital landscape to locate and identify every piece of information, from structured records in databases to unstructured files in cloud folders.

    Modern Privacy tools leverage AI and pattern recognition to unearth sensitive data, whether it’s PII, financial records, or health information, often hidden in unexpected places. Shockingly, nearly 75% of enterprise data remains unused, mainly because it goes undiscovered.

    Without this visibility, every security policy and compliance program stands on shaky ground.

    Data Classification: Assigning Value and Implementing Control

    Discovery tells you what data you have. Classification tells you how to treat it.

    Is it public? Internal? Confidential? Restricted? Classification assigns your data a business context and risk level so you can apply the right protection, retention, and sharing rules.

    This is especially critical in industries governed by privacy laws like GDPR, DPDP Act, and HIPAA, where treating all data the same is both inefficient and non-compliant.

    With classification in place, you can:

    • Prioritize protection for sensitive data
    • Automate DLP and encryption policies
    • Streamline responses to individual rights requests
    • Reduce the clutter of ROT (redundant, obsolete, trivial) data

    The Power of Discovery + Classification

    Together, discovery and classification form the bedrock of data governance. Think of them as a radar system and rulebook:

    • Discovery shows you the terrain.
    • Classification helps you navigate it safely.

    When integrated into broader data security workflows – like Zero Trust access control, insider threat detection, and consent management – they multiply the impact of every security investment.

    Five Reasons Enterprises Can’t Ignore this Duo

    1. Targeted Security Where It Matters Most

    You can’t secure what you can’t see. With clarity on your sensitive data’s location and classification, you can apply fine-tuned protections such as encryption, role-based access, and DLP—only where needed. That reduces attack surfaces and simplifies security operations.

    1. Compliance Without Chaos

    Global data laws are demanding and constantly evolving. Discovery and classification help you prove accountability, map personal data flows, and respond to rights requests accurately and on time.

    1. Storage & Cost Optimization

    Storing ROT data is expensive and risky. Discovery helps you declutter, archive, or delete non-critical data while lowering infrastructure costs and improving data agility.

    1. Proactive Risk Management

    The longer a breach goes undetected, the more damage it does. By continuously discovering and classifying data, you spot anomalies and vulnerabilities early; well before they spiral into crises.

    1. Better Decisions with Trustworthy Data

    Only clean, well-classified data can fuel accurate analytics and AI. Whether it’s refining customer journeys or optimizing supply chains, data quality starts with discovery and classification.

    In Conclusion, Know your Data, Secure your Future

    In a world where data is constantly growing, moving, and evolving, the ability to discover and classify is a strategic necessity. These foundational capabilities empower organizations to go beyond reactive compliance and security, helping them build proactive, resilient, and intelligent data ecosystems.

    Whether your goal is to stay ahead of regulatory demands, reduce operational risks, or unlock smarter insights, it all starts with knowing your data. Discovery and classification don’t just minimize exposure; they create clarity, control, and confidence.

    Enterprises looking to take control of their data can rely on Seqrite’s Data Privacy solution, which delivers powerful discovery and classification capabilities to turn information into an advantage.



    Source link

  • Yelp Help Viewer Security Flaw in GNOME Linux Systems

    Yelp Help Viewer Security Flaw in GNOME Linux Systems


    Yelp is the default help browser in GNOME-based Linux distributions, including widely used systems such as Ubuntu, Fedora and Debian etc. It is responsible for rendering help documentation written in the Mallard XML format and integrates tightly with the desktop environment via the ghelp:// URI scheme. This integration allows applications and users to open help topics directly using protocol links, making Yelp a core utility for accessing user guides and documentation.

    A vulnerability was recently discovered in Yelp that allows it to process specially crafted help documents in unsafe ways. This flaw, identified as CVE-2025-3155, can be exploited to execute arbitrary scripts embedded within help files, potentially leading to the exposure of sensitive user data to external systems.

    Vulnerability Overview

    CVE-2025-3155 is a vulnerability in Yelp, the GNOME help browser, related to its handling of help documents written in the Mallard XML format.

    An attacker can craft a malicious .page file that uses XInclude to embed the contents of arbitrary local files—such as /etc/passwd or private SSH keys—directly into the displayed help content. If the user opens this file in Yelp, the referenced file is read and rendered within the interface, leading to local file disclosure.

    An attacker may also embed SVG elements containing JavaScript within the crafted help file. When processed by Yelp, these scripts can be executed as part of the rendering process, enabling the exfiltration of included file content to an external server. The vulnerability affects Yelp versions up to 42.1 and has been confirmed on GNOME-based distributions such as Ubuntu 22.04.

    Attack Flow

    The exploitation of CVE-2025-3155 involves delivering a malicious Mallard .page help file to the victim and leveraging Yelp’s behaviour to access and potentially leak sensitive local files. The process can be broken down into the following steps:

    Craft and Host the Malicious File

    The attacker creates a malicious .page file containing an XInclude directive to reference sensitive local files and embeds SVG-based JavaScript for exfiltration. This file is then hosted on a web page under the attacker’s control.

    Placing the File on the Victim’s System
    Through social engineering or a drive-by download technique, the attacker delivers the crafted file to a user-writable directory on the victim’s system. 

    Trigger Yelp via the ghelp URI Scheme

    The attacker leads the victim to a crafted ghelp:// link that references the previously downloaded malicious page file. When accessed, Yelp opens the file for processing.

    Yelp Processes and Exfiltrates Content

    When Yelp opens the page file, it processes the XInclude directive and reads content from the specified local files. In an attack scenario where the file contains embedded SVG scripting, the extracted data can be exfiltrated to an attacker-controlled server.

     

    Figure 1: Attack sequence demonstrating how an adversary leverages Yelp’s help file handling to read and exfiltrate sensitive files.

    Real-World Consequences

    CVE-2025-3155 highlights a significant weakness in how user-facing applications like Yelp process local help content. This flaw has the potential to enable attackers to exfiltrate sensitive user files such as SSH private keys or password stores. In targeted environments, such as hospitality, entertainment, or enterprise Linux workstations, exploitation of this vulnerability could:

    • Lead to unauthorized access to confidential files and credentials.
    • Serve as an early-stage foothold for lateral movement in broader attack campaigns.
    • Facilitate deployment of backdoors or data-stealing malware.
    • Precede or support larger cyberattacks carried out by advanced threat actors.

    Evidence from recent cyber threat reports suggests this vulnerability has already been leveraged by threat groups in targeted industries.

     

    Countermeasures for CVE-2025-3155

    To safeguard Linux systems and users against exploitation of this vulnerability, the following countermeasures are strongly recommended:

    Update Yelp Immediately: Ensure Yelp is updated to version 42.2 or later, where the vulnerability is patched.

    Restrict ghelp:// URI Usage: Avoid launching help files from untrusted sources or links. Consider limiting the exposure of ghelp:// handlers via URI sandboxing or policy enforcement.

    Harden File Access Permissions: Limit read permissions for sensitive files like ~/.ssh/id_rsa and other secrets. Regularly audit user permissions and use encrypted key storage wherever possible.

    Monitor Yelp Behaviour: Although monitoring is not a primary mitigation, security teams may choose to audit Yelp usage for post-exploitation indicators. Abnormal patterns—such as Yelp accessing sensitive files or initiating network connections—could signal an attempted abuse of the vulnerability. This should be used as part of broader endpoint visibility, not as a standalone defence.

     Educate End Users: Inform users about the risks of opening help files from unknown sources and recognize spoofed support documentation. Implement awareness campaigns that treat .page files as potentially harmful.

    By combining patch management with proactive monitoring and user education, organizations can mitigate the risks posed by CVE-2025-3155 and prevent it from being used as a stepping stone in larger attack chains.

    Conclusion

    CVE-2025-3155 demonstrates how functionality intended for local documentation rendering can become a vector for unintended data exposure. By leveraging features like XInclude and URI-based invocation, an attacker can craft a low-interaction exploitation chain capable of disclosing sensitive files and exfiltrating them without explicit user consent. This case underscores the importance of strict content handling in local applications and reinforces the need for timely updates and user vigilance against unfamiliar file types and protocol-driven links.

    References:

    https://gitlab.gnome.org/GNOME/yelp/-/issues/221

     

    Authors:

    Vinay Kumar

    Adrip Mukherjee

     

     



    Source link

  • Rule of 72 – Useful code

    Rule of 72 – Useful code


    Ever heard of the Rule of 72? It’s a classic finance shortcut that tells you how many years it takes for an investment to double at a given interest rate—without reaching for a calculator! Pretty much, if you want to understand when you are going to double your money, that are growing with 7% per year, then simply divide 72 by 7 and see the approximate answer. It works like that and it is approximately ok, for values between 5 and 10%.

    For all other values, the formula looks like this:

    ln(2) is approximately 0.693. Hence, it is 0.693 divided by ln(1+tiny percentage).

    With Python the formula looks like this:

    If you want to see how exact the formula is, then a good comparison vs the exact value looks like this:

    The execution of the code from above like this:

    The YT video, explaining the code and is here:

    https://www.youtube.com/watch?v=BURstTrQWkA

    The GitHub code is here: https://github.com/Vitosh/Python_personal/tree/master/YouTube/023_Python-Rule-of-72

    A nice picture from Polovrak Peak, Bulgaria

    Enjoy!



    Source link

  • Rules of 114 and 144 – Useful code


    The Rule of 114 is a quick way to estimate how long it will take to triple your money with compound interest.  The idea is simple: divide 114 by the annual interest rate (in %), and you will get an approximate answer in years.

    • If you earn 10% annually, the time to triple your money is approximately: 114/10=11.4 years.

    Similarly, the Rule of 144 works for quadrupling your money. Divide 144 by the annual interest rate to estimate the time.

    • At 10% annual growth, the time to quadruple your money is: 144/10=14.4 years

    Why Do These Rules Work?

    These rules are approximations based on the exponential nature of compound interest. While they are not perfectly accurate for all rates, they are great for quick mental math, especially for interest rates in the 5–15% range. While the rules are convenient, always use the exact formula when accuracy matters!

    Exact Formulas?

    For precise calculations, use the exact formula based on logarithms:

    • To triple your money:
    • To quadruple your money:

    These rules for 4x or 3x can be summarized with the following python formula:

    Generally, these rules are explained a bit into more details in the video, below:

    https://www.youtube.com/watch?v=iDcPdcKi-oI

    The GitHub repository is here: https://github.com/Vitosh/Python_personal/tree/master/YouTube/024_Python-Rule-of-114

    Enjoy it! 🙂



    Source link

  • Trigonometric Functions – Sine – Useful code


    import numpy as np

    import matplotlib.pyplot as plt

    import matplotlib.animation as animation

     

    # Generate unit circle points

    theta = np.linspace(0, 2 * np.pi, 1000)

    x_circle = np.cos(theta)

    y_circle = np.sin(theta)

     

    # Initialize figure

    fig, ax = plt.subplots(figsize=(8, 8))

    ax.plot(x_circle, y_circle, ‘b-‘, label=“Unit Circle”)  # Unit circle

    ax.axhline(0, color=“gray”, linestyle=“dotted”)

    ax.axvline(0, color=“gray”, linestyle=“dotted”)

     

    # Add dynamic triangle components

    triangle_line, = ax.plot([], [], ‘r-‘, linewidth=2, label=“Triangle Sides”)

    point, = ax.plot([], [], ‘ro’)  # Moving point on the circle

     

    # Text for dynamic values

    dynamic_text = ax.text(0.03, 0.03, “”, fontsize=12, color=“black”, ha=“left”, transform=ax.transAxes)

     

    # Set up axis limits and labels

    ax.set_xlim(1.2, 1.2)

    ax.set_ylim(1.2, 1.2)

    ax.set_title(“Sine as a Triangle on the Unit Circle”, fontsize=14)

    ax.set_xlabel(“cos(θ)”, fontsize=12)

    ax.set_ylabel(“sin(θ)”, fontsize=12)

    ax.legend(loc=“upper left”)

     

    # Animation update function

    def update(frame):

        angle = theta[frame]

        x_point = np.cos(angle)

        y_point = np.sin(angle)

        degrees = np.degrees(angle) % 360  # Convert radians to degrees

        

        # Update triangle

        triangle_line.set_data([0, x_point, x_point, 0], [0, y_point, 0, 0])

        

        # Update point on the circle

        point.set_data([x_point], [y_point])  # Fixed this line to avoid the warning

        

        # Update text for angle, opposite side length, and sin(θ)

        dynamic_text.set_text(f“Angle: {degrees:.1f}°\nOpposite Side Length: {y_point:.2f}\nsin(θ): {y_point:.2f}”)

        return triangle_line, point, dynamic_text

     

    # Create animation

    ani = animation.FuncAnimation(fig, update, frames=len(theta), interval=20, blit=True)

    plt.show()



    Source link

  • Sine and Cosine – A friendly guide to the unit circle



    Welcome to the world of sine and cosine! These two functions are the backbone of trigonometry, and they’re much simpler than they seem. In this article, we will explore the unit circle, the home of sine and cosine, and learn

    Read more ›





    Source link

  • VBA – Automated Pivot Filtering – Useful code


    Sub FilterPivotTableBasedOnSelectedTeams()

     

        Dim pt As PivotTable

        Dim selectedItemsRange As Range

        Dim myCell As Range

        Dim fieldName As String

        Dim lastRowSelected As Long

        Dim pi As PivotItem

        Dim firstItemSet As Boolean

     

        Set pt = ThisWorkbook.Worksheets(“PivotTable2”).PivotTables(“PivotTable2”)

        lastRowSelected = LastRow(tblTemp.Name, 1)

        Set selectedItemsRange = tblTemp.Range(“A1:A” & lastRowSelected)

        fieldName = “Team”

        pt.PivotFields(fieldName).ClearAllFilters

        

        Dim itemsTotal As Long

        itemsTotal = pt.PivotFields(fieldName).PivotItems.Count

        

        For Each pi In pt.PivotFields(fieldName).PivotItems

            If Not IsInRange(pi.Name, selectedItemsRange) Then

                itemsTotal = itemsTotal 1

                If itemsTotal = 0 Then

                    Err.Raise 222, Description:=“No value in the pivot!”

                    Exit Sub

                End If

                

                pi.Visible = False

            End If

        Next pi

     

    End Sub

     

    Function IsInRange(myValue As String, myRange As Range) As Boolean

        

        Dim myCell As Range

        IsInRange = False

        For Each myCell In myRange.Cells

            If myCell.value = myValue Then

                IsInRange = True

                Exit Function

            End If

        Next myCell

     

    End Function

     

    Public Function LastRow(wsName As String, Optional columnToCheck As Long = 1) As Long

     

        Dim ws As Worksheet

        Set ws = ThisWorkbook.Worksheets(wsName)

        LastRow = ws.Cells(ws.Rows.Count, columnToCheck).End(xlUp).Row

     

    End Function



    Source link

  • Guide for Businesses Navigating Global Data Privacy

    Guide for Businesses Navigating Global Data Privacy


    Organizations manage personal data across multiple jurisdictions in today’s interconnected digital economy, requiring a clear understanding of global data protection frameworks. The European Union’s General Data Protection Regulation (GDPR) and India’s Digital Personal Data Protection Act (DPDP) 2023 are two key regulations shaping the data privacy landscape. This guide provides a comparative analysis of these regulations, outlining key distinctions for businesses operating across both regions.

    Understanding the GDPR: Key Considerations for Businesses

    The GDPR, enforced in May 2018, is a comprehensive data protection law that applies to any organization processing personal data of EU residents, regardless of location.

    • Territorial Scope: GDPR applies to organizations with an establishment in the EU or those that offer goods or services to, or monitor the behavior of, EU residents, requiring many global enterprises to comply.
    • Definition of Personal Data: The GDPR defines personal data as any information related to an identifiable individual. It further classifies sensitive personal data and imposes stricter processing requirements.
    • Principles of Processing: Compliance requires adherence to lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability in data processing activities.
    • Lawful Basis for Processing: Businesses must establish a lawful basis for processing, such as consent, contract, legal obligation, vital interests, public task, or legitimate interest.
    • Data Subject Rights: GDPR grants individuals rights, including access, rectification, erasure, restriction, data portability, and objection to processing, necessitating dedicated mechanisms to address these requests.
    • Obligations of Controllers and Processors: GDPR imposes direct responsibilities on data controllers and processors, requiring them to implement security measures, maintain processing records, and adhere to breach notification protocols.

     

    Understanding the DPDP Act 2023: Implications for Businesses in India

    The DPDP Act 2023, enacted in August 2023, establishes a legal framework for the processing of digital personal data in India.

    • Territorial Scope: The Act applies to digital personal data processing in India and processing outside India if it involves offering goods or services to Indian data principals.
    • Definition of Personal Data: Personal data refers to any data that identifies an individual, specifically in digital form. Unlike GDPR, the Act does not differentiate between general and sensitive personal data (though future classifications may emerge).
    • Principles of Data Processing: The Act mandates lawful and transparent processing, purpose limitation, data minimization, accuracy, storage limitation, security safeguards, and accountability.
    • Lawful Basis for Processing: The primary basis for processing is explicit, informed, unconditional, and unambiguous consent, with certain legitimate exceptions.
    • Rights of Data Principals: Individuals can access, correct, and erase their data, seek grievance redressal, and nominate another person to exercise their rights if they become incapacitated.
    • Obligations of Data Fiduciaries and Processors: The Act imposes direct responsibilities on Data Fiduciaries (equivalent to GDPR controllers) to obtain consent, ensure data accuracy, implement safeguards, and report breaches. Data Processors (like GDPR processors) operate under contractual obligations set by Data Fiduciaries.

    GDPR vs. DPDP: Key Differences for Businesses 

    Feature GDPR DPDP Act 2023 Business Implications
    Data Scope Covers both digital and non-digital personal data within a filing system. Applies primarily to digital personal data. Businesses need to assess their data inventory and processing activities, particularly for non-digital data handled in India.
    Sensitive Data Explicitly defines and provides stricter rules for processing sensitive personal data. Applies a uniform standard to all digital personal data currently. Organizations should be mindful of potential future classifications of sensitive data under DPDP.
    Lawful Basis Offers multiple lawful bases for processing, including legitimate interests and contractual necessity. Primarily consent-based, with limited exceptions for legitimate uses. Businesses need to prioritize obtaining explicit consent for data processing in India and carefully evaluate the scope of legitimate use exceptions.
    Individual Rights Provides a broader range of rights, including data portability and the right to object to profiling. Focuses on core rights like access, correction, and erasure. Compliance programs should address the specific set of rights granted under the DPDP Act.
    Data Transfer Strict mechanisms for international data transfers, requiring adequacy decisions or safeguards. Permits cross-border transfers except to countries specifically restricted by the Indian government. Businesses need to monitor the list of restricted countries for data transfers from India.
    Breach Notification Requires notification to the supervisory authority if the breach is likely to result in a high risk to individuals. Mandates notification to both the Data Protection Board and affected Data Principals for all breaches. Organizations must establish comprehensive data breach response plans aligned with DPDP’s broader notification requirements.
    Enforcement Enforced by Data Protection Authorities in each EU member state. Enforced by the central Data Protection Board of India. Businesses need to be aware of the centralized enforcement mechanism under the DPDP Act.
    Data Protection Officer (DPO) Mandatory for certain organizations based on processing activities. Mandatory for Significant Data Fiduciaries, with criteria to be specified. Organizations that meet the criteria for Significant Data Fiduciaries under DPDP will need to appoint a DPO.
    Data Processor Obligations Imposes direct obligations on data processors. Obligations are primarily contractual between Data Fiduciaries and Data Processors. Data Fiduciaries in India bear greater responsibility for ensuring the compliance of their Data Processors.

     

    Navigating Global Compliance: A Strategic Approach for Businesses

    Organizations subject to GDPR and DPDP must implement a harmonized yet region-specific compliance strategy. Key focus areas include:

    • Data Mapping and Inventory: Identify and categorize personal data flows across jurisdictions to determine applicable regulatory requirements.
    • Consent Management: Implement mechanisms that align with GDPR’s “freely given, specific, informed, and unambiguous” consent standard and DPDP’s stricter “free, specific, informed, unconditional, and unambiguous” requirement. Ensure easy withdrawal options.
    • Data Security Measures: Deploy technical and organizational safeguards proportionate to data processing risks, meeting the security mandates of both regulations.
    • Data Breach Response Plan: Establish incident response protocols that meet GDPR and DPDP notification requirements, particularly DPDP’s broader scope.
    • Data Subject/Principal Rights Management: Develop workflows to handle data access, correction, and erasure requests under both regulations, ensuring compliance with response timelines.
    • Cross-Border Data Transfer Mechanisms: Implement safeguards for international data transfers, aligning with GDPR’s standard contractual clauses and DPDP’s yet-to-be-defined jurisdictional rules.
    • Appointment of DPO/Contact Person: Assess whether a Data Protection Officer (DPO) is required under GDPR or if the organization qualifies as a Significant Data Fiduciary under DPDP, necessitating a DPO or designated contact person.
    • Employee Training: Conduct training programs on data privacy laws and best practices to maintain team compliance awareness.
    • Regular Audits: Perform periodic audits to evaluate data protection measures, adapting to evolving regulatory guidelines.

    Conclusion: Towards a Global Privacy-Centric Approach

    While GDPR and the DPDP Act 2023 share a common goal of enhancing data protection, they differ in scope, consent requirements, and enforcement mechanisms. Businesses operating across multiple jurisdictions must adopt a comprehensive, adaptable compliance strategy that aligns with both regulations.

    By strengthening data governance, implementing robust security controls, and fostering a privacy-first culture, organizations can navigate global data protection challenges effectively and build trust with stakeholders.

    Seqrite offers cybersecurity and data protection solutions to help businesses achieve and maintain compliance with evolving global privacy regulations.

     



    Source link

  • Automate Stock Analysis with Python and Yfinance: Generate Excel Reports



    In this article, we will explore how to analyze stocks using Python and Excel. We will fetch historical data for three popular stocks—Realty Income (O), McDonald’s (MCD), and Johnson & Johnson (JNJ) — calculate returns, factor in dividends, and visualize

    Read more ›





    Source link

  • Python – Data Wrangling with Excel and Pandas – Useful code

    Python – Data Wrangling with Excel and Pandas – Useful code


    Data wrangling with Excel and Pandas is actually quite useful tool in the belt of any Excel professional, financial professional, data analyst or a developer. Really, everyonecan benefit from the well defined libraries that ease people’s lifes. These are the libraries used:

    Additionally, a function for making a unique Excel name is used:

    An example of the video, where Jupyter Notebook is used.

    In the YT video below, the following 8 points are discussed:

    # Trick 1 – Simple reading of worksheet from Excel workbook

    # Trick 2 – Combine Reports

    # Trick 3 – Fix Missing Values

    # Trick 4 – Formatting the exported Excel file

    # Trick 5 – Merging Excel Files

    # Trick 6 – Smart Filtering

    # Trick 7 – Mergining Tables

    # Trick 8 – Export Dataframe to Excel

    The whole code with the Excel files is available in GitHub here.

    https://www.youtube.com/watch?v=SXXc4WySZS4

    Enjoy it!



    Source link