Major Increase to Penalties for Privacy Breaches in Australia
Privacy breaches are about to cost companies operating in Australia quite a bit more money in fines, as the country has raised the maximum penalty from AUD 2.2 million to AUD 50 million.
-
-
Third-Party Vendor Named as Culprit in Uber Data Breach That Exposed Internal Company Information
Another Uber data breach leaked an assortment of sensitive internal data: source code and employee contact information. The company has indicated that a third-party vendor is responsible.
-
Addition of End-to-End Encryption to iCloud Backups Fortifies User Privacy, but Faces Legal Pushback From Law Enforcement
Apple is bringing end-to-end encryption to iCloud backups. The move brings parity with other competing messaging services, but is likely to face greater legal challenges than usual.
-
Android Malware Apps Signed With Manufacturing Keys Obtained in Major Security Leak
Security leaks at a number of different device manufacturers have made an array of manufacturer keys available to threat actors, and these keys can be used to sign malware apps.
-
$20 Million Chunk of the Rampant Theft of US COVID Benefits Taken by Chinese Hackers
A Secret Service investigation has found that the theft of hundreds of billions of dollars of US Covid benefits included about $20 million stolen by state-backed Chinese hackers, the APT41 group.
-
UK MSPs To Be Included Under Cybersecurity Laws for Critical Infrastructure
The updated UK NIS Regulations focused on stronger cybersecurity laws for “essential services” will now include MSPs, which often have thousands of clients that span a broad variety of industries, and they are increasingly a target of primary interest for the world’s most advanced hackers.
-
Study Finds Almost 75% of Organizations Remain Vulnerable to Log4Shell
Study finds that a worrying majority of organizations remain vulnerable to Log4Shell, The main problem is that even a fully clean organization is just one new device or software download away from it coming back.
-
Commercial Spyware With Advanced Exploitation Framework Compromised Windows, Chrome and Firefox
Google TAG reported that an exploitation framework making use of multiple zero-days was sold by a Spanish spyware firm for years. Firm says that it is not responsible but there is evidence in the code, including a script that is signed by the company.
-
Alleged Data Leak of Almost 500 Million WhatsApp Records Exposes User Profile Information on Dark Web
A post on the dark web is offering almost 500 million WhatsApp user profiles for sale. Check Point reported that 360 million phone numbers are legitimate, but not necessarily associated with WhatsApp.
-
Meta Employees, Contractors Engaged in Account Hijacking Schemes Using Internal Account Recovery Privileges
Leaked internal document reported that some Meta employees and third party security contractor abused access to an internal account recovery tool for cash, in some cases even engaging in account hijacking plots.
