Collaborate Disseminate
The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches.
To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% o… Continue reading Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches
Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS).
The vulnerabilities, reported by Fores… Continue reading 3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS
A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector.
Mandiant, which is part of Google Cloud, is tracking the cluster under it… Continue reading Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines
Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines.
Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models tha… Continue reading New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx.
The trend, called Invisible Challenge, involves applying a filter known as Invisible B… Continue reading Hackers Using Trending TikTok ‘Invisible Challenge’ to Spread Malware
Ireland’s Data Protection Commission (DPC) has levied fines of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement agai… Continue reading Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users’ Data
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation.
The vulnerability, tracke… Continue reading CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability
Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources.
The issue relates to a confused deputy problem, a type of privilege escalation where … Continue reading Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services
Over a dozen security flaws have been discovered in baseboard management controller (BMC) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks.
BMC refers to a specialized service p… Continue reading Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks
Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform.
The feature is part of Musk’s vision for Twitter 2.0, which is expected to be what’s called an “everything app.” Other functionalit… Continue reading Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages