News

According to the Office of the Privacy Commissioner of Canada’s report, around 680 security breach reports, which is six times the volume received during the same period one year earlier, were received since November 01, 2018. It’s said that the number of Canadians affected by a data breach is more than 28 million, in which 58 percent of reported breaches involved unauthorized access.

Kaspersky’s automated technologies have detected a new exploited vulnerability in the Google Chrome web browser. Kaspersky has allocated the vulnerability as CVE-2019-13720 and reported it to Google. A patch has been released. Upon review of the PoC provided, Google confirmed that it is a zero-day vulnerability. Zero-day vulnerabilities are previously unknown software bugs that can be exploited by attackers to inflict serious and unexpected damage. The new exploit is used in attacks that leverage a waterhole-style injection in a...

In the last 12 months, the personal information of approximately 28 million Canadians was affected by corporate hacks or mismanagement, according to the Office of the Privacy Commissioner of Canada (OPC). The assessment was issued last week after the first full year’s worth of data supplied by private sector firms that had to report breaches of security controls was analyzed. Until new regulations to the Personal Information Protection and Privacy Act (PIPEDA) came into effect...

India-based educational technology firm Vedantu has suffered a data breach, exposing “extensive personal information” on 687,000 users. Affected personal details include email and IP addresses, names, phone numbers, website activity and genders. Passwords were also exposed but were stored as bcrypt hashes, which means they were not visible in plaintext. Vedantu, headquartered in Bengaluru, provides interactive online tutoring for children age 11 to 18. Source: Verdict

A team of cybersecurity researchers has discovered a clever technique to remotely inject inaudible and invisible commands into voice-controlled devices — all just by shining a laser at the targeted device instead of using spoken words. Dubbed 'Light Commands,' the hack relies on a vulnerability in MEMS microphones embedded in widely-used popular voice-controllable systems that unintentionally respond to light as if it were sound. According to experiments done by a team of researchers from Japanese...

Two major Spanish companies have been hit by ransomware today. Both infections occurred on the same day, sparking memories of the WannaCry outbreak. Spain was one of the first countries alongside the UK, where the WannaCry ransomware infections were spotted for the first time back on May 12, 2017. Affected at the time were Spanish newspaper El Mundo, and internet service provider Telefonica. But today's infections are not part of a global ransomware outbreak. Only two...

The British government wants your bright ideas for improving the nation's cybersecurity because it wants to "understand the apparent lack of strong commercial rationale for investment" in locking down your shizz. As part of its fond hope of making the UK a bit more secure than the rest of the world, the Department for Digital, Culture, Media and Sport (DCMS) wants you to tell it what it could be doing better. The Cyber Security Incentives...

Europe's data protection legislation is still missing the point and will remain a 'paper tiger' until internet giants are hit with big fines, according to NSA-contractor turned whistleblower and privacy campaigner Edward Snowden. The General Data Protection Regulation (GDPR) came into force across the European Union on 25 May 2018 and is designed to give EU citizens more control over their personal data. Most notably it introduces potentially huge fines for organisations that are deemed not...

The operators of Nemty ransomware have found a new distributor for their file-encrypting malware, which now spreads via Trik, a botnet that pushes all sorts of threats. The malware is spread to systems that have the Server Message Block (SMB) network communication protocol exposed on the web and protected by weak credentials. Source: Bleeping Computer

This week’s question: What does automation mean for IT security teams?  What automation primarily means is that teams now have the chance to scale their tasks to meet the needs of the business. Nowadays, given that vulnerabilities are discovered on a daily basis, organisations need tools that can keep track of these weaknesses as these are made public and patches become available.   The great strategic advantage of using an automation tool for vulnerability management is the frequency at which it allows IT...