Rohan Pearce reports: New legislation that will enable data collected by public sector agencies to be more easily shared is expected to be accompanied by new rules for data breach notifications, a discussion paper released today by the government said. The government in May 2018 said it would introduce a new data sharing and release…
Category: Commentaries and Analyses
BEC overtakes ransomware and data breaches in cyber-insurance claims
Catalin Cimpanu reports: Business email compromise (BEC) has overtaken ransomware and data breaches as the main reason companies filed a cyber-insurance claim in the EMEA (Europe, the Middle East, and Asia) region last year, said insurance giant AIG. According to statistics published in July, AIG said that BEC-related insurance filings accounted for nearly a quarter…
Student surprise: malware masked as textbooks and essays
From the Kaspersky Team, this useful alert: We have written on numerous occasions about how easy it is to inadvertently pick up some nasty stuff when you try to download popular TV shows or game cheats. However, cybercriminals do not just limit themselves to entertainment products. You can also stumble upon a virus when looking…
Over 47,000 Supermicro servers are exposing BMC ports on the internet
Catalin Cimpanu reports: More than 47,000 workstations and servers, possibly more, running on Supermicro motherboards are currently open to attacks because administrators have left an internal component exposed on the internet. These systems are vulnerable to a new set of vulnerabilities named USBAnywhere that affect the baseboard management controller (BMC) firmware of Supermicro motherboards. Read…
Malicious websites were used to secretly hack into iPhones for years, says Google
Zack Whittaker reports: Security researchers at Google say they’ve found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of previously undisclosed software flaws. Google’s Project Zero said in a deep-dive blog post published late on Thursday that the websites were visited thousands of times…
Valve patches recent Steam zero-days, calls turning away researcher ‘a mistake’
Catalin Cimpanu reports: Gaming giant Valve has called turning away a security researcher who reported a vulnerability in the company’s Steam gaming client “a mistake.” A Valve representative told ZDNet in an email today that the company has shipped fixes for the Steam client, updated its bug bounty program rules, and is reviewing the researcher’s…