Security News > 2022 > November
A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. This is achieved by using the phone numbers associated with the infected devices as a means to gather the one-time password that's typically sent to verify the user when setting up new accounts.
A malicious Android SMS application found on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. This is achieved by using the phone numbers associated with the infected devices as a means to gather the one-time password that's typically sent to verify the user when setting up new accounts.
Facebook-Meta-was just fined $276 million for a data leak that included full names, birth dates, phone numbers, and location. Meta's total fine by the Data Protection Commission is over $700 million.
The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation requirements. The Commission nationale de l'informatique et des libertés said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5 algorithm as recently as July 2022.
The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation requirements. The Commission nationale de l'informatique et des libertés said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5 algorithm as recently as July 2022.
The governor of South Dakota issued an executive order on Tuesday banning the use of Chinese social media platform TikTok for state government agencies, employees and contractors on state devices. In a press release the state government said the order was in response to the growing national security threat posed by TikTok's data-gathering operations on behalf of the Chinese Communist Party.
The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches. To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity's adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information, whichever is greater.
The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches. To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity's adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information, whichever is greater.
A sophisticated threat actor named 'CashRewindo' has been using aged domains in global malvertising campaigns that lead to investment scam sites. [...]
Researchers have disclosed details of three new security vulnerabilities affecting operational technology products from CODESYS and Festo that could lead to source code tampering and denial-of-service. The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify either an insecure-by-design approach - which was usual at the time the products were launched - where manufacturers include dangerous functions that can be accessed with no authentication or a subpar implementation of security controls, such as cryptography," the researchers said.