Security News

American aviation regulators have ordered private jet operators to install software updates for Garmin collision avoidance units after multiple reports of false alarms - raising the risk of a mid-air crash. The affected Garmin products, its GTS 8000 series, generated seven false Traffic Collision Avoidance System warnings, said the US Federal Aviation Administration in a formal Airworthiness Directive published [PDF] earlier this month.

Ireland's Data Protection Commission is investigating a massive data leak concerning a database containing personal information belonging to more than 530 million Facebook users. "Previous datasets were published in 2019 and 2018 relating to a large-scale scraping of the Facebook website which at the time Facebook advised occurred between June 2017 and April 2018 when Facebook closed off a vulnerability in its phone lookup functionality," the DPC said.

Chile's Comisión para el Mercado Financiero has disclosed that their Microsoft Exchange server was compromised through the recently disclosed ProxyLogon vulnerabilities. "The analyzes carried out by the information security and technology area of the CMF, together with external specialized support, have so far dismissed the presence of a ransomware and indicate that the incident would be limited to the Microsoft Exchange platform," disclosed the Comisión para el Mercado Financiero.

The European Banking Authority, a key EU financial regulator, says it has fallen victim to a hack of its Microsoft email system which the US company blames on a Chinese group. Microsoft said last week that a state-sponsored group operating out of China was exploiting previously unknown security flaws in its Exchange email services to steal data from business and government users, believed to number in the tens of thousands so far.

The Australian Securities and Investments Commission on Monday disclosed a security incident that involved Accellion software. An independent commission of the Australian government, ASIC is the national corporate regulator, overseeing enterprise and financial services and also tasked with the enforcement of laws designed to protect consumers, creditors, and investors in Australia.

The Australian Securities and Investments Commission has revealed that one of its servers has been accessed by an unknown threat actor following a security breach. ASIC is an independent Australian government commission tasked with the regulation of insurance, securities, and financial services, as well with consumer protection as Australia's national corporate regulator.

The European Union's drug regulator said Friday that COVID-19 vaccine documents stolen from its servers by hackers have been not only leaked to the web, but "Manipulated." The European Medicines Agency said that an ongoing investigation showed that hackers obtained emails and documents from November related to the evaluation of experimental coronavirus vaccines.

The Scottish Environment Protection Agency confirmed on Thursday that some of its contact center, internal systems, processes and internal communications were affected following a ransomware attack that took place on Christmas Eve. "SEPA confirms ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds," the agency said.

Britain's Telecommunications Security Bill will allow anyone to sue their telco if they suffer "Loss or damage" as a result of a system breach - but only if they get Ofcom's permission. Buried in the details away from the China-bashing stuff is a potentially heavy stick to be wielded by telco regulator Ofcom, pitting baying crowds against telecoms operators.

India's Securities and Exchange Board appears to have sent a circular to stock exchanges that calls for market participants to upgrade information security as bad actors seek to take advantage of the financial services industry's move to working from home. SEBI appears not to have made its document public, but India's National Stock Exchange - the nation's largest - plus the Bombay Stock Exchange and Multi Commodity Exchange of India all late last week published the same 14-point security guidelines that say SEBI has called for market participants to implement a security baseline on the computers their staff use when working from home.