Information Technology

For these Black Friday VPN deals, we only considered reputable and trustworthy VPN providers. There are no shortages of VPNs out there, but there is a limited number of companies that provide secure and user-friendly VPNs.Finding true VPN deals can be a bit tricky because the prices change frequently and with various subscription lengths and add-ons, it gets convoluted. Most VPNs charge less for longer subscriptions and the standard price for service is often advertised as a huge discount. But if the VPN is always available for 63% off, then I don’t consider that a sale. For the offers listed in this roundup, I based the discounted price on what I’d consider the standard offer rather than an imaginary inflated price that you’ll never have to pay. Many of these deals include additional months tacked onto a standard plan. These free months drop the average monthly cost but often the upfront price is the same, in those cases we’ve noted that the lump-sum payment hasn’t changed.We didn’t include free VPNs in our roundup because free VPN services are a mixed bag. It takes money to run a VPN and if you’re not paying then you could be bombarded with ads or stuck with a subpar service. That’s in the best-case scenario. The worst free VPNs could make money by selling your data, so it’s best to stick with a paid service if you’re taking your privacy and security seriously. More

There is a misconception that all hacking is illegal. However, hacking is simply identifying weaknesses in a device — whether it is a PC, smartphone, or another physical object — and software, including apps, and attempting to exploit them.This could include a computer network, old tech equipment, or a website’s backend control system. Hacking, in itself, doesn’t automatically mean unauthorized entry. There are companies out there that ask for ethical hackers to test their software for weaknesses and will reward them financially for their findings.It is only when a hacker uses their skills for unauthorized and criminal purposes, theft, or destruction that it becomes illegal. This could include breaking into a network to deploy malware or stealing confidential information. More

Current price: $2.03/mo Original price: $2.19/mo Private Internet Access VPN’s two-year plan is 2.03/mo with this deal, which comes with four free months. In the past, there was a three-year plan for $2.03/mo, which cost $79, so you’ll pay 28% less upfront ($56.84) with this offer. But compared to the most recent two-year plan, which cost $2.19/mo and came with two free months, you’re saving 8% with this sale.Private Internet Access has open-source customizable apps which allow you to configure settings for port forwarding, remote ports, proxies, and more. A single subscription can support 10 simultaneous connections on a wide range of devices running Windows, macOS, iOS, Android, Linux, and more. More

Image: Getty Google has removed a series of apps downloaded by over a million Android users from the Google Play Store that infected smartphones with malware and bombarded devices with malicious pop-up ads. The malware has been detailed by cybersecurity researchers at Malwarebytes. The apps were still available to download for a number of days […] More

Image: Getty Images/iStockphoto The National Security Agency (NSA) is urging developers to shift to memory safe languages – such as C#, Go, Java, Ruby, Rust, and Swift – to protect their code from remote code execution or other hacker attacks. Of the languages mentioned above, Java is the most widely used across enterprise and Android […] More

Price: $299.00Recommended age: 4-7Features: Screenless learning | Whiteboard top | Fosters creativityI am completely enamored by the idea of Kibo. As an educator in 2022, I consider programming a critical skill for everyone. Nearly anyone can benefit from understanding how to describe steps in a clear and coherent manner. So the idea that Kibo can begin teaching this to very young children is fascinating.Kibo is a kinetic STEM kit. Best of all, it’s a tool for learning that doesn’t require the use of a screen. By combining physical blocks in the right order, kids can instruct Kibo to take action. Kids can also add on capabilities like light, sound, and sensors, all with large, easy-to-attach add-ons. I can see this in use in a kindergarten or nursery school, as well as at home. If you’re considering Kibo, keep in mind two issues. First, it comes in a plain cardboard box with a KIBO label, so if you give this as a gift keep in mind that the gift opening experience might not be as exciting as getting a LEGO. Also, at nearly $300, this is not an inexpensive gift. Still, it could unlock something wonderful in the little ones and set them on a path to master technology later in life. More

Image: Getty/Ivan Pantic Apple has released an update that protects users against two security vulnerabilities that could affect iPhones and iPads. The iOS 16.1.1 and iPadOS 16.1.1 software update comes two weeks after the release of iOS 16.1 for all iPhone and iPad users.  The security update protects users against two vulnerabilities CVE-2022-40303 and CVE-2022-40304. […] More

Medibank has confirmed more customer details compromised in a recent security breach have popped up on a dark web forum, describing the illegal sale as a disgrace. The Australian health insurer is refusing to fork out any ransom payment for the data, pointing to expert advice and government guidelines. “The weaponisation of people’s private information in an effort to extort payment is malicious and an attack on the most vulnerable members of our community,” Medibank CEO David Koczkar said in a statement Thursday. “The release of this stolen data on the dark web is disgraceful.”The company urged the public against downloading the data, which hackers last week had threatened to begin releasing on the forum. Reports have pegged ransom demands upwards of $10 million, or $1 for each compromised customer account.First announced last month, the security breach compromised the personal data of 9.7 million current and former customers as well as some of their authorised representatives. Amongst those impacted were 1.8 million international customers. According to Medibank, the hackers did not access primary identity documents such as drivers’ licences for local customers, or credit card and banking information. However, they were able to access data such as names, dates of birth, addresses, phone numbers, and email addresses. Health claims data of 480,000 customers also were leaked, including locations where they had received medical services and codes linked to diagnoses and procedures administered. Medibank on Wednesday ascertained the files had surfaced on the forum and appeared to be a sample of data that was leaked, which included passport numbers of some customers who were international students. The insurer said it expected more batches to be released and would inform customers whose data had popped up on the forum. Koczkar said the company had no plans to pay any ransom to the hackers behind the data theft. “Based on the extensive advice we have received from cybercrime experts, we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” he said Monday in a statement to the Australian Stock Exchange. “Paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.””It is for these reasons we have decided we will not pay a ransom for this event,” he said. “This decision is consistent with the position of the Australian government.”Medibank said it was providing support to customers impacted by the breach through its Cyber Response Support Program, which included identity protection, financial measures, and mental wellbeing support.It added that it had beefed up existing monitoring of its network, adding detection, analytics, and forensics capabilities across its systems. It noted that it was required by law to retain some customer information for at least seven years from when the customer leaves. Australia passes law to increase breach penaltiesMeanwhile, Australia’s proposed legislation to increase financial penalties for data privacy violators was passed Wednesday. It pushes up maximum fines for serious or repeated breaches to AU$50 million ($32.34 million), from its current AU$2.22 million, or three times the value of any benefit obtained through the data misuse, or 30% of the company’s adjusted turnover in the relevant period, whichever is greater. The Bill also empowers the Australian Information Commissioner to resolve privacy breaches and more quickly share information about data breaches.A Sydney man on Tuesday pleaded guilty for attempting to blackmail customers affected by the Optus data breach in September. Australia Federal Police Assistant Commissioner Cyber Command Justine Gough said Wednesday it would seek out hackers responsible for cybersecurity attacks, such as the Medibank breach, even if they were based overseas. “We have significant powers, determination and access to international law enforcement networks to help investigate this breach,” Gough said. “This is not just an attack on an Australian business. Law enforcement agencies across the globe know this a crime type that is borderless and requires evidence and capabilities to be shared.””It is an offence to buy stolen data, which could be used for financial crimes,” he said, urging customers impacted by the Medibank data breach to report to the police if the hackers attempted to contact them with ransom demands. “Blackmail is an offence and those who misuse stolen personal information for financial gain face a penalty of up to 10 years’ imprisonment.”According to the Office of the Australian Information Commissioner (OAIC), there were 396 reported data breaches between January and June 2022, a 14% dip compared to July to December 2021.Some 41% of all breaches, or 162 notifications to OAIC, were the result of cybersecurity incidents. The majority of cyber incidents, 51 notifications, involved ransomware, while 42 were due to phishing.The Office added that 24 data breaches affected at least 5,000 Australians, including four that affected at least 100,000 Australians. With the exception of one reported case, all of these data breaches were caused by cyberssecurity incidents.Australian Information Commissioner and Privacy Commissioner Angelene Falk said: “Recent data breaches have brought attention to the importance of organisations securing the personal information they are entrusted with and the high level of community concern about the protection of their information and whether it needs to be collected and retained in the first place. I urge all organisations to review their personal information handling practices… Only collect necessary personal information and delete it when it is no longer required.”The OAIC report also found that 71% of entities notified the Office within 30 days of becoming aware of an incident, compared to 75% in the previous period.Falk said: “As the risk of serious harm to individuals often increases with time, organisations that suspect they have experienced an eligible data breach should treat 30 days as a maximum time limit for an assessment and aim to complete the assessment and notify individuals in a much shorter timeframe.”RELATED COVERAGE More