Information Technology

Image: Getty Images/iStockphoto Cybersecurity researchers at security company Forescout analysed over 19 million Internet of Things-connected devices deployed across businesses and industry to determine the riskiest ones to connect to.  Risk was determined by considering the range and severity of vulnerabilities in the types of devices, as well as the number of internet-facing ports – […] More

Image: Getty Images The Cybersecurity and Infrastructure Security Agency (CISA) has added a Fortinet critical flaw to its known exploited vulnerabilities catalog.    CISA on Tuesday added the flaw to the KEV catalog, a day after Fortinet revealed an authentication bypass CVE-2022-40684 that it patched last week was already being exploited in the wild. “Fortinet […] More

Image: Ratnakorn Piyasirisorost / Getty Microsoft has rolled out a new capability to all supported versions of Windows that will make it harder for hackers to carry out brute-force password-guessing attacks against local admin accounts.   The new feature means that Windows devices can now lock out local admins – something that Windows devices haven’t […] More

Image: Getty/Cristina_Annibali_Krinaphoto The metaverse is an in-development network of 3D virtual worlds, which people will be able to visit using virtual reality (VR) or augmented reality (AR). The idea is a space that makes interacting with the digital world – and people within it – more vivid and engaging, whether they’re using it for services, […] More

Image: Geralt on Pixabay Microsoft on Tuesday disclosed 84 vulnerabilities, including one that has been exploited and one that has been publicly disclosed.  The patches released address common vulnerabilities and exposures (CVEs) in: Microsoft Windows and Windows Components; Azure, Azure Arc, and Azure DevOps; Microsoft Edge (Chromium-based); Office and Office Components; Visual Studio Code; Active Directory […] More

Australia has kicked off its investigation into the Optus data breach, during which the data practices of the mobile operator as well as its sister companies, Optus Mobile and Optus Internet, will be scrutinised to determine if they were in compliance with local regulations. The investigation would focus on whether the Optus companies took “reasonable steps” to safeguard the personal data they held from misuse, interference, loss, unauthorised access, modification, or disclosure, said the Office of the Australian Information Commissioner (OAIC) in a statement Tuesday. It also would determine if the Singtel-owned entities had collected and retained only information necessary to facilitate their business.In addition, the investigation would assess whether the companies took reasonable steps to implement practices and systems to ensure compliance with the Australian Privacy Principles. Outlined in the country’s Privacy Act 1988, these 13 principles govern standards and obligations around, amongst others, the collection and use of personal information as well as an organisation’s governance and accountability. OAIC said its investigation would be coordinated with that of the Australian Communications and Media Authority (ACMA). The September 22 Optus security breach compromised various personal data of the telco’s 9.8 million customer base, including 1.2 million customers with at least one number from a current and valid form of identification information. Should the investigation determine there was an interference with the privacy of at least one individual, the OAIC could require the Optus companies to take steps to ensure the act or practice was not repeated or continued, as well as to redress any loss or damage. The government agency noted that it had the power to seek civil penalties through the federal court, should the investigation uncover serious or repeated breaches of Australia’s Privacy Act 1988, of up to AU$2.2 million ($1.42 million) for each contravention.  Australian Information and Privacy Commissioner Angelene Falk said attention given to the Optus breach underscored the need for local organisations to look at key privacy issues. Falk said: “If they have not done so already, I urge all organisations to review their personal information handling practices and data breach response plans to ensure information is held securely and that, in the event of a data breach, they can rapidly notify individuals so those affected can take steps to limit the risk of harm from their personal information being accessed.”And collecting and storing personal information that is not reasonably necessary to your business breaches privacy and creates risk. Only collect what is reasonably necessary,” she added. In line with the OAIC’s Privacy Regulatory Action Policy, the OAIC will await the conclusion of the investigation before commenting further.RELATED COVERAGE More

Getty Images Once upon a midnight dreary, I was inundated with a deluge of spam and malicious messages on Android. Every morning I’d wake up wondering how many such messages would pummel my phone. But then Google got smart and added features that would help prevent that never-ending rain of unwanted missives. It took Google […] More

Getty Images/iStockphoto China’s government is aiming to build strategic advantage by by shaping the world’s use of technology according to the head of the UK’s GCHQ spy agency. Sir Jeremy Fleming, the director of GCHQ said that the Chinese Communist Party (CCP) is seeking to gain influence abroad by exporting technologies used in everything from […] More