Apr 03, 2024NewsroomData Breach / Incident Response The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based nation-state group called Storm-0558 last year. The findings, released by the Department of Homeland Security (DHS) on Tuesday, … [Read more...] about U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers
Safety
Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels
Feb 24, 2023Ravie LakshmananPrivacy / Data Safety An investigation into data safety labels for Android apps available on the Google Play Store has uncovered "serious loopholes" that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its *Privacy Not Included initiative, compared the privacy policies and … [Read more...] about Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels
Google Removes “App Permissions” List from Play Store for New “Data Safety” Section
Following the launch of a new "Data safety" section for the Android app on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The change was highlighted by Esper's Mishaal Rahman earlier this week. The Data safety section, which Google began rolling out in late April 2022, is the company's answer to Apple's … [Read more...] about Google Removes “App Permissions” List from Play Store for New “Data Safety” Section
U.S. Proposes $1 Million Fine on Colonial Pipeline for Safety Violations After Cyberattack
The U.S. Department of Transportation's Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed a penalty of nearly $1 million to Colonial Pipeline for violating federal safety regulations, worsening the impact of the ransomware attack last year. The $986,400 penalty is the result of an inspection conducted by the regulator of the pipeline operator's control … [Read more...] about U.S. Proposes $1 Million Fine on Colonial Pipeline for Safety Violations After Cyberattack
Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks
Multiple unpatched security vulnerabilities have been disclosed in Mitsubishi safety programmable logic controllers (PLCs) that could be exploited by an adversary to acquire legitimate user names registered in the module via a brute-force attack, unauthorizedly login to the CPU module, and even cause a denial-of-service (DoS) condition. The security weaknesses, disclosed by … [Read more...] about Unpatched Security Flaws Expose Mitsubishi Safety PLCs to Remote Attacks
Balancing Safety and Security During a Year of Remote Working
I have not been inside an office building for 12 months. A sentence I did not imagine writing anytime soon. Last February, everything changed. And when we pause to reflect, we have to consider that, of the many dramatic impacts to our lives, to society, and the world, in the realm of the professional, one of the most impactful changes has been the fact that many of us no longer … [Read more...] about Balancing Safety and Security During a Year of Remote Working
How Does Triton Attack Triconex Industrial Safety Systems?
Triton is malware developed to affect industrial systems, particularly the Triconex safety system from Schneider. This is deployed at over 15,000 sites across the world, but the malware allegedly only targeted a critical energy industrial site in the Middle East in 2017. The attack, also known by the names of Trisis and Hatman, is broken down into different phases: Intrusion … [Read more...] about How Does Triton Attack Triconex Industrial Safety Systems?