Australian consumer lender Latitude Financial Services anticipates its spring cybersecurity incident will cost it up to AU$105 million, which includes a five-week period during which debt collection systems were severely affected by the attack. Hackers demanded extortion from the non-bank creditor after stealing data pertaining to 14 million customers, including nearly 8 million Australian and…

Security researchers have discovered an Iran-linked APT group carrying out a new chain of ransomware attacks using a new strain of malware against Israeli organizations. Researchers at Check Point found a ransomware strain called Moneybird that is reminiscent of the Iranian Agrius group’s previous campaigns. Agrius gained notoriety for targeting Israel-based entities with wiper variants,…

Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, that affect several of its firewall and VPN products. A remote, unauthenticated attacker can can trigger the flaws to cause a denial-of-service (DoS) condition and remote code execution on vulnerable devices. Below are the description for both issues provided by the vendor in…

Network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently breached by threat actors exploiting a now-patched zero-day vulnerability. The vulnerability, tracked as CVE-2023-2868, resides in the module for email attachment screening, the issue was discovered on May 19 and the company fixed it with the release…

European Union lawmakers have criticized the British government’s updated privacy bill over concerns that it fails to adequately protect European citizens’ fundamental rights. Lawmakers also heard from the Irish data authority on the status of its pending TikTok inquiry. At a European Parliament hearing on Tuesday, members of the Civil Liberties, Justice and Home Affairs…

Android smartphone device manufacturer Samsung has a patch for a flaw used by commercial surveillance hackers to implant malware in the United Arab Emirates. Security researchers at Google and Amnesty International in March reported an exploit chain apparently developed by Barcelona spyware vendor Variston to deploy a surveillance malware to devices located in the UAE….

Meta has been fined $1.3 billion (€1.2 billion) by the Irish Data Protection Commission (DPC) for violating the terms of the EU’s GDPR by continuing to transfer EU users’ data to the US without adequate safeguards. Meta has failed to “address the risks to the fundamental rights and freedoms” of Facebook’s European users, the DPC…

Identity and security are more important than ever in today’s “work from anywhere” world. As companies adapt to remote workforces and the use of personal devices, the need for secure authentication has become paramount. The solution uses a zero trust authentication paradigm that ensures confidence in user and device identity on a real-time, continuous basis….

Proposed changes unveiled this week by the Federal Trade Commission to its health breach rule have many advocates agreeing that personal health data needs stronger protections even as some question whether the agency has the legal authority to enact its proposal. Commissioners voted unanimously Thursday for a rule-making codifying an earlier policy change made in…