Android March Updates Addresses Two Critical Vulnerabilities
Google has released its March 2023 security updates for Android. The update addresses 60 flaws including two critical-severity remote code execution vulnerabilities. The two flaws are tracked as CVE-2023-20951 and CVE-2023-20954. Google is currently withholding...Typo Squatting Campaign to Steal Crypto
Over 450 malicious python packages were discovered to use typo squatting to steal crypto. The threat actor is using between 13 and 38 typosquatting versions for popular packages to cover a broad range of mistakes that would result in downloading the malicious package....Medibank Breach Due to Rookie Mistake
In its half yearly report, Australian health insurer Medibank shared a brief outline of how Russian based attackers got access to personal details of all 9.7 million of its customers. The Medibank breach in 2022 is one of the largest in Australian history. Hackers...Worrying Upward Trend in Australian Data Breach Notifications
The Office of the Australian Information Commissioner (OAIC) has just published statistical information about notifications received under the Notifiable Data Breached (NDV) Scheme from 1 July to 31 December 2022. It had received 497 notifications, which is up 26%....GitHub Secret Scanning Now Free for Public Repositories
GitHub has recently announced that they have made secret scanning freely available for all public repositories hosted on their platform. GitHub’s secret scanning feature would alert repository owners of all leaked secrets that have been included in their...Critical Apple Bug Wipes Out Passkeys
Terence Kam has discovered a major implementation bug with Apple’s passkey. Passkey is Apple’s implementation of an industry standard designed to remove password for online authentication. This helps reduce the risks of account compromises because it...New Cyber Security Requirements for Australian Critical Infrastructure
Under a new Risk Management Protocol signed off my the Australian Minister for Home Affairs and Cybersecurity, board members on critical infrastructure organisations will be held culpable for failure to properly secure their assets. The organisations will have 18...