1. Data protection bill may be tabled in winter session of India
The Indian government plans to table the draft personal data protection bill submitted by Justice BN Srikrishna committee in Parliament by December after holding consultations with different ministries, industry representatives and the public.
It recommends a layered consent architecture and bringing in key principles of personal data processing, whereby companies should collect only the required data from an individual, state the purpose of its use explicitly, and store it only for as long as it is required.
As per the draft bill, citizens and internet users will have the final say on how and for what purpose personal data can be used, and they will also have the right to withdraw consent. There will also be the option of ‘right to be forgotten’, subject to certain conditions. However, some of the committee’s recommendations have raised concerns among companies.
These include the move to restrict cross-border flow of personal data, mandating storing “critical personal data” within the country, and criminal prosecution along with stiff penalties of up to 4% of the global turnover of a company against those violating data privacy rules.
2. Microsoft Edge Browser Vulnerability Allows Malicious Hackers Steal Your Computer Local Files
Newly discovered in Microsoft Edge Browser vulnerability allows attackers stealing the computer local files from victims who all are using a vulnerable version of the Edge browser.
This Edge Browser Vulnerability exists in the version 17.8600.40445.0 where the researcher tested and successfully exploits this vulnerability.
In this case, the researcher identified the flaw in Same Origin Policy (SOP) that allows special format of the URL can inject into the browser and the attacker can read the content of any local file.
Eventually, once the victims execute the malicious URL then it will load into the local system and read the local files in victims computer.
Cyber Security Tips:
In order to protect from this attack, all the Edge user need to update their browsers and Windows Mail and Calendar applications. also, avoid opening attachments from unknown senders.
3. Reddit Hacked – Emails, Passwords, Private Messages Stolen
Reddit social media network today announced that it suffered a security breach in June that exposed some of its users’ data, including their current email addresses and an old 2007 database backup containing usernames and hashed passwords.
According to Reddit, the unknown hacker(s) managed to gain read-only access to some of its systems that contained its users’ backup data, source code, internal logs, and other files.
In a post published to the platform Wednesday, Reddit Chief Technology Officer Christopher Slowe admitted that the hack was a serious one, but assured its users that the hackers did not gain access to Reddit systems.
Cyber Security Tips:
- Reddit recommended users to move to token-based two-factor authentication, which involves your mobile phone generating a unique one-time passcode over an app.
4. Criminal hacking group targets U.S., U.K. agencies in Pakistan
A criminal hacking group concentrated in Pakistan has in recent months carried out a string of attacks on American, British, Russian, and Spanish governmental organizations, according to new research from cybersecurity company Palo Alto Networks.
The hacking collective known as the Gordon Group has been performing criminal operations against targets across the globe, often using shared infrastructure with their targeted attack operations.
The attackers are unsophisticated but effective. Gordon Group meticulously tracks how often its payloads are clicked on via common URL shortening tools, according to Unit 42. Thirty-nine percent of users who clicked on those links were in Pakistan, while 19 percent were in the United States.