Oracle sued over ‘worldwide surveillance machine’ by privacy rights activists

Read Time:53 Second

A class action lawsuit filed last week in the Northern District of California accused Oracle of running a “worldwide surveillance machine” and violating the fundamental privacy rights of hundreds of millions of people. The suit alleges that Oracle has violated California’s state constitution by compiling and selling off personal data and makes a common law tort claim for intrusion upon seclusion, along with five further causes of action ranging from state data protection laws to the federal wiretap act.

Lawsuit claims Oracle created profiles without consent

The plaintiffs in the suit are two privacy rights activists in the U.S. and one in Ireland, all of whom assert that they have data to show that Oracle has created profiles of them without their consent. The amount of relief sought isn’t specified, but the suit – in addition to asking for certification as a class action – demands a halt to Oracle’s data collection activities, as well as restitution of profits made from data collected without consent.

To read this article in full, please click here

Read More

CVE-2020-27834

Read Time:9 Second

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Read More

CVE-2020-27836

Read Time:17 Second

A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..

Read More

Lloyd’s of London to exclude state-backed attacks from cyber insurance policies

Read Time:1 Minute, 0 Second

Insurance marketplace Lloyd’s of London is set to introduce cyber insurance exclusions to coverage for “catastrophic” state-backed attacks from 2023. In a market bulletin published on August 16, 2022, Lloyd’s stated that whilst it “remains strongly supportive of the writing of cyberattack cover” it recognizes that “cyber-related business continues to be an evolving risk.” Therefore, the company will require all its insurer groups to apply a suitable clause excluding liability for losses arising from any state-backed cyberattack in accordance with several requirements. The move is reflective of a maturing and quickly evolving cyber insurance market.

Nation-state attacks pose systemic risk to insurers

In its bulletin, Lloyd’s of London wrote that it consistently emphasizes that underwriters need to be clear in their wordings as to the cover they are providing, with clarity surrounding cyberattacks involving state-backed actors of particular importance. “When writing cyberattack risks, underwriters need to take account of the possibility that state-backed attacks may occur outside of a war involving physical force. The damage that these attacks can cause and their ability to spread creates a similar systemic risk to insurers.”

To read this article in full, please click here

Read More