Tag Archives: Australia

Security Never Sleeps- Scottish Parliament, IoT Regulation

Scottish Parliament targeted in ‘brute force’ cyber attack

“External sources with similar tactics to Westminster incident”

Officials have now stated that the attack on the Scottish Parliament was part of a ‘Brute Force’ cyber operation. Sir Paul Grice confirmed the attack in a message to the MSP’s and staff with statedomain email addresses, urging caution and security practices. “Robust cyber security measures” identified the attack early, and systems “remain fully operational”.

USB Ports Could Be Silently Leaking Your Personal Data To A Malicious Device

“An unfortunately convenient way to steal data”

External hard drives and USB sticks are seen as the most common and often reliable way to securely store and move data. However, an Australian research team has shown that this may not be as secure as we previously thought. Many ports that individuals plug devices in can be leaking personal data remotely, giving criminals access to sensitive information.

Cost of insider threats vs. investment in proactive education and technology

“Which is more important”

Security education is becoming incredibly more important in the increasingly digital age. Technology based defense solutions are incredibly important in preventing attacks and saving organizations significant sums of money.

Who can regulate the IoT?

“Will permeate all of life”

The Internet of Things promises to make life significantly easier, but possibly more complicated at the same time. Security concerns grow everyday over the inter-connectivity of all of these devices. This leads many experts to advocate for organized and proper regulations, with harsh penalties that apply to those who do not comply.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 198

Army orders the removal of DJI drones, citing cyber security concerns

“National security risks cited”

A memo from the U.S. Army verified by Reuters advises that all operations involving  DJI drones “cease all use, uninstall all DJI applications, remove all batteries/storage media and secure equipment for follow-on direction.” Further into the memo the army outlines the greater cyber vulnerabilities associated with the DJI, and the discontinuation covers all of the relevant software and hardware related to the DJI products.

Big data breach unmasks Bloomberg chat room users

“Almost one thousands anonymous users unmasked”

This week a London investment firm has sent out a list of participants, including names and employers, of an anonymous Bloomberg chat room that had been breached sometime last month by cybercriminals. The breach is the largest for Bloomberg’s financial information firm, and led to the temporary shutdown of the metal and mining chat, among others.

Spam Rate Hits Two-Year High

“Emergence of specific malware likely to blame”

In July of this year the global spam rate has skyrocketed to the levels of March 2015, largely due to the emergence and spread of email malware from Symantec. Self-spread malware variants are the worst offenders, contributing to the 54.9% spam rate throughout the whole month.

Australian Information Commissioner commends Red Cross for data breach response

“Database backup of thousands of donors now deemed safe”

In October of 2016, many metrics relevant to thousands of donors had appeared publicly online. This prompted security concerns among thousands, fearing their sensitive information was put in jeopardy. Almost a year later in 2017, Australian Information and Privacy Commissioner Timothy Pilgrim concluded his investigation and claims that his confidence is now restored in the Red Cross and the security of its personal information stores.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 178

Windows 10 Is Getting A Clever New Way To Fight Off Ransomware

“New ability added to Windows Defender”

The built-in Windows anti-malware application has been outfitted with a new protective mechanism. ‘Controlled Folder Access’ allows only recognized trustworthy devices and users to access the files that you activate the feature for.

Medicare data breach: Alan Tudge admits department unaware darknet vendor selling card details

“HS Minister concedes after investigation”

Alan Tudge, Australian Human Services Minister, now confirms that his department was blind to the fact that a secretive Darknet vendor had obtained and began to sell Australian medicare information on the web. The Guardian published an investigation Tuesday that revealed the operation, which had sold about 75 individuals records on an illegal product auctioning site. Mr. Tudge has addressed the breach in a recent statement:

Decrypting the Motivations Behind NotPetya/ExPetr/GoldenEye

“Who and Why still largely unknown”

The most recent malware attack to rock the Ukraine and others has seemed to leave more questions than answers. Reaching at least 60 countries, the malware is now even taking on different names. Some researchers have dubbed it Petya, due to its similarities with the Petya malware seen previously. However, others refute the relationship, leaving it categorized as NotPetya, GoldenEye, and more. Kaspersky Labs has found similarities with a modified version of Petya, and have settled on ExPetr.

Zero-Day Found in Humax WiFi Router

“Vulnerable routers easily compromised”

Security systems in the new HG-100R Humax WiFi router are apparently fragile enough to allow hackers remote access to sensitive information and administrative command control. TrustWave SpiderLabs researchers discovered the flaw in May, but repeated warnings to the manufacturer were allegedly met with silence.

Personal Details of 117,000 AA Shoppers Exposed

“15 million member organization criticized for security faults”

The Automobile Association is the target of massive critique this week after news of a major data malfunction may have compromised the sensitive information of much of its membership base. A server misconfiguration brought the vulnerability of at least 100,000 customers data, however the organization had downplayed the severity of the incident. The company posted the following message to customers on Monday;

Enjoy your read? Check out our other blogs and content here.

10Fold- Security Never Sleeps- 133

Trojan Malware Blamed for Health Cyberattack 

“Targeted hospital computer systems forced offline”

Barts Health NHS Trust computer systems were taken offline by cybercriminls with a Trojan malware program on Friday. Nearly all department systems, even those unaffected, were set offline as a precaution. How the infiltration entered into the network is still undisclosed.

Yahoo hack compromised accounts of over 3,000 Australian government officials

“Largest known data breach of its kind”

The victim count of a massive cyberattack on Yahoo has risen to over 3,000 Australian government officials. High profile positions such as MP’s, judges, and federal police were among those compromised, exposing a large amount of high risk information to cybercriminals. Security firm InfoArmor has released information that an Eastern European hacker collective “Group E” stole data from Yahoo in 2013, and the Department of Defence was apparently notified of this fact in October of last year. The breach has prompted Malcolm Turnbull, the Australian Prime Minister, to begin to probe the incident.

Fighting cybercrime using IoT and AI-based automation

“Murder case gains ground with new tech”

Detectives investigating a murder in Arkansas were able to pull valuable data off a smart meter, measuring 140 gallons of water in the early hours of the morning. This was far more than the home had ever been used before, possibly providing the time of death and attempts to conceal evidence.

Firefox Update Will Kill This Sneaky Tracking Technique

“Captures information in ‘browser fingerprinting'”

A new Firefox patch will probe for various softwares that use pieces of information that are indicative of whether or not the actual owner of the computer is using it. Some surprising factors, such as screen resolution, interface language and plug-ins, are actually quite accurate in recognizing the correct user.