Subterms
Hands typing on a laptop keyboard lit up with blue back-lighting. Image: Getty/Manuel Breva Colmeiro A major ransomware gang is using a new technique that allows attacks to bypass detection by security products by exploiting a vulnerability in more than 1,000 drivers used in antivirus software. The technique has been detailed by cybersecurity researchers at […] More
Image: Maksim Shmeljov/Shutterstock As more businesses experience a digital transformation and continue to store consumer information in the cloud, cybersecurity risks are an increasing concern for web surfers, companies, and online buyers. According to Foundry’s 2022 Security Priorities Study, which surveyed nearly 900 surveyed security leaders around the world, 90% think their organization is not […] More
Australia is moving to change its privacy laws, so telcos can better work with financial services institutions and government agencies to mitigate the impact of a data breach on customers. Proposed amendments to the country’s Telecommunications Regulations 2021 Act will allow the temporary sharing of some personal data to facilitate such efforts. The federal government said the amendments would better safeguard Australians following the Optus data breach last month, which compromised various customer data including identification document details such as driver’s licence and passport numbers.The proposed regulatory changes would allow telcos in the country to temporarily share certain government identifier data, such as Medicare and passport numbers, with financial services providers. This aimed to facilitate enhanced monitoring and safeguards for customers affected by a data breach, the office of Australian Treasurer Jim Chalmers said in a statement Thursday. He added that the amendments would enable better coordination between the telcos, financial institutions, as well as federal and state government agencies to detect and mitigate the risks of cybersecurity incidents. “The proposed regulations have been carefully designed with strong privacy and security safeguards to ensure that only limited information can be made available for certain purposes,” Chalmers said. The amendments will apply to all financial institutions regulated by Australia’s Australian Prudential Regulation Authority (APRA), excluding branches of foreign banks, with the personal identifier information only to be used for “preventing or responding” to cybersecurity incidents, fraud, scam activities, or instances of identity theft. Under the proposed changes, the Communications Minister also will be empowered to specify additional service entities, where required, that are related to or that support an APRA-regulated organisation. Entities that wish to receive the data need to submit written commitments to the Australian Competition and Consumer Commission (ACCC) that they will comply with their obligations, outlined under the Privacy Act 1998, and attest to APRA they meet all relevant data security standards. They also have to confirm, in writing, that the data they seek is “necessary and proportionate”. In addition, approved recipients of the identifier information must meet information security requirements and protocols for any transfer and storage of data. The information also must be destroyed once it is no longer required. The Council of Financial Regulators’ cybersecurity working group will further examine and report on options to enhance the ability of financial services institutions to identify customers and credentials under risk of compromise. Chalmers said: “The proposed changes will allow for increased fraud detection in the broader financial services sector through existing industry mechanisms to report fraudulent transactions, such as fraud information exchanges.”Financial institutions can play an important role in targeting their efforts towards protecting customers at greatest risk of fraudulent activity and scams in the wake of the recent Optus breach. These new measures will assist in protecting customers from scams, and in system-wide fraud detection,” he said. Following the Optus data breach, he noted that the government had been working with banks and financial regulators to “facilitate the safe and secure sharing of data” between the Singtel-owned telco and regulated financial institutions. Commenting on the planned regulatory changes, APRA said it would work with ACCC and relevant government bodies to coordinate the required steps and manage the “controlled process” of data sharing between Optus and APRA-regulated entities. It reiterated that data shared would only be used for the purposes of monitoring and protecting customers affected by the data breach. Amongst Optus’ customer base of 9.8 million, 1.2 million had at least one number from a current and valid form of personal identification information that was compromised in the breach. Compromised data of the remaining 7.7 million customers did not contain valid or current identification numbers, but had encompassed other personal details such as email addresses, birth dates, and phone numbers. The Australian telco said Monday it appointed Deloitte to conduct an “independent external review” of the breach, which would encompass an assessment of its security systems, controls, and processes. The Office of the Australian Information Commissioner (OAIC) last week revealed was seeking information from Optus to ensure the telco had complied with requirements outlined in the Notifiable Data Breaches (NDB) scheme. Applicable to organisations covered by the Privacy Act 1988, the NDB scheme requires affected individuals and the OAIC to be notified “as quickly as possible” if the organisation experiences a data breach that is likely to result in serious harm to individuals whose personal information is compromised. Australian Information Commissioner and Privacy Commissioner Angelene Falk said the current review of the Privacy Act would provide stronger deterrence of breaches involving personal information. “The regulatory framework needs to shift the dial to place more responsibility on organisations who are the custodians of Australians’ data, to prevent and remediate harm to individuals caused through the handling of their personal information,” Falk said.RELATED COVERAGE More
Jason Cipriani/CNET You probably have sensitive data on your MacBook or iMac. That data might live in a folder that contains various files with company secrets or your own personal information. Unencrypted, that folder can be viewed by anyone with access to your desktop or laptop. However, if you encrypt that folder, only those with […] More
Image: Getty Over half of ransomware attacks now begin with criminals exploiting vulnerabilities in remote and internet-facing systems as hackers look to take advantage of unpatched cybersecurity issues. According to analysis of ransomware incidents during the past year by researchers at security company Secureworks, 52% of attacks started with malicious hackers exploiting remote services. Vulnerabilities in […] More
Image: Getty Microsoft’s Exchange team is warning Exchange Online users that many of its customers are being targeted by password spray attacks using its basic authentication. The warning comes as Microsoft begins turning off Basic Authentication, or “Basic Auth”, in Exchange Online tenants worldwide from October 1, 2022. Microsoft’s explains here why it is deprecating […] More
Image: Getty A business email compromise (BEC) campaign is using an email thread that pretends to have been forwarded by the boss in a bid to trick targets into handing over big sums of money. Not only are BEC attacks one of the most lucrative forms of cybercrime – the FBI says they’ve cost victims a […] More
Image: Getty/LaylaBird There has been a big rise in business email compromise (BEC) attacks – and most victims work at organisations that weren’t using multi-factor authentication (MFA) to secure their accounts. BEC attacks are one of the most lucrative forms of cyber crime: according to the FBI, the combined total lost is over $43 billion and […] More
