More stories

  • in

    Google is expanding this 'next level' encryption to more Gmail users

    Image: FG Trade/Getty Images Google is expanding its rollout of client-side encryption to Gmail and Calendar, allowing more users to send and receive encrypted email and calendar invites.       The client-side encryption (CSE) feature is now generally available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers following the beta launch in […] More

  • in

    LastPass breach: Hackers put malware on engineer's home computer to steal their password

    June Wan/ZDNET LastPass has revealed that hackers stole a master password that they used to access highly restricted corporate databases and information by targeting a senior engineer’s home computer.  Also: Leaving LastPass? Here’s how to get your passwords out The password manager company first revealed that it had been hacked in August last year when it said attackers […] More

  • in

    Microsoft: Here's how our technology disrupts ransomware and phishing attacks

    Image: Getty/Luis Alvarez Microsoft is expanding its cybersecurity suite, Microsoft 365 Defender, with AI-based capabilities which can automatically detect and disrupt cyberattacks like ransomware attacks and business email compromise (BEC) campaigns by quickly identifying and switching off the accounts or services being exploited by attackers.  In Depth: These experts are racing to protect AI from hackers. […] More

  • in

    These are the most secure countries for remote workers in 2023

    Shutterstock While some of us have always worked remotely, the pandemic forced entire employee rosters to move online to keep businesses alive.  Organizations had to rapidly pivot to digital environments and manage their teams through virtual meetings and apps. For many employees, however, the move to remote work improved their productivity and work-life balance. As […] More

  • in

    Australia retailer's customer data compromised in third-party breach

    Data belonging to customers of The Good Guys have been compromised in a security breach involving the Australian retailer’s former third-party supplier, My Rewards. Formerly known as Pegasus Group Australia, My Rewards also confirmed the breach in a statement Thursday, revealing that preliminary investigations pointed to an “unauthorised access” to its systems in August 2021, which led to the data compromise. This meant that personally identifiable information, including names, email addresses, and phone numbers, likely had been made publicly available, the company said, noting that all its data were stored in Australia.My Rewards added that its IT systems currently had not suffered any breach and would work with the relevant authorities. including the Australian Federal Police, regarding the breach. In its own statement Thursday, The Good Guys said it was notified of the breach this month and that its own IT systems were not involved. It previously worked with My Rewards to provide reward services for its Concierge members, some of whom would have set up My Rewards account that required a password. And while optional, customers’ dates of birth also might have been provided. Compromised data did not include financial or identity document details, such as credit card, driver’s licence, or passport information. The Good Guys said affected customers would be contacted about the breach. It added that My Rewards accounted linked to its Concierge benefits programme were closed and the former third-party vendor no longer held any personal data of its members. “The Good Guys is extremely disappointed that My Rewards, a former services provider, has experienced this breach and we apologise for any concern that this may cause,” the Australian retailer said. Commenting on the breach, BlueVoyant’s Asia-Pacific Japan vice president Sumit Bansal noted that the incident as well as last year’s Medibank breach involved third-party vendors, serving as a reminder for businesses to scrutinise their suppliers and other third parties involved in their supply chain. “These companies are far from the only ones to be negatively impacted by a breach related to a third party, and most likely will not be the last,” Bansal said. Citing the security vendor’s recent study, he noted that 97% of Asia-Pacific organisations had been negatively impacted by a breach in their supply chain. Almost 40% said they would not know if a third party had security vulnerabilities. The finding revealed a challenge with monitoring such risks, he said. “Digital supply chains are made of vendors, suppliers, and other third parties with network access. As organisations’ own internal cybersecurity becomes stronger, a third party may have weaker security,” he added. “To help prevent breaches, organisations should first make sure they know which third parties they use or have used in the past, and what data and network access they may have.””Organisations should only provide employees and third-parties with access to the data needed for their role. This helps to control what data can be accessed in the event of a breach. They should also put policies in place to prevent third parties from retaining data after their services are no longer used.”Australia-based Jacuqeline Jayne, who is KnowBe4’s Asia-Pacific security awareness advocate, further noted that the compromised data could be used to facilitate social engineering attacks, even if personal financial information were not leaked. The data could be manipulated to create phishing email messages that looked legitimate and be used to redirect payments or collect more sensitive information from targeted victims, Jayne said. “Because many victims will assume an email or text message containing legitimate information about previous orders would be trustworthy, it can make it much easier for a social engineering attack to be successful,” she said. “Victims of this [The Good Guys] data loss should be very cautious when it comes to future communications and they should pay close attention to any links in messages or requests for more information.”The Australian government in November passed a legislation to increase financial penalties for data privacy violators, pushing up maximum fines for serious or repeated breaches to AU$50 million ($32.34 million), from its current AU$2.22 million, or three times the value of any benefit obtained through the data misuse, or 30% of the company’s adjusted turnover in the relevant period, whichever is greater. RELATED COVERAGE More