Cybersecurity News


I am a Medibank customer. Am I affected by the cyberattack? What can I do to protect myself?

I am a Medibank customer. Am I affected by the cyberattack? What can I do to protect myself?

Experts suggest using multifactor authentication and telling your bank to put extra security checks in place

Millions of Medibank’s current and former customers have had their personal information, including health claims, exposed in a hack of the company’s customer database.

Here’s what we know so far and what you can do.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

name

address

date of birth

gender

email

Medicare card number (in some cases)

health claims made with Medibank (in some cases)

Continue reading...
01 December 2022

ConnectWise Quietly Patches Flaw That Helps Phishers

ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just days after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.
01 December 2022

Top tips to save energy used by your electronic devices

With the rapidly rising energy prices putting a strain on many households, what are some quick wins to help reduce the power consumption of your gadgets?

The post Top tips to save energy used by your electronic devices appeared first on WeLiveSecurity

01 December 2022

Password app LastPass hit by cybersecurity breach but says data remains safe

Password app LastPass hit by cybersecurity breach but says data remains safe

Company says its security system prevented the hacker accessing customer data or encrypted passwords

Password manager LastPass has told customers that some of their information has been accessed in a cybersecurity breach, but says passwords remain safe.

LastPass is one of several password managers in the market that aims to reduce the reuse of passwords online, by storing themin a single app. It also makes it easier for users to generate strong passwords as required.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...
01 December 2022

Medibank hackers announce ‘case closed’ and dump huge data file on dark web

Medibank hackers announce ‘case closed’ and dump huge data file on dark web

The size of the data file suggests it may be the full trove of hundreds of thousands of customers’ private records that were stolen from the health insurer

The cybercriminals behind the Medibank cyber-attack have posted on the dark web what appears to be the remainder of what customer data they took from the health insurer, stating it is “case closed” for the hack.

On Thursday morning, the blog – which returned online after several days of being offline last week – posted “Happy Cyber Security Day!!! Added folder full. Case closed.” and included a file that has several compressed files amounting to over 5GB.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...
30 November 2022

Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin

ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group

The post Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin appeared first on WeLiveSecurity

30 November 2022

Is it worth taking out personal cyber insurance in case you are caught up in a data hack?

Is it worth taking out personal cyber insurance in case you are caught up in a data hack?

Experts say investing in identity theft protection may provide peace of mind, but won’t help recover lost information

The recent Optus and Medibank data breaches in which thousands of Australians had their personal information stolen have heightened public consciousness of the threat of identity fraud.

Information including names, dates of birth, addresses, phone numbers, passport and Medicare numbers, and even healthcare claims have been posted online in the past few months as a result of the high profile breaches.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...
28 November 2022

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices.
28 November 2022

RansomBoggs: New ransomware targeting Ukraine

ESET researchers spot a new ransomware campaign that goes after Ukrainian organizations and has Sandworm's fingerprints all over it

The post RansomBoggs: New ransomware targeting Ukraine appeared first on WeLiveSecurity

28 November 2022

MEPs’ spyware inquiry targeted by disinformation campaign, say experts

MEPs’ spyware inquiry targeted by disinformation campaign, say experts

European parliament is investigating Pegasus, a powerful surveillance tool used by governments around the world

Victims of spyware and a group of security experts have privately warned that a European parliament investigatory committee risks being thrown off course by an alleged “disinformation campaign”.

The warning, contained in a letter to MEPs signed by the victims, academics and some of the world’s most renowned surveillance experts, followed news last week that two individuals accused of trying to discredit widely accepted evidence in spyware cases in Spain had been invited to appear before the committee investigating abuse of hacking software.

Continue reading...
28 November 2022

Spyware posing as VPN apps – Week in security with Tony Anscombe

The Bahamut APT group distributes at least eight malicious apps that pilfer victims' data and monitor their messages and conversations

The post Spyware posing as VPN apps – Week in security with Tony Anscombe appeared first on WeLiveSecurity

25 November 2022

Know your payment options: How to shop and pay safely this holiday season

'Tis the season for shopping and if you too are scouting for bargains, make sure to keep your money safe when snapping up those deals

The post Know your payment options: How to shop and pay safely this holiday season appeared first on WeLiveSecurity

25 November 2022

10 tips to avoid Black Friday and Cyber Monday scams

It pays not to let your guard down during the shopping bonanza – watch out for some of the most common scams doing the rounds this holiday shopping season

The post 10 tips to avoid Black Friday and Cyber Monday scams appeared first on WeLiveSecurity

24 November 2022

Bahamut cybermercenary group targets Android users with fake VPN apps

Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram

The post Bahamut cybermercenary group targets Android users with fake VPN apps appeared first on WeLiveSecurity

23 November 2022

Security fatigue is real: Here’s how to overcome it

Do your employees take more risks with valuable data because they’ve become desensitized to security guidance? Spot the symptoms before it’s too late.

The post Security fatigue is real: Here’s how to overcome it appeared first on WeLiveSecurity

22 November 2022

Paving the Way: Inspiring Women in Payments - A Q&A featuring Kara Gunderson

 

Kara Gunderson’s father always told her, “You have to arrange for your own good luck.” And this is a mantra that rings true for her. She believes that everyone, male or female, needs to work for their job. They need to roll up their sleeves, prove that they are willing to work hard, and that they are worthy of the position. In this edition of our blog, Kara explains that at one time she was one of the few women in petroleum payments and was held back because of her gender. But, over time, this has changed, and through hard work, she has arranged for her own good luck and success in the industry.

21 November 2022

Facebook sued for collecting personal data to target adverts

Facebook sued for collecting personal data to target adverts

In high court case that could set precedent for millions, Tanya O’Carroll alleges owner Meta is breaking UK data laws

A human rights campaigner is suing Facebook’s owner in the high court, claiming the company is disregarding her right to object against the collection of her personal data.

Tanya O’Carroll has launched a lawsuit against Mark Zuckerberg’s Meta alleging it has breached UK data laws by failing to respect her right to demand Facebook stop collecting and processing her data. Facebook generates revenue from building profiles of users and matching them with advertisers who direct ads at people targeting their specific interests and backgrounds.

Continue reading...
21 November 2022

Latest insights on APT activity – Week in security with Tony Anscombe

What have some of the world's most notorious APT groups been up to lately? A new ESET report released this week has the answers.

The post Latest insights on APT activity – Week in security with Tony Anscombe appeared first on WeLiveSecurity

18 November 2022

Tor vs. VPN: Which should you choose?

Both Tor and a VPN can greatly help you keep prying eyes away from your online life, but they’re also two very different beasts. Which is better for you?

The post Tor vs. VPN: Which should you choose? appeared first on WeLiveSecurity

18 November 2022

Researchers Quietly Cracked Zeppelin Ransomware Keys

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “Zeppelin” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things,… Read More »
17 November 2022