Cybersecurity News


Glut of Fake LinkedIn Profiles Pits HR Against the Bots

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.
05 October 2022

Watch and Learn All About Knowledge Training

 

At the 2022 North America Community Meeting, PCI SSC announced the launch of Knowledge Training. These new training courses are designed to bridge the knowledge gap between organizations and assessors by helping learners speak the same language as the Assessor. In doing so, learners will be able to guide their organization through an assessment and any pre-work and work alongside the Assessor during an engagement, making for a much smoother, more efficient process for all involved.

05 October 2022

ESET Threat Report T2 2022

A view of the T2 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

The post ESET Threat Report T2 2022 appeared first on WeLiveSecurity

05 October 2022

A real estate agent data breach would be devastating for renters. They collect too much personal information | Samantha Floreani

A real estate agent data breach would be devastating for renters. They collect too much personal information | Samantha Floreani

Does a breach need to happen before we see regulatory change?

Thanks to Optus, millions of people are now acutely aware of what can happen when companies don’t take privacy and security seriously. But telcos aren’t alone in collecting and storing too much of our personal information. The real estate industry is often overlooked in conversations about data security, but it is one of the most invasive, with potentially devastating consequences for renters across the country.

If you’ve ever been a renter, this is probably a familiar story: you’re searching for somewhere to live, rents are high, competition is stiff, and in the process of applying you’re asked for immense amounts of information. In addition to identification documents (which we are all now very protective of), they probably ask for a background check, bank statements, and years’ worth of employment and rental history. You might feel uncomfortable about how much they ask for, but hey, what can you do? If you say no, someone else will say yes and get the house instead.

Continue reading...
03 October 2022

8 questions to ask yourself before getting a home security camera

As each new smart home device may pose a privacy and security risk, do you know what to look out for before inviting a security camera into your home?

The post 8 questions to ask yourself before getting a home security camera appeared first on WeLiveSecurity

03 October 2022

Microsoft: Two New 0-Day Flaws in Exchange Server

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.
30 September 2022

ESET Research into new attacks by Lazarus – Week in security with Tony Anscombe

The attack involved the first recorded abuse of a security vulnerability in a Dell driver that was patched in May 2021

The post ESET Research into new attacks by Lazarus – Week in security with Tony Anscombe appeared first on WeLiveSecurity

30 September 2022

Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium

ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers

The post Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium appeared first on WeLiveSecurity

30 September 2022

Fake CISO Profiles on LinkedIn Target Fortune 500s

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.
29 September 2022

Optus tells former Virgin Mobile and Gomo customers they could also be part of data breach

Optus tells former Virgin Mobile and Gomo customers they could also be part of data breach

Identification repair service receives a month’s worth of complaint calls in three days as government pressures telco to pay for replacement ID documents

Former Virgin Mobile and Gomo customers are the latest to have been informed by Optus that their personal information was exposed in the company’s massive data breach, as an identification repair service reveals it has fielded a month’s worth of complaint calls in three days.

It has been a week since Optus first revealed up to 10 million of its customers had personal information – including names, addresses, emails and dates of birth – exposed, with 2.8 million having passport, licence or Medicare numbers also made visible.

Continue reading...
29 September 2022

Attorney general flags urgent privacy law changes after Optus data breach

Attorney general flags urgent privacy law changes after Optus data breach

Mark Dreyfus indicates potential reforms to laws regarding data breaches including higher penalties, mandatory precautions and customer notifications

Privacy law changes, including tougher penalties for data breaches, could be legislated as early as this year, the attorney general has said in the wake of the Optus breach.

Mark Dreyfus revealed on Thursday that in addition to completing a review of Australia’s privacy laws the Albanese government will look to legislate “even more urgent reforms” late this year or in early 2023.

Continue reading...
28 September 2022

Australia news live: Optus breach a ‘wakeup call’, minister says, as telco contacts 14,900 customers with exposed Medicare ID

Australia news live: Optus breach a ‘wakeup call’, minister says, as telco contacts 14,900 customers with exposed Medicare ID

Around 37,000 Medicare numbers were stolen in the cyberattack – while 22,000 of those are expired, almost 15,000 are active. Follow the day’s news live

AGL expected to bring closure of Loy Yang A power station forward a decade

Australia’s biggest electricity generator, AGL Energy, will shortly release its strategy update to the market.

What a week for energy policy, it does not get bigger than this.

Continue reading...
28 September 2022

Assessors: Prepare for the Closure of PA-DSS

 

On 28 October 2022, the Payment Application Data Security Standard (PA-DSS) and Program will close and will be replaced by the PCI Secure Software Standard. To prepare for this transition, assessors should be aware of the following information:

28 September 2022

Protecting teens from sextortion: What parents should know

Online predators increasingly trick or coerce youth into sharing explicit videos and photos of themselves before threatening to post the content online

The post Protecting teens from sextortion: What parents should know appeared first on WeLiveSecurity

28 September 2022

Anthony Albanese says ‘Optus should pay’ for new passports for data breach victims

Anthony Albanese says ‘Optus should pay’ for new passports for data breach victims

Push comes day after states suggest telco will pick up multi-million dollar tab for replacing driver’s licences of affected customers

The federal government has demanded Optus pay for new passports for customers caught up in the telco’s data breach, as the prime minister flagged an overhaul of laws relating to how companies collect personal information.

The foreign minister, Penny Wong, has written to Optus raising concerns about criminals exploiting data harvested in the cyber hack, saying there was “no justification” for victims or taxpayers to foot the bill for replacing compromised documents.

Continue reading...
28 September 2022

Optus customers, not the company, are the real victims of massive data breach | Justin Warren

Optus customers, not the company, are the real victims of massive data breach | Justin Warren

Optus executives are paid millions to ensure that, among other things, customer data is safe. These are the people who should be held accountable for the data breach.

The Optus data breach has brought data security into the forefront of every Australian’s mind. While it’s good people are thinking about these issues, the best time to start thinking about them was years ago. The second-best time is now. It’s important then that we analyse how Optus has handled this breach so far, and what needs to be done to ensure it doesn’t happen again.

Sign up to receive an email with the top stories from Guardian Australia every morning

Continue reading...
28 September 2022

Sophisticated attack or human error?: how Optus lost control of your data

Sophisticated attack or human error?: how Optus lost control of your data

In the days since Optus first reported that potentially millions of its customers’ private information – from birth dates to Medicare numbers – had been breached, it has faced threats of blackmail, a potential class action and a public spat with the home affairs minister.

Reporter Josh Taylor and Jane Lee discuss the fallout from the data breach and whether this was a ‘sophisticated attack’ on the telco, or a failure of the company’s own security systems

Read more:

Continue reading...
27 September 2022

Optus data breach: Australians will be able to change their driver’s licence with telco to pay

Optus data breach: Australians will be able to change their driver’s licence with telco to pay

Federal opposition wants commonwealth to allow people to get new passports for free too – and quickly

Australians caught up in a massive breach of Optus data will be able to change their driver’s licence numbers and get new cards, with the telco expected to bear the multimillion-dollar cost of the changeover.

The New South Wales, Victoria, Queensland and South Australia governments on Tuesday evening began clearing the bureaucratic hurdles for anyone who can prove they are victims of the hack, which has affected millions of people.

Sign up to receive an email with the top stories from Guardian Australia every morning

Continue reading...
27 September 2022

Attorney general says FBI is working on Optus data breach – video

Attorney general says FBI is working on Optus data breach – video

Attorney general Mark Dreyfus says the FBI is working with local authorities to investigate the Optus data breach. 'The government, as well as the Australian federal police and other government agencies, are working closely together on the Optus data breach,' he said. 

'The Australian federal police is taking this very seriously with a large number of officers involved, working with other federal government agencies and state and territory police, and with the FBI in the United States and with industry.'

Continue reading...
26 September 2022

Police ‘all over’ dark web ransom threat to release 10,000 customer records a day, Optus CEO says

Police ‘all over’ dark web ransom threat to release 10,000 customer records a day, Optus CEO says

Purported hackers post ultimatum demanding $1m within four days after massive Optus data breach

The chief executive of Optus, Kelly Bayer Rosmarin, says federal police are “all over” a post on the dark web purporting to release 10,000 customer records from the recent data breach and demanding a $1m ransom for the rest.

Rosmarin also told ABC radio the company’s massive security breach was “not as being portrayed”, after the minister for home affairs accused the company of leaving the “window open” for the data to be stolen.

Sign up to receive an email with the top stories from Guardian Australia every morning

Continue reading...
26 September 2022