Cybersecurity News
Medibank hacker says ransom demand was US$10m as purported abortion health records posted

Post on blog linked to Russian ransomware group says it offered ‘discount’ ransom to health insurer of US$9.7m, or $1 for each customer’s data
- Follow our Australia news live blog for the latest updates
- Get our morning and afternoon news emails, free app or daily news podcast
The hacker behind the cyber-attack on Medibank set a US$10m price on not releasing the data, they claimed, alongside a new leak of apparently hacked records that purports to contain abortion health information.
In the early hours of Thursday on a dark web blog linked to the REvil Russian ransomware group, the attacker posted that they initially sought US$10m from Medibank, then reduced the price.
Continue reading...Farewell to PA-DSS: A Tribute to a Foundational Standard
On 28 October 2022, the PCI Security Standards Council (PCI SSC) formally retired its Payment Application Data Security Standard (PA-DSS). As one of the first standards and programs of its kind, PA-DSS laid the groundwork for software security in the payment industry and has served the payment industry’s needs for more than 14 years.
10 common security mistakes and how to avoid them
Do you make these security mistakes and put yourself at greater risk for successful attacks?
The post 10 common security mistakes and how to avoid them appeared first on WeLiveSecurity
Patch Tuesday, November 2022 Election Edition
Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.Hacking baby monitors can be child’s play: Here’s how to stay safe
Make sure that the device that’s supposed to help you keep tabs on your little one isn’t itself a privacy and security risk
The post Hacking baby monitors can be child’s play: Here’s how to stay safe appeared first on WeLiveSecurity
LinkedIn Adds Verified Emails, Profile Creation Dates
For whatever reason, the majority of the phony LinkedIn profiles reviewed by this author have involved young women with profile photos that appear to be generated by artificial intelligence (AI) tools. We’re seeing rapid advances in AI-based synthetic image generation technology and we’ve created a deep learning model to better catch profiles made with this technology. AI-based image generators can create an unlimited number of unique, high-quality profile photos that do not correspond to real people. Fake accounts sometimes use these convincing, AI-generated profile photos to make their fake LinkedIn profile appear more authentic.Ransomware rages on – Week in security with Tony Anscombe
This week's news offered fresh reminders of the threat that ransomware poses for businesses and critical infrastructure worldwide
The post Ransomware rages on – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Hacker Charged With Extorting Online Psychotherapy Service
A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but they were willing to make an exception for Julius "Zeekill" Kivimaki, a notorious hacker who -- at the tender age of 17 -- had been convicted of more than 50,000 cybercrimes, including data breaches, payment fraud, operating botnets, and calling in bomb threats.Cyberspace ‘a battleground’ as reports of cybercrime in Australia jump 13%

Fraud, online shopping and banking among most commonly reported crimes, but ransomware ‘most destructive’, ASD says
The number of reports of cybercrime in Australia had shot up by 13% to 76,000 in a year, or one every seven minutes, even before a series of high-profile privacy breaches hit the headlines.
These threats are imposing an increasingly heavy cost on businesses, with the average loss per cybercrime rising by 14% to $39,000 for a small business and $62,000 for a large business.
Continue reading...The future starts now: 10 major challenges facing cybersecurity
To mark Antimalware Day, we’ve rounded up some of the most pressing issues for cybersecurity now and in the future
The post The future starts now: 10 major challenges facing cybersecurity appeared first on WeLiveSecurity
TikTok tells European users its staff in China get access to their data

Privacy policy update confirms data of continent’s users available to range of TikTok bases including in Brazil, Israel and US
TikTok is spelling out to its European users of the platform that their data can be accessed by employees outside the continent, including in China, amid political and regulatory concerns about Chinese access to user information on the site.
The Chinese-owned social video app is updating its privacy policy to confirm that staff in countries, including China, are allowed to access user data to ensure their experience of the platform is “consistent, enjoyable and safe”.
Continue reading...OpenSSL dodges a security bullet
The critical security vulnerability turned out to be two serious vulnerabilities. Still, they need patching ASAP.The spy who rented to me? Throwing the spotlight on hidden cameras in Airbnbs
Do you find reports of spy cams found in vacation rentals unsettling? Try these tips for spotting hidden cameras and put your worries to rest.
The post The spy who rented to me? Throwing the spotlight on hidden cameras in Airbnbs appeared first on WeLiveSecurity
Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion
A 26-year-old Ukrainian man is awaiting extradition to the United States on charges that he acted as a core developer for Raccoon, a "malware-as-a-service" offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. KrebsOnSecurity has learned that the defendant was busted in March 2022, after fleeing mandatory military service in Ukraine in the weeks following the Russian invasion.Trick or treat? Stay so cyber‑safe it’s scary – not just on Halloween
Gather around, folks, to learn about some of the ghastliest tricks used by criminals online and how you can avoid security horrors this Halloween and beyond
The post Trick or treat? Stay so cyber‑safe it’s scary – not just on Halloween appeared first on WeLiveSecurity
Online age-verification system could create ‘honeypot’ of personal data and pornography-viewing habits, privacy groups warn

As the government develops online safety guidelines, digital rights groups says any approach requiring the use of ID is ‘invasive and risky’
In the wake of the Optus and Medibank data breaches, digital rights groups are urging the federal government to rule out requiring identification documents as part of any online age-verification system, warning it could create a honeypot of people’s personal information and pornography-viewing habits.
The eSafety commissioner, Julie Inman Grant, is developing an online safety “roadmap”, outlining a way to prevent minors from accessing adult content online by ensuring host sites have verified the ages of users.
Continue reading...Can a new form of cryptography solve the internet’s privacy problem?

Techniques which allow the sharing of data whilst keeping it secure may revolutionise fields from healthcare to law enforcement
Rachel is a student at a US university who was sexually assaulted on campus. She decided against reporting it (fewer than 10% of survivors do). What she did, however, was register the assault on a website that is using novel ideas from cryptography to help catch serial sexual predators.
The organisation Callisto lets a survivor enter their name in a database, together with identifying details of their assailant, such as social media handle or phone number. These details are encrypted, meaning that the identities of the survivor and the perpetrator are anonymous. If you hacked into the database, there is no way to identify either party.
Continue reading...Courts vs. cybercrime – Week in security with Tony Anscombe
A look at a recent string of law enforcement actions directed against (in some cases suspected) perpetrators of various types of cybercrime
The post Courts vs. cybercrime – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Why your phone is slow – and how to speed it up
You probably don’t have to ditch your phone just yet – try these simple tips and tricks to make any Android device or iPhone run faster
The post Why your phone is slow – and how to speed it up appeared first on WeLiveSecurity
Parcel delivery scams are on the rise: Do you know what to watch out for?
As package delivery scams that spoof DHL, USPS and other delivery companies soar, here’s how to stay safe not just this shopping season
The post Parcel delivery scams are on the rise: Do you know what to watch out for? appeared first on WeLiveSecurity