Cybersecurity News


Medibank hacker says ransom demand was US$10m as purported abortion health records posted

Medibank hacker says ransom demand was US$10m as purported abortion health records posted

Post on blog linked to Russian ransomware group says it offered ‘discount’ ransom to health insurer of US$9.7m, or $1 for each customer’s data

The hacker behind the cyber-attack on Medibank set a US$10m price on not releasing the data, they claimed, alongside a new leak of apparently hacked records that purports to contain abortion health information.

In the early hours of Thursday on a dark web blog linked to the REvil Russian ransomware group, the attacker posted that they initially sought US$10m from Medibank, then reduced the price.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...
09 November 2022

Farewell to PA-DSS: A Tribute to a Foundational Standard

 

On 28 October 2022, the PCI Security Standards Council (PCI SSC) formally retired its Payment Application Data Security Standard (PA-DSS). As one of the first standards and programs of its kind, PA-DSS laid the groundwork for software security in the payment industry and has served the payment industry’s needs for more than 14 years.

09 November 2022

10 common security mistakes and how to avoid them

Do you make these security mistakes and put yourself at greater risk for successful attacks?

The post 10 common security mistakes and how to avoid them appeared first on WeLiveSecurity

09 November 2022

Patch Tuesday, November 2022 Election Edition

Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.
08 November 2022

Hacking baby monitors can be child’s play: Here’s how to stay safe

Make sure that the device that’s supposed to help you keep tabs on your little one isn’t itself a privacy and security risk

The post Hacking baby monitors can be child’s play: Here’s how to stay safe appeared first on WeLiveSecurity

07 November 2022

LinkedIn Adds Verified Emails, Profile Creation Dates

For whatever reason, the majority of the phony LinkedIn profiles reviewed by this author have involved young women with profile photos that appear to be generated by artificial intelligence (AI) tools. We’re seeing rapid advances in AI-based synthetic image generation technology and we’ve created a deep learning model to better catch profiles made with this technology. AI-based image generators can create an unlimited number of unique, high-quality profile photos that do not correspond to real people. Fake accounts sometimes use these convincing, AI-generated profile photos to make their fake LinkedIn profile appear more authentic.
04 November 2022

Ransomware rages on – Week in security with Tony Anscombe

This week's news offered fresh reminders of the threat that ransomware poses for businesses and critical infrastructure worldwide

The post Ransomware rages on – Week in security with Tony Anscombe appeared first on WeLiveSecurity

04 November 2022

Hacker Charged With Extorting Online Psychotherapy Service

A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but they were willing to make an exception for Julius "Zeekill" Kivimaki, a notorious hacker who -- at the tender age of 17 -- had been convicted of more than 50,000 cybercrimes, including data breaches, payment fraud, operating botnets, and calling in bomb threats.
03 November 2022

Cyberspace ‘a battleground’ as reports of cybercrime in Australia jump 13%

Cyberspace ‘a battleground’ as reports of cybercrime in Australia jump 13%

Fraud, online shopping and banking among most commonly reported crimes, but ransomware ‘most destructive’, ASD says

The number of reports of cybercrime in Australia had shot up by 13% to 76,000 in a year, or one every seven minutes, even before a series of high-profile privacy breaches hit the headlines.

These threats are imposing an increasingly heavy cost on businesses, with the average loss per cybercrime rising by 14% to $39,000 for a small business and $62,000 for a large business.

Sign up for our free morning and afternoon email newsletters from Guardian Australia for your daily news roundup

Continue reading...
03 November 2022

The future starts now: 10 major challenges facing cybersecurity

To mark Antimalware Day, we’ve rounded up some of the most pressing issues for cybersecurity now and in the future

The post The future starts now: 10 major challenges facing cybersecurity appeared first on WeLiveSecurity

03 November 2022

TikTok tells European users its staff in China get access to their data

TikTok tells European users its staff in China get access to their data

Privacy policy update confirms data of continent’s users available to range of TikTok bases including in Brazil, Israel and US

TikTok is spelling out to its European users of the platform that their data can be accessed by employees outside the continent, including in China, amid political and regulatory concerns about Chinese access to user information on the site.

The Chinese-owned social video app is updating its privacy policy to confirm that staff in countries, including China, are allowed to access user data to ensure their experience of the platform is “consistent, enjoyable and safe”.

Continue reading...
02 November 2022

OpenSSL dodges a security bullet

The critical security vulnerability turned out to be two serious vulnerabilities. Still, they need patching ASAP.
01 November 2022

The spy who rented to me? Throwing the spotlight on hidden cameras in Airbnbs

Do you find reports of spy cams found in vacation rentals unsettling? Try these tips for spotting hidden cameras and put your worries to rest.

The post The spy who rented to me? Throwing the spotlight on hidden cameras in Airbnbs appeared first on WeLiveSecurity

01 November 2022

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

A 26-year-old Ukrainian man is awaiting extradition to the United States on charges that he acted as a core developer for Raccoon, a "malware-as-a-service" offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. KrebsOnSecurity has learned that the defendant was busted in March 2022, after fleeing mandatory military service in Ukraine in the weeks following the Russian invasion.
31 October 2022

Trick or treat? Stay so cyber‑safe it’s scary – not just on Halloween

Gather around, folks, to learn about some of the ghastliest tricks used by criminals online and how you can avoid security horrors this Halloween and beyond

The post Trick or treat? Stay so cyber‑safe it’s scary – not just on Halloween appeared first on WeLiveSecurity

31 October 2022

Online age-verification system could create ‘honeypot’ of personal data and pornography-viewing habits, privacy groups warn

Online age-verification system could create ‘honeypot’ of personal data and pornography-viewing habits, privacy groups warn

As the government develops online safety guidelines, digital rights groups says any approach requiring the use of ID is ‘invasive and risky’

In the wake of the Optus and Medibank data breaches, digital rights groups are urging the federal government to rule out requiring identification documents as part of any online age-verification system, warning it could create a honeypot of people’s personal information and pornography-viewing habits.

The eSafety commissioner, Julie Inman Grant, is developing an online safety “roadmap”, outlining a way to prevent minors from accessing adult content online by ensuring host sites have verified the ages of users.

Sign up for our free morning and afternoon email newsletters from Guardian Australia for your daily news roundup

Continue reading...
30 October 2022

Can a new form of cryptography solve the internet’s privacy problem?

Can a new form of cryptography solve the internet’s privacy problem?

Techniques which allow the sharing of data whilst keeping it secure may revolutionise fields from healthcare to law enforcement

Rachel is a student at a US university who was sexually assaulted on campus. She decided against reporting it (fewer than 10% of survivors do). What she did, however, was register the assault on a website that is using novel ideas from cryptography to help catch serial sexual predators.

The organisation Callisto lets a survivor enter their name in a database, together with identifying details of their assailant, such as social media handle or phone number. These details are encrypted, meaning that the identities of the survivor and the perpetrator are anonymous. If you hacked into the database, there is no way to identify either party.

Continue reading...
29 October 2022

Courts vs. cybercrime – Week in security with Tony Anscombe

A look at a recent string of law enforcement actions directed against (in some cases suspected) perpetrators of various types of cybercrime

The post Courts vs. cybercrime – Week in security with Tony Anscombe appeared first on WeLiveSecurity

28 October 2022

Why your phone is slow – and how to speed it up

You probably don’t have to ditch your phone just yet – try these simple tips and tricks to make any Android device or iPhone run faster

The post Why your phone is slow – and how to speed it up appeared first on WeLiveSecurity

27 October 2022

Parcel delivery scams are on the rise: Do you know what to watch out for?

As package delivery scams that spoof DHL, USPS and other delivery companies soar, here’s how to stay safe not just this shopping season

The post Parcel delivery scams are on the rise: Do you know what to watch out for? appeared first on WeLiveSecurity

26 October 2022