Following the news regarding the City Index data breach, the cybersecurity expert reacted below.
Author: Information Security Buzz Editorial Staff
The New South Wales government has confirmed it was the target of a malicious phishing attack, after reports that a staff member from Service NSW clicked on a suspicious link from an email. According to an investigation by Service NSW, 47 employees’ email accounts were accessed illegally, while they are still working to confirm the scope of the attack on the personal information of customers. The compromised data in the email accounts breached largely related to transactions over the phone or over-the-counter at a Service NSW Centre. Service NSW has established a dedicated team to offer help to affected customers,…
It has been reported that US cybersecurity agencies have outlined the top 10 most exploited software vulnerabilities across the past 4 years. The report, authored by the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) and the FBI, urges organisations in the public and private sector to apply necessary updates in order to prevent the most common forms of attacks encountered today. This includes attacks carried out by state-sponsored, non-state, and unattributed threat actors. US government officials argue that applying patches could degrade the cyber arsenal of foreign actors targeting US entities, as they’d have to invest resources into developing new exploits,…
Wired reported that sensitive documents about the UK’s Coronavirus-tracing app have been carelessly leaked via a publicly accessible Google Drive link. According to the report, the leaked roadmap of the NHS’s controversial Covid-19 tracing app reveals that it could soon show user’s health status’ and ask them to share their precise location data.
Outsourcing group Interserve is recovering from a cyberattack which took place over the weekend that may have seen the details of up to 100,000 people stolen. Hackers broke into a human resources database owned by the outsourcing firm, which recently helped build the Birmingham Nightingale Hospital, on May 9 and stole information on current and former Interserve employees, a company insider said. https://twitter.com/JamesLiamCook/status/1260497075994865668
Mozilla announced last week that all developers of Firefox add-ons must enable a two-factor authentication (2FA) solution for their account. https://twitter.com/Authy/status/1205549212110327809
A large-scale and prolonged DDoS attack which caused outages in Europe and internationally for Wikipedia on Friday 6 evening into Saturday 7th September. The Wikimedia Foundation running Wikipedia site condemned the attack saying it wanted to protect the “fundamental right” for people to be able to “freely access and share information”. News of the Wikipedia downtime was shared on Twitter: https://twitter.com/Wikipedia/status/1170133355901251585
Apple let the public know that it has introduced a new way to stop third-party sites and services from getting your information when you sign up for an app. According to Apple software engineering chief, Crag Federighi, one-click sign on can be convenient for consumers but can come at the cost of users’ privacy. Personally identifiable information (PII) sometimes is shared behind the scenes and these logins can be used to track individuals. To secure user data, Apple is introducing a feature to allow developers to add a “sign in with Apple” feature that will authenticate users’ identities without turning…
Following news that an Australian university has been hacked, affecting sensitive data going back 19 years, please find below comment from SailPoint, the identity governance experts. The comment covers the importance of ensuring that sensitive data is governed by cybersecurity measures, regardless of the system in which it is kept – on premises or in the cloud. https://twitter.com/ITPro/status/1136210052585537536 Expert Comments: Terry Burgess, Vice President for Asia Pacific and Japan, SailPoint: “Organisations today are still woefully exposed unless they have a truly comprehensive identity governance program in place that governs access to both applications and sensitive data. Organisations require clear oversight into…
Following the news that the Public Accounts Committee has advised that the UK government should introduce a kitemark system for electronic devices, please find comment below from Jim Phillipoff, Head of Business Development, Irdeto and SecureData’s Chief Security Strategy Officer, Charl van der Walt. Jim Phillipoff, Head of Business Development, Irdeto: “As the UK consultation on the proposed consumer IoT security laws closes, it’s great to see the UK government recognising that tougher laws are needed to not only secure the devices we’re putting in our homes and businesses, but also restore trust in the IoT. “Unfortunately, more often than…
