Category: Uncategorized

1
Former MasterChef contestant falls victim to online fraud attack
2
When employee data does fall within the legal privacy net
3
Aqua-man goes hi-tech – Microsoft’s Plunge into Deep Sea Data Storage
4
Foreign Hackers Take Down Triple Zero Network
5
The Defence Department’s $4 million investment in Cognitive Computing
6
Apple Distributors Arrested for Allegedly Selling Customer Personal Information
7
Juniper report predicts IoT botnets will be an unmanageable cyber-security issue
8
U.S. data breaches reached record high in 2016: Report
9
India’s top court asks WhatsApp, Facebook to please explain over privacy policy
10
Alarming number of Enterprise Cloud Services aren’t enterprise ready

When employee data does fall within the legal privacy net

By Cameron Abbott, Warwick Andersen and Georgia Mills

PageUp, a leading HR software support company has revealed it has fallen victim to a massive data breach, potentially compromising the personal details of thousands of Australians.  Boasting over 2 million active users worldwide and counting a roll call of major Australian companies together with a number of government agencies as clients, the breach may be the largest since the introduction of mandatory data breach notification laws in February (which we blogged about here).

Read More

Aqua-man goes hi-tech – Microsoft’s Plunge into Deep Sea Data Storage

By Cameron Abbott and Georgia Mills

In addition to all things cyber security related, we here at CyberWatch love to see new technologies being developed and Microsoft’s latest data storage project has us all excited.

Microsoft has leveraged the technologies of submarines and renewable energy to plunge an experimental 12 metre long datacentre into the sea near Scotland’s Orkney Islands.  The project, known as Project Natick, seeks to understand the benefits and difficulties in deploying subsea datacentres powered by offshore renewable energy.

Read More

Foreign Hackers Take Down Triple Zero Network

By Cameron Abbott and Georgia Mills

The triple zero emergency call service, operated by Telstra, was subjected to an onslaught of more than 1000 offshore calls on Saturday morning, leading to a number of genuine emergency calls being unanswered and sparking a government investigation.

Read More

The Defence Department’s $4 million investment in Cognitive Computing

By Cameron Abbott and Georgia Mills

The Australian Defence Department granted IBM Australia a $4 million, 3 year contract for the provision of its Watson cognitive computing infrastructure.  The platform provides a cognitive, artificial intelligence and machine learning capability for use by Defence and is only the second on-premises instance of Watson globally.

Matt Smorhun, Assistant Secretary for the ICT Strategy Realisation Branch at the Department of Defence said they decided to “just buy this thing” and then work out how it was going to fit into the organisation later. (Which did strike us as a rather strange approach to spending tax payers dollars – but congrats to the IBM sales person who pulled that off!)

Read More

Apple Distributors Arrested for Allegedly Selling Customer Personal Information

By Cameron Abbott and Edwin Tan

On Wednesday, police in China’s Zhejiang province released a statement reporting the arrest of 22 third-party Apple distributors for allegedly selling customer data on the black market. Officials claim that the suspects searched an internal Apple database to obtain sensitive information, such as names, Apple IDs and phone numbers.

Each sale was for between 10 yuan to 180 yuan (A$1.95 to A$35.17). The entire scam was reportedly worth more than 50 million yuan (about A$9.8 million).

It is presently unclear whether there were victims outside of China, or how many people were affected by the breach.

No doubt these events will raise concerns worldwide about distributors’ access to customer data when it flows through the supply chain. Companies will need to have strong guarantees in place with their distributors, in relation to the handling and security of data, in order to reduce their risk of breaches when data leaves their control.

Users wishing to add an extra layer of security to their Apple ID can try utilising two-factor authentication, as set out by Apple here.

Juniper report predicts IoT botnets will be an unmanageable cyber-security issue

By Cameron Abbott

Juniper’s Internet of Things for Security Providers: Opportunities, Strategies, & Market Leaders 2016-2021 cautions that the scale of connectivity related to consumer IoT will lead to unmanageable cybersecurity risk created by botnets in excess of 1 million units. The research found that botnets that disrupt internet services form part of the near-term threat landscape and will be used for more malicious purposes in the future. Botnets are expected to be used not only to disrupt services, but also to create a distraction in order to enable multi-pronged attacks. While the research calls on IoT manufacturers to implement security-by-design, it also found the market is wide open for challenger security vendors.

U.S. data breaches reached record high in 2016: Report

By Cameron Abbott 

According to a report highlighting findings from the Identity Theft Resource Center and CyberScout:

• Data breaches in the U.S. reached an all-time high in 2016, with the number of breaches tracked reaching 1,093, a 40% increase from the year earlier;
• The financial services industry accounted for only 52 of the breaches, or 4.8%, making it the least hit of the five industries tracked. Business, healthcare, education and the government and military were hacked more than the financial services industry;
• For the eighth consecutive year, hacking, skimming and phishing were the main drivers of data breaches, representing 55.5% of all reported incidents. Many were due to CEO phishing in which sensitive data is exposed;
• While consumers and businesses are constantly warned to pay close attention to their email, breaches that used email and the internet as a way to hack people only accounted for 9.2% of all the hacks, while employee error was responsible for 8.7% of the hacks.

This isn’t the first data set to show that data breaches surged in 2016. According to Gemalto’s Breach Level Index, in the first six months of 2016, data breaches rose 15%, and the number of compromised data records jumped 31% compared to the previous six months. The findings also revealed that 64% of all data breaches involve identity and personal data theft.

India’s top court asks WhatsApp, Facebook to please explain over privacy policy

By Cameron Abbott and Allison Wallace

A petition to challenge messenger service WhatsApp’s privacy policy in India is gaining momentum, with the Supreme Court this week issuing notices to WhatsApp, its owner Facebook, and the telecom regulator TRAI to respond to the court within two weeks.

The petitioners are incensed over WhatsApp’s changes to its privacy policy in September last year, which saw it begin sharing users information with Facebook, including their phone numbers. Those who didn’t agree with the new policy were given the option to “opt out” by deleting the app. This announcement came two years after WhatsApp was acquired by Facebook. Read More

Alarming number of Enterprise Cloud Services aren’t enterprise ready

By Cameron Abbott and Allison Wallace

A new report has revealed 95% of cloud services used by enterprises aren’t enterprise ready.

The January 2017 Netskope Cloud Report reveals a staggering 82% don’t encrypt data at rest, 66 per cent don’t specify in their terms that the customer owns their own data, and 42% don’t allow administrators to enforce password controls.

Of malware found in cloud services, backdoors were the most common (43.2%), with others including adware (9.8%), Javascript malware (8.1%) and ransomware (7.4%).

The report also shows an increase in the use of cloud services – with an average of 1031 cloud services in use per enterprise, up from 977 in the previous quarter. The retail, restaurant and hospitality industry was the biggest user of cloud services (1193), followed by financial services, banking and insurance (1132).

Copyright © 2019, K&L Gates LLP. All Rights Reserved.