Tag:Cybersecurity

1
Mark Zuckerberg to testify to US Congress as Facebook indicates Cambridge Analytica accessed data from up to 87 million accounts
2
Weather Bureau IT mining cryptocurrencies?
3
Cybersecurity vulnerability revealed after NSW Government agency’s 49-day hack
4
Cybersecurity is only one part of security – a filing cabinet could be your highest risk
5
Fitness tracking app reveals US army secrets?
6
Tech giants scramble as gigantic vulnerability revealed
7
The co-existence of open data and privacy in a digital world
8
Malware with your coffee? Starbucks customers sent to the virtual mines… to find bitcoins
9
Is nothing safe? New malware targets industrial control systems
10
Cybersecurity in the age of the Internet of Things

Mark Zuckerberg to testify to US Congress as Facebook indicates Cambridge Analytica accessed data from up to 87 million accounts

By Warwick Andersen, Rob Pulham, Allison Wallace and Sarah Goegan

Facebook indicated in a blog post yesterday that information of up to 87 million people – 37 million more than originally revealed – may have been improperly shared with Cambridge Analytica.

Facebook also reported that this may have included data of more than 300,000 Australians. The company’s chief technology officer, Mike Schroepfer, said the company would make major changes to the way third-parties can access data on the platform. He also said users would be informed if their information could have been improperly shared with Cambridge Analytica.

Read More

Weather Bureau IT mining cryptocurrencies?

By Cameron Abbott and Allison Wallace

The Australian Federal Police are investigating two members of the Bureau of Meteorology’s IT team for allegedly running an operation in which they made use of the Bureau’s powerful computers to “mine” cryptocurrencies.

It was revealed late last week that the AFP raided the Bureau’s Melbourne CBD offices on February 28, and questioned the two employees. No charges have been laid, or arrests made.

Read More

Cybersecurity vulnerability revealed after NSW Government agency’s 49-day hack

By Cameron Abbott and Harry Crawford

The NSW Government’s vulnerability to hacking has been exposed in a report by state’s auditor-general, in which it was revealed that one government agency took 49 days to shut down a hack.

This hack started with an email account of the unnamed agency being compromised and used to send out “phishing” emails to get the credentials of finance staff members. By day 20, 300 staff had clicked on the bogus link in the phishing email. 200 email accounts ended up being under the control of the hackers.

Read More

Cybersecurity is only one part of security – a filing cabinet could be your highest risk

By Cameron Abbott and Harry Crawford

No matter how much you spend on cybersecurity technology, data breaches can occur in the most basic ways, for example by leaving an old filing cabinet lying around. This demonstrates the need for a holistic approach to information security.

Recently, highly confidential government papers were discovered inside two locked filing cabinets that were purchased at a second-hand furniture shop in Canberra. What likely happened was a public servant overseeing an office clean up unwittingly sold the filing cabinets containing state secrets to the furniture shop.

Read More

Fitness tracking app reveals US army secrets?

By Cameron Abbott and Allison Wallace

 

Sometimes you don’t need a “hack” to have a cybersecurity issue.  The locations of several US military bases in the Middle East seem to have been inadvertently revealed through US soldiers’ use of fitness tracking devices, and the fitness tracking app Strava. Read More

Tech giants scramble as gigantic vulnerability revealed

By Cameron Abbott and Harry Crawford

In one of the largest cybersecurity scares in history, researchers revealed two CPU vulnerabilities for practically all computers manufactured in the last two decades which could allow hackers to gain access to stored data.

Read More

The co-existence of open data and privacy in a digital world

By Cameron Abbott, Keely O’Dowd and Giles Whittaker

Earlier this week researchers from the University of Melbourne released a report on the successful re-identification of Australian patient medical data that formed part of a de-identified open dataset.

In September 2016, the researchers were able to re-identify the longitudinal medical billing records of 10% of Australians, which equates to about 2.9 million people. The report outlines the techniques the researches used to re-identify the data and the ease at which this can be done with the right know-how and skill set (ie someone with an undergraduate computing degree could re-identify the data).

At first glance, the report exposes the poor handling of the dataset by the Department of Health. Which brings into focus the need for adequate contractual obligations regarding use and handling of personal information, and the need to ensure adequate liability protections are addressed even where the party’s intentions are for all personal information to be de-identified. The commercial risk with de-identified data has shown to be the equivalent of a dormant volcano.

Read More

Malware with your coffee? Starbucks customers sent to the virtual mines… to find bitcoins

By Cameron Abbott and Harry Crawford

“Free” Wi-Fi isn’t necessarily so. The Wi-Fi provided in a Starbucks store in Buenos Aires was recently discovered to be planting malware onto customer’s laptops. This is another lesson in how cybersecurity can affect even the most innocuous corner-store businesses.

Read More

Is nothing safe? New malware targets industrial control systems

By Cameron Abbott and Harry Crawford

I’m sure I saw this in Die Hard 4 but “life imitates art”.   A new type of malware has been discovered in a very rare field of operation for hackers: attacking industrial control systems. Cybersecurity firm FireEye has been tight-lipped in detailing the attack, but has indicated that it was against “a critical infrastructure organization” which inadvertently caused operations to shut down. The attack is also reminiscent of the infamous “Stuxnet” virus that was used against Iranian nuclear power plants in 2010. Read More

Cybersecurity in the age of the Internet of Things

By Cameron Abbott, Keely O’Dowd and Harry Crawford

The Internet of Things (IoT) allows unprecedented interconnectivity for consumers, and unfortunately for those consumers, hackers as well.

The European Union Agency for Network and Information Security (ENISA) recently released a report to provide insight into the security requirements of IoT and good practices recommendations on preventing and mitigating cyber-attacks against IoT systems. The report even includes examples of IoT cyber security attack scenarios.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.