Tag: security

1
Trending: Security as a service
2
Who have you been giving your name and number to? A cautionary tale
3
China in breach of cyber-security pact
4
Cyber-attackers could exploit security flaw found in the embedded video function of Microsoft Word
5
Former MasterChef contestant falls victim to online fraud attack
6
Research reports say risks to smartphone security aren’t phoney
7
Report savages US Government agencies’ cybersecurity efforts
8
Proposed anti-terror laws to give law enforcement access to personal data
9
North Korean cyberattacks increase ahead of summit
10
Foreign Hackers Take Down Triple Zero Network

Trending: Security as a service

By Cameron Abbott and Karla Hodgson

Remember the time when you first heard about cloud computing and it took you a few moments of quiet contemplation before you wrapped your head around the concept of computing being situated “up there”?  Of course today we aren’t surprised to learn that over 80% of enterprise workloads will be in the cloud by next year and that a new wave of cloud-based security as a service (SECaaS) solutions are rolling in to address the forecasted USD $5.2 trillion per year in cybercrime damage that is expected to impact within the next 5 years.

Based on the software as a service (SaaS) model, SECaaS is a cloud-based managed security service that removes the need for businesses to buy and continually upgrade on-premises hardware and software and keep staff upskilled in the ever-shifting world of cybersecurity risk and protection.

Read More

Who have you been giving your name and number to? A cautionary tale

By Cameron Abbott and Allison Wallace

Have you inadvertently given the owners of global, searchable databases of phone numbers and associated names access to your entire contact list?

We suspect that you cannot confidently answer “no”.

In yet another tale of why you should read the terms of use and service of apps and other online products you download or sign-up to use, we’ve recently been exposed to the shock of having your name appear on a complete stranger’s phone, after they’re given your number (but not your name) to call you. We asked the question of how this could happen – and found the answer to be quite alarming.

The Samsung Smart Call function, which is powered by Hiya, boasts that it allows you to “deal with spam the easy way”, by letting you know who is calling you, even if their number is not saved in your contact list. In theory, this is a handy tool, and in the context of robocalls or other unsolicited marketing calls, doesn’t create any privacy issues. But when the database which powers the function contains the names and numbers of (we suspect) millions of private citizens, this becomes quite concerning.

So, how do private numbers (and the names of their associated users) come to be listed in databases such as Hiya? Well, for one, anyone who downloads the Hiya app is given the option to share their contacts. If they do, and your number is saved to their phone, your details will become part of the database. We have no doubt that many who download and use the Hiya app didn’t realise what they were signing up for (or what they were signing up their entire contact list for) – because they didn’t read the terms of use. This also begs the question – are companies like Hiya properly satisfying their privacy obligations merely by asking users to “opt in” to share their contacts?

Hiya is of course not the only “caller ID” app on the market – a quick search of the Apple App store reveals numerous other options for download – including Truecaller, Caller-ID, Sync.ME and CallHelp. In 2018, Hiya reached 50 million active users worldwide, while Truecaller’s website says it has over 130 million daily active users. Those figures of course would barely scrape the surface of the number of names and phone numbers held in their collective databases.

In case you’re wondering how much damage could really be done by a third party having access to your name and phone number – think about all of the things your number is linked to. Your Facebook, your Gmail, maybe even your bank account and credit cards. Information is power – and this is the kind of information that could easily allow hackers to wreak a reasonable amount of havoc. So before you sign-up to a new app, take the time to read the terms of service, because your use could not only be exposing your personal information, but that of your entire contact list.

China in breach of cyber-security pact

By Cameron Abbott and Wendy Mansell

It has been a fairly turbulent week in the cyber-espionage space following accusations that China’s Ministry of Security Services is behind the surge of intellectual property theft from Australian companies.

The news that the persistent attacks on Australian IP are perhaps a State sponsored campaign by the Chinese government is concerning as it suggests that China are in breach of several international and bilateral agreements.

In 2015, an agreement was made between Chinese President Xi Jinping and former President Obama, that the U.S and China would not steal intellectual property from one another for commercial gain. This was furthered at the November 2015, G20 Summit, where the cyber-theft of IP was accepted as the norm.

Following on from this in September 2017, former Prime Minister Malcolm Turnbull and Chinese Premier Li Kequiang promised that neither country would engage in cyber-theft of intellectual property and commercial secrets.

Reports of cyber-theft declined immediately after these agreements, however in recent months they have ramped up again.

A U.S Trade Representative report released this week confirms that despite any international agreements, China has continued engaging in cyber-espionage and the theft of intellectual property. Further the report states that not only is China likely to be in breach of these agreements, but the attacks have “increased in frequency and sophistication”.

Notably in July of this year, China was linked to the cyber-breach of Australian National University. This attack was particularly disturbing given that ANU is a leading university involved in key areas of Australian technological, scientific, defence and commercial research.  It is fascinating that cyber attacks and theft are a “norm” that is accepted within our overall international relationships.  Physical acts of a similar nature would not be so easily accepted.

Cyber-attackers could exploit security flaw found in the embedded video function of Microsoft Word

By Cameron Abbott and Colette Légeret

Cymulate, a leading provider of Breach and Attack Simulation solutions and a Gartner 2018 Cool Vendor, announced last week that its Security Research Team had uncovered a security flaw in the Microsoft Office Suite (Office) that may affect Microsoft Word (Word) users.

The Office security flaw identified is a JavaScript code execution within the embedded video component of Word. This has the potential to impact all users of Office 2016 and users of older Office versions. Cymulate noted that no configuration was required to reproduce the issue and no security warning is presented while opening the document with Word.

Read More

Research reports say risks to smartphone security aren’t phoney

By Rob Pulham, Warwick Andersen and Sarah Goegan

Beware! Your favourite apps may be putting your phone and data at risk. Reports from Allot and BitSight have examined rising threats to the security of our mobile devices.

Read More

Report savages US Government agencies’ cybersecurity efforts

By Cameron Abbott and Sarah Goegan

You would think government agencies would have a keen focus on cybersecurity risks, but apparently not! A report by the United States Office of Management and Budget (OMB) has found that nearly three-quarters of Federal agencies reviewed have either “at risk” or “high risk” cybersecurity arrangements. 71 of 96 agencies assessed were either missing, had insufficiently deployed or had significant gaps in their fundamental cybersecurity policies, processes or tools.

Read More

Proposed anti-terror laws to give law enforcement access to personal data

By Warwick Andersen, Rob Pulham and Sarah Goegan

Last week, the Australian Government announced that it would propose new anti-terror laws that force telecommunications and multinational tech companies to give law enforcement agencies access to encrypted data of suspected criminals and terrorists.

Cyber Security Minister Angus Taylor said the laws would give police, intelligence and security agencies the ability to bypass encryption on messaging (such as private messages sent on Whatsapp and Facebook), phone calls, photos, location and apps.

Read More

North Korean cyberattacks increase ahead of summit

By Cameron Abbott and Sarah Goegan

North Korean cyberattack activity appears to have ramped up ahead of the highly anticipated US-North Korea summit, which is expected to take place on 12 June 2018.

North Korean hackers known as Group 123 have been identified as the party responsible for new malware activity targeting users in South Korea.

Read More

Foreign Hackers Take Down Triple Zero Network

By Cameron Abbott and Georgia Mills

The triple zero emergency call service, operated by Telstra, was subjected to an onslaught of more than 1000 offshore calls on Saturday morning, leading to a number of genuine emergency calls being unanswered and sparking a government investigation.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.