News

The latest quarterly data breach report from the Office of the Australian Information Commissioner (OAIC) has revealed over 10 million individuals had their information compromised in one single incident. The current population of Australia is around 25.4 million. While the report did not detail the origin of the breach that affected over 10 million individuals, it did show that the most number of affected individuals from a single finance-related breach was less than 500,000 and...

As many as 1.7 million internet-connected endpoints are still vulnerable to the exploits, according to the latest data. Data generated by Shodan, a search engine for exposed databases and devices, puts the figure at the million mark — with most of the vulnerable devices in the U.S. But that only accounts for devices directly connected to the internet and not the potentially millions more devices connected to those infected servers. The number of vulnerable devices...

The cybersecurity skills shortage has gotten worse for the third consecutive year, impacting 74% of organizations worldwide, according to a Thursday report from the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG). The report surveyed 267 cybersecurity professionals worldwide, and respondents reported that they believe the skills gap to be a primary cause for the rise in cybersecurity incidents. Nearly half (48%) of respondents said they experienced at least one security incident over the past...

A successful family of ransomware which has been terrorising organisations around the world has been updated with a new trick to lure victims into installing file-locking malware: posing as anti-virus software. Dharma first emerged in 2016 and the ransomware has been responsible for a number of high-profile cyber incidents, including the takedown of a hospital network in Texas late last year. Source: ZDNet

A site that pretends to promote the popular KeePass password management software is actually distributing malware on unsuspecting visitors. This site is part of a larger network of sites distributing adware bundles as free programs. Last year, we reported that fake sites were created to promote popular software, but when we analyzed the distributed files, we found that they were pushing adware bundles on unsuspecting visitors. Source: Bleeping Computer

Almost two years since the ransomware attack that brought the NHS (National Health Service) to a halt, healthcare IT professionals feel more confident in their ability to respond to a cyber-attack, according to new research from Infoblox. As healthcare providers continue to undertake digital transformation initiatives in an effort to improve efficiencies and the quality of care they deliver, the risk of falling victim to cyber attack increases. Source: Helpnetsecurity

Well-organised cybercriminals lust after the big bucks, so hijacking business systems for cryptocurrency mining is on the decline, and business email compromise (BEC) is now the thing. Sure, surreptitious mining continues to be feasible when the goal is shifted from the now processor-heavy Bitcoin to Monero and other currencies. But the payoff can still be bigger elsewhere, according to Chris Tappin, a Sydney-based principal consultant with Verizon's Threat Research Advisory Centre (VTRAC). Source: ZDNet

The U.S. Department of Justice has formally charged two members of a hacking group operating in China for illegally accessing computer systems of health insurer Anthem and stealing personally identifiable information (PII) of 78.8 million people. One of the hackers has been identified by his real name, Fujie Wang (a.k.a. Dennis Wang), while another is known only by aliases (a.k.a. Zhou Zhihong, Kim Young, Deniel Jack) and charged as John Doe. They were part of...

Adware bundles are installing a VPN software called Pirate Chick, which then connects to a remote server to download and install malicious payloads such the AZORult password-stealing Trojan. As adware bundles need to look as legal as possible, they require offers that they promote to have legitimate web sites with privacy policies and user agreements. Such is the case with the Pirate Chick VPN, whose web site looks like any other VPN site and includes a free...

A massive SMS spamming operation kicked out tens of millions of text messages, pestering unsuspecting recipients with links to fake sites flogging loans and free money. The operation was simple but smart. The system processed vast batches of phone numbers and curated custom messages on the fly with links to the fake sites. These fake sites urged spam victims to sign up with their name, email address and phone number and promised “free money… for real.”...