• Bradley Sing

    Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.

    Comments:0

    Add comment
Bradley Sing

This month in security: February 2021

Content

Australian IDs and credit cards being traded on dark web for less than $20

Personal data bundles of Australian residents are available for sale on the dark web, full of information like national identity numbers, names, dates of birth, a driver's license numbers, bank account statements, utility bills and sometimes even scans of passports or licenses. 
 
Perspective 
Researchers claim that plethora of vital personal information stolen from Australians is available right now on the dark web, for less than $20. These data bundles contain personal information – known as fullz in hacker-speak – which can be used for everything from credit card fraud to identity theft. This just shows that no data can be 100% guaranteed to be secure. But by being careful about who we trust our data to, we can greatly reduce the chances of our data ending up on some hacker’s shopping list. 

 

Oxfam Australia investigates suspected data breach

The charity is investigating a suspected cyberattack that may have impacted the data of 1.7 million supporters. 
 
Perspective 
Oxfam confirmed that it became aware of a “data incident” in early February and immediately launched an investigation, trying to determine the type of data that may have been accessed and who, if anyone, was affected. Looks like cybercriminals will attack almost anyone they can, including non-profits. If there ever was a time to review your cybersecurity practices, it’s now.

 

Commonwealth Ombudsman finds instances of improper access to telco metadata by government agencies

The Ombudman’s report found that ten government agencies accessed telecommunications metadata “without proper authority” in 2018-19 
 

Perspective 
In its report, the Commonwealth Ombudsman assessed government agencies for compliance with rules around access to stored communications and telecom data between 2018 and 2019. The assessed agencies included Home Affairs, the Federal Police and the Australian Criminal Intelligence Commission (ACIC), as well as state policing agencies from NSW, Victoria, Queensland, WA and Tasmania. Several agencies were found to have accessed information without following due process, and needed to have their policies around data access reviewed. Even through a lot of progress has been made, it looks like the digital trasnformation of government agencies is still very much a work in progress.

 

QIMR Berghofer Medical Research Institute and Singtel fall victim to Accellion breach

The Institute said in a statement that about 620MB of data appeared to have been accessed by an unknown party, while Singtel also addressed a potential Accellion hack. 
 

Perspective 
The documents suspected to have been hacked include de-identified information like the initials, date of birth, age, gender, and ethnic groups of clinical trial participants, as well as their participant codes. Singtel, meanwhile, said it had suspended all use of the Accellion system and "activated investigations" after being informed that they might have also been affected. The Accellion breach is a gift that just keeps on giving.  

 

French IT monitoring company Centreon's software targeted by Russian hackers

Centreon says that hacked companies were using outdated versions of their open-source IT monitoring software. 
 

Perspective 
In a report published by ANSSI, the hackers targeted companies running Centreon's IT resource monitoring software. Believed to be the work of Russian hackers, Centreon noted that only companies that downloaded the open-source version of the Centreon app, which the company freely provides on its website, were affected. The lesson here is: always run the latest, patched and updated versions of your software! 

Technical Consultant, Mimecast

Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.

Stay safe and secure with latest information and news on threats.
User Name
Bradley Sing