• Bradley Sing

    Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.

    Comments:0

    Add comment
Bradley Sing

This month in security: November 2020

Content

Aussie Netflix users being targeted by a wave of phishing scams

Hackers are spamming Netflix users with highly-convincing fake emails to try and nab their payment details.

Perspective
Unsuspecting Netflix users are getting emails asking them to “please update your payment details,”, complete with a convincing Netflix branded email banner. “We’re having some trouble with your current billing information. We’ll try again, but in the meantime, you may want to update your payment details,” it adds, complete with a bright red ‘UPDATE ACCOUNT’ button. If you receive an email like this, do NOT press that button, and never enter your payment details from a link in an email. Open a separate browser window and log in to your Netflix account from there. Binge-watch responsibly.


Microsoft suspects Russian and North Korean hackers behind cyberattack on COVID-19 vaccine researchers

The software giant says seven leading pharmaceutical companies and researchers across the US, Canada, France, India, and South Korea were targeted.

Perspective
“Among the targets, the majority are vaccine makers that have COVID-19 vaccines in various stages of clinical trials,” according to the blog post by Tom Burt, Microsoft corporate vice president of customer security and trust. It looks like the hackers used a variety of tactics, including brute force login attempts and spear-phishing attacks, where they posed as recruiters looking for job candidates, or as representatives from the World Health Organization. It’s clear the hackers see a lot of value in nabbing data on a potential vaccine, and given the state of cybersecurity in healthcare, there’s not a whole lot standing in their way.


Illicit access to 7,500 educational organisations up for sale on Russian hacker forums

An unknown seller is auctioning off hacked details collected from educational and corporate networks located in the US, Canada and Australia.

Perspective
The seller’s ad has been posted on at least two Russian hacker forums, claiming to offer “convenient access” to the networks in question through a Remote Desktop Protocol (RDP). The initial bid for the entire package starts at 25 BTC (roughly $330,000) with a “Buy now” option at 75 BTC (about $1,000,000). Let’s hope the organisations involved are aware of the breach and have taken the right precautions. 


Dodgy video call invite forces Aussie hedge fund out of business

Sydney hedge fund Levitas Captial has collapsed after a cyberattack triggered by a fake Zoom invitation saw its management mistakenly approve $8.7 million in fraudulent invoices.

Perspective
Cybersecurity investigators determined a fake Zoom invite was accidentally opened by one of the fund’s co-founders. The fake invite inserted malicious software into the Levitas network, allowing the hackers to take control of their email systems. The hackers used that access to fire off fraudulent invoices to companies the fund had no previous dealings with. By the time their management realised what was happening and took action, considerable sums had already been lost. Incidents like this demonstrate why human error is the single biggest cyber risk any organisation will face. 


Australian media-monitoring company Isentia targeted by cyberattackers

The Sydney-based media monitoring and analytics firm, which boasts a large portfolio of government and corporate clients, announced they were hit by a ransomware attack.

Perspective
Isentia’s media-monitoring work requires clients to share information on sensitive topics, but it’s not known whether any information was compromised in the incident. Some of Isentia’s services have been disrupted since the attack. The firm is continuing to investigate, while many of its staff have switched to manual processes to continue operations. The company’s share price fell 2.7 per cent following the announcement.


City of Port Phillip leaks personal details in data.gov.au blunder

The Council revealed that 859 phone numbers and 764 email addresses and the names of people who had reported graffiti were accidentally published on the data.gov.au website.

Perspective

The breach occurred when work to automate a graffiti management dataset resulted in the wrong version being selected for publication. The Council said the data has been taken down from the website and they are trying to contact those affected. Since the data was open to the public, the council is unable to say who has accessed it. The Council has published 29 open datasets and this is the first data breach since making this data available in 2017.

Technical Consultant, Mimecast

Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.

Stay safe and secure with latest information and news on threats.
User Name
Bradley Sing