Australian Cyber News Summary #06 – June 2022
Commentary: Post election cyber reporting continues with the number of news stories and incidents reports increasing again. Leading off for the general public was the outcry over the facial recognition implementations at Good Guys, Bunnings and KMart reported by Choice. It will be interesting to read the OAIC findings when they are released.
On the incident front I’ve currently (at the time of publishing) have Pivotal Homes an “inconvenient” timing of a ransomware attack, and NSW public insurer icare.
It must be audit reporting season with three audit reports released with OAG WA Local Government audit that is a bit of a horrific read, Queensland gets a start with the QAO Education 2021 audit, nationally the ANAO’s General Audit Report No 32 reminding our government friends that the compliance to Essential 8 timeline looms and there is work to do.
I’ve had a change in professional that is making me a bit time poor (loving it though), I’ll try to keep this whole site going, it has become an obsession.
Ombudsman findings reveal government data collection ‘regrettable’ but ‘not meaningful’
By Isabel Dayman on Jun 30, 2022 South Australia’s Ombudsman has found the use of the campaign tool NationBuilder by the former premier’s office was “inadvertent” and any information …
The Good Guys pauses facial recognition trial
By Byron Kaye on Jun 29, 2022 The Good Guys, Australia’s second-biggest appliances chain, is pausing a trial of facial recognition technology in stores after a consumer group …
Routing security falling short in Australian, New Zealand networks
By Richard Chirgwin on Jun 29, 2022 Network owners in Australia and New Zealand need to do more to secure their routing infrastructure, according to a study published by the Mutually …
Mastercard passes first of three Australian TDIF accreditations
By Richard Chirgwin on Jun 29, 2022 Mastercard has been accredited as an identity exchange under Australia’s Trusted Digital Identity Framework (TDIF). The accreditation was announced by …
Origin Energy goes public with bug bounty program
By Richard Chirgwin on Jun 29, 2022 Origin Energy has made its bug bounty program public, offering up to $2500 for confirmed vulnerabilities. Run under Bugcrowd, the program has been …
iTWire – Regulator ACMA targets SMS and identity theft phone scams as compliance priorities
By Staff Writer on Jun 28, 2022 The ACMA warns that phone scams have severe financial and social impacts on Australians and it will be enforcing new rules that require telcos to use …
Australian retailers named in facial recognition complaint
By Byron Kaye on Jun 28, 2022 Three of Australia’s biggest retail chains have been referred to the privacy regulator for recommended enforcement action by a major consumer group …
Don’t remove PowerShell: US, UK and NZ security agencies
By Juha Saarinen on Jun 27, 2022 Government cyber security agencies in the UK, US and New Zealand are telling systems admins to configure PowerShell properly – but not to follow a …
Boeing lands new CISO
By Kate Weber on Jun 27, 2022 Aerospace company Boeing has appointed Mark Cross as its chief information security officer (CISO) for the Australia, New Zealand, and South Pacific …
Urgent warning issued to Australian Instagram users over an alarming scam that’s catching out thousands: ‘One click is all it takes to lose everything’
By Olivia Day on Jun 25, 2022 A Brisbane mum has revealed how cybercriminals stole $24,000 from her loyal followers after hacking into her social media accounts. Anna Van Dijk runs …
Qld gov proposes mandatory data breach reporting for agencies
By Justin Hendry on Jun 25, 2022 The Queensland government is considering forcing agencies to report data breaches to affected individuals and the state’s privacy commissioner as …
New govt urged to ‘repair’ encryption powers
By Denham Sadler National Affairs Editor on Jun 24, 2022 There are newfound hopes that Labor’s election victory will see Australia’s controversial encryption-busting powers “repaired” after nearly four …
Adelaide council rules out facial recognition on city CCTV network
By Justin Hendry on Jun 23, 2022 Adelaide City Council says it has not purchased the software licences to enable facial recognition on its new CCTV network and has recommitted not to …
From text messages to fraudulent ads, how scammers are draining bank accounts | 7.30
By ABC News (Australia) on Jun 22, 2022 The amount of money lost to scams has risen dramatically since the COVID-19 pandemic began. Hannah Bowers and Alex McDonald have this report …
Calls for privacy law reform after Bunnings facial recognition scandal
By John Davidson on Jun 22, 2022 “There are strict controls around the use of the technology, which can only be accessed by a specially trained team. This technology is not used for …
Cyber Criminals Are Targeting Business Social Media Accounts And Employees
By B&T Magazine on Jun 21, 2022 There’s been an alarming rise in cyber attacks against Australian small businesses with experts warning their social media accounts are an easy …
One of these links was a scam. Clicking the wrong one cost Helen $30,000
By Hannah Bowers on Jun 21, 2022 In the 25 years Helen Cahill has kept the books for her small business near Melbourne Airport, she’s never had any trouble doing online banking. Key …
SA Police ignores Adelaide council plea for facial recognition ban on CCTV
By Justin Hendry on Jun 20, 2022 Adelaide City Council is yet to receive formal assurance from South Australia Police that it will not use the facial recognition capabilities of …
Retailers must ensure compliance with privacy laws
By Anonymous on Jun 18, 2022 The OAIC will consider information from consumer advocacy group CHOICE about retailers’ use of facial recognition technology in line with …
Joint cybersecurity advisory released on 2021’s top routinely exploited vulnerabilities
By Australian Cyber Security Centre (ACSC) on Jun 18, 2022 Malicious cyber actors are aggressively targeting newly-disclosed and dated critical software vulnerabilities against a broad range of targets, …
Audit: Queensland Audit Office Education 2021 Report finds “all need to strengthen their security”
By Anonymous on Jun 17, 2022 Australian Audit Report 16 June 2022 Queensland Audit Office Education 2021 Report finds “all need to strengthen their security” Deficiencies …
Border Force searched more than 40,000 devices in five years
By Jeremy Nadel on Jun 16, 2022 Australian Border Force conducted over 41,410 warrantless – but legal – searches of electronic devices at the country’s borders between 2017 and …
iTWire – ACMA and New Zealand’s Internal Affairs fight unlawful spam and scams
By Kenn Anthony Mendoza on Jun 16, 2022 ACMA and New Zealand’s Internal Affairs fight unlawful spam and scams Wednesday, 15 June 2022 11:34 ACMA and New Zealand’s Internal Affairs fight …
Incident: Pivotal Homes reports ‘ransomware attack’ weeks before liquidation | news.com.au
By Anonymous on Jun 16, 2022 Australian Ransomware Attack, 3 June 2022 Queensland based builder Pivotal Homes reports ‘ransomware attack’ weeks before liquidation Up to six months …
Major retailers using facial recognition technology on unsuspecting customers: Choice
By Amelia McGuire on Jun 15, 2022 Major Australian retailers have been secretly capturing the faces of their customers without their knowledge, a consumer group investigation has …
CSIRO’s Offer To SMES Working Cyber Security | Pharmacy ITK
By Anonymous on Jun 15, 2022 Australia’s national science agency, CSIRO, is helping to tackle the growing threat of cyber attacks facing Australia by providing free research and …
Website redesign not covered after cyber attack
By Anonymous on Jun 15, 2022 A business owner who tried to claim additional costs under a cyber policy to improve his website after it was hacked has failed to win the full …
Victoria still in discussions on digital driver’s licences
By Denham Sadler National Affairs Editor on Jun 14, 2022 The Victorian government is still in discussions on the creation of a digital driver’s licence in the state despite this service being available in …
iTWire – New international partnership helping Australian small businesses stay cyber safe
By Staff Writer on Jun 13, 2022 Together they have developed a free cybersecurity toolkit that is now available to small businesses across Australia. The toolkit is a customised …
Audit: Cyber basics still beyond fed gov as Essential Eight mandate looms | iTnews
By Anonymous on Jun 13, 2022 Australian National Audit Office Report June 10 2021 Cyber basics still beyond fed gov as Essential Eight mandate looms Audit finds most controls …
Incident: NSW public insurer icare privacy bungle hits 193,000 people | iTnews
By Anonymous on Jun 11, 2022 Australian Insurer Privacy Breach, 2 June 2022 NSW public insurer icare sends private details of 193,000 workers to wrong employers Excel spreadsheet …
Australian organisations targeted by Aoqin Dragon hackers for a decade
By Juha Saarinen on Jun 10, 2022 Security researchers say they have identified another China-linked threat actor targeting Australian and South-East Asian organisations to spy upon …
icare still waiting on leaked workers’ comp data to be deleted
By Justin Hendry on Jun 09, 2022 NSW public insurer icare is yet to receive assurances from two dozen firms mistakenly sent reports containing the personal details of 193,000 injured …
Law firm mulls class action over NDIS software provider data breach
By Justin Hendry on Jun 08, 2022 A Sydney law firm is considering a class action against NDIS client management system provider CTARS over a security breach that exposed sensitive …
Australia, New Zealand join forces to battle spam
By Richard Chirgwin on Jun 08, 2022 The Australian Communications and Media Authority and New Zealand’s Department of Internal Affairs will share information and enforcement efforts to …
Digital birth certificate holds key to ID verification problem: Dominello
By Justin Hendry on Jun 08, 2022 NSW digital minister Victor Dominello says Australia’s planned digital birth certificate is key to ensuring state and territory governments and …
NSW gov plans verifiable credentials pilot
By Justin Hendry on Jun 06, 2022 The NSW government is planning to pilot its first “verifiable credential” later this year, as it looks to solve digital identity proofing issues that …
Cyber bosses on what it means for public agencies to be resilient
By Melissa Coade on Jun 02, 2022 Tech leaders have welcomed the appointment of a new federal minister for cybersecurity, as the Australian Information Security Association (AISA) …
Incident: Australian National Disability Insurance Scheme provider breached and treating its database as compromised | ZDNet
By Anonymous on Jun 02, 2022 Australian Medical Data Hacked, 31 May 2022 Australian National Disability Insurance Scheme case management system provider CTARS breached “Large …
Rogue COVID-19 Apps Collected Info on Australians
By ACSM_admin on Jun 02, 2022 11:52 am Australians were asked to record personal information about their race and ethnicity by rogue QR codes and government-endorsed contact tracing apps, …
Incident: Australian company Amart Furniture has 100k warranty customers details breached
By Anonymous on Jun 02, 2022 Australian Retailer Data Breach, 20 May 2022 Australian company Amart Furniture has 100k warranty customers details breached Database hosted on AWS was …
It’s easy to create fake NSW digital drivers licences, researchers say
By Cam Wilson on Jun 01, 2022 Security vulnerabilities make it easy to modify NSW’s digital drivers licence system to create fake ID that are the same as real ones.The post It’s …
Macquarie Bank lands new CISO
By Kate Weber on Jun 01, 2022 Macquarie Bank’s head of digital security and fraud technology for banking and financial services (BFS) has moved into the chief information security …
Albanese elevates cyber security with new standalone minister
By Justin Hendry on Jun 01, 2022 Prime Minister Anthony Albanese has elevated cyber security in cabinet with the appointment of Victorian MP Clare O’Neil as Minister for Cyber …
Incident: 50k customers caught up in Tasmanian Spirit Super phishing attack | iTnews
By Anonymous on Jun 01, 2022 Australian Superfund Phishing Attack, 30 May 2022 50k customers caught up in Tasmanian Spirit Super phishing attack Data possibly compromised after …
