Australian Cyber News Summary #07 – July 2022
Commentary: July 2022… Welcome to a new financial year, I hope all your cyber security budget wishes have come true.
The Bunnings/Kmart facial recognition fiasco continued to play out, the government is reviewing the privacy act hopefully they will boost their resources, national auditor will audit the federal government’s digital identity system (should be interesting), and lots more news last month.
On the incident and audit front several reports: GrainCorp’s ransomware attack, Victoria privacy commissioner funds weakness in third-party controls, Melbourne Port Phillip Prison hacked, Woolworths everyday rewards users have very bad password habits, Aus trading company ACY 60gb data breach, Deakin Uni privacy breach of 47k student details, WA local governments face plant in audit.
Audit: Vic privacy watchdog uncovers third-party infosec risks at four agencies | iTnews
By Steven Kirby on Jul 31, 2022 Australian Audit Report 22 July 2022 Victorian privacy watchdog uncovers third-party infosec risks at four agencies Agencies only partially effective …
OIC Speaker Series No. 1 – Privacy and building trust through transparency
By Office of the Information Commissioner Queensland on Jul 31, 2022 Office of the Information Commissioner Speaker Series No. 1 hosted by Ms Madonna King and featuring Mr Ian Stewart AO APM, former Queensland Police Commissio…
Australian man charged over alleged international spyware operation
By Penny Travers on Jul 31, 2022 An Australian man who sparked a worldwide investigation into spyware he allegedly created and sold to domestic violence perpetrators and other …
Melbourne hacker charged after creating dangerous spyware | 7NEWS
By 7NEWS Australia on Jul 30, 2022 A Frankston man is accused of creating spy software at the age of fifteen and selling it to online predators. Victims had no idea they were being watched and…
New Cyber Incident Reporting Rules May Catch Some Industries Unaware
By Lawcadia on Jul 30, 2022…Expanded rules to the Security of Critical Infrastructure Act (the SOCI Act) may catch many businesses unaware. The Act came into effect on 8 April …
Cybersecurity in the Pacific: how island nations are building their online defences
By Carsten Rudolph and James Boorman and Monica Whitty on Jul 30, 2022 Leaders of several Pacific nations met in Fiji last week to strengthen ties and promote unity in the region. The Pacific faces numerous challenges, …
Incident: Ransomware attack on Australian agricultural company GrainCorp’s payroll provider Kronos
By Steven Kirby on Jul 27, 2022 Australian Ransomware Attack, 23 February 2022 Ransomware attack on Australian agricultural company GrainCorp’s third party payroll provider …
Mastercard’s digital ID service accredited by government
By Justin Hendry on Jul 26, 2022 Mastercard has become the third credential provider to be accredited under the federal government’s digital identity system, joining Australia Post …
Review of Privacy Act will be with govt by end of year
By Joseph Brookes Senior Reporter on Jul 25, 2022 The long running review of Australia’s privacy law will present a final report to government by the end of the year, as new Attorney General Mark …
Bunnings, Kmart hit pause on in-store facial recognition
By Justin Hendry on Jul 25, 2022 Bunnings and Kmart Australia have paused the use of facial recognition while the privacy watchdog investigates their personal information handling …
Healthscope appoints interim CISO to permanent role
By Kate Weber on Jul 24, 2022 Healthscope has appointed its deputy and interim CISO Varun Acharya to the permanent CISO position vacated by Mitra Minai back in May. Acharya stepped …
Incident: New security alert issued to all Woolworths Everyday Rewards members | 7news
By Steven Kirby on Jul 24, 2022 Australian Retail Cyber Incident, 22 July 2022 New security alert issued to all Woolworths Everyday Rewards members Fraudsters have likely obtained …
Incident: Melbourne’s Port Phillip Prison jail targeted by anonymous hackers in cyber attack | MSN
By Steven Kirby on Jul 24, 2022 Australian Jail Cyber Attack, 7 July 2022 Melbourne’s Port Phillip Prison jail targeted by anonymous hackers in cyber attack Hackers take control of …
Would you like fries with that? A quick guide to notice and consent in privacy law
By Anonymous on Jul 22, 2022 When consumer advocacy body CHOICE last month went public with its investigation into the use of facial recognition by major Australian retailers, the …
Heritage Bank ends CISO hunt
By Kate Weber on Jul 21, 2022 Heritage Bank has found a new chief information security officer, with Mikhail Lopushanski stepping into the role. Lopushanski takes over from Ashley …
ACCC, ASIC trials website takedowns for phishing, crypto scams
By Justin Hendry on Jul 21, 2022 Australia’s competition watchdog has partnered with the corporate regulator to trial automated takedowns of websites hosting phishing and other scams. …
iTWire – TikTok admits Australian user data can be accessible, posing security and privacy concerns
By Kenn Anthony Mendoza on Jul 19, 2022 Patterson wrote in a tweet last 4 July 2022 that he sent a letter to TikTok Australia following revelations in the US that user data is accessible in …
iTWire – Heritage Bank appoints new CISO
By Stephen Withers on Jul 19, 2022 People Moves Heritage Bank appoints new CISO Tuesday, 19 July 2022 15:17 Heritage Bank appoints new CISO Featured By Stephen Withers Heritage Bank has …
Gov spends another $9m on data analytics to detect Medicare fraud
By Justin Hendry on Jul 19, 2022 The federal government will pay Woolworths-backed Quantium Health another $9 million over the next year for tools to detect suspected instances of…
Josh’s tax file number was stolen. Now his personal data is at risk — and his money
By Lucy Stone on Jul 18, 2022 When Brisbane radio producer Josh Edwards booked an appointment with his accountant to get his tax done, he had no idea that his tax file number …
TikTok admits Australian data can be accessed in China, prompting concerns it’s being sent to Beijing
By Jake Evans on Jul 18, 2022 The federal Treasurer says he is concerned that social media platform TikTok’s China-based employees are able to access Australian user data. Key …
Cloud giants certified while others wait on sovereignty scheme
By Joseph Brookes Senior Reporter on Jul 16, 2022 Google and IBM have been cleared by the Digital Transformation Agency as approved cloud service suppliers under Australia’s data sovereignty scheme …
Quote: Chinese proverb “When planning for a year, plant corn. When planning for a …”
By Steven Kirby on Jul 16, 2022 “When planning for a year, plant corn. When planning for a decade, plant trees. When planning for life, train and educate people.” – Chinese proverb
Incident: 60GB of User Data Was Exposed by Australian Trading Company ACY Securities | Heimdal Security
By Steven Kirby on Jul 16, 2022 Australian Trading Company Data Beach, 06 June 2022 60GB of User Data Was Exposed by Australian Trading Company ACY Securities A Representative …
Incident: Deakin University reveals breach of 47,000 students’ details | iTnews
By Steven Kirby on Jul 14, 2022 Australian Cyber Attack, 13 July 2022 Deakin University reveals privacy breach of 47,000 students’ details Subset targeted with smish sent via …
OAIC opens probe into Bunnings, Kmart over facial recognition
By Justin Hendry on Jul 13, 2022 Bunnings and Kmart Australia’s use of facial recognition to analyse CCTV footage will be probed by Australia’s privacy watchdog after a CHOICE …
Largest ever cybersecurity funding to enhance Australia’s offensive capabilities
By Anonymous on Jul 12, 2022 Security expert Rachael Falk says the 10 billion dollar package dedicated to cyber security will boost digital defence and Australia’s cyber attack …
New rules rolled out to help protect Australians from text message scams
By Dana Morse on Jul 12, 2022 02:52 am The Australian Communication and Media Authority (ACMA) has rolled out new rules to protect Australians from text message scams. Key …
Digital Platform Regulators Forum names algorithms, digital transparency and increased collaboration as priorities for 2022/23 | eSafety Commissioner
By Anonymous on Jul 11, 2022 The heads of the four members of the Digital Platform Regulators Forum (the forum) met yesterday and have agreed on a collective set of priorities …
Infrastructure companies must report cyberattacks within 12 hours
By Tom Burton on Jul 10, 2022 A cybersecurity incident involves the unauthorised access or impairment of data, or a software program, or computer communications. A significant …
Cyberproofing small and medium businesses—a small step with a big impact | The Strategist
By Author on Jul 10, 2022 Small businesses are not immune to cybersecurity incidents. In fact, they’re often more vulnerable because they lack the time, resources and …
Australian businesses lost $227 million to payment redirection scams last year
By Staff Writer on Jul 10, 2022 Australian businesses lost $227 million to payment redirection scams in 2021, a 77% increase compared to 2020.
Warning: Fake job offer texts are scams
By Staff Writer on Jul 10, 2022 Australians have been warned about text messages being sent out publically with job offers that are likely to be scams.
AusCERT Week In Review for July 8th 2022 – AusCERT
By marty on Jul 10, 2022 The second half of 2022 has commenced with a mix of chilly temperatures and wet weather for most of Australia and news that a third wave of the COVID …
Australian Cyber News Summary #06 – June 2022
By Steven Kirby on Jul 09, 2022 Commentary: Post election increase cyber reporting continues with the number of news stories and incidents reports increasing again. Leading off for …
More than 100 Australians among thousands left exposed after huge Chinese database hacked
By Bang Xiao on Jul 08, 2022 The personal details of more than 100 Australian citizens — including a former federal MP — are among those exposed by a hacker in a huge leak of …
City of Gold Coast lands ACT gov digital exec as CIO
By Justin Hendry on Jul 08, 2022 ACT government digital executive and former Department of Parliamentary Services chief information officer Anthony Stinziani has been appointed the …
5 big trends in Australians getting scammed
By Paul Haskell-Dowland on Jul 07, 2022 Greed, desire, wishful thinking and naivety are lucrative markets for scam artists – and their age-old hustles are increasingly being supplemented by …
Auditor re-sets sights on Australia’s digital ID scheme
By Justin Hendry on Jul 07, 2022 Australia’s national auditor will again consider an audit of the federal government’s digital identity system after a proposed review of the the $600 …
ASD creates CISO role in REDSPICE hiring blitz
By Justin Hendry on Jul 07, 2022 Australia’s cyber spy agency has created a chief information security officer role to enable the expansion of offensive and defence cyber security …
How a scammer fleeced a Sydney couple out of thousands
By 9News on Jul 06, 2022 It was around midday when the call came through on Catherine* and her husband Peter’s* landline at their Sydney home earlier this month.Catherine …
Gartner’s top recommendations for security leaders
By Catherine Knowles on Jul 06, 2022 Executive performance evaluations will be increasingly linked to ability to manage cyber risk; almost one third of nations will regulate ransomware …
iTWire – Phone, SMS most common contact methods used by scammers in 2021: Scamwatch
By Staff Writer on Jul 06, 2022 Business IT Phone, SMS most common contact methods used by scammers in 2021: Scamwatch Tuesday, 05 July 2022 01:39 Phone, SMS most common contact …
Australian businesses lose $227 million to BEC-like scams
By Kate Weber on Jul 04, 2022 Australian businesses were scammed out of $227 million in “payment redirection” cons – which includes business email compromise or BEC – over the…
Audit: West Australian Local Government Information Systems Audit Report “a significant area of concern”
By Steven Kirby on Jul 04, 2022 Australian Audit Report 22 June 2022 West Australian Local Government Information Systems Audit Report “a significant area of concern” None of the 12 …
Monash University opens public bug bounty
By Richard Chirgwin on Jul 02, 2022 Monash University has made its bug bounty public, two years after initiating an internal vulnerability disclosure program. The move was announced by …
AusCERT Week In Review for July 1st 2022 – AusCERT
By Anonymous on Jul 02, 2022 Today sees us enter the second half of 2022 which, for many of us, seems to have arrived sooner than expected. Something else that has landed quickly …
Nine hones its incident response
By Ry Crozier on Jul 01, 2022 Nine is using PagerDuty software to help locate the best person internally to fix a problem that may arise with one of its media products. Nine’s …
