Audit: Australia Post told to improve cyber security practices | iTnews

Audit: Australia Post told to improve cyber security practices | iTnews

Australian Information Security Audit Report July 4 2019

Auditor says risk aren’t being managed “effectively”.

Reported in: iTnews

One of the reasons for this result was that despite having a fit for purpose cyber security risk management framework, the government-owned corporation had “not met the requirements of its framework”. Specifically Australia Post has “not effectively managed cyber security risks”, having not undertaken a “detailed security risk management assessment” on the two systems for two years.

“Australia Post has not met the requirements for ICT controls in its framework, having not implemented all specified key controls, and as a result has rated the overall cyber risk as significantly above its defined tolerance level,” the Australian National Audit Office (ANAO) said.

Details are contained in the  ANAO audit of cyber resilience published on the 4 July 2019

ACCC blames premature TPG merger rejection reveal on unpatched CMS | iTnews

ACCC blames premature TPG merger rejection reveal on unpatched CMS | iTnews

Australian Information Security Incident Reported: May 16 2019

The Australian Competition and Consumer Commission (ACCC) has pinned the blame for its embarrassing premature disclosure of the TPG and Vodafone Australia merger rejection on an as yet unspecified glitch in its website content management system, which the regulator says has now been patched.

Source: ACCC blames premature TPG merger rejection reveal on unpatched CMS – Cloud – Security – Software – Telco/ISP – iTnews

NZ Incident: NZ Transport Agency’s cyber security under scrutiny after 82 data breaches  | Stuff NZ

NZ Incident: NZ Transport Agency’s cyber security under scrutiny after 82 data breaches | Stuff NZ

Reported Mar 5, 2019 in Stuff Co NZ

The Transport Agency has admitted 82 data breaches involving personal information prompting a call for an independent assessment of its cyber security.

Human error was the main reason given for mishandling of personal information ranging from traffic offences, to details of driver licences and individuals’ medical fitness to drive, debts and debt collection actions.

Source: NZ Transport Agency’s cyber security under scrutiny after 82 data breaches

More NZ Incidents….

Incident: Cyber-security breach at Federal Parliament prompts security agency investigation | ABC News Australia

Incident: Cyber-security breach at Federal Parliament prompts security agency investigation | ABC News Australia

Australian Information Security Incident Reported: February 08 2019

Computer passwords are reset as Australia’s security agencies investigate a cyber-security breach at Federal Parliament.

In a statement, Federal Parliament’s presiding officers said authorities were yet to detect any evidence that data had been stolen in the overnight breach.

Source: Cyber-security breach at Federal Parliament prompts security agency investigation

Incident: AusTender becomes latest bait for phishers | iTnews

Incident: AusTender becomes latest bait for phishers | iTnews

Australian Information Security Incident Reported: January 15 2019

Phishers are targeting would-be tenderers to the Department of Infrastructure and Regional Development with an email and fake AusTender landing page.

The email invites recipients to login to the fake AusTender site in order to register to participate in “sealed tenders”

The email will not contain a valid Government domain name and may look to come from “infrastructure-gov-au-‘GA’”.

Source: AusTender becomes latest bait for phishers

Incident: Fisheries Qld blames bad update for password ‘fault’ | iTnews

Incident: Fisheries Qld blames bad update for password ‘fault’ | iTnews

Australian Information Security Incident Reported: January 11 2019

Fisheries Queensland has blamed a software bug introduced via an update for an incident that left users of its Fishnet Secure portal exposed over the break.

The Courier Mail first reported the incident on Wednesday this week, revealing that “fishermen attempting to log in discovered they could get in to any account on the supposedly protected portal without a password.”

FishNet Secure allows holders of Queensland fishing permits, licences and quotas to manage them online.

Source: Fisheries Qld blames bad update for password ‘fault’