Leading Edge Cyber

24/11/2020

Based on Gartner forecasts and adjusted for the impact of COVID-19, this year’s top 10 security projects is something for security and risk management leaders to focus on to drive business value and reduce risk:

https://www.gartner.com/smarterwithgartner/gartner-top-security-projects-for-2020-2021/

Project No. 1: Securing your remote workforce. Gartner analyst Brian Reed shares the top 10 projects for 2020-2021. Read more.

15/11/2020

Securing the IoT Landscape of Tomorrow...

https://lnkd.in/gfNPX5p

Security consultants and practitioners have insight into how organizations of various sizes, across both the public and private sectors, are preparing for Internet of Things (IoT) deployments during this unusual pandemic year.

29/10/2020

As reported by IT News, the City of Port Philips recently experienced a data leak where partially de-identified data was uploaded to their open data platform.

To reduce the risk of re-identification organisations should implement a robust de-identification process. Here are some guidelines from the OAIC on how to de-identify data and prevent the risk of re-identification and privacy harms:

https://www.oaic.gov.au/privacy/guidance-and-advice/de-identification-and-the-privacy-act/



https://www.itnews.com.au/news/city-of-port-phillip-leaks-personal-details-in-datagovau-blunder-555323

Incorrect graffiti reporter dataset online for seven months.

21/10/2020

Attack Spotlight: Why OneDrive and Sharepoint Attacks Are Successful and How to Fight Back

Users are ~7 Times More Likely to Click on Malicious SharePoint Online/OneDrive links

16/10/2020

SMEs are most at risk of email account compromise: Three ways to protect your business

International cyber crime groups are increasingly using email account compromise to scam Australian organisations of all shapes and sizes.

13/09/2020

Attack Spotlight: BEC and Gift Card Scams

During COVID19 we have seen a large spike in the number of Business E-mail Compromise (BEC) attacks on organisations which is often linked with gift card fraud.

With many organisations still not having deployed MFA, e-mail account take overs continue via credential surrender or password re-use, and attackers are using simple mechanisms such as gift cards to wire funds and goods internationally.

When this is not feasible, the slightly more labour intensive approach of squatting domains similiar to the target organisations domain name allows executives to be impersonated.

Here Proofpoint shed some light on what is gift card fraud via BEC/EAC and how to prevent it:

Business Email Compromise (BEC) and Email Account Compromise (EAC) afflict businesses of all sizes across every industry. More money is lost to this type of attack than any other cybercriminal activity.

06/09/2020

This form will self-destruct in 56 days, but will your personal data?

As required by Australian government regulations businesses must retain contact tracing data for 56 days to help ease restrictions related to COVID-19.

Recently there has been an explosion in the number of ‘free’ services being offered to help organisations with this requirement.

Taking a closer look at these free services, businesses need to be careful with the fine print since some are using it as an opportunity to monetise the data collected.

The key terms of service to look out for reference the de-identification of personal information for marketing purposes, whilst on the surface de-identification seems reasonable, in practice the technique applied is often inadequate and could allow individuals to be later re-identified.

In some cases, it has even been found that terms of service state that users e-mail addresses may be enrolled for marketing purposes that will later require opting out.

It's recommended that businesses complete the necessary due-diligence of service providers before sign-up, especially those that are offered as free since service providers need recoup their hosting costs one way or another.

26/07/2020

Wasted Locker, the advanced custom ransomware strain has caused an outage of Garmin's global systems for the last 48 hours with a reported $10m ransom.

Those responsible for recent Wasted Locker attacks are known to gain a foothold within organisations to build an understanding of the IT architecture before dropping the ransomware on the compromised systems.

It's a timely reminder for organisations to ensure that roll-backs are in place and critically off-line backups are tried and tested...

Wearable device maker Garmin today had to shut down some of its connected services and call centers following what the company calls a worldwide outage.

26/07/2020

Video analytics are increasingly useful in smart cities, but how should privacy considerations be taken into account? Read more: https://bit.ly/3gO4ZzK