Security News > 2022 > October

Australian Federal Police arrest man suspected of exploiting Optus cyberattack
2022-10-06 12:30

Aussie police have cuffed a 19-year-old Sydney resident accused of trying to extort money from victims of the recent cyberattack and digital burglary at national telecommunications provider Optus. The Australian Federal Police said today it was alerted to the blackmail attempt when some Optus customers were told to transfer AU$2,000 to a bank account or have their personal data used for financial crimes.

Details Released for Recently Patched new macOS Archive Utility Vulnerability
2022-10-06 12:20

Security researchers have shared details about a now-addressed security flaw in Apple's macOS operating system that could be potentially exploited to run malicious applications in a manner that can bypass Apple's security measures. The vulnerability, tracked as CVE-2022-32910, is rooted in the built-in Archive Utility and "Could lead to the execution of an unsigned and unnotarized application without displaying security prompts to the user, by using a specially crafted archive," Apple device management firm Jamf said in an analysis.

The Ultimate SaaS Security Posture Management Checklist, 2023 Edition
2022-10-06 12:04

It's been a year since the release of The Ultimate SaaS Security Posture Management Checklist. SaaS apps are dynamicand ever-evolving - apps' settings need to be modified on a continuous basis from security updates and app feature enhancements to employees added or removed, and user roles and permissions set, reset, updated, etc.

Former Uber CSO convicted for concealing data breach, theft from the authorities
2022-10-06 09:42

Joe Sullivan, the former Chief Security Officer of Uber, has been convicted of obstruction of proceedings of the Federal Trade Commission and misprision of felony in connection with the attempted cover-up of the hack Uber suffered in 2016. "In the wake of that disclosure, the FTC's Division of Privacy and Identity Protection embarked on an investigation of Uber's data security program and practices. In May 2015, the month after Sullivan was hired, the FTC served a detailed Civil Investigative Demand on Uber, which demanded both extensive information about any other instances of unauthorized access to user personal information, and information regarding Uber's broader data security program and practices."

Learning from real life situations
2022-10-06 09:00

Instructors who are deeply rooted in real world cyber experience are better placed to make sure that everyone who completes SANS training can apply the skills they've learned on the first day back at work. Community is important to SANS and its instructors' practical knowledge is a critical part of that commitment.

19-Year-Old Teen Arrested for Using Leaked Optus Breach Data in SMS Scam
2022-10-06 08:25

The Australian Federal Police has arrested a 19-year-old teen from Sydney for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims. Details of the scam were previously shared by 9News Australia reporter Chris O'Keefe on September 27, 2022.

Former Uber Security Chief Found Guilty of Data Breach Coverup
2022-10-06 06:57

A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. "We expect those companies to protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission and took steps to prevent the hackers from being caught."

Police arrest teen for using leaked Optus data to extort victims
2022-10-06 06:44

The Australian Federal Police have arrested a 19-year old in Sydney for allegedly using leaked Optus customer data for extortion. More specifically, the suspect used 10,200 records leaked last month by the Optus hackers and contacted victims over SMS to threaten that their data would be sold to other hackers unless they paid AUD 2,000 within two days.

Unearth offboarding risks before your employees say goodbye
2022-10-06 05:00

That's especially true when it comes to employee offboarding - but not due to sentimentality. In our increasingly digital workplace, offboarding interns, contractors or full-time employees too often ends up with them still having access to some applications and sensitive information after they leave companies.

The gap between security and privacy, and what it will take to bridge it
2022-10-06 04:30

In this Help Net Security video, Bill Tolson, VP of eDiscovery & Compliance at Archive360, talks about the biggest and perhaps only question in information governance right now: Is enterprise data security good enough to ensure data privacy? An Archive360 survey of enterprise IT executives reveals that the No. 1 driver for information governance is data security.