Apr 30, 2019 - This publication provides guidance for managing data spills within an organisation. First published 2012; Lastest version April 2019
Feb 19, 2019 - During the course of the investigation into the recent compromise of the Australian Parliament House network, the ACSC has identified that networks of some political parties have also been affected by a cyber security incident. In speeches delivered to Parliament on Monday 18 February 2019, Prime Minister Scott Morrison and Opposition Leader Bill Shorten acknowledged the Australian security and intelligence community have detected malicious activity by a sophisticated state actor, on the networks of a number of Australian political parties including Liberal, Labor and The…
Feb 7, 2019 - The Australian Cyber Security Centre (ACSC) urges organisations to step up efforts to protect themselves from cyber criminals, after the December quarter Notifiable Data Breaches Quarterly Statistics Report revealed an increase in reported malicious or criminal activity. The Office of the Australian Information Commissioner (OAIC) report found that malicious or criminal activity was the leading cause of data breaches in the quarter at 64 per cent of notifications, an increase from the previous quarter's 57 per cent.
Jan 23, 2019 - Whether you’re an individual or part of an organisation, the data dump of billions of stolen passwords and email addresses is a reminder to take action to protect yourself and your information. The Australian Cyber Security Centre (ACSC) is aware that the so-called Collection #1data dump of stolen credentials has now been followed by the release on the dark web of Collections #2, #3, #4 and #5. All 5 collections add up to 1 terabyte in size with 100 billion records in total.
Jan 18, 2019 - The Australian Cyber Security Centre (ACSC) is aware of a significant data breach affecting 773 million email addresses and usernames. Titled 'Collection #1', the data breach was made public by Australian cyber security expert Troy Hunt, who identified that a large number of credential lists had been distributed on a known hacking forum.
Dec 29, 2018 - The extensive compromise of multiple web hosting providers and mitigation measures have been detailed in a report released today by the Australian Cyber Security Centre (ACSC). The findings of the ACSC investigation, Operation Manic Menagerie, show that eight Australian web hosting providers were compromised, allowing a malicious actor access to customer websites.
Oct 15, 2018 - We recently reported a security issue affecting an estimated 50M Facebook user accounts, between July 2017 and September 2018. Over the weekend, Facebook issued an update reporting that fewer people were impacted by the theft of access tokens than originally thought. 'Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen' Facebook reported.
Sep 29, 2018 - The ACSC is aware of a security issue affecting 50 million Facebook user accounts. A flaw in the "View As" feature allowed attackers to steal Facebook access tokens, which could be used to take over user's accounts. Access tokens are the equivalent of digital keys that allow users to remain logged into Facebook. 'This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted the "View As" feature', Facebook stated on their website.
Jul 1, 2018 - Organisations collect and store a lot of personal details. You trust them with your address, credit card number, health records and more. Sometimes personal information is released to unauthorised people by accident, or as the result of a security breach. For example, an email with personal information can be sent to the wrong person, or a computer system can be hacked and personal information stolen. These are known as a data breaches, or data spills.
Jun 18, 2018 - On Friday 1 June 2018 PageUp Limited, an online recruitment services organisation, notified their customers about a data incident in relation to the integrity of their systems proactively informing of a possible breach. PageUp self-identified suspicious activity on its network and undertook immediate actions to investigate and contain the incident. PageUp notified their corporate customers and the Australian Cyber Security Centre (ACSC) of the issue, enabling the ACSC to quickly assess the incident and support PageUp in their response. In line with the new Notifiable Data…