The OpenSSL project has announced two security vulnerabilities tracked as CVE-2022-3602 and CVE-2022-3786. The good news is that these vulnerabilities are unlikely to facilitate remote code execution as originally anticipated, and only OpenSSL version 3.0.0 and later are impacted. The bad news, however, is that even though the remote control is unlikely, it’s still possible.
Of the many lessons that can be learned from how the Optus data breach was handled, one stands out - Australia’s privacy laws are not equipped to support Aussie data breach victims. To change this, the Australian Government is amending its Telecommunications Regulations 2021 Act. APRA-regulated financial entities can now be involved in efforts to mitigate financial fraud following a data breach.
The Optus data breach was the second-largest data breach in Australia. 9.8 million current and former Optus customers were impacted by the event, with 2.1 million suffering compromises of highly-sensitive government identification information, like driver’s license numbers and passport numbers. In other words, this single cybersecurity incident has placed almost half of the Australian population at risk of identity theft scams and financial fraud.
The Optus data breach occurred through an unprotected and publically exposed API. This API didn’t require user authentication before facilitating a connection. A lack of an authentication policy meant anyone that discovered the API on the internet could connect to it without submitting a username or password.
Attack surface management (ASM) software is a set of automated tools that monitor and manage external digital assets that contain, transmit, or process sensitive data. ASM software identifies misconfigurations and vulnerabilities that cybercriminals could exploit for malicious purposes that result in data breaches or other serious security incidents.
Cybercriminals exploit vulnerabilities and misconfigurations across an organization’s attack surface to gain unauthorized access to sensitive data. The prevalence of digital transformation and outsourcing in the current threat landscape means an organization’s attack vectors can easily increase by millions each day. This ever-growing number makes it hard to identify cyber threats and prioritize remediation before a data breach occurs.
Global cybersecurity is becoming more reliant on using advanced, more complex safety mechanisms to resolve vulnerabilities. Governments and businesses worldwide struggle to safeguard their data and networks and prevent future crises. At the same time, cyber threats are becoming just as complex. With each new step in cybersecurity innovation, cyber threats also gain momentum, eventually posing major security challenges for governments.
An impersonation attack is a type of targeted phishing attack where a malicious actor pretends to be someone else or other entities to steal sensitive data from unsuspecting employees using social engineering tactics. Hackers attempt to trick the victim into transferring money, giving up sensitive information, or providing business login credentials to leverage cyberattacks and gain unauthorized access to systems and networks.
Cyber innovation and digital transformation are moving at increasing speeds. With the shift to cloud-based software and assets, SaaS (software-as-a-service) applications, and the need for remote working, businesses are changing the way they approach risk management and the security of their digital assets.
In today’s fast-moving and competitive marketplace, you can barely find any businesses and merchants that still haven’t adopted the use of credit cards for their services. More than a third of American cardholders use credit cards for their transactions on a monthly basis. With the rising prevalence of identity theft, over 1.1 billion personal records were exposed by data breaches and credit card fraud alone.
