Category: News

Acurus Pty Ltd News

Vinomofo data breach: 500,000 customers at risk after wine dealer hit by cyber-attack

Customers of Australian company Vinomofo are the latest victims of personal information exposure after the wine dealer suffered a major cyber-attack.

Personal information including names, dates of birth, addresses, email addresses, phone numbers and genders of customers are at risk of exposure.

It is not yet clear if all of Vinomofo’s 500,000 customers were exposed but all have been warned to remain on high alert of scam activity after the hack.

Vinomofo said the risk to its members was “low” because other sensitive information such as passports, credit card details and driver’s licences were not held by Vinomofo.

The incident occurred after an unauthorised third party unlawfully accessed the database from a testing platform that is not linked to Vinomofo’s live website.

This latest breach follows a chain of attacks on telecommunications company Optus, health insurer Medibank, and more recently online retail store MyDeal.

All Australian organisations should take these incidents’ as a stark reminder of the importance of a strong cybersecurity position and strategy.

Contact



    Woolworths says 2.2 million MyDeal customers’ details exposed in data breach

    Woolworths says 2.2 million MyDeal customers’ details exposed in data breach

    Millions of customers’ details have been exposed in a major data breach at an online shopping site owned by the retail giant Woolworths.

    In September Woolworths took an 80% stake in MyDeal, an Australian online shopping site, in a takeover worth more than $200m.

    MyDeal was in the process of contacting an estimated 2.2 million customers who’s details have been exposed, the Woolworths Group said in a statement.

    The details exposed included customer names, email addresses, phone numbers and delivery addresses and birthdays, with 1.2 million of the customers having only their email addresses exposed.

    MyDeal said that no sensitive information had been accessed in the breach, such as payment information, driver’s licence, passport details, and passwords.

    Woolworths also said MyDeal’s systems operate on a different platform to the broader group, meaning no Woolworths customer details had been exposed.

    In light of the recent string of cyber attacks on major Australian organisations, the government has vowed to review current privacy laws with talk of tighter protections being introduced by the end of the year.

    If you don’t have a clear direction on your cyber security position or strategy moving forward, you owe it to your customers, employees, board and yourself to take action now.

    Contact



      Medibank Private hit by cyberattack

      Australian health insurer Medibank Private has been forced to take some of its customer-facing systems offline after being hit by a cyberattack. Health insurer Medibank Private hit by cyber attack – ABC News Medibank’s ahm and international student policy management systems are currently offline.

      Medibank is still seeking to confirm that no sensitive information from its 3.7 million members has been disclosed in the attack, stating it has not yet found any customer data that has been compromised including a formal statement to the ASX that “there is no evidence that any sensitive data, including customer data, has been accessed”.

      Chief executive David Koczkar said Medibank recognised its responsibility, given the sensitive data it holds about people’s health.

      Medibank requested its shares be halted from trading while it continues Investigations into the cyber attack.

      The attack follows a recent breach at telecommunications company Optus, where as many as 9.8 million customers’ personal information could have been exposed to hackers: Optus Hacked: Customers warned to check in with their banks after personal data exposed – Acurus

      These high profile incidents will drive change in the legal obligations of Australian companies in regards to their obligations around protecting themselves and their customers from the impact of cyber security related events.

      If you don’t have a clear direction on what your cyber security position is and your strategy moving forward you owe it to your customers, employees, board and yourself to take action now.

      Contact



        ACSC Flags Microsoft Exchange Vulnerabilities

        ACSC flags Microsoft Exchange vulnerabilities

        The Australian Cyber Security Centre (ACSC) has reported two new zero-day vulnerabilities in Microsoft Exchange Servers 2013, 2016, 2019.

        Microsoft published a list of the common vulnerabilities and exposures (CVEs), assigned to:

        • CVE-2022-41082 – remote code execution vulnerability
        • CVE-2022-41040 – elevation of privilege vulnerability

        Also noted are Historical CVEs related to ProxyShell, including:

        • CVE-2021-34473 – pre-auth path confusion leads to ACL bypass (patched in April by KB5001779).
        • CVE-2021-34523 – elevation of privilege on exchange powerShell backend (patched in April by KB5001779).
        • CVE-2021-31207 – post-auth arbitrary-file-write leads to RCE (patched in May by KB5003435).

        Organisations are being urged to deploy mitigations, particularly those who have already suffered breaches. The advice is calling to search for post-exploitation activity including deployment of webshells.

        The ACSC is not yet aware of successful exploitation in Australia and has advised stakeholders to monitor the situation. Impacted organisations have been encouraged to report any incidents to the agency.

        Find out how Acurus can protect your organisation from vulnerabilities, contact us today.

        Contact



          Optus Hacked: Customers warned to check in with their banks after personal data exposed

          Optus hacked; customers warned to check in with their banks after personal data exposed

          Last Thursday, Optus alerted its customers of the security breach and confirmed that the attack was quickly identified and shut down. However, the telco’s 11 million customers have been urged by cyber security experts to be extra vigilant of potential threats over the coming weeks.

          Types of personal data that had been compromised included home addresses, ID documents such as driver’s licences and passports, phone numbers and customer names.

          Optus is working with the Australian Federal Police, Australian Signals Directorate, and Office of the Australian Information Commissioner to mitigate risk and find the culprit of the attack.

          The telco has confirmed the attack did not compromise services such as mobile and home internet, payment details or account passwords. The company also verified that messages and voice calls had not been compromised and were safe to use as well.

          Experts are concerned that the security breach could pave more ways to conduct social engineering attacks. This is when scammers might pretend to be an Optus representative and trick people into handing over sensitive data.

          The Australian Cyber Security Centre (ACSC) had been notified of the incident according to a spokesman for Cyber Security Minister Clare O’Neil.

          “The Australian Signals Directorate’s Australian Cyber Security Centre has seen broad targeting of Australians and Australian organisations, through rapid exploitation of technical vulnerabilities by state actors and cyber criminals seeking to exploit weaknesses and steal sensitive data.”

          The Optus data breach has been dubbed as one of Australia’s largest cyber attacks in history. According to Optus, the type of information which may have been exposed includes:

          • Customers’ names
          • Dates of birth
          • Phone numbers
          • Email addresses

          For a subset of customers compromised data include:

          • Addresses
          • ID document numbers such as driver’s licence or passport numbers
          • Optus says payment details and account passwords have not been compromised.

          According to Sean Duca, vice president and regional chief security office for APJ at Palo Alto Networks the attack calls for an even stronger collaboration between the Australian government and the private sector to tackle the rise in cyber attacks.

          If you would like more information on how to identify potential cyber security threats speak to one of our cyber security experts today.

          Contact



            LastPass Notified Users of Security Incident

            In late August, LastPass started notifying its users of a “recent security incident” where an “unauthorized party” used a compromised developer account to access parts of its password manager’s source code and “some proprietary LastPass technical information.”

            In a letter to its users, the company’s CEO Karim Toubba explains that its investigation hasn’t turned up evidence that any user data or encrypted passwords were accessed.

            LastPass’s software acts like a Safe for your valuable passwords and private information. As a result of the way LastPass works, they themselves can never see the contents of what is in the “safe” they produce. This security incident is as if the designs to a safe have been stolen from a safe-making factory, but not the actual safes themselves or the valuable information which resides in those safes such as passwords.

            Hackers having access to a program’s source code doesn’t immediately mean they can instantly compromise it, or break through its defences. Famously, Microsoft says it doesn’t rely on its source code remaining private for security and says that people being able to read it shouldn’t be a risk.

            As LastPass explains, at this point if you are a LastPass user you don’t have to do anything — there’s no reason for you to spend an afternoon changing your master password and doing a full security audit.

            If LastPass changes its position or releases further information on the matter we will share it here.

            If you have any questions or wish to know more about this incident please contact us below.

            Contact