Security Leftovers
-
Australian firms hit by industrial ransomware in 3Q, sec firm Dragos claims
Australia experienced two industrial ransomware attacks in the third quarter of the year, the industrial security firm Dragos says in an analysis of such attacks that occurred globally.
There was no indication of the organisations involved; Dragos does not provide such information, nor does it tie a particular malicious actor to any country.
The company said on Wednesday there had been 128 ransomware attacks on industries, just three more than in the second quarter, which matched an assessment it had made. The African continent also experienced two attacks.
But it added that it was unaware of any significant industrial disruptions during 3Q.
-
iTWire - Medibank says My Home Hospital also hit, PII and health data accessed
The next instalment of the Medibank Group data breach has arrived, with the company confessing on Thursday that patient information from My Home Hospital had also been accessed by an attacker.
My Home Hospital is a joint venture between Calvary and Medibank implemented on behalf of Wellbeing SA and the South Australian Government.
Medibank said in a statement that personal information and some health data had been accessed. No further details were provided, but given the current trend there may be more to come on Friday.
-
iTWire - Pathology practice Medlab reveals data breach after nine months
Almost nine months after it experienced what it terms a "cyber incident", private pathology practice Medlab Pathology has issued a statement about the incident in which Medicare details and credit card numbers of staff and patients were stolen.
The "cyber incident" appears to have been a Windows ransomware attack. The statement was made in the name of chief executive Melinda McGrath.
Medlab is owned by Australian Clinical Labs which acquired the former in December 2021; it has operations in NSW and Queensland. The breach occurred in February 2022.
The statement said it had begun notifying those affected on Thursday.
-
Australian Health Insurer Medibank Suffers Breach Exposing 3.9 Million Customers' Data
Australian health insurance firm Medibank on Wednesday disclosed that the personal information of all of its customers had been unauthorizedly accessed following a recent ransomware attack.
In an update to its ongoing investigation into the incident, the firm said the attackers had access to "significant amounts of health claims data" as well as personal data belonging to its ahm health insurance subsidiary and international students.
Medibank, which is one of the largest Australian private health insurance providers, serves about 3.9 million customers across the country.
-
Apple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri
A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri.
Apple said "an app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements.
Credited with discovering and reporting the bug in August 2022 is app developer Guilherme Rambo. The bug, dubbed SiriSpy, has been assigned the identifier CVE-2022-32946.
-
New Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Instances
A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency.