Security Leftovers

posted by Roy Schestowitz on Nov 01, 2022

• Paul Wise: FLOSS Activities October 2022

  This month I didn't have any particular focus. I just worked on issues in my info bubble.

• Attackers searching for more bugs, using documents less and exfiltrating more data | SC Media

  Deep Instinct on Monday released its report on cybercrime during the first half of 2022 and found at least three important trends: Threat actors are using documents less and using LNK, HTML and archived email attachments; the industry experiences continued vulnerabilities in Windows and Linux despite earnest attempts to fix them; and attackers are doing more data exfiltration attacks that target third parties.

• iTWire - Optus says will not pay users' licence costs, only admin expenses

  Telco Singtel Optus has indicated that it will pay only the administrative costs incurred by VicRoads in issuing new licences — and not the costs of the licences themselves — to the hundreds of thousands affected by the disastrous data leak suffered by the company.

  A spokesperson from the telco said in response to a query asking whether it would pick up the tab for the licences: "Optus will cover the incremental costs to VicRoads associated with replacing Victorian driver’s licences where customers had a valid license compromised as a result of the cyber attack."

  When the company was asked for a more direct statement, the response was: "Sorry, but unfortunately this line is all we can provide at this time. We will be in contact should our situation change."

  VicRoads issued a statement on Saturday, saying it would issue new driving licences to 342,000 people in the state who were affected by the massive data breach.