Cyber and Privacy Update 12 Apr 2019

cyber
Developments in the world of cyber and privacy

Friday 12 April 2019  

Government proposes major changes to privacy law 
The Federal Government has proposed radically increased financial penalties and new powers for the Office of the Australian Information Commissioner, in the wake of increased scrutiny of social media platforms and a growing consensus that Australia's privacy legislation has fallen behind global norms.
Click here for article: https://bit.ly/2VFz4qZ

Largest leak in history: email data breach exposes over two billion personal records
A new world record re size and scope of data breaches has been set by email marketing service Verifications.io, thanks to some unsecured public-facing databases containing what appears to be just about all of their customer information. Passwords were not exposed in the email data breach, but quite a bit of personal information was. Initial reporting indicated that about 763 million records were exposed, but that estimate has since climbed to a little over two billion records as security researchers have found that at least four of the company’s databases were open to anyone who cared to walk in the door. 
Click here for article: https://bit.ly/2I8hTLH

APRA provides guidance on complying with new information security measures 
On 25 March 2018 APRA released for consultation a draft of Prudential Practice Guide 234 Information Security (‘CPG 234’). The purpose of CPG 234 is to assist APRA regulated entities in complying with Prudential Standard CPS 234 Information Security (‘CPS 234’) which commences 1 July 2019. The draft offers valuable insight into the degree of information security capability APRA will expect of regulated entities following commencement of CPS 234. Importantly, CPG 234 clarifies that Boards of regulated entities should, in order to more effectively discharge their responsibilities under CPS 234, take a more proactive role in working with management on the information security capability of the entity.
Click here for article: https://bit.ly/2Xep8F5

189 Australian banks, financial services providers attacked by SMS-borne malware 
Cisco’s Talos security business has detected what it’s described as “a new Android-based campaign targeting Australian financial institutions.” The firm’s explanation of the attack detected an advertisement on an exploit-hawking website that offers malware called “Gustuff” that claims it can attack Westpac, NAB, St George Bank, ING Direct, BankWest, Bank SA and other Australian financial institutions. Talos said it found a 189 sets of logos for Australian banks and cryptocurrency exchanges in the malware. 
Click here for article: https://bit.ly/2Dgc3DI

 

Similar articles

Cladding
News

New NSW laws on combustible cladding

The NSW Government has introduced new requirements for residential and other buildings that have external combustible cladding.

Boardroom Briefing 10
Insight

Boardroom Briefing December 2019

Mind your own Business - disclosure of insurance documents to the opposition

declare jobkeeper
Insight

Workers’ Compensation Insurance Bulletin 5: Response to COVID-19

TO DECLARE OR NOT TO DECLARE? – THAT IS THE QUESTION…

ravel Covid
Insight

Workers’ Compensation Insurance Bulletin 6: Response to COVID-19

The ongoing management of COVID-19 within the Workers’ Compensation jurisdictions continues to evolve.