@racingcanvas1
Profilo
Registrato: 1 anno, 7 mesi fa
Australia is Battling another Global Bug The COVID-19 virus has a grip on every aspect of our lives. And now an additional virus is on the loose. Businesses and hospitals with employees working from their mobiles or remotely are on the frontline and this time the virus is digital. The growing Australian Immunisation Register and the Medicare and Pharmaceutical Benefits Scheme portals all needed an urgent upgrade over the Christmas break. They have won the war against intruders thus far. Minecraft Servers "We're not aware of any information being shared by third-party vendors, and we continue to collaborate with developers in the process of transitioning," Services Australia general manager Hank Jongen told AAP. However, a quick check by experts for intrusions may not be enough to safeguard against malicious attacks. As well as posing as a "real and present danger" Intruders are residing deep inside software systems and could be lurking for years, cyber detectives warn. Cyber threats are increasing as our lives and our livelihoods increasingly go online However, the so-called Log4j vulnerability is particularly noxious. The vulnerability in a program component is affecting the Log4j Java system used by millions of Australians, often unknowingly, on their work and home phones, computers, and seemingly secure apps. Microsoft recommends that you conduct periodic reviews and scans to find new messages and malicious code. "Due to the multitude of applications and services affected and the speed of updates, this is likely to take a long time for remediation, requiring constant, sustained vigilance" Microsoft says. In the last week, the United States announced that it will sue companies that aren't protected against the bug or its variants. Australia could likely take this action if its laws allowed for such a decisive step. The US Federal Trade Commission (FTC) states that the vulnerability is being widely exploited by a growing number of attackers, posing a severe danger to millions of users of consumer products as well as enterprise software and web applications. Experts say that China-based groups Hafnium, Aquatic Panda, and hackers with a base in Iran immediately launched attacks following the first flaw in December. "When vulnerabilities are discovered and exploited, it risks the loss or compromise of personal information, financial losses, and other irreparable harms," the FTC warned in a blog post. The US Cybersecurity and Infrastructure Security Agency warns that no one action can fix the issue. Under US law, there is a legal obligation to take action, which includes Australian organisations that operate in the United States. According to the FTC the agency will use its "full legal power" to prosecute companies that fail take reasonable measures to protect the privacy of consumers from being exposed to Log4j or similar vulnerabilities in the future. When credit firm Equifax was unable to fix a known vulnerability and exposed the personal data of 147 million consumers, it had to pay a settlement of $US700 million ($A974 million) Back home, Services Australia is responsible for the personal information of millions of Australians but is linked to hospitals, aged care homes and other service providers whose systems must be flexible but are typically fragile. Intruders have found remote access software to access applications and data, which includes MobileIron products in Australia. The Australian Industry Group has warned that a large number of apps are vulnerable, affecting individuals, businesses and supply chains for business. Ai Group states that a weakness in their security could let malicious actors to create malicious "logs" which could be used to gain control of data and computer systems. The United Kingdom, United States, Canada and New Zealand are also tackling the bug and its variants. The UK's National Health Service warned that the Log4Shell vulnerability in MobileIron products was being actively targeted and exploited. Software developers and organizations that include Java's Apache, MobileIron and other Java-based software developers, have acted swiftly. Apple's iCloud and the game distribution platform Steam and Minecraft have also patched holes. Australia's Employment Minister Stuart Robert has encouraged all businesses to take this issue seriously. "It is a serious virus, serious piece of malware," he says. "I have been encouraging companies to do the right thing now, particularly with regard to their servers on the internet and any remote access via MobileIron. All levels of government including universities and businesses in Australia, have been advised to scan and update their software to ensure their security. Microsoft claims that it has seen many attackers add these vulnerabilities to existing malware kits and techniques. Minecraft Servers This includes cryptocurrency miners as well as hands-on keyboard attacks. "Organisations may not realize that their environment is already compromised," the firm says. "At this point, users should assume broad availability of exploit code and scanning capabilities to be an actual and current threat to their environment." Many Australian aged health and care facilities claim on taxpayer funds using the outdated business-to-government (B2G), software. They were warned to respond , but may not have received the letter. "We recommend that you switch your customers to web services as soon as you can," Services Australia said in a letter to developers in late December. "The agency is committed to moving away from ageing technology to adapt for online claims as soon as is possible. "This is becoming more urgent due to the emergence of a global Java vulnerability." A federal parliamentary committee heard in the summer of 2013 that the agency blocks approximately 14 million emails that are suspicious each month and must review security, make upgrades and patches to fix bugs. Services Australia is now working closely with the Australian Cyber Security Centre on the evolving threat. Mr Jongen stated that Services Australia would continue to implement the ACSC's mitigation and detecting recommendations. "The ACSC are working with all vendors to ensure that Log4j vulnerabilities are identified and reduced.
Sito web: https://www.pearltrees.com/spytable1/item464051592
Forum
Topic aperti: 0
Risposte create: 0
Ruolo forum: Partecipante