Service NSW reveals 738GB of customer data was stolen during email breach

Attack accessed 47 staff email accounts and affected 186,000 customers.

Service NSW has revealed that the personal information of 186,000 customers was stolen because of a cyber attack earlier this year on 47 staff email accounts.

Following a four-month investigation that began in April, Service NSW said it identified that 738GB of data, which compromised of 3.8 million documents, was stolen from the email accounts.

The one-stop-shop agency assured, however, there was no evidence that individual MyServiceNSW account data or Service NSW databases were compromised during the cyber attack.

"This rigorous first step surfaced about 500,000 documents which referenced personal information," Service NSW CEO Damon Rees said.

"The data is made up of documents such as handwritten notes and forms, scans, and records of transaction applications.

"Across the last four months, some of the analysis has included manual review of tens of thousands of records to ensure our customer care teams could develop a robust and useful notification process.

"We are sorry that customers' information was taken in this way."

👀 👉🏼 https://www.zdnet.com/article/service-nsw-reveals-738gb-of-customer-data-was-stolen-during-email-breach

#nsw #email #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

EFF Responds to EU Commission on the Digital Services Act: Put Users Back in Control

The European Union is currently preparing for a significant overhaul of its core platform regulation, the e-Commerce Directive. Earlier this year the European Commission, the EU’s executive, pledged to reshape Europe’s digital future and to propose an entire package of new rules, the Digital Services Act (DSA). The package is supposed to address the legal responsibilities of platforms regarding user content and include measures to keep users safe online. The Commission also announced a new standard for large platforms that act as gatekeepers in an attempt to create a fairer, and more competitive, market for online platforms in the EU.

👀 👉🏼 https://www.eff.org/deeplinks/2020/09/eff-responds-eu-commission-digital-services-act-put-users-back-control

#eff #eu #commission #digital #services #act
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Money from bank hacks rarely gets laundered through cryptocurrencies

SWIFT: "Identified cases of laundering through cryptocurrencies remain relatively small compared to the volumes of cash laundered through traditional methods."

Despite being considered a cybercrime haven, cryptocurrencies play a very small role in laundering funds obtained from bank hacks; the SWIFT financial organization said in a report last week.

"Identified cases of laundering through cryptocurrencies remain relatively small compared to the volumes of cash laundered through traditional methods," said SWIFT, the organization that runs the SWIFT inter-bank messaging system used by almost all banks across the world to wire funds across borders.

These traditional methods include the use of money mules, front companies, cash businesses, and investments back into other forms of crime, such as drug trade or human trafficking.

👀 👉🏼 https://www.zdnet.com/article/money-from-bank-hacks-rarely-gets-laundered-through-cryptocurrencies

#money #laundering #bank #hacks #cryptocurrencies
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Military and Security Developments Involving the People’s Republic of China 2020

Annual Report to Congress - A Report to Congress Pursuant to the National Defense Authorization Act forFiscal Year 2000, as Amended.

👀 👉🏼 (PDF):
https://media.defense.gov/2020/Sep/01/2002488689/-1/-1/1/2020-DOD-CHINA-MILITARY-POWER-REPORT-FINAL.PDF

👀 👉🏼 China ‘eyes four African nations for military bases’:
https://citinewsroom.com/2020/09/china-eyes-four-african-nations-for-military-bases/

#dod #military #power #report #china #usa #afrika #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Chilean bank shuts down all branches following ransomware attack

All BancoEstado branches will remain closed on Monday, September 7, and possibly more days.

BancoEstado, one of Chile's three biggest banks, was forced to shut down all branches on Monday following a ransomware attack that took place over the weekend.

"Our branches will not be operational and will remain closed today," the bank said in a statement published on its Twitter account on Monday.

👀 👉🏼 https://twitter.com/BancoEstado/status/1302941450695573504

👀 👉🏼 https://www.zdnet.com/article/chilean-bank-shuts-down-all-branches-following-ransomware-attack

#chilean #bank #ransomware #attack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Google gets lost in its own surveillance system

Arizona's top lawyer is serious and wants to take Google's business model for location-based advertising by the scruff of the neck: it is a violation of the law how the data company misleads users when collecting transaction data. Employee statements and papers from Google crisis sessions support the accusations and show how even Google people cannot turn off the tracking of movement.

It will not surprise anyone that Google tries in every conceivable way to gather information about the geographical position, stays and movements of its users: The business model is called advertising, and it sells better if the advertiser knows where his advertising victim is at the moment. But many users believe that you can at least turn it off so that they don't have to watch you at every turn. That this is just wishful thinking can be read in recently released files of a lawsuit against Google in the US state of Arizona.

The information where users are located is worth cash money for Google. Mobile network usage makes it possible to link advertising to more precise geographical data. The company does not deny that Google turns such transaction data into money. After all, this is not illegal per se and is often the default setting, for example in Google's Android operating system for smartphones. However, the advertising group offers users the option of deactivating the collection of transaction data if they want to decide against this "location tracking".

From partially redacted internal files of the company, however, it appears that even Google's own people believe that the deselection of the collection of transaction data is so veiled and complicated that it is almost impossible to avoid this tracking in practice. Google's employees have also failed in their own attempt to completely disable the collection of transaction data. In internal company meetings, they talked among themselves about how confusing and misleading the settings in their employer's software are.

👀 👉🏼 🇩🇪 (source):
https://netzpolitik.org/2020/problem-geschaeftsmodelle-google-verheddert-sich-im-eigenen-ueberwachungsapparat

👀 👉🏼 🇬🇧 (background-info) Google tracks your movements, like it or not:
https://apnews.com/828aefab64d4411bac257a07c1af0ecb/AP-Exclusive:-Google-tracks-your-movements,-like-it-or-not

#google #DeleteGoogle #surveillance #tracking #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Is the web getting slower?

A story on Hacker News recently argued that webpage speeds haven't improved, even as internet speeds have gone up.

This article explains why that conclusion can't be drawn from the original data.

We'll also look at how devices and the web have changed over the past 10 years, and what those changes have meant for web performance.

💡 👉🏼 https://www.debugbear.com/blog/is-the-web-getting-slower

👀 👉🏼 The Need for Speed, 23 Years Later:
https://www.nngroup.com/articles/the-need-for-speed/

#webpage #speed #internet #study #report #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The HTTP Archive Tracks How the Web is Built.

We periodically crawl the top sites on the web and record detailed information about fetched resources, used web platform APIs and features, and execution traces of each page. We then crunch and analyze this data to identify trends — learn more about our methodology.

💡 👉🏼 View the Reports:
https://httparchive.org/reports

💡 👉🏼 2019 State of the Web Report:
https://almanac.httparchive.org/en/2019/

👀 👉🏼 https://httparchive.org/

#http #archive #reports #internet #websites
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Step-by-step guides and detailed information on secure messaging apps for Android, iOS, Windows, Mac and Linux.

💡 Apps are listed in order of:

✅✅ = "Highly Recommended"
✅ = "Worth a Try"
❌= "Not Recommended"

👀 👉🏼 https://securechatguide.org/centralizedapps.html

#secure #chat #messaging #apps #android #iOS #windows #mac #linux #guide
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Academics find crypto bugs in 306 popular Android apps, none get patched

Only 18 of 306 app developers replied to the research team, only 8 engaged with the team after the first email.

A team of academics from Columbia University has developed a custom tool to dynamically analyze Android applications and see if they're using cryptographic code in an unsafe way.

Named CRYLOGGER, the tool was used to test 1,780 Android applications, representing the most popular apps across 33 different Play Store categories, in September and October 2019.

Researchers say the tool, which checked for 26 basic cryptography rules (see table below), found bugs in 306 Android applications. Some apps broke one rule, while others broke multiple.

The top three most broken rules were:

‼️ Rule #18 - 1,775 apps - Don't use an unsafe PRNG (pseudorandom number generator)
‼️ Rule #1 - 1,764 apps - Don't use broken hash functions (SHA1, MD2, MD5, etc.)
‼️ Rule #4 - 1,076 apps - Don't use the operation mode CBC (client/server scenarios)

These are basic rules that any cryptographer knows very well, but rules that some app developers might not be aware of without having studied app security (AppSec) or advanced cryptography prior to entering the app development space.

👀 👉🏼 https://www.zdnet.com/article/academics-find-crypto-bugs-in-306-popular-android-apps-none-get-patched

#cryptography #bugs #android #apps
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Russia Proposes a Legal Plan to Restrict Crypto Circulation

The Russian government has issued a proposal to restrict the circulation and transaction of cryptocurrencies

The Russian territory presents a plethora of opportunities as far as the cryptocurrency industry is concerned.

Arguably, a proper legal environment would potentiate Russia’s crypto capacities to become a hub of virtual assets – there’s enough Russian talent to back the industry up.

However, it appears that Russia has lagged behind when it comes to the establishment of crypto hotspots as the lack of proper legal infrastructure happens to be a glaring challenge in the eyes of digital asset enthusiasts.

In recent news, the Russian Ministry of Finance has proposed a move that will create legislation to restrict the circulation of cryptocurrencies within the economy – a decision that will serve as a yardstick for global crypto regulation.

Russian media intimated that the Russian government intends to prescribe amendments to the existing Digital Financial Assets (DFA) law, which was ratified in July and is set to be implemented from the first month of 2021.

Ideally, the DFA law came about as a result of the Russian government’s need to enable transactions involving digital securities and tokens, including well-established cryptocurrencies like Bitcoin and Ether.

At the time of inception, the DFA law was meant to be coupled with a separate piece of legislation targeting the regulation of crypto circulation.

👀 👉🏼 https://tapeucwutvne7l5o.onion/russia-proposes-a-legal-plan-to-russia-crypto-circulation

👀 👉🏼 https://iz.ru/1056107/tatiana-bochkareva-roza-almakunova/zapretnyi-plod-maining-v-rossii-zablokiruiut-oborot-kriptovaliut

👀 👉🏼 https://www.ledgerinsights.com/russia-restrict-circulation-cryptocurrency/

#russia #plan #restrict #cryptocurrency #circulation
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

A data fail left banks and councils exposed by a quick Google search

Details of more than 50,000 letters sent by banks and local authorities were left online for anyone to see

Private details relating to more than 50,000 letters sent out by banks and local authorities were indexed by Google after a London-based outsourcing firm left its system hopelessly exposed. Details about everything from insolvency to final reminders of unpaid council tax and mortgage holidays were left available for anyone to view since June.

Thousands of names and addresses – and the types of letters they were sent – were left exposed, affecting people in the UK, US and Canada. Virtual Mail Room, the firm responsible for the data breach, worked for clients including Metro Bank, 14 local councils, the publisher Pearson and insolvency specialist Begbies Traynor. The specific content of the letters sent to individuals were not visible.

The privacy breach raises doubts about the due diligence carried out by companies and local authorities using outsourced mailing services to handle sensitive customer data. It also comes at a particularly painful time, with many of the names and addresses contained in the breach belonging to people who have been hit hard financially by the pandemic. Such missteps could fall foul of GDPR, with data controllers and processors potentially facing fines totalling tens of millions of pounds. A spokesperson for the Information Commissioner’s Office, the UK’s data regulator, confirmed it was aware of the incident and was making enquiries.

The details exposed by the breach are hugely personal. Amongst the tranche of exposed personal data were the names and addresses of 6,500 customers of Aldermore Bank. The back-end system left exposed reveals which customers received pre-delinquency and remediation letters. A spokesperson for the bank says it is investigating the issue. Elsewhere, more than 250 Metro Bank customers were identified with their company name and address. A Metro Bank spokesperson says the company has “temporarily suspended sharing data” with Virtual Mail Room as a precautionary measure while its investigation continues.

👀 👉🏼 https://www.wired.co.uk/article/virtual-mail-room-data-breach

#virtual #mail #room #privacy #breach #uk #canada #usa
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

When DevOps goes wrong - An observation story

In recent years, the DevOps movement has grown massively in popularity.
For some it made life easier, for others there were no changes and for others it has become "worse" since then.
If you belong to the latter group and have ever thought that you are alone in this respect, you are wrong. Obviously, some of these deteriorations are due to the fact that DevOps is implemented "wrong" or inconsistently in the workplace.
This talk will give an overview of real life observations made in DevOps environments.
It might include some of the nice, some of the bad and some of the ugly solutions you might encounter.

📺 👉🏼 https://media.ccc.de/v/froscon2020-2587-when_devops_goes_wrong

#froscon2020 #ccc #devops #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The public don’t trust computer algorithms to make decisions about them, survey finds

The majority of people do not trust computers to make decisions about any aspect of their lives, according to a new survey.

Over half (53%) of UK adults have no faith in any organisation to use algorithms when making judgements about them, in issues ranging from education to welfare decisions, according to the poll for BCS, The Chartered Institute for IT.

The survey was conducted in the wake of the UK exams crisis where an algorithm used to assign grades was scrapped in favour of teachers’ predictions.

Just 7% of respondents trusted algorithms to be used by the education sector - joint lowest with social services and the armed forces. Confidence in the use of algorithms in education also differed dramatically between the age groups - amongst 18-24-year-olds, 16% trusted their use, while it was only 5% of over 55-year-olds.

Trust in social media companies’ algorithms to serve content and direct user experience was similar at 8%. Automated decision making had the highest trust when it came to the NHS (17%), followed by financial services (16%) and intelligence agencies (12%), reflecting areas like medical diagnosis, credit scoring and national security.

Police and ‘Big Tech’ companies (like Apple and Google) were level with 11% of respondents having faith in how algorithms are used to make decisions about them personally.

Older people are less trusting about the general use of algorithms in public life, with 63% of over-55s saying they felt negative about this, compared with 42% of 18-24-year-olds. Attitudes to computerized decisions in the NHS, private health care and local councils differ very strongly by age. 30% of 18-24-year-olds said they trusted the use of algorithms in these sectors, while for those over 55, it was 14%.

Over 2,000 people responded to the survey conducted for BCS, The Chartered Institute for IT by YouGov; all were shown a description of algorithms before answering any questions.

Dr Bill Mitchell, Director of Policy at BCS said: “People don’t trust algorithms to do the right thing by them – but there is little understanding of how deeply they are embedded in our everyday life.

“People get that Netflix and the like use algorithms to offer up film choices, but they might not realise that more and more algorithms decide whether we’ll be offered a job interview, or by our employers to decide whether we’re working hard enough, or even whether we might be a suspicious person needing to be monitored by security services.

👀 👉🏼 https://www.bcs.org/more/about-us/press-office/press-releases/the-public-don-t-trust-computer-algorithms-to-make-decisions-about-them-survey-finds/

#people #dont #trust #computer #algorithm #survey
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Your digital privacy is under attack. Can anything be done to protect it?

A committee from the Council of Europe is concerned with the use of technology for mass surveillance programs.

Intelligence services around the world should be kept in check by an international body with the power to make sure governments don't misuse personal data for surveillance purposes, said the Council of Europe's data protection committee chairs in a joint statement.

Countries should agree at an international level on the extent to which the surveillance carried out by intelligence services can be authorized and under which conditions, recommended the committee. The agreement should come as a legal tool that could be enforced independently by a data protection body that is yet to be created.

The European human rights organization said that calls for better data protection at an international level are especially relevant in times of crisis, when circumstances provide governments with an opportunity to lawfully restrict citizens' privacy rights.

👀 👉🏼 https://www.zdnet.com/article/your-digital-privacy-is-under-attack-can-anything-be-done-to-protect-it

👀 👉🏼 Better protecting individuals in the context ofinternational data flows (PDF):
https://rm.coe.int/statement-schrems-ii-final-002-/16809f79cb

#digital #privacy #attack #data #flows #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

EU leaders to call for an EU electronic ID by mid-2021

EU leaders will ask the European Commission later this month to develop an EU-wide public electronic identification system (e-ID) to access cross-border digital services, according to the draft summit conclusions seen by EURACTIV.com

Strengthening Europe’s autonomy and sovereignty in the aftermath of the pandemic will be the main topic of the European Council to be held on 24 and 25 September in Brussels and digital initiatives will feature prominently.

As part of their plans, the 27 Heads of State and Government want to have a robust and functional digital ecosystem across the Union for citizens.

To that end, EU leaders will call for the development of an “EU-wide secure public electronic identification (e-ID) to provide people with control over their online identity and data as well as to enable access to cross-border digital services,” the draft document reads.

They will ask the Commission to put forward a proposal for a ‘European Digital Identification’ initiative by mid-2021, and member states hope that an EU-wide e-ID will be especially for cross-border digital services, a market expected to grow in the digital economy.

There has been some progress on this front over the past years at the technical level to guarantee the interoperability of national e-ID. Thanks to that, since September 2018, EU rules allow citizens to use their national e-ID also to access public services across borders in other member states.

In this context, the Commission has recently sought to update the rules on electronic identification operations in the EU, as part of the eIDAS regulation, in a bid to develop a more harmonized and resilient market for electronic identification systems on the bloc.

On the launch of the Commission’s public consultation on the plans in the summer, Commission Vice-President for Digital Margarethe Vestager said that the revision of the 2018 eIDAS regulation “aims to improve its effectiveness, extend its benefits to the private sector and promote trusted digital identities for all Europeans and create a secure and interoperable European Digital Identity which gives citizens control.”

👀 👉🏼 https://www.euractiv.com/section/digital/news/eu-leaders-to-call-for-an-eu-electronic-id-by-mid-2021/

#eu #eIDAS #electronic #id
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

#thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Health Insurers Are Vacuuming Up Details About You — And It Could Raise Your Rates

To an outsider, the fancy booths at a June health insurance industry gathering in San Diego, Calif., aren't very compelling: a handful of companies pitching "lifestyle" data and salespeople touting jargony phrases like "social determinants of health."

But dig deeper and the implications of what they're selling might give many patients pause: a future in which everything you do — the things you buy, the food you eat, the time you spend watching TV — may help determine how much you pay for health insurance.

🎧 👉🏼 https://www.npr.org/sections/health-shots/2018/07/17/629441555/health-insurers-are-vacuuming-up-details-about-you-and-it-could-raise-your-rates

#insurance #companies #secret #health #insurers #bigdata #BigData #surveillance #thinkabout #podcast
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The business of cybercrime

Sociologist Jonathan Lusthaus spent seven years talking to cyber criminals. He tells Hannah Kuchler what he discovered about the extent of their involvement with organised crime and what he thinks it would take to persuade them to put their talents to better use.

🎧 👉🏼 #podcast #cybercrime #truecrime

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Cybercrime's Future: A Telegram One-Act Play

What does the Future of Cybercrime Look Like? Find out in this solo Brett Johnson episode. Brett interviews a well-respected cybercriminal who owns several Telegram Channels. But there is a catch. The guy refuses to have his voice heard and will only communicate by text. For our listeners and because Brett Johnson is THAT guy? Brett plays the part of the criminal in what promises to be one of the most interesting, educational, entertaining, and enlightening podcast interviews of the year.

🎧 👉🏼 #cybercrime #telegram #truecrime #podcast

📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Facebook to be forced to stop sending EU data to the US

The Irish regulator is expected to stop the social media giant from moving data to the US because of privacy concerns.

Ireland's privacy watchdog has told Facebook that it will soon have to stop transferring its European users' data to the United States because the social media giant's current procedures fall foul of EU law.

Facebook was told in early August that the Irish privacy regulator was reviewing how it moved data to the U.S., according to two people with knowledge of the case who spoke on the condition of anonymity because they were not authorized to speak publicly.

In a statement, Nick Clegg, Facebook's head lobbyist, confirmed Ireland's expected decision, saying that the pending ruling would be felt across the transatlantic economy.

"A lack of safe, secure and legal international data transfers would damage the economy and hamper the growth of data-driven businesses in the EU," Clegg said. "We will continue to transfer data in compliance with the recent CJEU ruling and until we receive further guidance."

Facebook still has an opportunity to put its case to Ireland's Data Protection Commissioner before a final judgment — but the order will likely set a precedent for how billions of euros of data should be handled and moved across the Atlantic.

👀 👉🏼 https://www.politico.eu/article/facebook-privacy-data-us/

👀 👉🏼 https://about.fb.com/news/2020/09/securing-the-long-term-stability-of-cross-border-data-flows/

👀 👉🏼 🇩🇪 https://netzpolitik.org/2020/blauer-brief-aus-dublin-facebook-datentransfers-in-die-usa-vor-dem-aus

#fb #DeleteFacebook #privacy #data #PrivacyShield
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag