White Hat Hacking with TDL | Databreach in Victorian School & New Malware Surfaces



Security breach at Victorian school highlights importance of Cyber-Education

A reported breach at Strathmore high school, in late August highlights the importance of Cyber-Education for all parties. The school, located in Melbourne's northwest, has reported across all forms of media on a significant data breach. It appears that the breach, caused by human error has led to the exposure of sensitive health records relating to the students attending the school. The Education Minister and Department of Education's Risk and IT teams, have assisted the school with this issue in ensuring all staff understand privacy and IT issues moving forward.


Another Android Malware Vector

Security researchers have uncovered a new, powerful, Android Malware framework that is being used by cybercriminals to turn legitimate apps into spyware with extensive surveillance capabilities. As per other similar products, this re-packages existing applications and adds functionality around data access, camera and microphone control. Also remaining consistent with the theme, the compromised apps were found on a 3rd party app-store. The standard recommendation remains in place around ensuring apps are only obtained from trusted parties (Apple Store, Google Play etc.) and that access to your data and control of the device is minimised.

The high cost of ‘free’

Apple has removed Facebooks’ free VPN from the app-store as it violates their updated privacy policy around collection of personal data and use of other applications on the users’ device. Facebook acquired the technology, known as Onavo Protect, a while ago. While Facebook markets Onavo Protect as a free VPN tool for users to keep themselves and their data safe, what the app actually does is create a VPN that redirects users' internet traffic to a private server managed by Facebook. As a part of the T’s & C’s, the app stated that it may collect your data and application usage so it could offer a better experience. Apples’ new policy makes it explicitly clear that apps should not collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing and must make it clear what user data will be collected and how it will be used.

Contact Us today to find out how Thomas Duryea Logicalis can support you with your organisation's security concerns and posture.

Tags Security, Privacy, HTTP, Google Chrome, 2-Factor-Authentication, 2FA, HTTPS Sites, Crypt worm, SamSam, Databreach, Reddit, OAIC, Cybercriminals, Spyware, Human Error, Malware


Contact us