Share this page!

Jeremy Kirk Profile picture
Twitter logo
Oct 22 7 tweets 5 min read
Aussie data breach #5 (or is it #6?) is @AMEBexams, which is run by unis and several state gov'ts. Its e-commerce system breach coincides with a nasty XSS software vulnerability in Adobe Commerce/Magento: helpx.adobe.com/security/produ… #auspol #infosec
To recap, @AMEBexams says its AMEB online shop database was attacked between Oct. 12-18. Says transaction/credit card data at risk. Also names, emails, phone numbers, addresses were exposed and possibly before Oct. 12 as well: Notice here: ameb.edu.au/cybersecurity
In that notice, @AMEBexams writes: "Security solutions (patches) to defend against this type of attack have since been released by Adobe and applied to the AMEB website and shop."
Adobe released a patch for CVE-2022-35698 on Oct. 11, just a day before @AMEBexams says it was attacked. The XSS flaw was bad, with a CVE ranking of 10. No auth or admin privilege required to exploit. @Ad_Nauseum74 wrote a story for the @DailySwig about it portswigger.net/daily-swig/ado…
The person who found the flaw, @Blaklis_, told the Swig that exploitation of leads to a "full shop compromise" and is easy to exploit.
Analysis: The @AMEBexams breach may be the result of not quickly applying patches. Cybercriminals who attack e-commerce systems jump on these vulnerabilities really quickly, so those who leave their systems unpatched are at great risk. #auspol #databreach #infosec
Correction: I meant to write a "CVSS" score of 10 rather than CVE. Been a long week.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jeremy Kirk

Jeremy Kirk Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Jeremy_Kirk

Jeremy Kirk Profile picture
Oct 24
Australia's @medibank health insurer says compromised login credentials lead to its data breach. I spoke with a former Medibank employee whose login credentials turned up on the Dark Web in August. An interesting 🧵 #auspol #infosec @CyberGovAU @ClareONeilMP
For background, login credentials are constantly stolen, bought and sold. "Every org has creds for sale," says one source. @medibank is no different. At least a half dozen @medibank accounts were available for sale in August, according to @RESecurity. #infosec
I looked at the credentials and emailed some of the people. One responded last night, and we spoke on the phone. He was a part-time Covid support officer. @medibank policyholders would call in with Covid questions, and he said he would read Covid guidance from NSW's website.
Read 10 tweets
Jeremy Kirk Profile picture
Oct 24
Is Australia's data breach wave a coincidence, bad luck or intentional targeting? Maybe all three. But the security weaknesses that have led to the incidents are not exotic. Here's an analysis 🧵 #auspol #infosec #cybercrime @CyberGovAU @ClareONeilMP
None of intrusions are the result of indefensible exploits. The culprits are the usual suspects: an insecure API, compromised credentials, a failure to quickly patch, everyday account takeovers and bad development practices.
And the people behind these attacks are most likely workaday cybercriminals, not your top-level nation-state attackers. What follows is a breakdown of the breaches and incidents:
Read 13 tweets
Jeremy Kirk Profile picture
Oct 22
The Australian gov't will introduce legislation in Parliament next week that would sharply increase penalties after a wave of unprecedented data breaches affecting @Optus, @medibank, @mydealaustralia and @vinomofo. Deets: ministers.ag.gov.au/media-centre/t… #auspol #infosec
If passed, max fines for Privacy Act violations will rise from $2.22 million to the greater of either $50 million, three times the benefit from misuse of info or 30% of a company's adjusted turnover.
"Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It's not enough for a penalty for a major data breach to be seen as the cost of doing business," says AG Mark Dreyfus.
Read 6 tweets
Jeremy Kirk Profile picture
Oct 22
.@EnergyAustralia initiated a password reset for its My Account portal users after it says the data of 323 residential and small business customers was exposed between September/October. Some info here: energyaustralia.com.au/home/help-and-… #auspol #infosec
Data available in an account includes name, address, email address, phone number, masked credit card numbers. No driver's licenses, passport or other ID details are in there, which is good of course.
Users now need to chose a password that's at least 12 characters, a lowercase letter, an uppercase letter, a number and a symbol. Also, the new password can't be any of the last four passwords.
Read 6 tweets
Jeremy Kirk Profile picture
Oct 17
Someone is claiming responsibility for the recent hack of MyDeal, the online marketplace owned by Aussie grocery Woolworths Group. The price for the data is at $600. CAUTION: I haven't verified the data yet or if this is legit. #infosec #auspol
To recap, Woolworths said on Friday that 2.2 million people were affected after its CRM system was accessed. For 1.2 million, only email was exposed. For the rest, names, email addresses, phone numbers, delivery addresses, sometimes birth dates. PR here: woolworthsgroup.com.au/au/en/media/la…
This is the first screenshot that the person claims is proof of access to MyDeal's AWS. Sean Senvirtne is the founder and CEO of MyDeal. Anyone have thoughts on what this may or may not show? #infosec
Read 12 tweets
Jeremy Kirk Profile picture
Sep 29
Here are some technical observations related to the Optus breach. This gets into the technical weeds, but it’s important for understanding how this breach may have happened. I’ll try to make it as comprehensible as possible. #optushack #auspol #infosec
Some information is based on public data. The analysis comes from information security experts, whom I appreciate reaching out to me. 😉
We know that the breach occurred because the Optus hacker abused an application programming interface (API) which was api[dot]optus.com.au. As we know, that API was left open on the internet.
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

Email the whole thread instead of just a link!

Separate emails with commas

:(