Notes

Australia is Battling another Global Bug

The COVID-19 virus has devastated all aspects of our lives. Now another one is on the loose.



Businesses and hospitals with employees who work at a distance or are on the move are at the forefront of this epidemic.



The growing Australian Immunisation Register and the Medicare and Pharmaceutical Benefits Scheme portals all required an urgent update over the Christmas break.



So far, they are winning the fight against intruders.



"We're not aware of any information being shared by third-party vendors, and we continue to actively collaborate with developers in the process of transitioning," Services Australia general manager Hank Jongen told AAP.



But a simple scan by experts scanning for intrusion may not be enough to safeguard against malicious attacks.



As well as being a "real and imminent threat" Intruders are residing in the software systems and could lurk for a long time, cyber detectives warn.



Cyber threats are increasing as more people go online to make a living and for their lives. The Log4j vulnerability is a particularly dangerous one.



The vulnerability in a program component can affect the Log4j Java system that is used by millions of Australians who are often unaware of it at home and at work phones, computers and apps that appear to be secure.



Microsoft recommends that you conduct regular reviews and scans to find new messages and malicious codes.



"Due to the many applications and services affected, and the rapid pace of updates, this is expected to be a long-lasting process for remediation, and requires constant, sustained vigilance" Microsoft says.



Last week the United States announced that it would sue companies who do not have protection against the bug or its variants.



Australia is likely to do it in the event that its laws permitted this kind of decisive action.
HANMA YOU


According to the US Federal Trade Commission (FTC), the vulnerability is being exploited by a rising number of attackers, posing an extremely risk to millions of consumer products, enterprise applications, and web-based applications.



Experts believe that China-based organizations Hafnium, Aquatic Panda, and hackers with a base in Iran quickly launched attacks after the first flaw in December.



"When vulnerabilities are discovered and exploited, there is a risk of the loss or disclosure of personal information, financial loss and other irreparable damages," the FTC warned in a blog post.



The US Cybersecurity and Infrastructure Security Agency warns no single action can solve the problem.



The obligation to act is outlined by US law which is applicable to Australian companies operating in the United States.



The FTC declares that it will utilize its "full legal authority" to sue businesses that fail to take reasonable steps to safeguard the privacy of their customers' data from being exposed due to Log4j, or similar known vulnerabilities in the future.



When credit firm Equifax did not patch an issue that was well-known and exposed the personal details of 147 million customers, it was forced to settle a claim of $US700 million ($A974 million)



Services Australia, which is responsible for the health and data of millions of Australians, is linked to hospitals, aged homes and other service providers. Their systems are flexible, but are often fragile.



Remote access software for data and applications, including the MobileIron products that are used in Australia and other countries has proved to be a convenient entry point for intrusionists.



The Australian Industry Group warned that many apps could be vulnerable. This could affect business owners, individuals and supply chains.



"A weakness in their defenses could allow malicious actors to create malicious 'logs that could be used to take control of data and computer systems," Ai Group says.



The United Kingdom, United States, Canada and New Zealand are also working on the bug and its variants.



The UK's National Health Service warned that the Log4Shell vulnerability in MobileIron products was being actively targeted and exploited.



Organisations and software developers, including Java's Apache and MobileIron have acted swiftly.



Apple's iCloud, the platform for distribution of games Steam and Minecraft have also been patched holes.



Stuart Robert, Australia's Employment Minister, has urged all businesses in Australia to take the issue seriously.



He stated, "It's a serious virus serious malware"



"I have been encouraging companies to take the right steps now, particularly with regard to their web servers as well as any remote access through MobileIron.



All levels of government, including universities and companies in Australia, have been warned to scan and update their software in order to ensure their security.



Microsoft claims to have seen a number of attackers add these vulnerabilities to existing malware kits and techniques. This includes keyboards that are used for hands-on attacks.



"Organisations might not be aware that their environments are already compromised," the firm says.



"At this moment, customers should be aware that the availability of exploit codes and scanning capabilities is an immediate threat to their systems."



A lot of Australia's health and old care providers claim on taxpayer funds using ageing business-to-government (B2G) software and were warned to respond, but they may not have received the message.



"We recommend that you switch your customers to web-based services as soon as is possible," Services Australia said in a note to developers in late December.



"The agency is committed in moving away from the ageing adaptor technology to online claiming as soon as is possible.



"This has become increasing urgent in light of the emerging global Java vulnerability."



A parliamentary panel of the Federal government heard in the summer of last year that the agency blocks around 14 million suspicious emails per month and has to conduct security reviews, upgrades, and patches to fix bugs.



Services Australia is currently working closely with the Australian Cyber Security Centre to address the evolving threat.



Mr. Jongen declared that Services Australia would continue to implement the ACSC's mitigation and detection recommendations.



"The ACSC are working with all vendors to ensure that Log4j vulnerabilities are identified and reduced.


Here's my website: https://hanmayou.com/