Notes

Australia Faces another Global Bug

The COVID-19 virus is affecting all aspects of our lives, and an additional virus is in the wild.



Businesses and hospitals that have employees who work remotely or on the move are at the forefront of the problem.



Over the Christmas break during the Christmas break, the Australian Immunisation Register and the Medicare and Pharmaceutical Benefits Scheme portals required urgent improvements.



So far, they are winning the battle against intruders.



Hank Jongen, general manager of Services Australia, stated that he was unaware of any information that was disclosed by third-party vendors. He also said that he continues working with developers to make the transition.



But a simple scan by experts sifting for intrusions might not be enough to safeguard against malicious attacks.



Cyber security experts warn that hackers can get into the software systems and could be in the system for a long time.



Cyber-attacks are growing as more people go online for their livelihoods and lives. MINECRAFT The Log4j vulnerability is one of the most dangerous.



A flaw in a piece of software affects Log4j Java system which millions of Australians use, often without knowing at home and work-related computers, phones or other seemingly secure apps.



Microsoft suggests regular reviews and scans for fresh attacks on malicious codes and messaging.



Microsoft states that "Due to the many software and services affected as well as the speed of updates, it is likely that this will be a long tail to remediation, which will require ongoing and sustainable vigilance."



Last week, the United States announced that it will sue companies that aren't protected against the bug or its variants.



Australia is likely to do it if its laws allowed for such a decisive step.



The US Federal Trade Commission (FTC) states that the vulnerability is being exploited by a growing set of hackers, posing the risk of a serious security risk to millions of consumer products as well as enterprise software and web applications.



China-based groups Hafnium and Aquatic Panda rapidly went on the attack just a few days after the flaw was disclosed in December. The same was the case for hackers from Iran, experts declare.



"When vulnerabilities are discovered and exploited, it could lead to loss of personal information financial loss, as well as other irreparable harms," warned the FTC in a blog post.



The US Cybersecurity and Infrastructure Security Agency warns that no one action can solve the problem.



Under US law, there is a duty to be a good citizen, and that applies to Australian organisations operating in the United States.



According to the FTC it will make use of its "full legal power" to prosecute companies that do not take reasonable steps to protect consumer information from exposure due to Log4j or similar vulnerabilities in the future.



When the credit company Equifax did not patch a vulnerability that was known and leaked the personal details of 147 million people they had to pay a settlement of $US700 million ($A974 million)



Services Australia, which is responsible for the data and health of millions of Australians, is linked to hospitals, aged homes, and other service providers. Their systems are flexible, but often fragile.



Intruders have discovered remote access software to access applications and data, such as MobileIron products in Australia.



The Australian Industry Group warned that some apps may be vulnerable. This could impact individuals, businesses, and supply chains.



Ai Group states that a hole in their defenses could allow malicious actors to create malicious "logs" which could be used to gain control of computer systems and data.



The bug and its variants are being dealt with by the United Kingdom, United States of America, Canada, and New Zealand.



"The Log4Shell vulnerability within MobileIron products is being targeted and exploited," the UK's National Health Service has warned.



Software developers and companies such as Java's Apache, MobileIron and other Java-based software developers, have acted swiftly.



Apple's iCloud and the platform for distribution of games Steam and Minecraft have also patched up holes.



Stuart Robert, Australia's Employment Minister, has urged all businesses in Australia to address the issue with seriousness.



He added, "It's a serious virus, serious malware"



"I've been encouraging all businesses to take a step of urgency to ensure that their servers, especially their web servers, and any of their remote access through MobileIron are patched in a timely manner and should be doing it now."



All levels of government, including universities and companies in Australia, have been warned to scan and update their software in order to stay safe.



Microsoft claims to have seen a number of attackers include these vulnerabilities in existing malware kits and tactics. This includes cryptocurrency miners and hands-on keyboard attacks.



The firm says that "Organisations might not be aware that their environments could already have been compromised."



"At this moment, customers should be aware that broad availability of scan and exploit codes is an immediate and real threat to their environments."



Many Australian aged health and care facilities take advantage of taxpayer money using the dated business-to-government (B2G), software. They were warned to take action, but might not have received the notice.



Services Australia advised that customers should migrate to web services as soon as they can in an email to developers in late December.



"The agency is determined to move away from the aging technology to adapt for online claims as soon as it is possible.



"This has become increasing urgent due to the growing global Java vulnerability."



The agency blocks around 14 million emails that are suspicious each month, and is constantly required to conduct security reviews, updates and patches to fix bugs, a federal parliamentary committee heard last year.



Services Australia is now working closely with the Australian Cyber Security Centre on the ever-changing threat.



"Services Australia will continue to implement mitigation and detection guidelines as advised by the ACSC," Mr Jongen stated.



"The ACSC is working with all vendors in order to discover and reduce Log4j weaknesses.


My Website: https://acesasoft.com/