Australian privacy watchdog launches investigation into Clearview AI

Australia’s privacy watchdog will probe the personal information handling practices of Clearview AI after several policing agencies admitted to having used the controversial facial recognition tool.

The Office of the Australian Information Commissioner (OAIC) on Thursday opened a joint investigation into the software with the United Kingdom’s Information Commissioner’s Office (ICO).

The tool, which is targeted at law enforcement agencies, is capable of matching images with billions of others from across the internet, including social media, to find persons of interest.

As part of the probe, OAIC and its overseas counterpart will look at Clearview AI’s “use of ‘scraped’ data and biometrics of individuals”, as well as how it manages personal information more broadly.

“The investigation highlights the importance of enforcement cooperation in protecting the personal information of Australian and UK citizens in a globalised data environment,” the OAIC said in a brief statement.

“In line with the OAIC’s privacy regulatory action policy, and the ICO’s communicating our regulatory and enforcement activity policy, no further comment will be made while the investigation is ongoing.”

The investigation follows preliminary enquiries by OAIC earlier this year after the tool was revealed to have been used by 2200 law enforcement agencies globally, including the Australian Federal Police and the Queensland, Victoria and South Australia police forces.

While the four policing agencies initially denied that the software had been used, the AFP and Victoria Police have since been forced to admit to having briefly trialled the tool from late 2019.

The AFP confirmed in answers to questions on notice that seven officers from the Australian Centre to Counter Child Exploitation had used the tool to conduct searches after being sent trial invitations from Clearview AI.

Victoria Police, similarly, confirmed in a freedom of information request that several officers from the Joint Anti-Child Exploitation Team had run more than 10 searches using the tool after signing up.

Both agencies stressed that Clearview AI had not been adopted as an enterprise product and that no formal commercial agreements had been entered into.

Article Courtesy: www.itnews.com.au/

NSW govt sets up vulnerability tracking centre in Bathurst

The NSW government has set up a cyber security vulnerability management centre in Bathurst, which will start operating next month.

The centre will be operated by Cyber Security NSW, the new name given to what was formerly the Office of the Government Chief Information Security Office.

It will provide the NSW government with an increased awareness of vulnerabilities in internet-facing services and assets,” Customer Service Minister Victor Dominello said in a statement.

“It will deliver a vital, sector-wide risk management capability and is critical to ensuring enhanced monitoring of at-risk government systems, as well as early identification and remediation of known vulnerabilities.

“Early detection of vulnerabilities and the ability to report them to the relevant agencies and departments is essential to improving our cyber security.”

The government added that the centre “will provide ongoing and automated vulnerability scanning across departments and agencies, and as capability develops, other services will be introduced.”

The centre is the first of its kind in NSW and will employ eight Bathurst-based cyber security staff.

It will also see Cyber Security NSW work in partnership with UpGuard “to provide the NSW Government with greater capabilities to detect and manage internet-facing vulnerabilities and data breaches.”

The centre’s establishment comes as the NSW government prepares to invest $240 million into cyber security over the next three years.

It also comes as news reports emerge of the state government being a major target of a potentially state-based attack.

Article courtesy: www.itnews.com.au

Microsoft warns to stay alert from human-operated ransomware campaigns

Microsoft warns to stay alert from human-operated ransomware campaigns

During the pandemic crisis, the cybercriminals are still looking for victims. The Microsoft’s Threat Protection Intelligence Team has warned. The ransomware criminals are still looking to attack healthcare and critical service providers. It has also issued a detailed guide in order to reduce the risk of falling victim to them.

Previously, the ransomware attacks were usually automated. But this time Microsoft confirmed that these attacks are not done in an automated fashion. Instead, they are conducted by criminal gangs that work by compromising internet-facing network devices. In order to establish a presence on vulnerable systems months before they strike and steal and encrypt victims’ data.

The attackers have a range of vulnerabilities. Which they can use to access victims’ networks and work. Their way to capture credentials and prepare for the final ransomware activation, Microsoft noted.

The most recent ransomware attacks that were observed by the Microsoft security teams highlighted Remote Desktop Protocol or Virtual Desktop systems that aren’t secured with multi-factor authentication.

Older, unsupported and unpatched operating systems. For instance: Microsoft Windows Server 2003 with weak passwords and 2008, misconfigured web servers including Internet Information Services, back up servers, electronic health record software and systems management servers are all being attacked currently. Vulnerable Citrix Application Delivery Controller and Pulse Secure are also in ransomware criminals’ sights and should be patched as soon as possible.

Once the cybercriminals have access to the victims’ device. They attempt to steal admin login credentials and move laterally within networks with common tools. For instance: Mimikatz and Cobalt Strike, Microsoft said.

After gaining access, the attackers usually create new accounts, modify Group Policy Objects in Windows. We add scheduled tasks and register operating system services, and deploy backdoors and remote access tools for persistence. CSPRO wait for an opportune moment to activate the ransomware to blackmail victims.

Several human-operated ransomware payloads are actively being used presently.These include RobbinHood, REvil/Sodinokibi, the Java-based PonyFinal and Maze, the operators of which were one of the first to sell stolen data from technology providers and public services it has attacked, Microsoft said.

One particular campaign, NetWalker, targets hospitals and healthcare providers through bogus COVID-19 subject emails with the ransomware delivered as a malicious Visual Basic script file.

Apart from actively patching systems, Microsoft said to watch out for malicious behaviors such as tampering with security events logs and other techniques used to evade detection, suspicious access to Local Security Authority Subsystem Service (LSASS), and Windows Registry database modifications which could indicate that credentials theft is taking place.

Investigating the Windows Event Log during the earliest part of a suspected breach. They looking for event ID 4624 and logon type 2 or 10 could indicate post-compromise access, Microsoft said.

Later on, searching WEL for type 4 or 5 logons could also indicate suspected breach activity.

Ransomware criminals show no compunction as to the impact their attacks have on health care providers, Microsoft warned.

They have also recently caused extensive damage to organizations such as forex giant Travelex which had to shut down its systems over the New Year, and global logistics company Toll Group.

If you’re concerned your personal details have been compromised, you can reach us at 1300 660 368 and one of our team members can help you in staying safe from the ransomware attack.

Article courtesy: www.itnews.com.au