Saturday, November 26, 2022

Australia ransom ban, brand impersonation sites, GitHub private reporting - CISO Series

Last updated Tuesday, November 15, 2022 07:05 ET , Source: NewsService

Australia considers ban on ransomware payments

We’ve been covering the details and fallout from the most recent high-profile hack to hit Australia, impacting the insurance provider Medibank. Combined with the Optus breach, personal data on a large percentage of Australians became exposed this year. Now Australia’s home affairs minister Clare O’Neil proposed making ransomware payment illegal, with the aim of decreasing profitability for such breaches. Critics of the proposal say it would move ransom payments underground, using third-parties in other jurisdictions. The government also announced the formation of a new cyber-policing model between the AFP and the Australian Signals Directorate to create a joint standing operation against cyber attacks.

Thousands of sites used for brand impersonation

It turns out massive brand impersonation isn’t just a problem for Twitter these days. According to a report from researchers at Cyjax, China-based threat actors known as Fangxiao operate a massive network of over 42,000 domains, meant to impersonate popular brands. The group isn’t new to the game, first spotting spoofing firms since 2017. It uses the sites to redirect users to adware, dating sites, and fraudulent giveaways, generating revenue from clients who pay for traffic. The sites try to appear convincing, with researchers noting extensive localization options. The group appears to register roughly 300 new brand domains daily.

GitHub gets private reporting

The code hosting...

Read Full Story: https://news.google.com/__i/rss/rd/articles/CBMiiAFodHRwczovL2Npc29zZXJpZXMuY29tL2N5YmVyLXNlY3VyaXR5LWhlYWRsaW5lcy1hdXN0cmFsaWEtcmFuc29tLWJhbi1zY291cmdlLW9mLWJyYW5kLWltcGVyc29uYXRpb24tc2l0ZXMtZ2l0aHViLWdldHMtcHJpdmF0ZS1yZXBvcnRpbmcv0gEA?oc=5

Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.