The Vice-chancellor reported the hack involved personal and payroll details going back 19 years.

This past week, a leading University in Canberra, Australia (the Australian National University) announced a huge data breach and Avantia Cyber finds 9,165 ANU User Credentials for Sale on the Dark Web, Graphics data tech ‘Canva Australia’ data breach affects 139 Million Users, Team Viewer in Germany gets Malwared, Government Agencies are under attack, and Canada sees a spike in malicious emails.

This Past Weeks Top DARK WEB Compromises:* Top Source Hits: ID Theft Forums (99%) Top Compromise Type: Domain (99%) Top Industry: Manufacturing Top Employee Count: 11 - 50 Employees

This Past Week’s Top Targeted Industries*

Software Hits: 41 | Targets: Google, Twitter, Yahoo, Facebook, Cambridge Analytica

Hospitality Hits: 41 | Targets: Checkers Drive-in Restaurants Inc, Airbnb, Starbucks

Hospitality Hits: 41 | Targets: Checkers Drive-in Restaurants Inc, Airbnb, Starbucks

Finance Hits: 40 | Targets: PayPal, Equifax Inc, First American Financial Corp, JPMorgan Chase & Co., Wells Fargo

Information Technology Hits: 40 | Targets: Google, Twitter, Apple, Yahoo, Facebook

This Past Week’s Top Threat Actors*

Anonymous Venezuela Hits: 47 | Targets: Venezuela, United States, Petare, GNB, Cuba

Hezbollah Hits: 35 | Targets: Israel, Syria, Lebanon, Iran, United States

CtrlSec Hits: 10 | Targets: Islamic State in Iraq and the Levant, United Nations, Twitter, United States, Tunisia

Shadow Brokers Hits: 5 | Targets: Microsoft Windows, Microsoft, Cisco Systems Inc, Iran, China

в/ч 74455 Hits: 3 | Targets: Main Intelligence Directorate (GRU), World Anti-Doping Agency, TAS, Canadian Centre for Ethics in Sport, SARI USADA

This Past Week’s Top Malware Exploitations*

HiddenWasp Hits: 64 | Targets: Linux, Sandfly, Christian T. Drieling

Wcry Hits: 26 | Targets: Boeing, Microsoft Windows, United Kingdom, Bitcoin, National Health Service

NotPetya Hits: 16 | Targets: Ukraine, United Kingdom, Russia, FedEx , A.P. Moller-Maersk

Mirai Hits: 15 | Targets: Internet of Things, Deutsche Telekom, Germany, United States, Home Router

GandCrab Hits: 14 | Targets: Microsoft Office Word, Italy, Syria, Microsoft Windows, Microsoft Windows Xp

IN OTHER NEWS

Australian National University hit by huge data breach :*

Vice-chancellor saying hack involved personal and payroll details going back 19 years.

The Australian National University is in damage control after discovering a major data breach a fortnight ago in which a “significant” amount of staff and student information was accessed allegedly by a “sophisticated operator”. The Vice-chancellor reported the hack involved personal and payroll details going back 19 years. The University has confirmed an estimated 200,000 people have been affected by the hack, based on student numbers each year and staff turnover. In a message to staff and students, Vice-Chancellor Brian Schmidt said someone illegally accessed the university’s systems in late 2018. “We believe there was unauthorised access to significant amounts of personal staff, student and visitor data extending back 19 years,” Schmidt said. Information accessed in the data breach includes: names, addresses, dates of birth, phone numbers, personal email addresses, emergency contact details, tax file numbers, payroll information, bank account details, passport details and student academic records.

A live data search by Avantia Cyber Security on our US Partners Dark Web Database of Stolen Usernames & Passwords on 4th June, 2019 revealed that the ANU (under the domain @anu.edu.au) has currently 9,165 Stolen Usernames & Passwords for Sale on the DARK WEB including PII (Personally Identifiable Information) information such as Name; Address; Phone Number; Date Of Birth; Tax File Number etc. – the most recent listing on the Dark Web occurred on 24th May, 2019 exposing the victim to Identity Theft.

The University said stored credit card details, travel information, medical records, police checks, workers’ compensation, vehicle registration numbers and some performance records have not been affected. “We have no evidence that research work has been affected,” Schmidt said. ANU is working closely with Australian Government Security Agencies and industry security partners to investigate the attack further, he added. “Following the incident reported last year, we undertook a range of upgrades to our systems to better protect our data. Had it not been for those upgrades, we would not have detected this incident,” Schmidt said. Cyber security expert Greg Austin from the University of New South Wales said Universities in Australia are a prime target. He characterised the scale of this attack in the middle to top end. “It’s fair to say States, Major Powers with Cyber Espionage capabilities do target Universities … because the elites of various countries attend those universities,” he said. The academic said some foreign students studying in Australia would be the sons and daughters of overseas power-brokers or future leaders themselves. Austin said corporations under cyber attack often become quite disorientated by the experience and are unsure whether to double or triple their investment in cyber security. crook,” he said. The Australian Cyber Security Centre confirmed it is working with ANU to secure the networks, protect users and investigate the full extent of the compromise. “This compromise is a salient reminder that the cyber threat is real and that the methods used by malicious actors are constantly evolving,” a spokesman said. “Unfortunately, a malicious actor with sufficient capability, time and resources will almost always be able to compromise an internet-connected computer network,” the spokesman said. Australian Signals Directorate advised that it does appear to be the work of a sophisticated actor.

Avantia Cyber Security Note:

If you want to know if your “Critical Credentials” on the ANU domain (@anu.edu.au) have been compromised on the Dark Web, please contact our office on 07 3010 9711 (9am – 5pm M=F) for a free Dark Web Security check.

Apple Launches Privacy-Focused Authentication System:*

Apple announced on Monday at its 2019 Worldwide Developers Conference (WWDC) a new authentication system that should provide better privacy protections compared to similar products from Facebook and Google. The new ‘Sign in with Apple’ system is advertised as fast, secure and privacy friendly. It allows users to sign in to a third-party application with their Apple ID, while making it more difficult for apps to track them. Developers can add the Sign in with Apple button to their applications and users only need to tap it in order to authenticate via FaceID with a new account. The apps can request the user’s name and email address, but the new sign-in system allows them to hide the real email address and instead provide a randomly-generated address from where emails are forwarded to the user. According to Apple, the new authentication mechanism works on iOS, macOS, tvOS and watchOS, and it can also be added to websites and apps running on other platforms. Sign in with Apple is expected to become available for beta testing this summer. Once it becomes generally available later this year, developers will be required to add it to apps that support third-party logins. "After witnessing Netflix customers and Amazon partners having their account hacked, this new feature from Apple is a much needed step in the right direction toward safer web commerce,” commented Shlomi Gian, CEO at CybeReady, a provider of autonomous cyber security awareness. “One area that would still remain vulnerable has to do with consumer behavior toward ‘phishing’ as there are still too many instances where consumers literally give away their credentials to hackers unintentionally. Increased awareness might be the only way to reduce risk in the foreseeable future.” However, some security experts are skeptical of Apple’s privacy-related claims. “This feels like the exact same thing we already have, but with a promise from Apple that they will be nice,” Chris Morales, head of security analytics at threat detection and response firm Vectra, told SecurityWeek. “Google once had the slogan ‘don’t be evil’. It is all big companies trying to be the central point of authentication. I’m sure it works great, however, I think the privacy angle is more geared towards marketing than anything else.” Apple also announced on Monday that its upcoming iOS 13, which should be launched this fall, will also include some privacy-focused enhancements, such as making it easier for users to prevent apps from tracking their location.

Industry is Not Prepared for the IIoT Attacks that Have Already Begun*

Industrial Internet of Things (IIoT) is an essential part of business transformation and the Industry 4.0 revolution. Its use is burgeoning, with more than 7 billion devices in use worldwide. This is expected to grow to more 20 billion by 2025 -- and does not include phones, tablets or laptops. It is a journey just beginning, and nobody yet knows the destination or route. Cybersecurity complications are expected, but the most common perception is that so far this has been limited to the rise of massive DDoS botnets (A DDoS botnet attack is a malicious attempt to make a network resource unavailable to users utilizing a network of private computers infected with malicious software and controlled as a group without the owners' knowledge.) able to deliver huge attacks -- like Mirai – (the Mirai botnet infected computers in 164 countries) from thousands of compromised IoT devices. A new survey now shows that direct cyber-attacks against IIoT have already started, and that DDoS is not a primary concern to security teams. The survey, conducted by Vanson Bourne for Irdeto, questioned 700 security decision makers across Connected Health, Connected Transport and Connected Manufacturing, and the IT and technology firms that manufacture devices. Data was gathered in March and April 2019 from China, Germany, Japan, the UK and the U.S. Eighty percent of these organizations experienced a cyber-attack against their IoT over the last 12 months. The highest rate was in the UK at 86% (three other regions had attacks against more than 80% of respondents), with Japan at the relatively low 60%. Within the industry verticals examined, 82% of healthcare organizations, 79% of manufacturing and production organizations, and 77% of connected transport organizations have experienced an attack. While attacks against IIoT have already started, organizations have little confidence in the immediate future. Globally, 83% of organizations are concerned about their IoT systems suffering a future cyber-attack (with 32% being 'very' concerned). Concern is highest in the UK (91%), with the U.S. at 87%. Japan and China show the least concern at 76% and 77% respectively. Coupled with these concerns, there is little confidence in the existing device security. Globally, 33% of user organizations believe that device security could be improved to a great extent. Only 2% felt that security could not be improved. Even among the IoT manufacturers, there is little confidence. Forty-one percent of the IoT device manufacturers feel their own device security could be improved to a great extent. This was highest in Germany (49%) and lowest in Japan (32%). The degree of concern differs between the verticals. Connected transport is most concerned about compromised customer data (35%) followed by loss of customers and operational downtime (both at 15%). Healthcare is most concerned about compromised customer data (39%) followed by compromised end-user safety (20%). Manufacturing and production is primarily concerned with compromised end-user safety (21%) followed by operational downtime (19%). None of these figures are surprising given the nature of the verticals -- except, perhaps, that healthcare is more worried about loss of data than end-user safety (presumably patients). The average cost of an IoT security incident has been relatively low in cyber breach terms -- just US$330,602. It is highest in connected transport, and lowest in manufacturing and production. This surprises Irdeto. "It ís possible that these organizations may not be taking into account all of the costs associated with a cyberattack, including lost business, costs to correct any vulnerabilities that led to the attack, etc," it writes. "It is also possible that with IoT proliferation in these industries being in its relative infancy, the current cost of cyberattacks on these devices is not as catastrophic as in other parts of the business. However, if this is the case, the costs will surely skyrocket as IoT devices become more abundant and connectivity continues to increase throughout the business. "It is fair to say that as IoT becomes more deeply embedded in manufacturing -- especially in the operational side -- the cost of a serious attack could increase dramatically. When a variant of WannaCry got into the OT network of the Taiwanese TSMC chip fabricator in 2018, it resulted in costs of around $170 million. The Irdeto survey demonstrates that direct cyber-attacks against IIoT have already started, and that industry is not yet well prepared. In fact, Irdeto found only one promising response: 99% of the respondents agree that a security solution should be an enabler of new business models, and not just a cost. It took IT security many years to come to the same position. It demonstrates, says Irdeto, that "The previous mindset of security as an afterthought is changing, and one of the most promising results of the study found that today's organizations are thinking even more strategically about security."

Supra smart TVs aren't so Super Smart:*

Owners of Supra Smart Cloud TVs are in danger of getting some unwanted programming: it's possible for miscreants or malware on your Wi-Fi network to switch whatever you're watching for video of their or its choosing. Bug-hunter, Dhiraj Mishra laid claim to a remote file inclusion zero-day vulnerability ( a zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched.) that allows anyone with local network access to specify their own video to display on the TV, overriding whatever is being shown, with no password necessary. As such it's more likely to be used my mischievous family members than hackers. Mishra said the issue is due to a complete lack of any authentication or session management in the software controlling the Wi-Fi-connected telly. By crafting a malicious HTTP GET request, and sending it to the set over the network, an attacker would be able to provide whatever video URL they desired to the target, and have the stream played on the TV without any sort of security check. In practice, this bug would be exploited by someone who was on the local network, either by already knowing the wireless password or taking advantage of an unsecured network, who would then send the request to the TV with a link to their own video. While this would usually just be a harmless prank, Mishra noted that a particularly malicious user could try to stir up panic by displaying a phony emergency alert. "A legit user is watching some action movie and attackers trigger the remote file inclusion vulnerability at the same time, so the attacker would have full control over the TV and he can broadcast anything," Mishra said. "The attacker can broadcast any fake emergency message, or the worst case could be broadcasting a purge message." In 1987, hackers in the Chicago area of the United States were able to hijack the signal of two local television stations and, for a brief period of time, serve viewers a bizarre clip of an unknown person ranting in a rubber mask of the animated Coke spokes droid. Owners would be well-advised to make sure their Wi-Fi networks are secured, and only trusted users have local access.

_________________________________________________________________________

THREAT FOCUS: The Georgia Institute Of Technology - USA*

Exploit: Unauthorized database access The Georgia Institute of Technology: Public research university based in Atlanta, Georgia Risk to Small Business: 1.555 = Severe: Hackers were able to infiltrate the Institute’s databases that were storing sensitive personal information on current and former students and employees. After identifying an unauthorized user sending queries through an Institute web server, Georgia Tech began an investigation and executed a few countermeasures to secure their ecosystem. Not only will Tech be on the hook for providing credit and identity monitoring services to affected individuals, but they will also deal with scrutiny from current students, employees, and even alumni.

Individual Risk: 2.285 = Severe: According to an official statement from Georgia Tech, the information accessed varies by individual, but it could include names, addresses, Institute ID numbers, dates of birth, and social security numbers. This breach could extend to students, faculty, staff, alumni, applicants, and affiliates. Anyone with ties to Georgia Tech should enroll in identity theft protection services and stay vigilant for potential compromises or fraud attempts.

Customers Impacted: 1,265

Effect On Customers: Failing to understand your organization’s threat landscape can have significant consequences in today’s digital environment. In this case, hackers had access to the university’s database for nearly four months, making it evident that their security standards were not adequate to address relevant threats. Particularly when your university is seen as a premier technological institution, failure in this regard is entirely preventable, embarrassing, and unacceptable.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Team Viewer – GERMANY*

Exploit: Malware TeamViewer: Developer of proprietary software for remote desktop control, desktop sharing, online meetings, web conferencing, and file transfers

Risk to Small Business: 2.222 = Severe: TeamViewer has acknowledged a malware attack that gave hackers access to the company’s servers, which included their software’s source code. According to an official release by the company, the threat was detected before hackers could steal any data or code. However, this incident took place in 2016, which makes their timing problematic. Consequently, the company will face heightened media scrutiny and reputational damage that could exceed the scope of the actual breach.

Individual Risk: 3 = Moderate: The company contends that personal information was not compromised during the breach, but users should be mindful of the company’s security posture, especially given the potentially sensitive information conveyed through their services.

Customers Impacted: Unknown

Effect On Customers: Regardless of actual outcomes resulting from the data breach, this episode makes it clear that TeamViewer does not prioritize clear and timely communication when it comes to their cybersecurity initiatives. While data security needs to be a top priority for every organization, communication and customer support are a close second, along with being the most controllable part of any cyber defense plan.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Louisville Regional Airport Authority – USA*

Exploit: Ransomware Louisville Regional Airport Authority: Municipal corporation responsible for owning, operating, and developing Louisville International Airport and Bowman Field Risk to Small Business: 2.111 = Severe: Hackers were able to install ransomware on the airport’s network system, encrypting localized files for two airports, the Louisville Muhammad Ali International Airport and Bowman Field. Fortunately, the organization was prepared for such an incident, and they are restoring their files from backups rather than paying the ransom. While the ransomware was restricted to localized files that are unaffiliated with the organization’s operations or security systems, it’s always concerning when critical infrastructure is tangentially impacted by security vulnerabilities. Individual Risk: 3 = Moderate: There is no indication that personal information was compromised as part of this breach.

Customers Impacted: Unknown

Effect On Customers: Ransomware is a growing threat among SMBs. Since it is often injected into a company’s network through phishing scams or other employee errors, consider partnering with an MSP that has the tools to train employees and prevent phishing attacks.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Canva Graphic Design – AUSTRALIA*

Exploit: Database server compromise Canva: Graphic design website providing amateur and professional web/media design tools Risk to Small Business: 1.555 = Severe: A now-prolific hacking group accessed Canva’s network, compromising information for millions of users. According to the hacker’s message after the breach, the theft includes extensive records up until May 17th. The company’s quick response and high cybersecurity standards will help mitigate the damage of the breach, but they are now responsible for understanding what happens to their users’ data when it’s published on the Dark Web.

Individual Risk: 2.149 = Severe: The scope of this breach is incredible, but it will impact users differently. Compromised information could include usernames, real names, email addresses, and location information. Fortunately, the passwords for 61 million users were hashed, making them more difficult to decrypt. The company encourages users to change their account passwords and to update passwords from other accounts that may be using redundant credential.

Customers Impacted: 139 million

Effect On Customers: Even companies with the best cybersecurity standards can still fall victim to a devastating data breach. Partner with an MSP that can determine where information ultimately ends up (hint: the Dark Web!) so that your customers, employees, and profit margins are always protected from cybersecurity threats.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Perceptics Manufacturing – USA*

Exploit: Network compromise Perceptics: Maker and distributor of license plate readers, under-vehicle cameras, and driver camera

Risk to Small Business: 1.444 = Extreme: A hacker using the pseudonym “Boris Bullet-Dodger” gained access to the company’s database and exfiltrated hundreds of gigabytes of data, which he subsequently published on the Dark Web. In total, more than 65,000 files were stolen including data directly from employee laptops. In total, the data breach included information from the access databases, ERP databases, HR records, Microsoft SQL Server data stores, business plans, financial figures, and personal information.

Individual Risk: 2.142 = Severe: The trove of data released by this hack compromised personal information, and the extent of the hack makes it difficult to know precisely what data was taken. However, evidence that hackers accessed employees’ desktops, denoted through the presence of music stored on user computers, suggests that the information exposed could be extensive.

Customers Impacted: Unknown

Effect On Customers: Responding to a breach of this scope is complicated. Managing the PR fallout is a significant responsibility, but an organization’s most important function is to support those whose information is posted on the Dark Web. In the event of a data breach, knowing what happens to your data is critical, and partnering with a qualified MSP can make all the difference.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Shubert Organisation - USA*

Exploit: Employee email account breach Shubert Organization: Theatrical producing organization and owner of theater’s in Manhattan and New York City Risk to Small Business: 1.777 = Severe: Hackers gained access to several employee email accounts containing sensitive personal information. The data breach occurred last February, and it’s unclear why the company either took so long to identify the intrusion or to communicate the incident with stakeholders. Regardless, it underscores the importance of strong defenses, as the company is now responsible for providing credit monitoring services for 24 months. However, this pales in comparison to the incalculable reputational damages that can occur with the magnitude of this breach.

Individual Risk: 2.285 = Severe: Although the company can’t confirm that the intruder accessed personal information, the affected accounts included customers’ names, credit card numbers, and credit card expiration dates.

Customers Impacted: Unknown

Effect on Customers: While every company is responsible for putting up strong defences again cybercriminals, bad actors are highly motivated and continually operate with an advantage. Therefore, it’s crucial for companies to differentiate themselves through their support services to help impacted individuals in the wake of a data disaster.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Sunderland City Council Library – UNITED KINGDOM*

Exploit: Unauthorized database access Sunderland City Council Library: Local city library serving Sunderland Risk to Small Business: 2.111 = Severe: Hackers were able to compromise a library database which contained customer account information and was hosted by a third-party vendor. The City Council hired an external cybersecurity firm to investigate the incident and shore up their security posture moving forward. Security measures that are implemented in the wake of a breach are valuable but protecting IT infrastructure from the beginning is the most cost-effective plan for keeping your customer and employee data secure.

Individual Risk: 2.4286 = Severe: The databases gave intruders access to personal information, including names, phone numbers, and dates of birth. While investigators found that only 45 accounts were accessed, they can’t determine which accounts were compromised. Therefore, all library account holders should be monitoring their accounts for identity theft or fraud.

Customers Impacted: 145,000

Effect On Customers: Enhancing security standards is an essential next step after a data breach, but organizations are most beholden to those who are impacted by the initial incident. To be vigilant and prepared at all times, every organization should partner with an MSP that can proactively monitor the Dark Web for customer and employee data.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

THREAT FOCUS: Talk Talk Group - UNITED KINGDOM*

Exploit: Cyber attack TalkTalk Group: Telecommunications company providing internet and mobile network services throughout the United Kingdom Risk to Small Business: 2.222 = Severe: In 2015, TalkTalk experienced a catastrophic data breach that impacted 4% of their entire customer base. However, a communications failure left the personal information of thousands of victims exposed online since the breach.

Individual Risk: 2.285 = Severe: Although the company is hedging against the incident by claiming that none of the exposed credentials could individually lead to direct financial loss, the exposed data includes names, addresses, email addresses, dates of birth, TalkTalk customer numbers, mobile numbers, and bank details. Making matters worse, news organizations were able to identify victims’ banking information with a simple Google search, indicating both the seriousness of the information and the accessibility of the data.

Customers Impacted: 4,545

Effect On Customers: Especially in the E.U., where GDPR mandates make clear communication a veritable must-have for any organization, TalkTalk’s oversight is especially egregious. However, regardless of scope or locale, effective communication and proper incident navigation can go a long way toward regaining customer trust and rebuilding brand reputation.

Risk Levels: 1 - 1.5 = Extreme Risk 1.51 - 2.49 = Severe Risk 2.5 - 3 = Moderate Risk *The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

POSTSCRIPT:

Mobile Banking Malware Increases by 58%*

According to a recent report by Kaspersky Lab, mobile banking malware is on the rise. The first quarter saw instances of mobile banking malware more than triple, and there was a 58% increase in modifications to banking trojans. A single piece of malware, dubbed Asacub malware, accounts for more than half of the banking trojans detected during this time, attacking approximately 8,200 users a day. In the first three months of the year, cybersecurity researchers identified 29,841 different modifications of banking trojans, underscoring the complex tasks that companies have when defending their digital infrastructure. As more and more financial services are conducted online, it’s a troubling sign to see an uptick in the scope and complexity of mobile-focused malware attempts. It’s also a reminder that companies can’t win this battle alone. They need to partner with skilled MSPs to help them identify and eliminate the latest threats to their businesses.

Canada Sees Spike in Malicious Email Campaigns*

Canadians were the target of more than 100 campaigns in the first four months of 2019. The malicious email campaigns were especially geo-targeted to French-speaking regions of the country, which include important organizations for the shipping, logistics, banking, and governments services. While a few specific campaigns accounted for much of the traffic, phishing emails and imposter attacks are on the rise globally, making many companies’ own employees the primary culprit in enabling more extensive data breaches to occur. Consequently, organizations have a responsibility to train their employees about the emerging trends, growing risks, and best practices to ensure that their networks remain secure. You might even want to partner with an MSP that can facilitate these initiatives, ensuring that your most prescient vulnerabilities become a trained level of defense against cybercrime.

*Disclaimer: Avantia Corporate Services Pty Ltd and Avantia Cyber Security provides the content in this publication to the reader for general information purposes only and has compiled the content from a number of sources in Australia, the USA, and up to 56 other countries who provide cyber breach information to us in real time. Given their international focus and experience in the cyberspace arena we believe their data to be accurate and reliable, however, we give no warranty (implied or otherwise), as to the contents accuracy or fitness for use. No validation or investigation has been performed by Avantia Corporate Services or the Author as to its accuracy or reliability. Readers should conduct their own investigation and come to their own conclusions before taking any action.