Scouts Victoria phished for data treasure trove including TFNs and bank account history

Scouts Victoria sent an email late yesterday to affected people about a security incident that occurred in late July and early August. Unauthorised access to the organisation’s email system, through a phishing attack, resulted in access to two staff email accounts and a “shared dropbox”.

The list of data compromised is significant and could result in significant harm, with Scouts Victoria telling affected parties via email that names, email addresses, residential addresses, driver’s licences, Medicare and passport numbers, tax file numbers, and copies of handwritten signatures were all in the treasure trove of data that was stolen. In some cases, bank account, criminal history information, and parenting orders pertaining to child custody arrangements were also exposed.

“The investigation found that correspondence relating to a number of individuals associated with Scouts Victoria is among the data potentially accessed by unauthorised third parties,” a statement from a Scouts Victoria spokesperson said.

Recent research from Webroot suggested that as many as one in five Australians click on phishing emails with many security experts pointing to COVID-19-related scams being widely employed by thieves. At the same time, the Australian Competition and Consumer Commission reports that the number of scam reports is on the rise.

The breach has been reported to the Office of the Australian Information Commissioner.

The Australian Tax office (ATO) has also been informed, with Scouts Victoria saying the ATO has taken steps to place additional security measures to reduce the risk of fraud for people affected by the data loss.

Similarly, Scouts Victoria said it has contacted the Department of Human Services to mitigate the risk of any fraudulent use of compromised Medicare credentials.

Scouts Victoria added that an extensive forensic investigation and security review was completed.

No data pertaining to minors was directly released although parenting plans were accessed, Scouts Victoria said. The organisation added that data from one of the platforms it uses, Operoo — formerly called Care Monkey — was also not accessed.

Affected parties are being urged to not open email attachments from untrusted sources — advice Scouts Victoria might have taken too before the breach.

Related Coverage

tinyurlis.gdv.gdv.htu.nuclck.ruulvis.netshrtco.detny.im

ANAO finds Services Australia lacking in cyber and cost aspects of WPIT


services-australia-wpit-anao.png
Image: ANAO

Australian National Audit Office (ANAO) on Thursday handed down its examination of the Services Australia Welfare Payment Infrastructure Transformation (WPIT) program, finding the agency had “largely appropriate arrangements” in many areas, but was lacking on the cyber and cost monitoring fronts.

Kicked off in 2015, WPIT was originally slated to cost around AU$1.5 billion and run from 2015 to 2022, with one of the core reasons for the program being to replace the then-30-year-old Income Security Integrated System (ISIS).

“In June 2020, the decommissioning of this key element of the system was confirmed to be the main goal of the welfare payment system redeployment,” ANAO wrote.

“However, almost half of the decommissioning was not expected to be completed by the end of the program.”

Internal reports at the agency detailed that the decommissioning of ISIS was “not achievable within the funding envelope or timeframe”, and a process to determine if this was possible would not be started until a replacement was commissioned, ANAO said in its report.  

Services Australia told ANAO that 13% of ISIS functionality had transitioned to its SAP CRM instance while a further 39% would be transitioned by the end of June 2020, leaving almost half its functionality in place.

“Delays to replacement and decommissioning have put at risk the ability to deliver on the original objectives of the WPIT Programme, and delay or negate realisation of all the expected benefits of the welfare payment system redevelopment,” ANAO wrote.

The agency also had issues in documenting the functionality of the system, telling the audit office that functionality was in the system’s programming.

“Services Australia advised the ANAO that while it had recorded functionality in source code, there were historical gaps in its separate documentation of detailed functionality, dating back to the system’s introduction in the 1980s,” the report said.

“Attempts were made to develop complete specifications for some elements of ISIS, but this was not done consistently across the system due to cost.”

ANAO said Services Australia was relying on “knowledgeable staff”, which obviously leaves it vulnerable to workers leaving, and explained in the report that the agency tried, in 2016, to extract its business rules from the code.

“Services Australia subsequently considered automated analysis of the source code in ISIS, which incorporates existing business rules, as the most practical approach to identifying the complete range of current functionality required to inform future requirements,” the report said.

“In late 2019, Services Australia outsourced source code analysis as part of a contract to design and build the [Entitlements Calculation Engine].”

That outsourcing was handed to Infosys in November.

Services Australia further told the office that the cost of maintaining ISIS was around AU$98 million each year, but that was a guesstimate.

“While Services Australia stated that it tracks overall ICT expenditure, it cannot disaggregate all of the system element costs and did not monitor the cost of operating the current welfare payment system,” the report said.

“These costs could include hardware and software capital costs and depreciation, expenses for employees working on the system, costs associated with operating the system, costs associated with changing the system, and amounts paid to contractors.

“As a result, Services Australia was unable to breakdown these costs, monitor trends over time, or assess the ongoing value for money of this expenditure.”

In response, the agency said it was working towards having “improved visibility of the costs of maintaining different payment platforms”.

ANAO further found that Services Australia does not have plans to migrate data to a completed WPIT system, although it did try once, but failed.

On the cyber front, the report found there were no cybersecurity plans specific to each element of the system.

“However, Services Australia self-assessed that it ‘has measures in place for the underpinning components including monitoring of vulnerabilities and appropriate patching, monitoring of system administrative and privileged access, and penetration testing of outward facing systems’,” the ANAO wrote.

“The ANAO did not separately audit the accuracy of this self-assessment, or its applicability to the welfare payment system.”

An internal audit in May 2016 found that six of 118 systems used by the agency had proper cyber accreditation, and by February 2019, another internal audit reported the number had increased to 21.

“Services Australia’s self-assessment of risk control effectiveness was inaccurate in light of the lack of cybersecurity risk assessment or accreditation for the welfare payment system, and internal audit findings that most systems across the agency did not have accreditation,” the report said.

“A recent external assessment had not been conducted of the effectiveness of controls listed in the Top Four and Essential Eight strategies for all elements of the welfare payment system. Previous internal audit reports of ICT systems found the implementation status of the Top Four strategies at Services Australia was lower than what had been self-assessed by the agency.”

For disaster recovery, Services Australia used a pair of data centres, but they were physically in close proximity and so were vulnerable to location-specific risks, ANAO wrote. The data centres also failed to provide the geographic dispersal as required by the Australian Government Information Security Manual.

“The ANAO examined disaster recovery arrangements at one of the data centres, and brought certain physical security deficiencies to the attention of Services Australia,” it wrote.

Overall, the report made five recommendations relating to the issues raised, all of which Services Australia agreed with.

Former Opposition Leader and now Shadow Minister for Government Services Bill Shorten latched onto the report in order to criticise his counterpart, Stuart Robert.

“Mr Robert, who blamed imaginary hackers for one of the MyGov crashes he presided over, should have been paying more attention to genuine cybersecurity risks,” he said.

“Clearly Mr Robert is what online gamers would call a ‘noob’, someone who has absolutely no idea what they are doing. 

“Australians are sick of the endless tech bungles from this digital noob.”

Related Coverage

tinyurlis.gdv.gdv.htu.nuclck.ruulvis.netshrtco.detny.im

Sirloin Tip Roast

Seared and roasted sirloin tip is a meaty treat. A seasoned salt mixture rubbed onto the beef give it a spicy crust; tangy broth keeps it super juicy in the oven.

3 pounds sirloin tip roast
1 teaspoon salt
1 teaspoon dry mustard
1/4 teaspoon garlic powder
1/4 teaspoon black pepper
1 tablespoon ketchup
1 teaspoon Worcestershire sauce
1/2 cup beef broth or dry red wine

Preheat the oven to 350 degrees F.

Trim any excess fat from the roast. In a bowl, mix together the salt, dry mustard, garlic powder, and black pepper. Sprinkle the roast evenly on all sides with the mixture, patting it so it sticks to the roast.

Heat a thin layer of oil in a skillet over high heat. Add the roast and sear for 2 minutes per side until it is browned on all sides. Remove the roast from the skillet and place in a roasting pan.

In a measuring cup, whisk together the ketchup, Worcestershire sauce, and broth. Evenly pour over the roast.

Place the roasting pan in the oven and cook, uncovered, for 1 hour at 350 degrees F or until the meat is very tender.

Remove the roast from the oven and cover loosely with foil. Let sit for 5 minutes before slicing.

tinyurlis.gdv.gdv.htu.nuclck.ruulvis.netshrtco.detny.im

Restaurant Risotto

Make restaurant-quality risotto the way chefs do. It doesn’t require exotic ingredients, just attention to detail.

2 tablespoons unsalted butter
1 tablespoon olive oil
1/2 cup finely chopped onion
2 cups arborio rice
1/2 cup dry white wine
6 cups chicken stock, heated until hot
1/2 cup freshly grated Parmesan cheese
salt and pepper, to taste

Line a baking sheet with foil.

In a heavy 4-quart pot over medium-high heat, combine 1 tablespoon of the butter with the oil. Add the onion and cook for 2 minutes, stirring with a wooden spoon, or until the onion begins to soften. Take care that it does not brown.

Stir in the rice and stir well for 1 minute to coat the grains all over.

Add the wine and cook, stirring, until the rice absorbs almost all of the liquid. Add 3 cups of the stock, 1/2 cup at a time, stirring well after each addition. Wait until the rice absorbs each addition before adding the next 1/2 cup.

After 10 minutes of cooking, pour the risotto onto the foil-lined sheet. Spread it into an even layer to cover most of the sheet. Leave to cool, uncovered, to room temperature. Cover with plastic wrap and refrigerate until ready to serve.

About 10 minutes before serving, set aside 1/4 cup of the stock. In a heavy 4-quart pot, reheat the remaining 2 3/4 cups stock until hot. Cut or break the chilled risotto into pieces and add it to the broth, stirring vigorously, until all the risotto has been added.

Continue stirring for 5 minutes or until the rice is tender but firm.

Turn off the heat, add the remaining 1/4 cup broth, with the remaining 1 tablespoon butter, cheese, salt, and pepper. Stir well and serve at once.

tinyurlis.gdv.gdv.htclck.ruulvis.netshrtco.detny.im

Network transformation helped Spark seamlessly shift Kiwis into remote work

When New Zealand went into lockdown as a result of the COVID-19 pandemic, the nation saw a drastic shift in network usage, with daytime use looking awfully like it was 9pm for an entire day.

With telco Spark previously calling this a 7-day weekend, its daytime broadband load almost doubled in April, with peak broadband demand hitting 27% above normal levels, while mobile peak traffic was 22% higher.

See also: Spark warns of larger COVID impact to New Zealand telco in coming year

Spark New Zealand head of IT infrastructure Siddharth Kumar on Thursday said the telco could handle it, thanks mostly to preparations it had already made around modernising its infrastructure and how that investment during COVID-19 had, in a sense, paid off.

“The changes that we saw was around the workload distribution, what use to be our peak broadband traffic … that shifted completely during the day when we had work from home scenarios all across the country,” he said, speaking with media on a panel hosted by VMware.

“We could see peak traffic not [only] during the night but during the day and that’s when the decisions that we took some time back around the past year on how do we scale out, all of that started paying back because we could spin up infrastructure as needed for a variety of workloads, how they were changing.”

Kumar said shifting contact centres to all remote work was an “interesting scenario”.  

“We could see that there’s no more building-based contact centres for us, everyone was working from home, which we had trialled way long back with our agents at home working — but that was a small number,” he said. “But we were set up … not at that scale, but it helped.”

With preparations already in place, Kumar said everything moved faster.

With the company responsible for rolling out the National Broadband Network in Australia on Wednesday committing to having more fibre rolled out, Kumar was asked how important fibre infrastructure was in New Zealand’s network when it came to its COVID-19 response.

“There’s no doubt about it from fibre vs any other technology, fibre is going to be more modern in terms of how — whatever we use, whether its streaming, video — wireless will catch up, absolutely it will with 5G coming and there is a huge, huge change that will happen,” Kumar said. 

“So fibre was important but equally important was all other methods of access.

“Where it was not possible, we also started working on a wireless plan, how do we provide wireless broadband to those locations where there is no fibre — it’s a multi-pronged approach, but I think fibre is a key to any national infrastructure, absolutely.”

See also: Backflip to the home: NBN to upgrade FttN areas with fibre

Speaking of the experiences Spark’s customers have had, Kumar said many were reporting a smoother work environment from their loungerooms.

“When lockdown was over, when people started going back to buildings … the network couldn’t cope, because the office network wasn’t designed for video conferencing, but from home — they were saying they have a better network at home than in the office … that was a question for upgrading networks on the enterprise side,” he added.

Touching on the greater telco transformation piece, Kumar said the sector is now catching up to where IT was a decade ago.

“What we are also seeing is a difference in the telco world … IT went through a virtualisation piece roughly 10 years ago when it started picking up a lot, telco is going through that now. 

“The telco world was mostly OEMs and now … telco is saying now that convergence of what we are seeing of how IT and telco workloads can co-exist is new to us, that is what the challenge that we will have around how do we ensure that both IT and telco will work, whatever their requirements are — and they’re completely different requirements,” he said.

“There is an inherent nature of the telco workload that it has to be completely reliable and resilient, you wouldn’t want your mobile call to have a delay, while you may be fine with that on a VOIP call, like WhatsApp, you have an expectation that your mobile call will not have a delay.”

The way to fix that, Kumar said, is to automate the network.

MORE FROM NEW ZEALAND

tinyurlis.gdv.gdv.htu.nuclck.ruulvis.netshrtco.detny.im

Boston Butt With Sauerkraut

Starting with a cut like Boston Butt is a great start to a delicious roast, and cooking it in this sweet and tangy mixture of sauerkraut and brown sugar is an excellent next step. The result is tender pork and extra flavorful kraut on the side.


serves/makes:

ready in:
  over 5 hrs

Rating: 4/5

2 reviews


ingredients

4 pounds Boston Butt (pork roast)
2 cans (15 ounce size) sauerkraut, rinsed and drained
1 cup brown sugar
1 envelope dry onion soup mix

directions

Place the pork roast in the crock pot.

In a bowl, combine the sauerkraut, brown sugar, and onion soup mix. Mix well and pour the mixture over the pork.

Cover the crock pot and cook on high heat for 1 hour. Reduce the heat to low and cook for 6 more hours or until the pork is tender and cooked.

Remove the roast from the crock pot and slice. Serve with the sauerkraut.


crock pot notes

Crock pots/slow cookers all heat differently. There is no standard among manufacturers. Cooking times are suggested guidelines based on our testing. Please adjust cooking times and temps to work with your brand and model of slow cooker.

nutrition


593 calories, 25 grams fat, 30 grams carbohydrates, 60 grams protein per serving
.

tinyurlis.gdv.gdv.htclck.ruulvis.netshrtco.de

Microsoft and Telstra to partner on cloud, IoT, and digital twins

Microsoft and Telstra have announced an extension of their long-standing partnership, with plans to jointly build cloud-based solutions on Azure while leveraging the Telstra Data Hub.

Specifically, this will see the pair leverage Internet of Things (IoT), edge computing, artificial intelligence, and digital twin capability to develop solutions in areas such as asset tracking, supply chain management, telematics, and smart spaces.

One of those projects will involve Telstra building a digital twin based on Azure across its own commercial buildings, which will be initially deployed at five buildings including the telco’s flagship site at 242 Exhibition St in Melbourne.

Additionally, under the partnership, Telstra will leverage Azure as the cloud platform for the telco’s ongoing internal digital transformation, involving transitioning from legacy and on-premise applications to cloud-based solutions.

The pair also plan to work together to develop solutions to advance their sustainability and climate commitments. Earlier this year, Microsoft announced its ambitious plans to be carbon negative by 2030, while Telstra has set a target of reducing its absolute emissions by 50% by the same time.

“We already have a longstanding relationship with Microsoft and have worked together in areas that are market-leading to create unique experiences for our customers … today’s announcement with Microsoft formalises the several streams of work we are already collaborating on,” Telstra CEO Andy Penn said.

“The global scale of Microsoft’s platform, tools, and applications, together with Telstra’s network solutions, reliability, and leadership, will drive new and unique solutions for Australia.”

The announcement comes as Penn joined Microsoft CEO Satya Nadella, along with other executives, on a virtual panel on Friday, discussing how digital technologies are changing businesses.

For Nadella, he believes the lines between what is currently considered as part of the digital tech industry, and what is not, will disappear in the next five years.

“Just because digital capabilities that are going to be built into a bank, into an energy company, into a network operator, is going to mirror pretty much what a software company does,” he said.

“It’s not that that domain expertise goes away, it’s just that domain expertise gets augmented by real digital capability, and that, I think, is what’s driving the world’s cogs of becoming digital. It’s not just the tech industry.”

Penn agreed, explaining that for the next phase of digitisation, the physical world would increasingly adopt new technologies, such as IoT.

“If you think about how the world has digitised for the last several decades, it’s really been in services — provision of services or the administration or in the back office of businesses.

“If you think about the physical world — manufacturing, cities, buildings, mining, logistics — the physical world hasn’t really been digitised yet. So, how do you digitise the physical world? Well, what you do is put sensors into physical assets. Those sensors can draw information around that physical asset, which you can then capture and then understand,” he said.

Penn added how 5G along with a combination of other capabilities would play a significant role in driving the ongoing adoption of new technologies.

“5G is really important because it’s the first telecommunications network that’s been designed specifically to accommodate millions, if not billions, of sensors being put into things … and so, what’s interesting is … we’ve got a convergence of some technologies maturing at the same time,” he said.

“You’ve got 5G, which enables you to connect the sensors. You’ve got cloud to give you the compute capability to process all that data at scale, flexibly. And then you have artificial intelligence and machine learning, which is evolving to be able to take off all that information to turn it into insights … so I think it’ll be transformative over the next decade as we bring these technologies together.”

Related Coverage

tinyurlis.gdv.gdv.htclck.ruulvis.netshrtco.detny.im

Every new Alexa device from Amazon: Prices, release dates, and how to buy

Amazon held an invite-only hardware event on Thursday, Sept. 24 to announce an entirely new range of Amazon Alexa-enabled smart devices, including new Echo speakers. ZDNet has rounded up all the goodies, below, complete with photos and information on pricing, when they’re available, and how to buy them. Consider this your one-stop shop. 

Also: When is Prime Day 2020? Everything we know so far

screen-shot-2020-09-24-at-1-07-05-pm.png

Release date: Preorder from Sept. 24 | Shipping starts Oct. 22

This is Amazon’s next-generation Echo. Gone is the cylindrical design! Featuring a spherical form factor, fabric finish, and a bright LED light ring at the base, the new Echo is certainly striking. It also combines the “best of Echo and Echo Plus into a single device,” Amazon said. On the inside, it packs a 3.0-inch woofer, dual-firing tweeters, and Dolby processing for stereo sound. And, like the Echo Studio, it can auto-sense the acoustics of your space to fine-tune audio.

It also comes with a built-in smart home hub, with support for Zigbee, Bluetooth LE, and Amazon Sidewalk. It’s powered by Amazon’s first-generation AZ1 Neural Edge processor, as well, which Amazon described as a new silicon module for accelerating machine learning applications. What’s that mean? Alexa will be more responsive, and it will process requests faster on the new Echo.

$99 at Amazon

screen-shot-2020-09-24-at-1-12-19-pm.png

Release date: Preorder from Sept. 24 | Shipping starts Oct. 22

Amazon gave its latest Echo Dot the same look as the new Echo, complete with a spherical design and fabric finish. It features a 1.6-inch, front-firing speaker and is otherwise the same as the Echo Dot you know and love, though it also adds the tap-to-snooze feature from the Clock model.

$49 at Amazon

image-4.jpg

Release date: Preorder from Sept. 24 | Shipping starts Nov. 5

Speaking of the Echo Dot with Clock, it also gets the spherical design! It’s different in it has an LED display, however, so you can glance at the time and any alarms.

$59 at Amazon

image-1.jpg

Release date: Preorder from Sept. 24 | Shipping starts Oct. 22 (Tiger) and Dec. 9 (Panda)

Amazon also redesigned the Echo Dot Kids Edition with the new shape. It even created Panda and Tiger designs and animal-themed alarms. Parents can create Alexa voice profiles for their kids, too, so Alexa can automatically recognize them. Meanwhile, kids get an Alexa feature called Reading Sidekick, which will help them with reading. Just say, “Alexa, let’s read.”

The Kids Edition comes with a one-year subscription to the Amazon Kids+ service, as well. 

$59 at Amazon

screen-shot-2020-09-24-at-1-32-01-pm.png

Release date: Preorder from Sept. 24

Finally, in terms of Echo devices, Amazon also updated the Amazon Show 10.

It still features a 10-inch HD screen, but it’s adaptive and can automatically stay in view when you interact with Alexa — similar to the Facebook Portal. Plus, it has a brushless motor that’s completely silent. With a new Alexa Guard is in Away Mode, Echo Show 10 can pan the room and send you an alert if it detects movement. The Echo Show 10 uses the AZ1 to process speech faster, too. It also offers smart home capabilities via Zigbee, BLE, and Amazon Sidewalk

Other features include a 13-megapixel wide-angle camera that pans and zooms to keep you at the center of the frame, dual front-firing tweeters, and a woofer that provides directional sound and automatically adapts to your space. Finally, Echo Show 10 uses advanced computer vision algorithms and audio-based localization that’s all processed locally and securely on-device. 

$249 at Amazon

2020-09-24-at-2-27-00-pm.jpg

Release date: Preorder from Sept. 24 | Shipping starts Sept. 30

Moving onto Fire TV devices… There is a new Fire TV Stick that will retail for the same price as the previous model. The latest Fire TV Stick is 50% more powerful than its predecessor and comes with the Alexa remote. Amazon also announced a cheaper model, called the Fire TV Stick Lite, which costs $10 less. Amazon described it as the “most powerful” streaming device consumers can find for under $30.

Keep in mind the Fire TV Stick Lite cannot output expanded HDR color, while the  Fire TV Stick fully supports HDR and 4K. Both devices feature Alexa voice control and enter a low power mode when not in use. They also both have access to all the same apps and games.

$39 at Amazon (Fire TV Stick) Amazon (Lite)

screen-shot-2020-09-24-at-1-27-04-pm.png

Release date: 2021

Amazon-owned Ring announced a new line of security cameras for cars: The new $199 Car Cam, $60 Car Alarm, and the Car Connect system, which all integrate with the Ring app.

The Car Alarm plugs into your car’s OBD-II diagnostic port and sends alerts to your phone. It has a built-in siren that can be remotely triggered, or it can link to other Ring or Alexa devices to emit audible alerts when an event is detected. 

As for the Car Cam, it is Ring’s first camera for outside of the home and has the ability to record both inside and outside of the car when mounted on a dashboard. Like the Car Alarm, the Car Cam can send alerts. It requires either Wi-Fi or LTE for connectivity.

If your car already has cameras, then Ring developed the Car Connect platform. Ring says it’s working with many automotive makers to build support for the system, but the first partnership it’s announcing is with Tesla Model 3, X, S, and Y (when Sentry Mode is enabled).

View Now at Amazon

image-7.jpg

Release date: 2021

Ring’s latest camera is the Always Home Cam. It’s an autonomous drone that can fly around the inside of your home to give you a view of any room you want when you’re not home. It can even return to its dock to charge its battery. It is fully autonomous, but you can tell it where to go, too. 

You simply build a map of your home for it to follow, and the camera records when it is in flight. It will make an audible noise when flying, so it’s clear when footage is being recorded.

$249 at Amazon

screen-shot-2020-09-24-at-1-22-38-pm.png

Release date: Preorder from Sept. 24 | Shipping starts Nov. 2

Amazon updated its Eero mesh Wi-Fi routers, with the $129 Eero 6 and the $229 Eero Pro 6. And, yes, they do work with Amazon’s assistant, Alexa.

The Eero Pro 6 introduces support for Wi-Fi 6. It’s a tri-band router that offers a single band and connects via 2.4GHz, but it also offers two bands for 5GHz to allow more devices to connect at the fastest speeds. It can cover up to 2,000 square feet per router. 

The Eero 6 is a dual-band device that can cover up to 1,500 square feet (so can the new $89 Eero 6 extender). Both the Pro 6 and Eero 6 have two Ethernet ports and a USB-C port for charging devices, but the smaller Eero 6 extender for boosting your network has just a USB-C port.

View Now at Amazon (Eero 6) Amazon (Eero Pro 6)

screen-shot-2020-09-24-at-1-42-51-pm.png

Release date: Early access starts Sept. 24

We have to mention that Amazon announced a cloud gaming platform. Called Luna, it’s for PC, Mac, Fire TV, and iPhone and iPad, with an Android version planned for later. Amazon also announced the Luna Controller, an Alexa-enabled gamepad with a multiple-antenna design. It connects to the cloud to let you control games.

$50 at Amazon

Phew! That’s everything. Let us know in the comments which device piques your interest.

More Alexa

tinyurlis.gdv.gdv.htu.nuclck.ruulvis.netshrtco.detny.im

National Australia Bank will pay you to break its systems

The National Australia Bank (NAB) has launched a bug bounty program, offering a reward to security researchers who uncover previously undisclosed vulnerabilities in the bank’s environment.

The bank has partnered with crowdsource security firm Bugcrowd for the new program. To participate, individuals must have an “Elite Trust Score” on the Bugcrowd platform.

NAB executive of enterprise security Nick McKenzie said using “controlled crowdsourcing” methods would assist NAB to further test and strengthen its existing cybersecurity capabilities.

“Controlled, crowdsourced cybersecurity brings together uniquely skilled testers and security researchers with fresh perspectives to uncover vulnerabilities in our defences that traditional assessment might have missed,” McKenzie said.

“Proactive cybersecurity measures are vital in today’s hyperconnected environment where new threats are constantly emerging.”

McKenzie said moving to a paid bounty system gives NAB the opportunity to “attract a wider pool of ethically-trained security researchers from across the globe”.

“Diversity is a critical yet often overlooked factor in security and controls strategies,” he added.

NAB in July last year admitted that some personal information on approximately 13,000 customers was uploaded, without authorisation, to the servers of two data service companies.

The compromised data included customer name, date of birth, contact details, and in some cases, a government-issued identification number, such as a driver’s licence number.

NAB in early 2017 also admitted it sent the details of approximately 60,000 customers to an email address on a global domain rather than its .au address.

It is understood customer information was sent in error to an nab.com address rather than an email address on the nab.com.au domain.

Meanwhile, Bugcrowd in April raised another $30 million in its Series D round, bringing its total funding to over $80 million.

The company is based in San Francisco.

MORE FROM NAB

tinyurlis.gdv.gdv.htclck.ruulvis.netshrtco.detny.im

Monash University researchers speed up epilepsy diagnosis with machine learning

A new study by Monash University, together with Alfred Health and The Royal Melbourne Hospital, has uncovered how machine learning technology could be used to automate epilepsy diagnosis.

As part of the study, Monash University researchers applied over 400 electroencephalogram (EEG) recordings of patients with and without epilepsy from Alfred Health and The Royal Melbourne hospital to a machine learning model. Training the model with the various datasets enabled it to automatically detect signs of epilepsy — or abnormal activities known as “spikes” in EEG recordings.

“The objective of the first stage is to evaluate existing patterns involved in the detection of abnormal electrical recordings among neurons in the brain, called epileptiform activity. These abnormalities are often sharp spikes which stand out from the rhythmic patterns of a patient’s EEG scan,” explained Levin Kuhlmann, Monash University senior lecturer at the Faculty of IT Department of Data Science and AI.

Read also: AI and machine learning facilitate pioneering research on Parkinson’s (TechRepublic)

Doug Nhu, fellow project researcher and PhD candidate from the faculty said applying machine learning to the process has the potential to free up the time of medical professionals, as the current process to diagnose epilepsy is often a lengthy one.

“Being able to apply a machine learning model across various datasets demonstrates our ability to create an algorithm that is more reliable, adaptive, and intelligent than existing models, making our model more useful when applied in real-world scenarios such as diagnosing patients in a clinic,” he said.

In addition to diagnosing epilepsy patients, machine learning technology has the potential to be used as a training tool for graduate neurologists, who can use the technology as a baseline to compare against epilepsy patient records, the university said.

“Our plans for this research will be to continue to improve the current models and further train it against additional datasets from other hospitals,” said Patrick Kwan from the Faculty of Medicine’s Department of Neuroscience at Monash University.

“We aim to develop an accurate algorithm which will be reliable across multiple hospital settings and usable in the early stages of epilepsy diagnosis, from both routine and sleep-deprived EEG recordings.”

According to Kuhlmann, the next stage of the project will see the machine learning model focus on detecting novel seizures and prediction methods. 

Related Coverage

Monash University takes game-like approach to capsule endoscopy

The university has also teamed up with other partners to create an AI system to help teachers maximise student engagement in classrooms.

Monash University and RMIT develop AI and AR device to read emotional cues

Designed to augment emotional communication beyond traditional settings.

IBM, Monash and Southampton Uni develop mind-reading ebike to save live

The bike can read a rider’s brain activity to detect if they are in danger.

Monash University researchers use AI technology to examine hospital readmissions

In hope that it will relieve some pressure off the healthcare system.

Monash, Swinburne, and RMIT universities use optical chip to achieve 44Tbps data speed

Claimed as the fastest internet speed that has been tested and recorded in the world.

tinyurlis.gdv.gdv.htclck.ruulvis.netshrtco.de