Over the December holidays, one of our researchers discovered proof of a much-theorized but we believe never before seen in the wild security breach.

Specifically, as the this researcher was analyzing email-borne threats (something they do on an ongoing basis), they observed that in a recent attack campaign, more than 25 percent of the malicious email (over 750,000 messages) came from things that were not conventional laptop or desktop computers, but rather members of the Internet of Things (IoT); a “Thingbot”-net*, as it were.

Read More →

Joshua Rogers contacted PTV about the vulnerability on December 26.

Joshua Rogers contacted PTV about the vulnerability on December 26. Photo: Simon Schluter

A Melbourne schoolboy who exposed serious cybersecurity weaknesses within Public Transport Victoria’s systems by hacking its website to unearth a large store of personal data could be charged under the cybercrime act.

Joshua Rogers, 16, discovered an extensive database containing the personal details of public transport users in Victoria, using what cybersecurity experts described as a common hacking technique.

A self-described ‘‘security researcher’’, he contacted PTV on Boxing Day to alert them to the site’s vulnerability, but got no response until Monday, following inquiries by Fairfax Media.

The database contained a large amount of personal data including full names, addresses, home and mobile phone numbers, email addresses, dates of birth, seniors card ID numbers, and partial credit card numbers of customers of the Metlink public transport online store. The store was closed down in 2012 when PTV began.

Read More →