Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

Kmart and David Jones compromise

Kmart and David Jones were recently targeted by hackers. In two separate instances within a few days, personal identifying information (PII) was stolen from the retailers' web sites. No credit card information was obtained, but names, email addresses and home addresses and phone numbers of customers were siphoned. Due to the similarity of the compromises, the same hackers may have been involved in both attacks.

 According to media reports, a  commonality between these attacks is in the platform used by the respective sites, the IBM Websphere application.

Websphere products have been the subject of remote access vulnerabilities in August and September, reported by AusCERT in its ESBs. If, as suspected, a Websphere vulnerability was used in these attacks, it's a demonstration of how quickly you need to patch when security advisories are published.

To view AusCERT bulletins for Websphere, go to http://www1.auscert.org.au and search for "Websphere".

 References:

http://www.itnews.com.au/news/customer-data-stolen-in-kmart-australia-hack-409944
http://www.itnews.com.au/news/david-jones-website-hacked-customer-data-stolen-410027