Latest news with #ITSecurity
ABC News
08-07-2025
- ABC News
Qantas cyber attack victims say the airline is failing to protect data
Qantas customers say they feel vulnerable, angry and unsupported following last week's major cybersecurity breach, and are now questioning whether the airline is doing enough to protect Australians' personal data. On Monday night, Qantas quietly updated its website to confirm the airline had been contacted by "a potential cybercriminal" less than a week after the data of up to 6 million of its customers was accessed in an online attack. The airline said it was still working to verify the legitimacy of the contact and has engaged the Australian Federal Police to investigate. But Qantas is yet to officially confirm the name of the group that has been able to access passenger names, email addresses, phone numbers, dates of birth and Frequent Flyer numbers. The airline is also still working to determine exactly what data was stolen for each affected customer. What we do know is that last week, Cyber X, which is the company called in by the airline to investigate the massive cyber attack, said the incident had all the hallmarks of international group Scattered Spider. We also know that just days before Qantas says it had detected "unusual activity" on a third-party platform that holds customer data, the FBI had issued a warning that Scattered Spider was planning to target airlines. Far from a sophisticated attack, cyber experts said one of the hackers likely impersonated an IT or other official, and simply tricked a Qantas call centre worker in Manila to obtain the login details to that third-party platform. Dozens of Qantas customers have contacted the ABC in the wake of the cyber attack to express their frustration with the airline. Some have since been targeted by scammers or received alerts from online accounts including the federal government portal myGov. Canberra-based disability advocate Ebe Ganon said she received a scam call from someone pretending to be from Qantas Money the same day the company confirmed the breach. "He was purporting to be alerting me of three suspected fraudulent transactions, and those transactions were really tailored to my shopping and purchasing habits." Ms Ganon said the scam caller also referenced a range of different personal information, including her full name, date of birth, the last four digits of her credit card, which suggested he had access to her Qantas customer profile. "I'm a pretty savvy, you know, technologically savvy person, and it still even took me a couple of minutes to sort of ask him enough questions to be satisfied that it wasn't a legit call." On Monday, Qantas again stated no credit card details, personal financial information or passport details were stored in this system accessed by the cybercriminals. However, after also being caught up in the Medibank and Optus data breaches, Ms Ganon is sceptical of Qantas's claim that no financial data was compromised. "But even if that has come from another source, it points to a much scarier reality. "I think that many of these scammers are creating composite profiles of people using information from a range of different data breaches and creating profiles where they can then speak to you in a way that's really, really convincing." Indeed, cyber experts have told the ABC the type of data stolen in the Qantas attack could be very valuable to cybercriminals. "With this particular matter, the biggest risk coming out of this will not be access to Qantas data specifically, but moreover that those 6 million people will be targeted in related type scams," Stan Gallo, Forensic Services partner with BDO Australia, told ABC News. "So whether it's myGov, or people contacting individuals claiming they're from Qantas, or from a bank, or from some other institution." Indeed, the ABC has been contacted by several people caught up in the Qantas cyber attack whose federal government online myGov accounts have been targeted by suspected hackers. A spokesperson for Services Australia, which manages myGov, was unable to confirm if there had been a spike in fraudulent attempts to access accounts, but said it was not uncommon after a data breach. The spokesperson said there were ways for users to protect their personal information. Adelaide-based customer Jack Allison said he received an alert from myGov at 6:30pm — right about the time Qantas emailed him to confirm his personal data had been caught up in the breach. "They guessed five passwords before being locked out," Mr Allison told ABC News. "Once they're inside myGov, they'd be able to access people's tax records, their medical history, it's not good." He said he's disturbed by Qantas's offshore handling of sensitive data. "I deeply dislike that personal information is being handed across the globe without my knowledge and consent. I want stronger safeguards for my personal information and the personal information of my family. "I can't go and change my name or my date of birth or my address, and I think it's they're just not treating this with the level of respect that it deserves." It took Qantas CEO Vanessa Hudson until Thursday night to give an interview following the cyber attack. She spoke to one media outlet from her holiday in Europe. Other media, including the ABC, were not given advance warning of the interview so were unable to put questions to the airline's boss. While customers are calling for stronger protections, lawyers said current privacy laws offered limited paths to justice — and were badly in need of reform. Lizzie O'Shea, principal lawyer at Maurice Blackburn, said affected individuals can currently make a complaint to the Office of the Australian Information Commissioner, but that process is slow and often overwhelmed. "There is a process that they go through to determine whether you've experienced any harm and you can be awarded compensation," Ms O'Shea said. "One of the problems with that scheme is that the commissioner's office is overwhelmed by complaints of this nature." Ms O'Shea said one key solution is introducing a "direct right of action" — so individuals can take companies like Qantas straight to court. "That means that instead of going to the commissioner, where the process can be slow, you have a direct right of action to go to court. That means you can sue companies that have mishandled your information and obtain compensation." She said there was an urgent need to reform the Privacy Act. "Because at the moment companies can have these data breaches occur and there may not be a clear remedy or a pathway to getting the result for people who are harmed, and I think most Australians think that's not good enough." She said this type of large-scale breach is exactly the kind of case that could justify a class action — if the law made it easier. "In this kind of circumstance, where there's 6 million people potentially affected, it is a vehicle for a class action if you have a direct right to go to court. "That would get the kinds of results that I think people expect in these circumstances and it would also act as a deterrent to make sure companies treat information really carefully, with the risk that they might be having to face court if they don't." Until that happens, Qantas customer Ms Ganon said large corporations would continue letting customers down — without consequence. "So I think my expectations are low. I'm disappointed but not surprised."
The Sun
27-06-2025
- The Sun
Iconic blue screen of death is killed off after 40 YEARS – Microsoft reveals new sign your computer is broken
THE blue screen of death is disappearing from computer screens after 40 years of filling people with dread. Microsoft is set to replace the iconic slate that no one wants to see later this summer. 2 2 In a bittersweet announcement, the tech giant said it is "streamlining the unexpected restart experience". "This change is part of a larger continued effort to reduce disruption in the event of an unexpected restart," David Weston, Microsoft's Vice President of Enterprise and OS Security revealed. A part of that is slashing the downtime during the worrying unexpected restart to about two seconds for most people. The blue screen of death will be replaced by a simpler black screen of death instead. There's also no longer a frowning face or a QR code. It'll start to appear on Windows 11 machines running version 24H2. Despite being a symbol of doom, users on social media said the change marks the "end of an era". "The Blue Screen of Death is dying for one last time and Windows crashes just won't be the same ever again!" one person wrote on X. "One of the most unnecessary changes ever – and that says a lot when it's Windows 11 we're talking about," another commented. "But… I was literally just getting used to it," a third joked. The overhaul comes amid a slew of improvements to deal with technical crashes following the crippling global IT meltdown last year. Organisations across the globe were severely affected by a botched up security update from IT firm CrowdStrike which caused havoc for banks, hospitals and airlines.
Yahoo
26-06-2025
- Yahoo
Windows killed the Blue Screen of Death
You're laughing. Windows killed the Blue Screen of Death and you're laughing. Yes, the iconic Windows error screen is getting a makeover nearly 40 years after its debut in the first version of Windows. Now, the Blue Screen of Death (BSOD) will become the Black Screen of Death (BSOD). This change is related to other updates that Windows is making in the wake of the CrowdStrike outage last year, which affected 8.5 million Windows devices and took businesses, airports, TV stations, and government services offline. In the aftermath of the CrowdStrike outage, Microsoft announced the Windows Resiliency Initiative, which aims to more deeply embed security features into Windows to make a crisis like the CrowdStrike outage less likely. The initiative is also trying to make unexpected restarts less disruptive. Windows is adding a quick machine recovery feature, which helps PCs get back online if a restart is unsuccessful. Windows shared the new Black Screen of Death in a blog post, yet failed to even acknowledge the cosmic shift it has triggered. It simply calls this a 'simplified UI,' because a blue background with white text was apparently too complex. Why even change the blue screen to black? Did the viral images of Times Square rendered useless by the BSOD cause that much reputational harm? It's been a long time that we've come to know this cobalt harbinger of trouble. When the BSOD first appeared in the 1985 version of Windows 1.0, it was legal to smoke cigarettes on planes; Germany was two separate countries; HTML code had not been created; Mark Zuckerberg was a baby who likely had not yet grasped the concept of object permanence. But as we go on, we remember the decades of fun and frustration we've wrought together, the ominous sapphire screen reflected in our eyes, now but a sepia-toned memory. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
TechCrunch
26-06-2025
- TechCrunch
Windows killed the Blue Screen of Death
You're laughing. Windows killed the Blue Screen of Death and you're laughing. Yes, the iconic Windows error screen is getting a makeover nearly 40 years after its debut in the first version of Windows. Now, the Blue Screen of Death (BSOD) will become the Black Screen of Death (BSOD). This change is related to other updates that Windows is making in the wake of the CrowdStrike outage last year, which affected 8.5 million Windows devices and took businesses, airports, TV stations, and government services offline. In the aftermath of the CrowdStrike outage, Microsoft announced the Windows Resiliency Initiative, which aims to more deeply embed security features into Windows to make a crisis like the CrowdStrike outage less likely. The initiative is also trying to make unexpected restarts less disruptive. Windows is adding a quick machine recovery feature, which helps PCs get back online if a restart is unsuccessful. Windows shared the new Black Screen of Death in a blog post, yet failed to even acknowledge the cosmic shift it has triggered. It simply calls this a 'simplified UI,' because a blue background with white text was apparently too complex. Why even change the blue screen to black? Did the viral images of Times Square rendered useless by the BSOD cause that much reputational harm? It's been a long time that we've come to know this cobalt harbinger of trouble. When the BSOD first appeared in the 1985 version of Windows 1.0, it was legal to smoke cigarettes on planes; Germany was two separate countries; HTML code had not been created; Mark Zuckerberg was a baby who likely had not yet grasped the concept of object permanence. Techcrunch event Save $200+ on your TechCrunch All Stage pass Build smarter. Scale faster. Connect deeper. Join visionaries from Precursor Ventures, NEA, Index Ventures, Underscore VC, and beyond for a day packed with strategies, workshops, and meaningful connections. Save $200+ on your TechCrunch All Stage pass Build smarter. Scale faster. Connect deeper. Join visionaries from Precursor Ventures, NEA, Index Ventures, Underscore VC, and beyond for a day packed with strategies, workshops, and meaningful connections. Boston, MA | REGISTER NOW But as we go on, we remember the decades of fun and frustration we've wrought together, the ominous sapphire screen reflected in our eyes, now but a sepia-toned memory.
Forbes
18-06-2025
- Business
- Forbes
Beyond Operating Systems: Considerations For A Comprehensive Quantum Security Strategy
Antonio Sanchez is Chief Strategy Officer at Quantum Xchange, a post-quantum crypto-agility solution provider. The recent integration of post-quantum cryptography (PQC) into Windows 11 and Red Hat Enterprise Linux 10 marks a pivotal moment in cybersecurity. As quantum computing continues advancing, the industry is responding to the existential threat these powerful machines pose to our current encryption standards, which are embedded everywhere in our digital lives. However, security is an end-to-end concern, and while OS-level quantum resistance represents significant progress, it addresses only one layer of what must be a comprehensive strategy. Operating system PQC integration provides a foundation for quantum security, but several critical vulnerabilities remain unaddressed: • Enterprises maintain diverse and dynamic IT footprints. They span multiple OS vendors, versions, legacy systems, cloud services and specialized applications. A quantum-secure operating system cannot protect outdated systems or anything beyond its ecosystem. The heterogeneous environment creates security gaps that require comprehensive solutions beyond the OS layer. • Data in motion remains vulnerable. An operating system handles encryption requirements on the local machine, but those systems have to connect with other servers and clients across the network. This means your data travels across your IT footprint with varying security implementations. A quantum-secure strategy must address the entire journey. • Cryptographic agility—the ability to quickly swap encryption algorithms—requires infrastructure and planning beyond the OS on the systems. As quantum-resistant cryptography evolves, organizations need frameworks for rapid adoption and implementation of future algorithms. There are several key elements of a robust security posture that includes quantum: • Cryptographic Inventory Discovery And Management: Organizations must conduct thorough audits to identify all systems and cryptography in use. This cryptographic inventory should ideally be continuous due to the dynamic nature of IT estates. This becomes the foundation for prioritized remediation efforts. • Risk-Based Implementation: Not all data requires the same level of protection. A nuanced strategy allocates quantum-resistant resources based on data sensitivity and retention requirements. Information that must remain secure for decades demands immediate quantum protection, while short-lived data may follow a more gradual transition timeline. • Application-Level Security: Applications typically implement their own cryptographic protocols independent of the underlying operating system. Each must be individually assessed and updated to quantum-resistant standards—a process that OS-level PQC cannot address. • Key And Certificate Management: The transition to quantum-resistant algorithms necessitates comprehensive key management systems that can handle longer keys, different certificate formats and hybrid cryptographic approaches during the migration period. • Hardware Security Integration: Many organizations rely on hardware security modules (HSMs) and trusted platform modules (TPMs) for their most sensitive operations. These specialized components require quantum-resistant updates that align with broader security strategies. • Cross-Platform Standardization: Enterprise environments typically span Windows, Linux, macOS, mobile operating systems, IoT devices and other specialized systems. A comprehensive security strategy must harmonize quantum-resistant approaches across this diverse landscape. Organizations must navigate a hybrid reality where quantum-vulnerable and quantum-resistant systems coexist, sometimes processing the same data. This transition requires: • Crypto-Agile Infrastructure: Solutions designed to accommodate algorithm changes without major architectural overhauls or operational interruption. • Hybrid Cryptographic Approaches: Implementing both traditional and post-quantum algorithms during the transition, providing defense-in-depth while building confidence in new cryptographic methods. • Policy And Governance Frameworks: Updated security policies that account for quantum threats and establish governance for the transition to quantum-resistant technologies. The integration of PQC into major operating systems represents an important milestone, but it's not the destination. It signals the beginning of a broad transformation in how we secure digital assets against quantum threats. Organizations must look beyond operating system protections to develop holistic strategies addressing their entire digital footprint. As quantum computing continues its rapid advancement, the window for preparation narrows. Those who view OS-level PQC as a step in a comprehensive security evolution will be best positioned to protect their most valuable information assets in the post-quantum era. The quantum security journey extends far beyond operating system updates. It requires rethinking security architecture, implementation priorities and transition strategies. Only through this comprehensive approach can organizations truly prepare for the quantum computing revolution that lies ahead. Forbes Communications Council is an invitation-only community for executives in successful public relations, media strategy, creative and advertising agencies. Do I qualify?
