Friday, September 24, 2021

WA Auditor Shows Concern about security Methods within state Registry System

Must Read

Russia’s Cybercrime has cost $49 bn in 2020

Cyber-attacks have price Russian businesses and taxpayers around 3.6 trillion roubles ($49 billion) this year, the nation's biggest lender...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to...

Cybersecurity firm Kaspersky Reports shows Brazil Top’s in phishing attacks

Brazil Tops the list published by cybersecurity company Kaspersky. According to research, Brazil is a world leader in phishing...

Auditor General publishes findings 18 weeks after the audit has been complete because she feared that the danger was too large to expose the machine at the moment.

The Auditor General of Western Australia has branded the safety controls in place inside a single system handled by the Department of Justice as”so concerning they weren’t tabled as a member of their office’s yearly data systems report in May 2019 as proposed”.

“I believed that publishing the substantial findings at the moment, once the machine vulnerabilities still existed, wouldn’t be in the public interest”

Spencer said it is a common event for her office to discover flaws in public sector entities’ systems, however, stated the essence of the information in the Western Australian Registry System, and also exactly what it could potentially be utilized for, left the findings in her report” especially concerning”.

The machine includes valuable documents that are utilized to validate people’s individuality. It registers all adoptions, deaths, births, marriages, and change of title events from the country.

Back in 2019, it had been discovered the system wasn’t adequately protecting the confidentiality and integrity of the data housed inside.

“Highly confidential and foundational data was vulnerable to unauthorized access, modification, and disclosure because of insufficient database controllers, security vulnerabilities, and inadequate monitoring of modifications to crucial data,” the report stated.

It included that inadequate disaster recovery preparation also meant the system was in danger of not being retrieved in a timely fashion in case of a disruptive event.

The analysis in 2019 discovered the department didn’t appropriately monitor access to data, nor changes created. There was likewise 11 third-party seller staff that had complete access to this database and may make changes to data, like titles and lifestyle events.

“The registry wouldn’t know if seller staff had accessed or altered information because there wasn’t any logging or auditing of this database,” the report stated.

“Our follow-up evaluation in 2020 identified that the section has decreased the amount of personnel with complete access to this database and also developed a procedure to track crucial changes made to data in the database”

The safety of digital records had advancement, the Auditor General stated. The report stated the private data within the system isn’t protected through encryption, nor can it be concealed in test environments.

Security flaws identified in 2019 comprised insecure databases, weak passwords, and unprotected private info, which enabled replication.

“Our 2019 audit discovered that the system wasn’t adequately shielded from the risk of cyberattacks,” the report noted, including that the division has since undertaken considerable work to boost its vulnerability management capacities.

The Auditor-General produced a couple of recommendations with four to be finished by June 2021, yet another by December 2021, and the last one, concerning the true change of title procedure, is anticipating legislation to pass before it could be put into place.

“Substantial work was undertaken to enhance the section vulnerability management capacities and database security controls are integrated into the ICT Governance Framework to ensure ongoing review and improvement,” Justice composed in reaction.

It also said it’s also developed an audit procedure to track crucial changes made to data in the database.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This