Section
Cybersecurity
Stop guessing if your data leaked. Here's how to check in 60 seconds.
Seventeen billion compromised accounts sit inside Have I Been Pwned, the free Australian-built breach checker that tells you in under a minute whether your email address was exposed. Here is how it works, what else to use, and what to do after the bad news lands.
ShinyHunters claim 275 million Canvas LMS records, set 12 May leak deadline
The hacking collective ShinyHunters says it has stolen 275 million records from Instructure's Canvas learning platform, naming Australia among affected regions. The vendor has confirmed an intrusion of its Salesforce environment, the second by the same actor in eight months, with a 12 May leak deadline.
BitLocker comes free with every Windows PC. Here is how to set it up.
Windows 11 can encrypt every byte on your hard drive using BitLocker or Device Encryption, and on new PCs it is often turned on before you reach the desktop. The Australian Signals Directorate recommends full-disk encryption for any device handling customer data, and the software is already built into Windows at no extra cost.
The case for end-to-end encrypted email, and the four services that actually deliver it
Three independent providers build proper end-to-end email encryption: Proton Mail, Tuta Mail, and Mailfence. Microsoft 365 with S/MIME sits beside them for compliance-bound enterprises. Everything else is metadata theatre.
Australian households need a real password manager. Two are worth using.
Browser-saved passwords leak, breached vaults like LastPass keep surfacing, and the Australian Cyber Security Centre keeps repeating the same advice. The two managers worth installing today are 1Password and Bitwarden, with Proton Pass close behind for households committed to the Proton suite.
ASIC demands urgent cyber uplift as frontier AI Mythos accelerates threats
ASIC told every licensee on Friday to urgently strengthen cyber resilience, citing risks from frontier AI such as Anthropic's Claude Mythos. Commissioner Simone Constant said the clock is at 'a minute to midnight'.
ACSC warns of ClickFix attacks delivering Vidar Stealer via WordPress
The Australian Cyber Security Center has warned of an active malware campaign that uses fake CAPTCHA prompts on compromised WordPress sites to drop the Vidar information-stealing malware on Australian organisations.
SafePay lists Australian energy management firm Energy Action on leak site
Ransomware crew SafePay has added Australian consultancy Energy Action to its dark web leak site, claiming a breach of the firm that says it manages more than 10 per cent of Australia's commercial energy spend.
More than half of Australian SMEs lack a dedicated security team, Zoho report finds
More than half of Australian SMEs lack a dedicated security team, and one in three confirmed a cyberattack in the past year, a Zoho-commissioned survey of 3,322 IT and security professionals has found.
ShinyHunters breach of Canvas LMS hits Australian schools and universities
Australian universities, state education departments and private schools are among the customers caught up in a global breach of Instructure's Canvas platform. ShinyHunters claims to have taken 3.65 terabytes of data covering 275 million users.
Australia names Cyber Incident Review Board to formalise post-breach lessons
The federal government has named Telstra's Narelle Devine to chair a new Cyber Incident Review Board, formalising no-fault post-mortems of major attacks under the Cyber Security Act 2024. Six other members were appointed from NBN Co, Boeing, Allens, Toll, SA Power Networks and UNSW.
