Qantas Breach, Ingram Ransomware, and Who’s Watching You

📬 This Week’s Clickables

• 🚨 Major Breaches & Incidents — Qantas’ call‑centre data hack, Ingram Micro ransomware outage

• 🌐 APTs — Iranian low‑level activity, Pakistan’s APT36 targeting telco/government

• 🏢 Government & Corporate Hacks — SEC–SolarWinds settlement, Japan threat spike

• 🕵️ Privacy Watch — Temu spyware lawsuits, Meta's covert Android tracking, Google’s location-data trial

• 🕛️ Mitigation & Best Practices — Tailored defenses for each headline

• 🔁 Story Follow‑Up — Updates on Scattered Spider and Israeli IoT exploits

🚨 Major Breaches & Incidents

• Qantas Call‑Centre Hack Affects 6 Million
  A third-party contact centre breach exposed names, birthdates, emails, phone numbers, and frequent flyer data for up to 6 million customers. Credit card and passport data weren’t impacted. Qantas is working with AFP, stands down the incident, and fields ransom inquiries.
  👉 Reputational fallout tops crisis priorities.

• Ingram Micro Outage Tied to SafePay Ransomware
  The global IT services distributor suffered a ransomware-caused outage starting July 3. Affected internal systems disabled, law enforcement alerted, restorations underway. SafePay gang claimed responsibility; supply chain impact unknown.
  👉 Supplier-based ransomware = client-wide ripple effects.

🕵️ Advanced Persistent Threats

• Iran‑Linked Low-Level Cyber Attacks Continue
  Despite the truce, U.S. agencies warn of persistent low-tier Iranian cyber activity—spam, credential stuffing, minor DDoS—against financial and critical infrastructure sectors.
  👉 Keep watch on clean-up and credential alerting.

• APT36 Deploys RAT Campaigns Against Indian Telecom & Gov
  The state-backed APT36 group is active against Indian government and telecom assets using Ares RAT and exploited open JDWP ports to deploy malware undetected.
  👉 Lock down open debug interfaces and audit outbound traffic.

🏢 Government & Corporate Hacks

• SEC Reaches Tentative Settlement with SolarWinds & CISO
  In a landmark move, the SEC has tentatively settled its lawsuit over the 2020 Sunburst breach, including personal charges against the SolarWinds CISO. The case is paused until Sept 12.
  👉 This may redefine breach accountability for security execs.

• 1 in 3 Japanese Companies Reported Attacks in June
  Japan’s cybersecurity agency says 32% of surveyed firms suffered attacks last month. Phishing, ransomware, and credential theft topped the list.
  👉 Threat volume is rising across Asia—watch your supply chain links.

🕵️ Privacy Watch

• Temu Sued for Alleged Spy‑ware Data Collection
  Nebraska AG alleges Temu collects biometric, location, and device data—including from kids—and shares it abroad. South Korea fined the company ~$982K for data-transfer violations.
  👉 Privacy by default trumps convenience.

• Meta's Android Apps Covertly Tracked Browsing
  Facebook/Instagram reportedly exploited localhost ports to monitor web activity, bypassing incognito modes and user settings.
  👉 Use privacy browsers, remove apps, clear cookies.

• Google's Location‑Privacy Trial to Proceed
  A federal lawsuit accuses Google of collecting location data even after users disabled tracking; trial starts August 18. Separate state jury has already awarded $314M for cellular data misuse.
  👉 Default “off” may not mean off.

• AT&T Launches SIM‑Swap Protection Feature
  AT&T now offers an optional Wireless Account Lock to block SIM‑swap attacks; T‑Mobile, Verizon, and Google Fi already support similar protections.

➿ Story Follow-Up

• Scattered Spider Airlines Campaign Intensifies
  Airline attacks continue; FBI confirms credential targeting and social engineering as entry vectors.

• Israeli IoT Camera Exploits — Remote Deactivations Begin
  Following military camera misuse, Israeli regulators authorized forced deactivation of public-facing unsecured cams.

🧭 Mitigation & Best Practices

Thanks for reading this week’s edition. Like what you see? Forward it!

Hate everything you see or have other feedback? Reply back to this email!