Chrome versus IE and Edge: which is more secure for enterprise?
Google releases two third-party white papers to show why Chrome is more secure than Internet Explorer 11 and Microsoft Edge in the enterprise.
Social Engineering — News
The week in security: Data breaches are pushing down victims’ share prices
A growing spate of share-price declines is showing a correlation between data breaches and real financial damage – something that will catch the attention of even the most cynical board members.
David Braue | 18 Sep | Read more
Hope is not a security strategy – which is why AI is no longer optional
Good information-security personnel have become harder and harder to find – and that is making it harder to mount an effective defence against ballooning volumes of security alerts.
David Braue | 08 Sep | Read more
Phishers hit Office 365 users from legitimate accounts
Phishers are targeting Office 365 users in what appears to be an attempt to soften a target for major financial fraud.
As ransomware evolves, businesses are rapidly becoming favoured targets
Ransomware that targets specific businesses and spreads itself using worm-like techniques were game changers this year as ransomware authors shifted focus to the business community in attacks that now cost an average ransom of $US544 ($A684) per endpoint, new research has warned.
David Braue | 02 Sep | Read more
WikiLeaks Vault 7: CIA’s stealthy Angelfire Windows malware
Angelfire is the twenty second malware WikiLeaks has revealed since March.
Aussie authentication pioneer TokenOne is off to the US – but not for capital
It may have just signed onto a development partnership with a key US cybersecurity consortium, but Australian multi-factor authentication (MFA) contender TokenOne is still prioritising local capital investment as part of a strategy to keep its burgeoning business grounded firmly on our shores.
David Braue | 29 Aug | Read more
Attackers experimenting with CVE-2017-0199 in recent phishing attacks
Researchers at Trend Micro and Cisco's Talos have identified a new wave of phishing attacks leveraging CVE-2017-0199, a previously patched remote code execution vulnerability in the OLE (Windows Object Linking and Embedding) interface of Microsoft Office.
Steve Ragan | 16 Aug | Read more
The week in security: If Sweden can be breached, you can too
The accidental mass leakage of Swedish drivers’ personal details caused red faces amongst that country’s government, providing fodder for hackers that have become highly effective in dreaming up new ways to generate profit.
David Braue | 31 Jul | Read more
Changing motivations have made profit-minded hackers a clear and present danger
Hacking for fun and profit? Not so much; these days it’s mostly just about profit.
David Braue | 24 Jul | Read more
Social engineering: How your employees are helping attackers steal your data
All the security defences in the world are worth nothing if employees compromise them
David Braue | 21 Jul | Read more
Will humans ever learn to be secure?
Despite all the investment in cybersecurity technologies, all the hiring of technical experts, all the millions spent on expensive security consultants, today’s businesses have made little progress resolving what remains the biggest paradox of information security.
David Braue | 21 Jul | Read more
Elon Musk’s top cybersecurity concern: Preventing a fleet-wide hack of Teslas
Tesla is working to make sure a fleet-wide attack can't occur, Musk told attendees at the National Governors Association
Hacker allegedly stole $7.4 million worth of Ether in 3 minutes
While there is a general consensus that the Knightscope security robot in Washington, D.C., committed suicide on Monday, the same everyone-agrees-opinion is not true for the $7.4 million heist of the cryptocurrency Ether that happened on the same day.
Top 10 phishing email subject lines that launch ransomware
Give this list to your employees, then go phish yourself
Steve Morgan | 19 Jul | Read more
App and Web usage soften as encryption, data volumes challenge security
Mobile malware accounted for nearly 1 in 10 malware strains detected during the first quarter, Fortinet has warned on the back of research findings that also suggested that a similar proportion of companies had been hit by ransomware during the quarter.
David Braue | 14 Jun | Read more
AusCERT 2017 - Red teaming to make your security response stronger
Red teaming is a well-known tool for improving your resilience to a cyber-attack. The idea is you have a team of people, either internal experts or internal people learning the craft with the support of external partners such as penetration testers, who play the part of hackers trying to infiltrate your organisation and execute a cyber-attack.
Anthony Caruana | 09 Jun | Read more
Australian businesses should use ASD Essential Eight as a roadmap for proactive security
Any company operating a multi-storey office building would develop painstaking fire escape plans, and any hospital would develop backup plans detailing how it could operate in the event of a power failure. So, if responsible businesses are actively addressing these risks, why are so many companies still failing to lay down detailed plans for dealing with a cybersecurity incident?
David Braue | 08 Jun | Read more
AusCERT 2017 - How to break a social network and make a career?
The story of how Samy Kamkar made his reputation in information security is the stuff of legend. After getting his first computer as a ten year old, he started exploring the Internet through message boards, IRC, gaming and creating hacks and cheats for the games, before moving on to other forms of online activity.
Anthony Caruana | 01 Jun | Read more
White hat hackers hope to crowd-source a $20k Shadow Brokers subscription
Security researchers are pressing ahead with a problematic plan to pay for access to monthly dumps from the murky Shadow Brokers operation.