Nearly all security executives anticipate being attacked online this year but nearly half believe their cybersecurity team lacks the resources to address anything beyond simple security issues, according to new ISACA research that reinforces the growing risks posed by an increasingly-expensive cybersecurity climate.
David Braue | 07 Jun | Read more
Cybercriminals have all but abandoned automated exploit kits in favor of tricking people into clicking things to install malware.
Malware authors have been caught designing ransomware code to disable enterprise backup systems that might otherwise help victims recover their files, according to one security-industry research and development head.
David Braue | 06 Jun | Read more
While AI and machine learning are buzzwords, Symantec's Nick Savvides said, during this year's AusCERT conference they have been a big deal in computing circles since the 1950s. But it was in the 1980s when AI came into mainstream thinking a culture. It was movies like War Games and The Terminator, and TV shows like Knight Rider that took this important technology and moved it into mainstream consciousness.
Anthony Caruana | 05 Jun | Read more
AusCERT’s annual conference returned, with experts across a variety of fields echoing concerns about changing legal and technological policies as well as reassessing the role of identity-based perimeters and the dangers posed by the intersection of convenience and trust.
David Braue | 05 Jun | Read more
Shady practices by a Chinese digital marketing firm has left 250 million PCs at risk of being fully comprised.
Christina Camilleri is a security analyst at Bishop Fox, a security consulting firm providing IT security services to the Fortune 500, global financial institutions, and high-tech start-ups. Although she works on the “right” side of the security business, she is not only interested but also highly skilled in penetration testing and red teaming – assuming the role of a hacker in security exercises.
Anthony Caruana | 31 May | Read more
Cisco has warned customers that two of its products are vulnerable to the Samba flaw.
Todd Peterson, from One Identity, delivered the second part of the AusCERT 2017 opening keynote. One Identity may sound like a new business but it’s an offshoot from Dell EMC and Quest Software.
Anthony Caruana | 30 May | Read more
That was the premise of Darren Kitchen and Shannon Morse’s opening keynote at this year’s AusCERT conference. Attended by over 700 delegates from nine countries, they held the audience in their thrall as they discussed how the intersection of convenience and trust has enabled threat actors to break into systems and access data.
Anthony Caruana | 30 May | Read more
One of the last places you’d expect to find a corporate lawyer is a cybersecurity conference. But as the regulatory and legal landscape for businesses change the intersection between policy and technology is widening.
Anthony Caruana | 29 May | Read more
The uncertain security climate created in the wake of the WannaCry ransomware outbreak is becoming the “new normal”, experts warned as the security world pivoted away from the immediate implications of the attack. Analyses flew thick and fast; survival stories were traded; and scammers targeted victims and buried malware in purported fixes for the problem.
David Braue | 29 May | Read more
Fraudsters quickly jump on the WannaCry hype to spread adware and scare victims into paying.
Exuberance over Internet of Things (IoT) technologies has led many businesses to ignore security in rollouts that are overly complex and poorly planned, an IoT specialist has warned as newly released figures hint at the true scope of the burgeoning IoT security threat.
David Braue | 24 May | Read more
Last week was all about WannaCry, the ransomware that piggybacked on a Windows exploit that had originally been developed by the US National Security Agency and was exposed to the world during the recent WikiLeaks hacking dump.
David Braue | 22 May | Read more
A patch for a 'remotely exploitable' flaw in Miele's medical dishwashers revealed in March is available, but hospitals will need to book a time with a Miele technician to install it.
Concerted industry efforts are likely to produce a decryption tool for the WannaCry ransomware attack within months, the head of one vendor’s security team has predicted while warning that the attack’s emboldened creators may be using it as a distraction for other malicious activity.
David Braue | 18 May | Read more
Web sites that updated to 3.7 are vulnerable to an easily exploited critical SQL injection flaw.
As the introduction of Australia’s mandatory Notifiable Data Breaches (NDB) legislation looms ever larger, many companies are limiting their ability to comply with the new rules by erroneously reassigning data-security budget to conventional governance, risk and compliance (GRC) activities.
David Braue | 17 May | Read more
Russia's President Vladimir Putin has called for immediate discussions over government created exploits in response to the WannaCrypt attacks.