Joomla 3.7 exposed to easily exploitable bug, WordPress patches too
Web sites that updated to 3.7 are vulnerable to an easily exploited critical SQL injection flaw.
Security Awareness — News
“There won’t be a more passionate advocate” for Australian security innovation, new ACSGN head vows
A recent high-profile win for Australian security stalwart MailGuard – which was last month designated as a ‘critical’ security partner by Microsoft – is the kind of recognition that Australia’s burgeoning community of innovative startups deserve to see more of, the head of the country’s new cybersecurity commercialisation arm has said as he gears up to hit the ground running.
David Braue | 06 Dec | Read more
Industry collaboration is filling the gaps in the enterprise security defence
Information security has long been a competitive industry, but growing recognition of today’s multi-faceted security threat is driving security specialists to a new partnership model that reflects a very simple truth: if cybercriminals are joining forces to attack their victims, the industry needs to do the same.
David Braue | 30 Nov | Read more
STEM needs highlighted as Australian millennials’ cybersecurity awareness continues to lag
Young Australians are among the least prepared to enter the cybersecurity profession amongst their peers in 11 other countries, according to a new survey of millennial attitudes towards cybersecurity careers.
David Braue | 08 Nov | Read more
Ashton Kutcher, the battle between convenience and security: Intel Security Focus 16
Ashton Kutcher is best known as an actor and producer, but he is also a successful tech investor having taken stakes in companies such as Airbnb, Foursquare, Meerkat, Spotify and Uber.
Stephen Withers | 08 Nov | Read more
Blockchain, IOT pose risk and security headaches if privileged accounts aren’t controlled
Blockchain distributed-ledger technology is opening up new frontiers for financial services and other companies, but security specialists are pushing for early action on both blockchain and related account-management technologies to avoid the punishing security breaches being seen due to Internet of Things (IoT) shortcomings.
David Braue | 25 Oct | Read more
IoT, health and other data creates massive value
With about five billion IoT devices connected today, with growth expected to reach 25 to 38 billion over the next five years it's clear something needs to be done to arrest the threat of billions of devices being recruited for nefarious purposes.
Anthony Caruana | 25 Oct | Read more
Protecting your reputation following a data breach
Data breaches are inevitable and waiting for a breach to occur before designing an incident response plan is a recipe for failure. It’s a question of when the breach will occur and how you will respond, not if you will be breached. 100% prevention simply doesn’t exist, so having a plan to deal with a security breach is now more important than ever. You probably already have an incident response plan from a technical perspective. Phrases such as preparation, identification, containment, eradication and lessons learned.
Wayne Tufek | 15 Sep | Read more
Twitter suspends accounts that lured ISIS supporters to install spyware
Twitter has suspended at least two accounts that were spreading links to spyware aimed at people who sympathise with terrorists.
As networks evolve, visibility remains key to managing IT-security risk in business terms
Information security's roots in IT have traditionally left CIOs and CISOs wrestling to contain the business risks it creates, but growing board and C-level involvement in cybersecurity is reshaping that tradition as business guidance holds cybersecurity practitioners to new standards of governance and risk management.
David Braue | 29 Jun | Read more
Huawei beats Samsung and all Android rivals on security patching
Samsung may dominate worldwide smartphone sales, but Huawei is doing a far better job of keeping its smartphones secure by one measure.
Ransomware explosion is the latest security wakeup call for CxOs
The massive data breach of US retailer Target was a wakeup call for senior business executives too often disengaged with cybersecurity issues, but surging ransomware attacks are honing CxOs' attention on the need for automated analytics tools to detect security breaches as they happen – rather than months later, or not at all.
David Braue | 16 Jun | Read more
Don't let the cloud obscure the view of your enterprise security
The rush to embrace cloud computing may be the defining trend of the decade, but businesses thinking public-cloud adoption relieves them of their information-security obligations should think again – and remember just what it takes to keep on top of an expanding hybrid enterprise infrastructure.
David Braue | 10 Jun | Read more
Authentication authority. Access security authority. Identity intelligence authority
These terms should look familiar. They're similar to the common terminology used to discuss the identity and access management (IAM) infrastructure, but something is different.
Pam Dingle | 30 May | Read more
Next-Gen Honeypots – welcome to tactical diversion-driven defence
Anyone worth their infosec salt knows about honeypots – decoys that are placed within a network so that would be hackers easily find and exfiltrate worthless information. You might have a spreadsheet called “user_accounts.xlsx” sitting in a relatively unprotected fileshare that distracts adversaries from your real crown jewels.
Anthony Caruana | 14 Apr | Read more
CSO Threat Intelligence Survival Guide
If enterprises want to understand how they can better invest in security defenses, build the necessary processes to respond to attacks, and mitigate the risks of a breach they need to get threat intelligence right.
George V. Hulme | 04 Apr | Read more
The week in security: How Catholic Education secures SA schools; FBI cops heat on iPhone hacks
Australian online-classified site Gumtree was hacked and used to spread malware via online display ads, while a large US healthcare provider was shut down after a malware infection and only partially recovered days later.
David Braue | 04 Apr | Read more
Cybercriminals exploiting Australia for attacks as malware diversity explodes
A growing number of cybercriminals are using Australia as a launchpad for malware attacks on other countries, according to new statistics suggesting Australia-based attacks doubled during 2015 – putting the country in the top 10 global hosts for suspicious URLs, malicious IP addresses and phishing sites.
David Braue | 24 Feb | Read more
CSOs must take initiative to boost CEOs' security buyin: survey
Despite growing recognition of their importance in mounting an effective cybersecurity defence, industry research has suggested that fully one-third of CEOs and 43 percent of management teams are not regularly briefed on cybersecurity.
David Braue | 14 Dec | Read more
Hack-proof drones offer antidote for IoT security “naiveté”: NICTA researcher
Granular, mathematically-proven security controls built into NICTA's military-grade seL4 operating system will provide a model for countering the “naiveté” of Internet of Things (IoT) developers favouring functionality over security, the head of the organisation's Data61 research program believes.
David Braue | 12 Oct | Read more