News

Zero-trust

Google enters zero-trust market with BeyondCorp Remote Access offering

Google makes its internal zero-trust access infrastructure available to anyone on a subscription basis as an alternative to VPNs.

Cryptojacking  >  Binary skull, code and bitcoin symbols invade systems as malware

RubyGems typosquatting attack hits Ruby developers with trojanized packages

Attacker targeted Windows systems to hijack cryptocurrency transactions, and was able to evade anti-typosquatting measures.

Scanning for vulnerabilities.

New platform AttackerKB gives defenders more context on vulnerabilities

Real-world input from pen testers and other members of the security community aims to help defenders make better assessments of vulnerability risks.

Detecting phishing attempts  >  A magnifying lens spots a hook trying to catch a fish.

COVID-19 phishing attacks spike, aided by lagging network defences

New Australian government coronavirus relief initiatives plus the lagging implementation of DMARC create greater risk for users.

teach train direct chalkboard math binary

Mathematically-secure Australian seL4 microkernel gains global boost

Support of Linux Foundation will bring embedded-systems developers into military-strength secure ecosystem

A white speech bubble with an email icon indicating a new unread message against a viral background.

Beware malware-laden emails offering COVID-19 information, US Secret Service warns

Many of the emails take advantage of an unpatched, decades-old Microsoft Office vulnerability to deliver malware. Advice: Patch now.

CSO  >  Botnet

New, rapidly evolving IoT botnet Dark Nexus targets wide variety of devices

The sophisticated botnet also has high persistence and is capable of delivering different types of malware in addition to launching DDoS attacks.

A hacker targets a sitting duck  >  easy target / easy pickings / victim targeting

With all eyes on coronavirus, Australia should brace for cyber crime surge

Nation-states likely to use cybercriminal attacks against Australia, others for strategic gain during COVID-19 distraction.

COVID-19 coronavirus / network of vectors

New coronavirus-era surveillance and biometric systems pose logistical, privacy problems

Governments and companies are using biometrics and geolocation to identify and track potential coronavirus victims in the name of public safety.

Zoom video conferencing  >  One user connected via laptop showing a grid of remote participants.

Weakness in Zoom for macOS allows local attackers to hijack camera and microphone

Zoom's use of insecure system APIs allow attackers to elevate privileges as well.

high court of australia

‘Major systemic failure’ on privacy — again — by Federal Court of Australia

Court appears to be ignoring 2017 mandate for regular privacy reviews and its own standards.

CSO  >  danger / security threat / malware / biohazard symbol in data center / servers

Attack campaign hits thousands of MS-SQL servers for two years

Newly discovered Vollgar attack uses brute force to infect vulnerable Microsoft SQL servers at a high rate.

CSO  >  ransomware / security threat

As Australian ransomware toll grows, so do home-working risks

Organisations that delayed patching are especially susceptible to risks from home-based workers

Malicious USB dongle / memory stick / thumb drive with skull icon

Cybercriminal group mails malicious USB dongles to targeted companies

Shown as a proof-of-concept in 2014, this is the first known use of the BadUSB exploit in the wild.

A binary map of china.

Chinese hacker group APT41 uses recent exploits to target companies worldwide

APT41 has compromised devices and applications from Cisco, Citrix and Zoho across many industries worldwide at a time when many companies are less able to respond.

Volunteers / volunteerism  >  A group of business people raises their hands.

Cyber security volunteers protect Australian healthcare in COVID-19 crisis

Inspired by a UK effort, the Australian cyber security professionals will help healthcare organisations and small charities in Australia and New Zealand.

security vulnerabilities such as hackers and cyberattacks

Suspect a DDoS attack? Double-check before you cry foul

Credibility of digital transformation-minded Australian government in tatters after social-benefits website implodes

threat ransomware response

Attacker reveals some of the data stolen from Henning Harders

The ransomware group Maze published 6.5GB of data revealing information on the distributors’ clients, its employees, and other commercial operations.

Social engineering  >  Laptop user with horns manipulates many social media accounts

Virtual security conferences fill void left by canceled face-to-face events

Notable members of the infosec community are creating impromptu but highly popular virtual events using cheap, off-the-shelf tools.

Insider threats  >  Employees suspiciously peering over cubicle walls

How Australian, NZ firms have pivoted to address cyber security threats

Firms have made cyber security more strategic, but struggle to identify the key actual threats in a changing landscape

Load More