Securing voice communications
Over the years numerous types of secure voice communications have been attempted, all with varying results. Some have been extremely successful, while others have become shorthand for badly implemented ideas.
SOCs spend nearly a quarter of their time on email security
Email security continues to be a significant challenge for the Security Operation Centers (SOCs); research from Avanan, a cloud email security vendor, on the state of email security shows. An
Enhancing protection of Australian critical infrastructure
New and enhanced security obligations At the lower end of the scale, the expanded list of critical infrastructure entities will be subject to the existing range of powers, functions and
Engineering a Twitter spearphishing bot from machine learning
The term bot is derived from a web robot. A web robot is a type of software that can perform automated tasks over the internet and it is enhanced with
HelloKitty: The ransomware affecting CD Projekt Red and Cyberpunk 2077
HelloKitty is one of the recent ransomware samples used to compromise CD Projekt Red and Cyberpunk. The name HelloKitty comes from the group that attacked CD Projekt Red and Cyberpunk
Introduction to Secure Software Development Life Cycle
The software development life cycle has seen many modifications and adjustments since it gained prominence in the 1970s. The developing needs of the end-users combined with the evolving nature of
Security awareness manager: Is it the career for you?
From managing data protection compliance to threat hunting, the field of cybersecurity offers a wide variety of career paths. If education is your passion and you have a knack for
Whitespace obfuscation: PHP malware, web shells and steganography
Web shells are malicious entry-points used by crooks to interact with the server-side and execute commands remotely. In recent years, these kinds of web-based, shell-like interfaces have been improved and
What is endpoint protection and security?
If you do a random search on the web for endpoint security, you will see thousands of hits coming back from hundreds of vendors saying endpoint security is the most
3 sales best practices used in ransomware (and what we can learn from them)
As with every opportunistic salesman, the cybercriminals behind one of the fastest growing online scams and cyber attacks, ransomware, are willing to do whatever it takes to maximize their return
CyberCX Security Report | June 2021
Read the full story Microsoft is warning it has uncovered a new spearphishing campaign by the same hacking group believed to be behind the devastating SolarWinds supply chain attacks. They
Australia & New Zealand Retail and eCommerce Industry Threat Report
The Retail Industry’s cyber security landscape was reshaped by COVID-19 and the accelerated uptake of eCommerce platforms. This transition from traditional ‘bricks and mortar’ stores was necessary to ensure business
Role of digital signatures in asymmetric cryptography
Encryption and decryption Encryption is the process of converting plaintext to encrypted text. Since encrypted text cannot be read by anyone, encrypted text hides the original data from unauthorized users.
Reflections in the wake of RSA 2021: Cyber resiliency
Security Magazine | Reflections in the wake of RSA 2021: Cyber resiliency | 2021-06-01 | Security Magazine This website requires certain cookies to work and uses other cookies to help
Risks of preinstalled smartphone malware in a BYOD environment
The bring-your-own-device (BYOD) trend has been growing for many years, but the wider adoption of a remote or hybrid workforce in a post-COVID world may create an influx of personal
DreamBus Botnet: An analysis
A new variant of the SystemdMiner threat dubbed DreamBus is impacting Linux servers around the globe to mine cryptocurrency. Linux servers serve an important role in cloud-based infrastructures. This operating
What’s New at OffSec – May 2021
Discord Server Updates Server Statistics It’s been nearly a month since we’ve migrated the community from our Rocket.chat self-hosted platform to Discord. Before Rocket.chat closed, we had roughly 8200 users
Project Launch : Tracking Browser Security Enhancements
TL;DR: NotSoSecure is releasing a new project to track security enhancements or downgrades in browsers: https://notsosecure.github.io/browser-security-enhancements/ Introduction Our lives have been slowly moving from desktop applications to browser-based applications and
How to run a software composition analysis tool
Protecting your organization’s website from cyberthreats is important. Websites and data servers hold important information, after all. One way to project your website is by utilizing a web application security tool.
How to run a SAST (static application security test): tips & tools
There are a number of different was to test the security of web applications, such as: Dynamic application security testing (DAST) Interactive application security testing (IAST) Static application security testing
How to run an interactive application security test (IAST): Tips & tools
There are several popular approaches to testing and securing websites, including: Dynamic application security test (DAST) Interactive application security test (IAST) Static application security test (SAST) Software composition analysis (SCA)
How to run a dynamic application security test (DAST): Tips & tools
Since a website serves as a means to represent an organization, it is imperative to protect them from attackers and safeguard them from various cyberattacks. Also, all the confidential data
Introduction to SIEM (security information and event management)
Security information and event management (SIEM) is a software system that collects and aggregates data and events from various networking devices and resources across IT infrastructure. At present, the SIEM
Best practices for endpoint security: 5 trends you can’t afford to ignore
Endpoint security is the protection of endpoints or end-user devices, such as desktops, laptops, mobile devices, servers and IoT devices from malicious attackers and accidental damage. Modern endpoint protection systems
Phishing attacks doubled last year, according to Anti-Phishing Working Group
Historians will look back at the year 2020 as being not only the year that COVID-19 impacted life significantly, but also the year that phishing attacks doubled over the previous
Introduction of Recently Retired OSCP Exam Machines in PWK Labs
Over the years our Penetration Testing with Kali Linux (PWK) course, previously known as Pentesting with BackTrack (PWB), has earned a reputation of being the de-facto standard for educational content
Introduction to Kubernetes security
Kubernetes is the most popular container orchestration platform. It is offered as a service by every major cloud service provider. Google Cloud, AWS and Azure have the GKE, EKS and
Kobalos malware: A complex Linux threat
Kobalos is a piece of malware that is often found attacking Unix-like systems. The malware was recently discovered by the ESET team. Its name is based on the tiny code
VPNs and remote access technologies
Being able to spread a single network across multiple locations has been critical for both individuals and organizations. While dedicated point-to-point circuits are highly secure, they are extremely expensive and
What is Operation Dream Job by Lazarus?
The Lazarus Group (aka Hidden Cobra) is a threat actor group that has been attributed to the Democratic People’s Republic of Korea (DPRK). The Lazarus advanced persistent threat (APT) group
The Phish Scale: How NIST is quantifying employee phishing risk
With the relatively recent uptick in phishing around the globe (due in part to Covid-19 and other factors), experts at the National Institute of Standards and Technology (NIST) have been
SecOps: Tips for reducing open source vulnerabilities
Trend Micro – SecOps: Tips for Reducing Open Source Vulnerabilities Cloud Native Check out this infographic to gain insight on enabling a strong DevSecOps culture by ensuring open source code
CyberCX Cyber Dialogue: In conversation with Tim Watts MP with Alastair MacGibbon.
This instalment of our Cyber Dialogue webcast series features Shadow Assistant Minister for Cyber Security Tim Watts MP in conversation with CyberCX Chief Strategy Officer Alastair MacGibbon. In this fascinating
Binary Reuse of VB6 P-Code Functions
Avast – Reusing binary code from malware is one of my favorite topics. Binary re-engineering and being able to bend compiled code to your will is really just an amazing
eXtended Flow Guard Under The Microscope
Microsoft seems to be continuously expanding and evolving its set of security mitigations designed and implemented for Windows 10. In this blog post, we’ll examine an upcoming security feature called
The ROI of security awareness training
For organizations that have experienced a data breach or ransomware attack, the benefits of security awareness training couldn’t be more clear. But for organizations that only run security awareness training
Container Security First Steps: Image and Registry Scanning
Trend Micro – Companies are adopting cloud-first development to improve application deployment speed and cohesion, and containers have become an integral part of this modern software. Similar to a hardware
CyberCX 2021 Budget Analysis
After experiencing one of the most challenging years in living memory, Australia has a unique opportunity to emerge from the pandemic-induced global recession in a strong position relative to comparable
20 popular wireless hacking tools [updated 2021]
Wireless networks are common in enterprise environments, making them a prime target for penetration testers. Additionally, misconfigured wireless networks can be easily cracked, providing penetration testers with a great deal
Insider threat report: Tesla employee thwarts $1 million bribery attempt
Tesla’s insider threat The specter that is the insider threat is alive and well and can still pose cybersecurity challenges that may go overlooked. One angle of the insider threat
CVE-2021-1815 – macOS local privilege escalation via Preferences
Apple recently fixed three vulnerabilities in macOS 11.3’s Preferences. Although we also reported the vulnerability, it was first found by Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020). Here we presentour
13 popular wireless hacking tools [updated 2021]
Wi-Fi is prevalent. Many of these wireless networks are password-protected, and knowledge of the password is required to get online. Wireless hacking tools are designed to help secure and attack
Exploitation in the time of COVID
Security Magazine | Exploitation in the time of COVID | 2021-05-05 | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the
Sparrow.ps1: Free Azure/Microsoft 365 incident response tool
Because of the growing popularity and adoption of cloud computing including software-as-a-service (SaaS) applications amongst consumers and organizations, there has been an increasing number of attacks involving Microsoft Office 365
Smart Toys and Their Cybersecurity Risks: Are Our Toys Becoming a Sci-Fi Nightmare? [updated 2021]
In the “Living Doll” episode of “The Twilight Zone,” a lifelike doll named Talky Tina turned rogue and terrorized a family. This nightmare scenario of out-of-control toys is sometimes portrayed
What’s New in ATT&CK v9?
Jamie WilliamsApr 29 · 6 min read By Jamie Williams (MITRE), Jen Burns (MITRE), Cat Self (MITRE), and Adam Pennington (MITRE) As we promised in the ATT&CK 2021 Roadmap, today
Intel CET In Action
As part of our continuous update cycles for our Advanced Windows Exploitation (AWE) class, we examine each new security mitigation and ensure we understand how it works and how it
5 reasons to implement a self-doxxing program at your organization
Human beings are social animals, and most of us like to connect with others. In doing so, we tend to share personal data. In an age where that personal data