Cryptography is a massive subject, but one that's becoming increasingly important for the average web developer. While you probably don't need to know the intricate details of ciphers or Transport Layer Security (TLS), it can't hurt to be a least somewhat educated. Enter "Crypto 101" — an online, "pre-release" book that will guide you through both the basic and advanced concepts of cryptography.
Over one million Google accounts have been breached after a malware called Gooligan started spreading like wildfire through third-party Android app stores. Compromised accounts are then used to post fake ratings for malicious apps and to download adware onto infected devices. Even enterprise accounts have been affected. Here's how you can check if your Google account has been compromised.
There's a vulnerability that gives any user local admin privileges, equivalent to root on Linux, on Windows 10 machines through a command line interface. This can be done by holding down two keys while the operating system is updating. The bug gives access to a computer's hard drive even if it is encrypted with BitLocker. Here are the details.
Despite increased awareness of cybercrime and potential ramifications of online attacks, Australians continue to have a cavalier attitude towards online security, according to survey of over 1000 local consumers. This attitude carries over into the workplace and can put businesses at risk.
What's surprising is that those who have suffered a cyberattack in the past often continue to engage in unsafe online practices such as sharing passwords. Here are the full details of the survey.
Last week, we reported that the master decryption keys for the Crysis ransomware have been made public. Now security vendor ESET has come out with a free tool to help Crysis ransomware victims recover their files by decrypting them. Here are the details.
A type of denial-of-service (DoS) attack that targets firewalls from a number of vendors including Cisco, Palo Alto and SonicWall was found to have resurfaced earlier this month. Unlike other DoS attacks that rely on pounding machine or network resource with large amounts of traffic, BlackNurse doesn't require much bandwidth at all. Researchers have shown that BlackNurse will work with less than 20Mbps of traffic and is effective even against large enterprise firewalls. For IT administrators who want to test for and mitigate against this kind of attack on their organisation, here are the the instructions.
Australian businesses are a popular target for cybercriminals. When a cyberattack hits, it can be costly for businesses to deal with. BAE Systems has now put a number on just how much it can cost. According to a study by the security vendor, the average cost of a cyberattack for an Australian business is over $622,000. Here are the details of the research.
A new type of Ransomware called Ransoc that appeared earlier this month doesn't lock a victim's files and demand money to have them decrypted. Instead, it scans an infected computer for evidence of child pornography or illegal media downloads through Torrents and attempts to blackmail the user if it does find questionable material. That's not the only thing Ransoc does differently compared to other ransomware families. Here's what you need to know.
Back in May, the developers of a prevalent family of ransomware dubbed TeslaCrypt released its master decryption keys to the public, reducing its threat levels. This made way for newer flavours of ransomware to take over. One of these was the Crysis ransomware, which had recently been found to be targeting Australian and New Zealand businesses.
But Crysis has suffered the same fate as TeslaCrypt; its master decryption keys have been released unexpectedly. Here's what you need to know.
By exploiting a design fault in the Linux boot process that decrypts encrypted hard drives, you can launch a shell with root privileges on the operating system. This security flaw has been confirmed to affect Debian, Ubuntu and Fedora with many other Linux distributions likely to be vulnerable. We have a detailed breakdown of how this vulnerability works and a way to fix the problem on affected systems.
You know a security risk is serious when Mark Zuckerberg starts paying attention. While putting tape over your webcam is one surefire way of making sure no one's watching you on your webcam, you don't have to rely on such primitive methods. There are a couple of apps that can do the job for you.
We often hear the term "engineer" tossed around in job titles for those in the IT space. But drilling down into the subcategory of security, what is the difference between a cybersecurity engineer and a cybersecurity professional? It might sound like the same thing to you but one security pundit insists that there are differences that could affect the employability of workers in this industry.
Google provides a lot of helpful, free services, but they often come at the cost of privacy. You might love Gmail, but you have to suffer through targeted ads; you may enjoy using Google Maps, but you have to give up your location privacy. Signing up for Google's suite of apps almost always involves some degree of data collection, but you should at least try to limit the amount of spying the company performs on you. Here's how you can keep using Google's apps without constantly getting spied on.
Two weeks after we found out that the Red Cross leaked the personal data of 550,000 Australian blood donors, global recruitment firm Michael Page has suffered a similar fate. Around 30GB of raw data from job seekers that submitted their resume and cover letters to the recruitment firm was exposed because database backups were published on a publicly facing web server managed by a third-party IT provider. The personal information found in the backups include current employment details, locations of job applications and email addresses. Here's what you need to know.
There's no such thing as perfect security in the digital world. There are a swathe of hardware and software bugs floating around that compromise the security of these products. In recent years major data leaks have shown us that even big technology companies are vulnerable to security fails. There is an army of security enthusiasts tracking these bugs down, but tension can arise when they report vulnerabilities to technology vendors that may not want security flaws to be exposed to the public, at least not quickly.
There have been many clashes between researchers and vendors, some of which have resulted in legal action against bug hunters. Today, we look at an extremely grey area in IT security: how security vulnerabilities should be disclosed.
Both Microsoft and Google have pushed out their security patches for the month that covers swathe of critical vulnerabilities on Windows operating systems, Office, Edge and Android. Microsoft has patched the zero-day bug reported by Google that caused the two companies to butt heads. Google, however, has yet to fix the serious vulnerability called Dirty Cow, one of the worse Linux privilege escalation bug that has ever been discovered, for Android. Here's what you need to know.