Top Stories Security
- #CensusFail: IBM Slammed For Failing To Block Puny DDoS Attacks
- Mass Government Surveillance Worldwide Made Possible By NZ Company Endace
- Oracle Issues 253 Security Patches Across 76 Products
- China's Quantum Satellite Could End Data Breaches For Good
- IT Shouldn't Be Solely Responsible For Dealing With Insider Threats
- How Yahoo Totally Blew It On Security
The Australian Cyber Security Centre (ACSC) 2016 Threat Report has some concerning details about the state of Australia’s cyber security. The report highlights the ubiquitous nature of cyber crime in Australia, the potential of cyber terrorism, and the vulnerability of data stored on government and commercial networks. Several factors are driving these vulnerabilities and there is considerable work to do to address them.
Last week, a nine-year old bug was uncovered in the Linux kernel that can give attackers root-level access to machines running the Linux operating system. Because the vulnerability is related to how the kernel handles copy-on-write memory, it has been dubbed ‘Dirty COW’. The security flaw exists on every distribution of the operating system. Devices that use Android, which is based on Linux, are also affected. If you’re running a Linux-based server or using an Android phone, here’s how you can protect yourself against Dirty COW.
IBM and Nextgen have been blaming each other for the failure of Census 2016. Based on today’s Senate Economics References Committee hearing into #CensusFail, it appears both companies were at fault to some extent. Nextgen may have incorrectly implemented geoblocking aimed at mitigating distributed denial of service (DDoS) attacks while IBM acknowledged it should have a real test of its router’s resilience to failure. But Alastair MacGibbon, the Special Adviser to the Prime Minister on Cyber Security, has laid the blame predominantly on IBM for failing to handle relatively small DDoS attacks that shouldn’t have brought down the Census website.
Many wireless keyboard and mice setups connect to computers through a USB dongle and boast that this communication is encrypted. This is to stop hackers from sniffing the wireless connection to monitor keystrokes which can reveal sensitive information including passwords. But at Ruxcon 2016, one security researcher has demonstrated that you can still gain access to a computer using a wireless keyboard, even when the connect is protected by AES, one of the most secure data encryption standards around. No keylogging required.
Cybersecurity experts may be in high demand, but companies are only going to trust certified pros with their online safety. That’s why the Computer Hacker Professional Certification Package is a must-have for any aspiring cybersecurity expert.
A while back quite the kerfuffle was made over Windows 10’s somewhat ambitious telemetry features. If you’re still keen to keep you computer locked down — so to speak — you might want to make sure Microsoft’s Malicious Software Removal Tool also isn’t sending data back to Redmond.
This morning a ton of websites and services, including Spotify and Twitter, were unreachable because of a distributed denial of service (DDoS) attack on Dyn, a major DNS provider. Details of how any the attack happened remain vague, but one thing seems certain. Our internet is frightfully fragile in the face of increasingly sophisticated hacks.