Security

0

Google provides a lot of helpful, free services, but they often come at the cost of privacy. You might love Gmail, but you have to suffer through targeted ads; you may enjoy using Google Maps, but you have to give up your location privacy. Signing up for Google's suite of apps almost always involves some degree of data collection, but you should at least try to limit the amount of spying the company performs on you. Here's how you can keep using Google's apps without constantly getting spied on.

2

Two weeks after we found out that the Red Cross leaked the personal data of 550,000 Australian blood donors, global recruitment firm Michael Page has suffered a similar fate. Around 30GB of raw data from job seekers that submitted their resume and cover letters to the recruitment firm was exposed because database backups were published on a publicly facing web server managed by a third-party IT provider. The personal information found in the backups include current employment details, locations of job applications and email addresses. Here's what you need to know.

0

There's no such thing as perfect security in the digital world. There are a swathe of hardware and software bugs floating around that compromise the security of these products. In recent years major data leaks have shown us that even big technology companies are vulnerable to security fails. There is an army of security enthusiasts tracking these bugs down, but tension can arise when they report vulnerabilities to technology vendors that may not want security flaws to be exposed to the public, at least not quickly.

There have been many clashes between researchers and vendors, some of which have resulted in legal action against bug hunters. Today, we look at an extremely grey area in IT security: how security vulnerabilities should be disclosed.

2

Both Microsoft and Google have pushed out their security patches for the month that covers swathe of critical vulnerabilities on Windows operating systems, Office, Edge and Android. Microsoft has patched the zero-day bug reported by Google that caused the two companies to butt heads. Google, however, has yet to fix the serious vulnerability called Dirty Cow, one of the worse Linux privilege escalation bug that has ever been discovered, for Android. Here's what you need to know.

3

The Cerber ransomware may be relatively new but it has already become one of the most popular weapons of choice for cybercriminals looking to extort money by encrypting data on computers and demanding payment to decrypt it. Cerber has matured so much that it's basically run like a franchise but it has evolved even further; it's now targeting databases in hopes of extorting businesses, which are considered more lucrative prey than consumers. Here's what businesses and IT administrators need to know.

0

The Microsoft Enhanced Mitigation Experience Toolkit (EMET) was first released to protect the Windows operating system against software exploits in the wild and has been widely used by large organisations. After seven years, EMET is showing its age and was due to be retired in January next year. But Microsoft has pushed EMET's end of life date back by 18 months based on customer feedback. Here's what you need to know.

1

Tech support scams often come in the form of annoying pop-up adds that claims your computer is busted or infected by some awful virus that you can fix by calling a dodgy phone number. These kinds of scams aren't new but now scammers can make it look like there's really something wrong with your computer, making them much more convincing. Here's what you need to know.

0

A critical vulnerability has been discovered that lets attackers gain root access through compromised MySQL-based database systems. It affects MySQL, MariaDB and PerconaDB which are all immensely popular with organisations big and small. Here's what you need to know about this privilege escalation bug.

4

Earlier this week, Google disclosed a critical vulnerability in Windows that Microsoft has yet to issue a fix for. Microsoft has hit back at Google, criticising the company for releasing details of the security bug prematurely. The bug was disclosed by Google just seven days after the company raised it with Microsoft.

2

What would you lose if your computer went into meltdown without warning? If it died today, how much data would your contingency plan actually save? As the adage goes, you can never be too prepared. What you need is a comprehensive backup plan that covers all the bases. We explain how to plan for the worst.

1

The Australian Cyber Security Centre (ACSC) 2016 Threat Report has some concerning details about the state of Australia’s cyber security. The report highlights the ubiquitous nature of cyber crime in Australia, the potential of cyber terrorism, and the vulnerability of data stored on government and commercial networks. Several factors are driving these vulnerabilities and there is considerable work to do to address them.

4

Updated 27/10/16: Last week, a nine-year old bug was uncovered in the Linux kernel that can give attackers root-level access to machines running the Linux operating system. Because the vulnerability is related to how the kernel handles copy-on-write memory, it has been dubbed 'Dirty COW'. The security flaw exists on every distribution of the operating system. Devices that use Android, which is based on Linux, are also affected. If you're running a Linux-based server or using an Android phone, here's how you can protect yourself against Dirty COW.

7

IBM and Nextgen have been blaming each other for the failure of Census 2016. Based on today's Senate Economics References Committee hearing into #CensusFail, it appears both companies were at fault to some extent. Nextgen may have incorrectly implemented geoblocking aimed at mitigating distributed denial of service (DDoS) attacks while IBM acknowledged it should have a real test of its router's resilience to failure. But Alastair MacGibbon, the Special Adviser to the Prime Minister on Cyber Security, has laid the blame predominantly on IBM for failing to handle relatively small DDoS attacks that shouldn't have brought down the Census website.

4

Many wireless keyboard and mice setups connect to computers through a USB dongle and boast that this communication is encrypted. This is to stop hackers from sniffing the wireless connection to monitor keystrokes which can reveal sensitive information including passwords. But at Ruxcon 2016, one security researcher has demonstrated that you can still gain access to a computer using a wireless keyboard, even when the connect is protected by AES, one of the most secure data encryption standards around. No keylogging required.