The Office of the Australian Information Commissioner, lead by Timothy Pilgrim received 114 breach notifications last financial year - up from 107 on the year before. Given mandatory notification doesn't start for a few more months, this could be the thin edge of the wedge as companies come to grips with the new regulatory regime.
The WPA2-busting KRACK exploit can be patched. The flaw is serious and potentially effects almost every wireless access point and router in the market. It takes advantage of a vulnerability in the handshake between wireless connection points and client devices. But Apple has said they are testing a patch in the current beta releases of their four operating systems and I expect others to follow,
KRACK - or the Key Reinstallation AttaCK - looks like the new infosec word we all need to know. According to the authors of a paper that will be presented at conference in a couple of weeks, Mathy Vanhoef of KU Leuven and Frank Piessens say they have found a way to circumvent WPA2 security - one of the key tools used for protecting wireless networks. If KRACk proves to be true, all bets are off when it comes to stopping eavesdroppers from listening in to your wireless network.
Most security reports are pretty dull. They tell the same story. The bad guys can get into almost any system, spend weeks or months there, exfitrate data and generally run amok. They use social engineering attacks or exploit vulnerabilities to find their way into networks. But the Carbon Black report, released today focusses on something else - the malware marketplace.
Allegations that Kaspersky's well-known end point security software has been used to provide Russian intelligence agencies with access to sensitive data, potentially creating a backdoor into millions of computers, have been made by The New York Times. With US government agencies already directed to remove the software from computers, the writing is on the wall for the Russian software giant.
We've all seen reports of pacemakers that can be wirelessly manipulated, insulin pumps that can be remotely mis-programmed and autonomous vehicles that have been taken over and gone rogue. And, while for the most part these incidents have been limited in their scope, we have seen some major IoT-related incidents such as the Mirai botnet. With experts forecasting that there will be as many 10 connected devices for every human on the planet by the end of the decade, if we don't get security right now, we could create a world where the hardware we rely on could be used against us.
Cyber security continues to evolve. And while the tools and techniques used by threat actors continue to change, the most important shift has been in the nature of the bad guys. In the past, many hackers were in it for the thrills and for political reasons. But criminal gangs and organised crime have realised cybercrime is a relatively low risk and lucrative business. law enforcement experts MK Palmer from the FBI, Dr Ronald Layton from the US Secret Service and Michael who is formerly from the Department of Homeland Security discussed this at the recent NetEvent Media and Analyst Summit.
Earlier this week, Australia's Foreign Minister Julie Bishop unveiled the new International Cyber Engagement Strategy (ICES). The details of the document are interesting but it sends an important signal to businesses. Cybersecurity is not a technical challenge. It's a challenge that permeates almost everything we do as a nation, at work and in our personal lives.
EFI is the system firmware that loads before your operating system boots or hypervisor starts. If it's compromised then your entire computing platform is under threat. Duo Security has conducted an analysis looking at how Apple manages updates to EFI and how those updates relate to fixing vulnerabilities. The results of their work reveal some interesting issues>
We can all appreciate the convenience of surfing the web on a public connection, but doing so puts you at major risk of having your personal information stolen — unless you have a top-tier VPN service behind you. That's why investing in a security safety vest like VPNSecure is a must if you plan on doing a lot of browsing while on the go, and lifetime subscriptions are on sale for limited time.
Apple's new operating system for computers, macOS High Sierra, is about to arrive and it comes with a nasty little zero day. A security researcher, who used to work for the NSA found the vulnerability that allows an unauthorised party to exfiltrate passwords from the Keychain - Apple's tool for storing passwords and other security information.
According to reports, the Teresa May's government demanded WhatsApp give them access to encrypted messages. That request was flatly denied but it's a topic that may will raise at a meeting being held at the UN. I suspect this is the start of another campaign to undermine the rights of individual privacy by playing the "terrorist use encrypted messaging service card".
Why try to trick you into installing malware when you'll do it voluntarily? That was the tactic used by attackers who infiltrated Avast's servers and planted malicious software into CCleanup 5.33 recently. The malware was detected by Cisco Talos during some routine beta testing of their updated detection engine.