Unsecured web browsers are a key vector used by malware distributors and threat actors. So, it's unsurprising that browser developers are constantly looking for ways to protect users. If you're a member of Microsoft’s Enterprise business service and are in the Fast Ring test group then you'll get access to Windows Defender Application Guard. This is a sandbox that keeps the browser window isolated from the rest of your computer's resources.
AMT, or Active Management Technology, is an Intel technology, that combines hardware and firmware used for maintaining and updating systems. Last week, Intel issued a security advisory for their server-based products that said AMT could be exploited and give unauthorised parties access to a number of processor features. Analysis at SSH Communications Security says this is a very serious issue and that owners of affected systems should disable AMT. Consumer systems are not affected.
The EU recently passed a new set of privacy regulations protecting the rights of individuals and giving them control over the PII held by companies operating in the EU. The General Data Protection Regulation (GDPR) is a new regulation created by the European Parliament. It was adopted on 27 April 2016 and applies from 25 May 2018, with the next two years declared a transitional period for businesses to get ready.
It's Star Wars Day. And that means celebrating the fall of the Empire and the Rebel's victory, short-lived as it might have been, of the Alliance. But while we often focus on the Jedi's use of the Light Side and the military tactics of the Rebels, we forget that their strategic and tactical victories came because of their skills as master hackers. And if you've not seen any of the Star Wars movies, spoilers follow!
Check Point's malware research team has detected a new strain of malware. OSX/Dok (or OSX.Dok) affects all versions of OSX and is signed with a valid developer certificate authenticated by Apple (which has been revoked since the malware's discovery). It is the first major scale malware to target OSX users via a coordinated email phishing campaign.
Ever since Bill Gates launched the Trustworthy Computing strategy at Microsoft, the software company has done a good job at addressing security issues in a timely manner. Regular patching, complemented by out-of-cycle releases when critical issues are detected and resolved are now commonplace. So when news broke that it took Microsoft nine months to fix a serous flaw, it was something of a surprise to me.
Lenovo has issued a security advisory notifying customers that the initialisation tool shipped on a USB stick for the Lenovo V3500, V3700 and V5000 Gen 1 storage systems manufactured by IBM comes a file that has been infected with malicious code.
Late last week, the commissioner of the Australian Federal Police revealed that an officer has accessed the personal metadata of an Australian journalist as part of an investigation into that reporter’s sources for a story about the AFP. While Commissioner Colvin put it down to "human error” there is far more to this. What we have seen in this specific case is a complete breakdown of the protections we deserve as private citizens.
The recent HipChat breach served as a timely reminder — always be vigilant when it comes to site security. Sadly, some companies are a little... loose when it comes to hardening their online presence and others even go to the extreme of — unintentionally — handing the bad guys the keys. Here are some examples that'll have you wincing in your chair.
DDoS attacks aren't a new thing. But an new type of service denial attack is appearing. Permanent Denial of Service (PDoS) attacks infiltrate unsecured devices and corrupt them so that they are made useless. While an epic pain in the butt for the owners of attacked devices, PDoS removes devices from the Internet that could be used in botnet attacks like last year's Mirai incident.
Now that Australian ISPs are officially required to collect metadata about customers communications, you may need to take online privacy into your own hands — and VPNs are the best way to do it.
Virtual Private Network (VPN) software effectively encrypts your online activity to help you surf the web free from the prying eyes of eavesdroppers. VPNs come in all shapes and sizes with their own unique strengths and weaknesses. Let's take a look.
Decent VPN software is a must these days if you are concerned with privacy and security. I never connect to a public WiFi network if I can avoid it. But if I have to, then I use a VPN service to protect myself. Wangle is an Australian made VPN app and service that had its origins in network optimisation. I chatted to their CEO, Sean Smith, and CTO Cam Worth about the company and their new mobile VPN product.
Two-factor authentication is often touted as a great tool for thwarting threat actors who steal or guess account credentials in order to break into systems. Microsoft Authenticator is a new app for iOS, Android and Windows Phone that ditches passwords for Windows log-ins with one-time passcode that are delivered to your smartphone.
Australia’s data retention laws became compulsory yesterday, which means all telcos and internet service providers must now retain their customers' metadata for two years. This is supposed to assist law enforcement agencies in their war against homegrown terrorists and other criminals — but it arguably comes at the expense of normal Australians' privacy. Attempting to avoid these laws and send messages "off the gird" isn't easy, but it remains possible. Dr Philip Branch from the Swinburne University of Technology explains what you need to know.
With yesterday's news that notorious spammer Severa has been arrested in Spain, I was wondering what sort of sentence he can expect if he is found guilty of spamming and hacking crimes. Here's a look at five famous hackers and how they paid for the crimes.