IT security is something that organisations can't afford to ignore. With Australia set to introduce mandatory data breach notification laws, the need for local organisations to up their security game is only going to increase. Penetration testers (pen testers) are IT professionals that assume the role of an external or even internal threat to help organisations identify security weaknesses. It's a profession that is in high demand, by employers and job seekers. But what makes a good pen tester? We asked Nuix chief information security officer Chris Pogue.

One in five Australian small and medium businesses (SMBs) have been impacted by a cyberattack, according to a survey by Norton by Symantec.

Last week, a nasty ransomware called FileCoder was found to be targeting Apple Mac users. It was thought that there was no way to unlock any of encrpyted files since the criminals who made the ransomware didn't seem to be keeping any decryption keys. Luckily, it is possible to unlock files that have been encrypted by FileCoder; the catch is that it's a tricky process.

Over two million voice recordings from parents and children along with 800,000 account credentials have been exposed; all because of internet-connected teddy bears and poorly secured MongoDB databases.

Google's Project Zero security research team has found a vulnerability that could lead to remote code execution in Microsoft's Edge and Internet Explorer browsers. This is the fourth Microsoft bug that Google has disclosed in recent months. Microsoft has yet to properly patch three of the security flaws.

Last week we found out about Cloudbleed, a bug on Cloudflare services that resulted in data leakage from a number of websites. Here's a list of websites confirmed to have had data exposed.

CloudFlare, a content delivery network and web security provider used by millions of websites, has admitted that a severe security vulnerability has caused sensitive data to be exposed across a number of different websites. It has been dubbed Cloudbleed and is said to be worse than Heartbleed, a similar bug from 2014. What exactly is Cloudbleed and how could you be affected by it? Let's find out.

The SHA-1 cryptographic hash function may be 22 years old but it's still widely used today to validate Git repositories, document and digital certificates. We already know SHA-1 is insecure - security experts have been banging on about theoretical attacks facilitated by the algorithm for years. Now Google researchers have demonstrated a practical collision attack is possible. Here's what you need to know and why you should care.

A newly found Linux kernel security vulnerability dates back to 2005 and could potentially be exploited for kernel code execution and local privilege escalation. The flaw affects a number of distributions including Red Hat, Debian, OpenSUSE, SUSE and Ubuntu. Here's how to patch this flaw on your Linux systems.

Both security vulnerabilities are yet to be patched. There are a few workarounds for the bugs. Read on to find out more.

Google introduced its Verify Apps cloud-based service in 2012 that will check every application before installation on an Android device for added security against malware and other nasties. It has been regularly updated with new features. Now Verify Apps can remove an application without confirmation from the user if the service finds that it's purely harmful.

IT security professionals are highly sought after worldwide. Like many other companies, Google has been on the lookout for talented IT security professionals and has found Sydney to be a good hunting ground for them.

The second Tuesday of every month is when Microsoft traditionally releases its security updates, affectionately known as Patch Tuesdays. Unfortunately, Microsoft is running late this month because of "last minute issues". Here's what you need to know.

Organisations will soon be legally obliged to disclose data breaches thanks to a new bill that has been passed by the Federal Government. How will these new laws impact your business? Read on to find out more.

Smartphone operating systems generally offer four ways for users to protect their devices: pin codes, patterns, passwords and fingerprint verification. But which one is the most effective when it comes to warding off unwanted individuals from accessing your smartphone? Let's find out.

Last year saw a steep increase in malware distributed through email attachments in phishing attacks but 2017 will be the year of malware exploit kits, according to a report by security vendor Malwarebytes. We take a closer look at malware trends from 2016 and predictions for the year ahead.

Over the weekend, a hacker by the name of Stackoverflowin gained access to 150,000 unsecured and internet accessible printers using an automated script, making the devices print out customised messages. Stackoverflowin said he did it for fun, but it's a good lesson for those who leave their printers exposed. We have some tips on protecting your printer.

A team of researchers claim to have discovered numerous security vulnerabilities in at least 20 network printer models by major name brands. According to the findings, one of the potential exploits could allow hackers to easily steal information that was only intended to be printed as a hard copy.

Not again, Netgear. Another serious security vulnerability has been found on a bunch of Netgear routers. This time around, the bug can expose router login passwords and can be exploited remotely. Here's a list of Netgear routers that are affected and where to get the firmware patches for each of them.