IT security is something that organisations can't afford to ignore. With Australia set to introduce mandatory data breach notification laws, the need for local organisations to up their security game is only going to increase. Penetration testers (pen testers) are IT professionals that assume the role of an external or even internal threat to help organisations identify security weaknesses. It's a profession that is in high demand, by employers and job seekers. But what makes a good pen tester? We asked Nuix chief information security officer Chris Pogue.
Tagged With secured
Last week, a nasty ransomware called FileCoder was found to be targeting Apple Mac users. It was thought that there was no way to unlock any of encrpyted files since the criminals who made the ransomware didn't seem to be keeping any decryption keys. Luckily, it is possible to unlock files that have been encrypted by FileCoder; the catch is that it's a tricky process.
Google's Project Zero security research team has found a vulnerability that could lead to remote code execution in Microsoft's Edge and Internet Explorer browsers. This is the fourth Microsoft bug that Google has disclosed in recent months. Microsoft has yet to properly patch three of the security flaws.
Last week we found out about Cloudbleed, a bug on Cloudflare services that resulted in data leakage from a number of websites. Here's a list of websites confirmed to have had data exposed.
CloudFlare, a content delivery network and web security provider used by millions of websites, has admitted that a severe security vulnerability has caused sensitive data to be exposed across a number of different websites. It has been dubbed Cloudbleed and is said to be worse than Heartbleed, a similar bug from 2014. What exactly is Cloudbleed and how could you be affected by it? Let's find out.
The SHA-1 cryptographic hash function may be 22 years old but it's still widely used today to validate Git repositories, document and digital certificates. We already know SHA-1 is insecure - security experts have been banging on about theoretical attacks facilitated by the algorithm for years. Now Google researchers have demonstrated a practical collision attack is possible. Here's what you need to know and why you should care.
A newly found Linux kernel security vulnerability dates back to 2005 and could potentially be exploited for kernel code execution and local privilege escalation. The flaw affects a number of distributions including Red Hat, Debian, OpenSUSE, SUSE and Ubuntu. Here's how to patch this flaw on your Linux systems.
Google introduced its Verify Apps cloud-based service in 2012 that will check every application before installation on an Android device for added security against malware and other nasties. It has been regularly updated with new features. Now Verify Apps can remove an application without confirmation from the user if the service finds that it's purely harmful.
IT security professionals are highly sought after worldwide. Like many other companies, Google has been on the lookout for talented IT security professionals and has found Sydney to be a good hunting ground for them.
Over the weekend, a hacker by the name of Stackoverflowin gained access to 150,000 unsecured and internet accessible printers using an automated script, making the devices print out customised messages. Stackoverflowin said he did it for fun, but it's a good lesson for those who leave their printers exposed. We have some tips on protecting your printer.
Not again, Netgear. Another serious security vulnerability has been found on a bunch of Netgear routers. This time around, the bug can expose router login passwords and can be exploited remotely. Here's a list of Netgear routers that are affected and where to get the firmware patches for each of them.