Board level: concepts and explanations
Read More: Board level: concepts and explanationsHave you ever “lost” you audience when presenting a solution to your board of directors? no matter how hard you try to explain why your company needs this cyber security widget or process, they do not understand “your” urgency nor accept what you are explaining? Try this at home when you are passionate about a…
phonespy: Mobile app targeting South Korean citizens
Read More: phonespy: Mobile app targeting South Korean citizensWorrying trend in that criminals are using mobile apps to steal data from our devices. PhoneSpy only affects Android and is not an Android Playstore app, rather it is side loaded via web traffic redirection or social engineering. PhoneSpy is able to access personal images, videos, phone logs, stored data, as well as taking photos…
Zero Trust vendor architecture: Ethical, or not ethical?
Read More: Zero Trust vendor architecture: Ethical, or not ethical?A vulnerability is disclosed in Palo Alto VPN hardware/software, the company who discovered this: Randori may not have disclosed this to the vendor in a timely fashion. The premise that is suggested for this, is that as Randori are a Red Teaming company they used this Vulnerability to infiltrate their clients who used Palo Alto…
No business too small to be a target for Cyber crime
Read More: No business too small to be a target for Cyber crimeSmall to Mid enterprise companies in Australia are extremely vulnerable to revenue disruption and most likely financial disaster from cyber breach – Auto parts importer lost $880k 2 months ago as an example, not the typical target for a cyber criminal, or is it? Yesterday in one Risk Intelligence report we ran for a client…
Bypassing an EDR
Read More: Bypassing an EDRFollowing Blue team security researchers is extremely fascinating. The battleground of Blue teams vs cyber criminals is constantly moving forward. The linked article below is a security researchers demonstrating how to avoid detection with most EDR solutions. combining all of our knowledge, we now can practically use everything we want, under the radar, evading the…
ACSC Essential Eight #1
Read More: ACSC Essential Eight #1Commence your cyber security resilience journey with the ACSC Essential eight, the ACSC is short for the Australian Cyber Security Centre and the ACSC the central source for all things related to the Australian Government cyber security strategy. The ACSC is not the sole source of truth and most of the ACSC recommendations do relate…
“inventory stock” for Facebook, is you!
Read More: “inventory stock” for Facebook, is you!But you know that already! Interesting comparison in the linked article below and somewhat equivalent , though the post “person” selling our private information could not go as far as Facebook has been able to unhindered. In my opinion it is not that my data is being sold which is an issue, it is the…
Empathy in cyber security
Read More: Empathy in cyber securityEmpathy, the ability to understand the feelings of others as if we are in their shoes. Have we as cyber security professionals really thought that the target of a Malware attack is not us when we evaluate our cyber security posture? It is almost never the business leader or the person reading these articles that…
The problem is NOT Cyber security!
Read More: The problem is NOT Cyber security!The “Compliance with the NSW Cyber Security Policy” special report released on the 28th October 2021 should be a serious concern to every NSW resident who has their Personally Identifiable Information being “securely” held by a government agency. Vic, NSW, QLD, SA, NT and TAS could very likely be transposed with NSW and these findings…
Hyperbole – Cyber incident response
Read More: Hyperbole – Cyber incident responseHyperbole (love the word!) ….. I would be disappointed if my business leaders thought that my security team could not respond to a cyber incident. The linked article describes that business leaders do not feel their organisation could respond to a cyber incident. So what is the problem? The article is not an accurate impression?…