Ticketmaster – When a third party supplier breach is not what it appears
Read More: Ticketmaster – When a third party supplier breach is not what it appearsTicketmaster – When a third party supplier breach is not what it appears. As many of us learnt whilst growing up, most of the time obfuscating facts to portrait yourself in a brighter light actually creates a bigger problem. Now as an adult I am not going to have my parents tell me off but…
Kicksec’s Data has been breached – again
Read More: Kicksec’s Data has been breached – againGlossed over the email from Firstmac on Friday, reporting that my data has been gathered in a “limited” cyber security breach of their systems, limited now days includes sensitive citizen data clearly.
Optus, Medibank and Latitude, YOU are responsible for your clients data
Read More: Optus, Medibank and Latitude, YOU are responsible for your clients dataOptus, Medibank and Latitude, YOU are responsible for your clients data Just the same as all businesses who hold sensitive personal information, you may not want to admit this but you are responsible for your clients data security where their sensitive data is stored on your platform. How do the above machines stay safe? From…
CVE-2023-23397: Microsoft outlook vuln
Read More: CVE-2023-23397: Microsoft outlook vulnCVE-2023-23397: Microsoft Outlook Vuln: elevation of privilege vulnerability leads to NTLM credential theft: Very quick and short post today, I have already been contacted today around mitigations for this vulnerability and wanted to get some quick steps out early incase your business is unsure how to check whether you are at risk. My post assumes…
Articles, ACSC, ACSC essential 8, ASD, ASD 8, ASD essential 8, Australian cyber security centre, Breach
As Secure As Practical (ASAP)
Read More: As Secure As Practical (ASAP)As Secure As Practical (ASAP) – As Soon As Possible. In the past few months of 2022 in Australia alone there have been a number of significant cyber breaches across many of our major brand names and this terrible trend is poised to continue to get worse until such time as our organisations uplift their…
0-day Atlassian Confluence vulnerability, no patch yet
Read More: 0-day Atlassian Confluence vulnerability, no patch yet0-day Atlassian Confluence vulnerability, no patch yet. Known as CVE-2022-26134 it was acknowledged by the Atlassian team on the 31st May 2022. Update 04/06/2022: patch for the Atlassian Zero day is available here. A quick google search for “Confluence wiki”, CSIRO pops up an already disabled confluence site, any attacker has much more capable tools…
Articles, Airlock Digital, Application Control, Breach, Cyber Security Framework, Endpoint Detection Response, EPP, Microsoft, Microsoft Defender, Microsoft Defender for Endpoint, Zero Trust Network Architecture, ZTNAFollina 0 day – Office lets the bad guy waltz right in, WRTF!
Read More: Follina 0 day – Office lets the bad guy waltz right in, WRTF!Follina 0 day – Microsoft Office Macro protection eaten for breakfast!, those of you who know me, know that I embrace Microsoft Defender as a security tool that is top notch, not just my view but the view of the analysts that report on cyber security as well, here for example with the Mitre Evaluations…
Lapsus$: Microsoft and Okta “breaches”
Read More: Lapsus$: Microsoft and Okta “breaches”Lapsus$: Microsoft and Okta “breaches”: When our children start being involved in masterminding cyber “breaches”, the methods change………. Microsoft and Okta were attacked in the same way as my 9 year old daughter uses when she wants more Roblox time……. 30-40 messages in short succession until I relent (or I put imessage into silent mode),…
CS Energy Breach
Read More: CS Energy BreachCS Energy in Queensland, Australia recently made the headlines when a breach was detected and thwarted before any harm was done to their customers. I want to congratulate the response from CS Energy’s cyber security team, they clearly detected and responded to a potentially catastrophic situation in a controlled and timely manner, great work! This…
It all adds up!
Read More: It all adds up!I had no idea at all! over 100 notifiable and probable “State Based” significant hacks to October 2021 – either against government orgs or with a value of more than $1 million. Four of those were against Australian government orgs and one against a New Zealand Government org. One of our business partner orgs who…
