Articles, ACSC, ACSC essential 8, ASD, ASD 8, ASD essential 8, Australian cyber security centre, Breach
As Secure As Practical (ASAP)
Read MoreAs Secure As Practical (ASAP) – As Soon As Possible. In the past few months of 2022 in Australia alone there have been a number of significant cyber breaches across many of our major brand names and this terrible trend is poised to continue to get worse until such time as our organisations uplift their…
0-day Atlassian Confluence vulnerability, no patch yet
Read More0-day Atlassian Confluence vulnerability, no patch yet. Known as CVE-2022-26134 it was acknowledged by the Atlassian team on the 31st May 2022. Update 04/06/2022: patch for the Atlassian Zero day is available here. A quick google search for “Confluence wiki”, CSIRO pops up an already disabled confluence site, any attacker has much more capable tools…
Articles, Airlock Digital, Application Control, Breach, Cyber Security Framework, Endpoint Detection Response, EPP, Microsoft, Microsoft Defender, Microsoft Defender for Endpoint, Zero Trust Network Architecture, ZTNAFollina 0 day – Office lets the bad guy waltz right in, WRTF!
Read MoreFollina 0 day – Microsoft Office Macro protection eaten for breakfast!, those of you who know me, know that I embrace Microsoft Defender as a security tool that is top notch, not just my view but the view of the analysts that report on cyber security as well, here for example with the Mitre Evaluations for 2022 where Microsoft Defender for Endpoint P2 shows its ‘chops’ and performs like the participants on “Dancing with the Stars”, not the ones who get booted early on, of course!
Lapsus$: Microsoft and Okta “breaches”
Read MoreLapsus$: Microsoft and Okta “breaches”: When our children start being involved in masterminding cyber “breaches”, the methods change………. Microsoft and Okta were attacked in the same way as my 9 year old daughter uses when she wants more Roblox time……. 30-40 messages in short succession until I relent (or I put imessage into silent mode),…
CS Energy Breach
Read MoreCS Energy in Queensland, Australia recently made the headlines when a breach was detected and thwarted before any harm was done to their customers. I want to congratulate the response from CS Energy’s cyber security team, they clearly detected and responded to a potentially catastrophic situation in a controlled and timely manner, great work! This…
It all adds up!
Read MoreI had no idea at all! over 100 notifiable and probable “State Based” significant hacks to October 2021 – either against government orgs or with a value of more than $1 million. Four of those were against Australian government orgs and one against a New Zealand Government org. One of our business partner orgs who…
Advanced Managed Detect Response, AMDR, Articles, Breach, Endpoint Detection Response, Extended Detection ResponseNo business too small to be a target for Cyber crime
Read MoreSmall to Mid enterprise companies in Australia are extremely vulnerable to revenue disruption and most likely financial disaster from cyber breach – Auto parts importer lost $880k 2 months ago as an example, not the typical target for a cyber criminal, or is it? Yesterday in one Risk Intelligence report we ran for a client…
Sinclair Broadcasting Breach
Read MoreStory: Another ‘murican Fortune 500 company breached and affected by a Ransomware attack. With Broadcasters, retailers (online and store), NBN service providers, BNPL, Transport, Tourism (lol), some utilities etc etc….. there is an immediate cost to your business profits from an outage, customers are not patient and will go elsewhere immediately and buy their product…
You will be Attacked! What do you do?
Read MoreCyber Security is a necessary part of your operation, no Cyber Security plan places your business at risk of being ruined, unlike traditional theft where a criminal needs to breach your physical office location. A Cyber Security attack from criminals is targeted across as many businesses as they can reach, searching for an easy victim, just like a predator will take the slowest and the weakest victim in a herd, because its easy!
Insecure – MicroSoft Autodiscover
Read MoreMicrosoft Exchange servers autodiscover function, configured by the wrong hands, is not secure! A systems administrator who incorrectly sets up their on-premise Autodiscover record could be assisting miscreants to slurp up credentials from an organisations users trying to connect to their corporate email account.
