Cyber-attacks are inevitable to any business. But during a cyber-attack incident, there is no time to waste. Just like a 911 call, your cyber-security partner should start providing immediate remote support upon notification to assess the gravity of the incident and work to contain it.
Incident Management and Response Read More »
Traditionally, the Offenders (Red Team) and Defenders (Blue Team) have been considered two sides of the same security coin. While the Red team emulate an attacker exploiting a vulnerability in an organisation’s systems, the Blue team is responsible for building security controls to defend against the attackers. As both the activities are integral in improving
Red Team + Blue Team = Purple Team Read More »
Is it possible to calculate the return of investment on cybersecurity controls?Traditionally, organisations have struggled to calculate the financial losses from cyberattacks/ fraud and prioritise security investments based on Return of investment (ROI). Frameworks such as APRA CPS 234 demand regulated entities to maintain information security capability commensurate with information security vulnerabilities and threats.
Putting a Dollar Value to Cyber Risks Read More »
The biggest Distributed Denial-of-Service (DDoS) attack occurred in February 2018. The victim was GitHub and at its peak, this attack saw incoming traffic at a rate of 1.3 terabytes per second (Tbps). By taking down the website, a DDoS attack not only leads to loss of revenue but also affects the company’s reputation.
Privasec’s Consultant Sajeeb Lohani has released the second article of his new ‘Weaponising Series’, after a great response on ‘Weaponising AngularJS bypass’. The article highlights techniques of weaponising staged cross-site scripting (XSS) payloads. Check out the full article here. Stay tuned to Privasec’s News page for further additions to this series.
Weaponising Staged Cross-site scripting (XSS) payloads Read More »
Android users need to be highly cautious as menial tasks such as viewing a png file can compromise their smartphone.
Viewing a png file can get your Smartphone Compromised Read More »
In March 2018 abuse.ch, a non-profit cybersecurity organization in Switzerland launched project URLhaus with the aim of detecting, collating and sharing URLs that contain malware. In the 10 months since its inception, over 265 security researchers helped takedown nearly 100,000 websites which were distributing malware.
Today’s most Prevalent Malware and How to Protect Yourself from it Read More »
Almost every week, an ever-growing list of data breaches occur around the world. In a lot of cases, attackers ultimately gain access to sensitive information such as a hashed password database. This type of information can be useful for the bad guys when targeting specific organisations and/or people.
Hashing Algorithms for storing Passwords Read More »
Daily Backups are bread and butter of any organisation’s IT department. An organisation can lose its data due to many reasons: cyber-attacks, corrupt storage media, rogue employees or human error. Yet many companies fail to formulate a backup and recovery plan for their data.
3-2-1 Backup Strategy Read More »
A critical bug has just been discovered in the new iOS allowing eavesdropping via FaceTime. A fix is expected later this week, but in the meantime, it is highly recommended to turn off FaceTime.
FaceTime Bug allowing Eavesdropping Read More »
