Phishing and How to prevent it
In 2019, attackers are phishing targets to retrieve sensitive information that ultimately leads to data compromise. Phishing is the technique where a malicious actor lures a victim into revealing sensitive information. This can be through large “spray-and-pray” type campaigns involving multiple recipients or, a more targeted approach crafting attacks for specific individuals, known as Spear Phishing. Phishing has been around since the early days of the Internet as one of the oldest vectors of attack.
Phishing provides a very successful avenue to obtain credentials for hackers. The simplest and most efficient way to achieve this is by redirecting users to a website with some sort of submission form. With a little bit of effort such as purchasing domains with similar names and using tools to scrape and mirror legitimate website content, an attacker can forge a highly-convincing scenario.
Privasec Sponsors Melbourne's first student Infosec Party
Privasec is proud to have sponsored CYBAR 2019: Melbourne’s first student InfoSec party. Privasec Team Ryan Broadfoot, Mike Monnik, Sajeeb Lohani, David Roccasalva and Pablo Borges had a great time at the conference and Privasec’s Principal consultant Ryan Broadfoot shared exciting war stories from previous red team engagements. Congratulations to all the prize winners and a big thanks to all the organisers for arranging such a successful event.
Privasec's Cloud Security Health Check
Simply putting your data into a cloud service does not guarantee its security. As cloud based services deliver rapid, cost-effective and commoditised business IT solutions, security and information risks increase.
Privasec's tailored security assessments will help you identify, measure, manage and report on your information security compliance requirements through the provision of complete end-to-end frameworks; and a program of standards, processes and tools. Some of our cloud services include:
- Cloud Security Health Check: Find out how secure your in-the-cloud information.
- Cloud Vendor Governance and Compliance Audits: How well are you protected against failings in their business risks and cyber-security compliance management?
- Private, Public, Hybrid Cloud Security Strategy Definition: Which model suits your business the best?
- STAR CSA Certification: Get independent assessment and certify your cloud from one of the very few STAR CSA Lead Auditors in Australia. - Cloud Security Alliance (CSA) Assessment: Know and manage your business risks in the cloud.
Weaponising AngularJS Sandbox Bypasses
The first article for the new Privasec Red Blog has been released. 'Weaponising AngularJS Sandbox Bypasses’, published by Privasec’s consultant Sajeeb Lohani, provides valuable insights in tricks to weaponize existing Angular sandbox escapes.
Read the full article here: https://lnkd.in/gj_Swga
Privasec Sponsors BSides Canberra: The Largest Hacker Con in Australia
After sponsoring BSides Melbourne in February, Privasec Team is really proud to have sponsored BSides Canberra: The largest hacker con in Australia. The two-day conference from 15-16 March featured security presentations and interactive workshops from top industry experts. Privasec sponsored Nopia phones were a great hit at the conference this year. A big thanks to all the other sponsors and organisers for making the BSides Canberra a great success. Our team is looking forward sponsoring the inaugural BSides Brisbane Conference on June 29th.