Latest News

In March 2018 abuse.ch, a non-profit cybersecurity organization in Switzerland launched project URLhaus with the aim of detecting, collating and sharing URLs that contain malware. In the 10 months since its inception, over 265 security researchers helped takedown nearly 100,000 websites which were distributing malware.

The URLhaus project has been a massive success and is assisting network administrators and security analysts with protecting their environment. Averaging 300 new detections per day, this feed is freely available to anyone via their API, feeds or can be downloaded and imported into non-programmatic protection systems. The URLhaus detections are also being distributed to prevalent blacklisting services such as Google Safe Browsing, Spamhaus DBL and SURBL.

There are some interesting trends that can be identified from analysis of their published statistics. The notable standout from the list of detected malware is Emotet, a banking trojan derived from an earlier banking trojan Feodo. Discovered in June 2014, Emotet has become one of the most costly financial malware infections and, as can be seen from the URLhaus data, is still rampant today.

Almost every week, an ever-growing list of data breaches occur around the world. In a lot of cases, attackers ultimately gain access to sensitive information such as a hashed password database. This type of information can be useful for the bad guys when targeting specific organisations and/or people.

How are you stroing your passwords

A critical bug has just been discovered in the new iOS allowing eavesdropping via FaceTime. A fix is expected later this week, but in the meantime, it is highly recommended to turn off FaceTime.

https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/

Daily Backups are bread and butter of any organisation's IT department. An organisation can lose its data due to many reasons: cyber-attacks, corrupt storage media, rogue employees or human error.  Yet many companies fail to formulate a backup and recovery plan for their data. One simple yet effective strategy is the 3-2-1 backup strategy:  

3 2 1 backup strategy

Adobe has recently released security updates to fix two critical vulnerabilities for Acrobat and Reader. The first vulnerability, identified as CVE-2018-16011, can lead to the execution of arbitrary code. The second vulnerability, identified as CVE-2018-19725, can result in privilege escalation.

ATO claims to have received more than 115,000 faxed documents in 2017-18. According to ‘The Age’, and ‘the Sydney Morning Herald ‘, many small Australian companies in the healthcare, finance and legal sector still use fax on a daily basis. The vulnerabilities in the fax machine protocols haven’t been updated since the 1980s and such extensive use of fax printers in Australia pose a huge problem.

fax

Apart from having financial implications, a security breach leads to a loss of consumer trust. An illustration of this is in the hospitality industry, where breaches can have a negative impact on consumer perception, satisfaction and intent to revisit (Berezina et al., 2012).

casual computers hands 1181210

One of the most overlooked ACSC Essential Eight strategies in mitigating cybersecurity incidents is daily backups. Think of it as your absolute fail-safe in a scenario when all other security controls have failed. But what are the steps and strategies involved in backing up your data?

daily backup