To top off an already dismal year, there was one final parting shot from 2020. In December of 2020, the US Government acknowledged a massive data breach. US Secretary of State Mike Pompeo identified on America’s digital infrastructure. The attack began in March when the attackers exploited vulnerabilities at [...]

The ‘new normal’ of working from home has created many new opportunities for cybercriminals: home computers with unpatched vulnerabilities; insecure WiFi networks, bad password practices. And the surge in collaboration tools like Zoom has created an avenue of attack that hardly existed before the pandemic. Fortunately there are a [...]

The emerging technologies of artificial intelligence (AI) and machine learning (ML) are putting cybersecurity at significant risk, increasing the volume and sophistication of cyberattacks and fuelling an unending cycle of offensive and defensive innovations. Every year is proving to be worse than the one before, and threats and vulnerabilities. [...]

CEO frauds, in which cyber criminals impersonate chief executive officers of organisations and lure unsuspecting victims into authorising fraudulent transactions are not new, but they have become more prevalent and more sophisticated. With more women taking up CEO roles in organisations, we need to be conscious of how we [...]

Do you remember learning about the lifecycle of a butterfly? A tiny egg turns into a caterpillar that encases itself in a cocoon of silk from which, after a time, a beautiful butterfly emerges. Security processes can be thought of as cycles of continuous improvement that must occur within [...]

Cryptography is the aspect of cybersecurity about which I am most knowledgeable. And (I may be biased) it’s the core of cybersecurity. Sharing is caring, so I would like to give you some information about cryptography, especially about recent trends, and where they are heading. Cryptography uses mathematics to [...]

THOU SHALT UNDERSTAND YOUR ROLE IN CYBERSECURITY Let us start with the stats and nothing but the stats. In a recent report from Stanford University, 88% of data breaches are caused by human error. In the same report, “One third of respondents (33%) told us they rarely or never [...]

Industrial control systems (ICS) are critical for the delivery of power, water, transport and other essential products and services. This makes them a favoured target for cyber criminals motivated by financial gain or ideology. Attacks can also come from market competitors or employees with malicious intent. Compromise of an [...]

On the 2nd of March, news broke revealing that multiple zero-day Microsoft Exchange vulnerabilities had been exploited. AusCERT quickly communicated this news to its members by retweeting the active exploitation advisory from Volexity, a security firm based in Reston, Virginia USA. This was quickly followed by a security bulletin [...]