Cyber Security News & Current Events

by Jill T, on 10/09/2021 1:18:32 PM

A new troubling remote code execution vulnerability has been discovered that affects customers using Office 365 and Office 2019 on Windows 10 and is already being exploited by malicious actors …

Read Story
Topics:Threat Advisory

by Jill T, on 18/08/2021 4:01:02 PM

If you were to ask us what the main cybersecurity mistakes organisations routinely make were, the one where businesses rely on their everyday IT team or providers to also perform …

Read Story
Topics:ComplianceRansomwaremanaged security services

by Jill T, on 22/06/2021 11:18:46 AM

The fact that ransomware is continuing to be a prolific threat probably isn’t news to those of you in the world of cybersecurity – however we know that most organisations …

Read Story
Topics:ComplianceRansomwareregulations

by Jill T, on 10/06/2021 5:06:25 PM

It’s always a great day for someone who loves reading reports when the annual Verizon Data Breach Investigation Report (DBIR) gets released. However, we know not everyone enjoys reading 119 …

Read Story
Topics:data breachVerizon DBIRReport Roundup

by Jill T, on 02/02/2021 10:36:23 AM

As most companies come fully back into the office from the holiday period and Australia adjusts into a “COVID normal” routine, many organisations are in a place to plan strategy …

Read Story
Topics:FundamentalsRisk AssessmentPhishingCompliancePenetration TestSecure Remote WorkGovernance

by Security Centric, on 22/12/2020 11:35:07 AM

There's no doubt that 2020 has created some unique challenges across every organisation, and since information security touches on arguably each of them, it also created some challenges for cyber …

Read Story
Topics:featured

by Jill T, on 08/12/2020 9:43:01 AM

Like all areas of business this year, it’s important for organisations to get up-to-date information about the current state of ongoing cyber threats in the wake of changes due to …

Read Story
Topics:Ransomware

by Jill T, on 05/11/2020 1:11:42 PM

By now we’re all aware that COVID-19 has changed the way we work. Organisations have had to adjust their ICT environments to accommodate the mandated work-from-home requirements, and these adjustments …

Read Story
Topics:Risk AssessmentPenetration TestCloud SecuritySecure Remote WorkGovernance

by Security Centric, on 10/09/2020 11:17:42 AM

For many businesses who transact online, the holiday season brings with it an increased spend from consumers. For some, it’s their peak earning point of the year. Unfortunately, this increase …

Read Story
Topics:PentestingPenetration Test

by Sash, on 16/07/2020 4:54:49 PM

Background The public figure Twitter account hijacking extends well past social media and has many parallels to business and enterprise systems. Whenever there is a breach, it should be review …

Read Story
Topics:InsiderFundamentals

by Jeff, on 28/05/2020 9:59:27 AM

Traditional authentication schemes see users needing to create, and remember, separate login details for each service or system they use. With the average organisation using over 1000 distinct cloud services, …

Read Story
Topics:FundamentalsAuthentication

by Jeff, on 28/04/2020 7:00:00 AM

The COVID-19 pandemic, and the ever-increasing number of employees shifting to remote work has seen explosive growth for Zoom’s platform. This growth has come with heavy scrutiny of Zoom’s security …

Read Story

by Security Centric, on 17/03/2020 1:59:39 PM

The handy folk at Sumo Logic, behind the multipurpose security analytics tool, have used published data to present and dissect near real time data of COVID-19 spread. Data is broken …

Read Story

by Eddie, on 05/06/2019 7:15:00 AM

Seen above is real source code we got access to in a recent web application penetration test by exploiting security vulnerabilities caused by poor secure coding practice. While inspecting source …

Read Story
Topics:Pentesting

by Eddie, on 31/05/2019 11:30:00 AM

It seems that every other week, someone is touting a new solution to cyber security. They tell you that all we need to do is install our boldly coloured box …

Read Story
Topics:FundamentalsRisk Assessmentrisk profile

by Nat, on 11/04/2019 4:30:00 PM

Although cybersecurity insurance can appear attractive, it is important that businesses understand it cannot feasibly serve as a replacement for threat mitigation. The majority of cyber threats are avoided by …

Read Story
Topics:FundamentalsRisk Assessmentrisk profile

by Kristian, on 09/04/2019 7:15:00 AM

Overview Injection vulnerabilities are the most common result of mixing user input with system control. An injection vulnerability can have catastrophic results for a system, potentially leading to a full …

Read Story
Topics:FundamentalsPentestingAuthenticationCompromise

by Tim, on 04/04/2019 4:30:00 PM

On the 22nd of February 2018, the Notifiable Data Breach (NDB) scheme came into effect for all organisations with personal information security obligations under the Australian Privacy Act. Since this …

Read Story
Topics:PhishingCompromise

by Nigel, on 02/04/2019 7:30:00 AM

The information security framework for the Australian Government is driven by two main documents: the Protective Security Policy Framework (PSPF) owned by the Attorney-General’s Department, and the Information Security Manual …

Read Story
Topics:ComplianceIRAP / ISM

by Sash, on 15/03/2019 5:32:45 PM

This weekend's Formula 1 Grand Prix has an unlikely parallel to the cyber security industry. You see, Formula 1 is a precisely engineered environment, where suspension load is modelled across …

Read Story

Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe to Updates