Cyber Security News & Current Events

by Sash Vasilevski, on 05/06/2024 5:41:56 PM

The Problem It seems like every other day there is a public announcement of a compromise involving unauthorised access to Microsoft 365. Privately, we are called in more often than …

Read Story
Topics:AuthenticationPhishingdata breach

by Tarek Chalaan, on 06/05/2024 10:53:08 AM

Today we Investigate CVE-2024-3094, a vulnerability discovered by developer Andres Freund while dissecting SSH performance failures. If gone undetected, this vulnerability could have led to a global cyber outbreak. In …

Read Story

by Alex W, on 17/11/2023 4:18:03 PM

The statistics provided in the Australian Signals Directorate Cyber Threat Report paint a bleak picture of the cybersecurity landscape in Australia with the average cost of an incident and the …

Read Story
Topics:Report RoundupThreat Advisory

by Security Centric, on 30/09/2022 11:27:32 AM

The Optus PII breach has been the subject of many conversations the past week or so - at the technical level all the way through to advising boards on what …

Read Story
Topics:Red TeamingRisk AssessmentManaged Services

by Security Centric, on 02/06/2022 1:38:36 PM

After a lengthy traverse through the various stages of parliament, the final updates to the Security Legislation Amendment of the Critical Infrastructure Protection Act (SLACIP) passed at the end of …

Read Story
Topics:Risk AssessmentComplianceGovernanceregulations

by Security Centric, on 13/04/2022 4:57:04 PM

It's that time of year when the team over at Mimecast releases their much-anticipated State of Email Security report. Covering data that spans the entirety of 2021, the report surveyed …

Read Story
Topics:Risk AssessmentPhishingRansomwareReport Roundup

by Security Centric, on 24/03/2022 8:48:01 AM

News came to light recently from a threat actor group that authentication provider Okta had been compromised by one of their members. Okta later confirmed this, saying that an account …

Read Story
Topics:Threat Advisory

by Alex W, on 22/03/2022 9:55:37 AM

As security teams assess the key vulnerabilities of their IT infrastructures, growing attention is being placed on cyber supply chains. Attacks, such as the high-profile SolarWinds incident, occur when cybercriminals …

Read Story
Topics:Risk AssessmentComplianceEssential Eight

by Security Centric, on 22/02/2022 2:30:27 PM

If you're not yet familiar with the ISO 27001 standard, it's an internationally recognised certification standard specifically focused on information security. Using the policies and procedures outlined in the standard …

Read Story
Topics:Risk AssessmentComplianceGovernance

by Security Centric, on 17/01/2022 4:09:40 PM

Organisational risk covers a lot of bases within a business, from issues such as staff shortages and regulatory changes through to global pandemics and cyber threats. Knowing what to focus …

Read Story
Topics:Risk Assessmentrisk profileReport Roundup

by Security Centric, on 06/01/2022 12:15:00 PM

Last month Security Centric principal consultant Sash Vasilevski provided his expertise to Business IT, outlining recommendations for cybersecurity uplift measures for small to medium enterprises. Throughout the article, an outline …

Read Story

by Security Centric, on 04/01/2022 12:15:00 PM

In the many years that Security Centric has been partnering with organisations to provide services ranging from compliance, penetration testing, and security engineering through to managed security services such as …

Read Story

by Security Centric, on 30/12/2021 1:00:00 PM

With the IT security landscape constantly evolving, many businesses struggle to find and retain people with the knowledge and skills required to counter threats. Last month, Security Centric's Sash Vasilevski …

Read Story
Topics:FundamentalsfeaturedManaged Services

by Security Centric, on 28/12/2021 11:17:00 AM

Earlier this month Security Centric's Sash Vasilevski provided expert opinion to the team at iTWire on the ins and outs of implementing zero trust as an outcome of the ongoing …

Read Story
Topics:Risk Assessment

by Sash, on 22/12/2021 9:13:10 AM

2021 has been challenging for the team at Security Centric, as it has for everyone, hopping in and out of lockdowns, an increasing workload and new team members. As we …

Read Story
Topics:Security Centric

by Security Centric, on 11/12/2021 3:25:30 PM

A new remote code execution vulnerability has been discovered affecting a common software library used in many systems and applications. A Java library, log4j2, is widely used in embedded systems …

Read Story
Topics:Threat Advisory

by Security Centric, on 10/09/2021 1:18:32 PM

A new troubling remote code execution vulnerability has been discovered that affects customers using Office 365 and Office 2019 on Windows 10 and is already being exploited by malicious actors …

Read Story
Topics:Threat Advisory

by Security Centric, on 18/08/2021 4:01:02 PM

If you were to ask us what the main cybersecurity mistakes organisations routinely make were, the one where businesses rely on their everyday IT team or providers to also perform …

Read Story
Topics:ComplianceRansomwaremanaged security services

by Security Centric, on 22/06/2021 11:18:46 AM

The fact that ransomware is continuing to be a prolific threat probably isn’t news to those of you in the world of cybersecurity – however we know that most organisations …

Read Story
Topics:ComplianceRansomwareregulations

by Security Centric, on 10/06/2021 5:06:25 PM

It’s always a great day for someone who loves reading reports when the annual Verizon Data Breach Investigation Report (DBIR) gets released. However, we know not everyone enjoys reading 119 …

Read Story
Topics:data breachVerizon DBIRReport Roundup

Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe to Updates