Many companies find out the hard way that poorly managed distribution of sensitive access credentials is helping advanced persistent threats (APTs) scour networks for privileged-user credentials, Cyber-Ark’s Asia-Pacific vice president Dan Dinnar has warned.

Software vendors’ proactive approach to IPv6 has created a glaring security hole for companies that think they haven’t activated the next-generation Internet addressing protocol yet, Cisco Systems consulting security engineer Stefan Avgoustakis has warned.

They may not be able to call on real-world cooperation and defence agreements to build their cyberspace defences yet, but government security organisations may find value in emulating Estonia’s experience building a voluntary ‘cyber corps’ of security professionals available in times of need, NATO CCD COE (Cyber Defence Centre of Excellence) analyst Anna-Maria Talihärm has advised.

Hard-to-find security skills and the rapid pace of malware evolution make a strong relationship with a managed security services (MSS) provider as important as maintaining the internal tools to keep business executives apprised of IT-security risk, Foxtel information security manager Kevin Shaw has advised.

Android-based smartphones are not only gaining notoriety as being susceptible to malware, but research presented by a Queensland University of Technology (QUT) forensic expert confirms that it’s possible to extract personal information from an Android phone long after that data has been deleted.

Polymorphic malware may be good at evading signature-based scanning engines, but the application of advanced algorithms to terabytes’ worth of malware dumps is enabling one Deakin University PhD student to detect even new strains of malware by assessing their similarity to existing, known malicious code.

Organisations convinced they have been the victims of state-sponsored cyberattacks may want to take a deep breath and look at their employees first, one security expert has advised during his address at the AusCERT 2013 security conference.

Australia’s Internet space shows the same distribution of vulnerable IP ports as the rest of the world and a dangerous preponderance of insecure Universal Plug ‘n’ Play (UPnP) devices, Metasploit Project founder HD Moore has warned while recounting the surprising results of his efforts to catalogue the results of communicating with every IP address on the Internet.

An IT security skills crunch may be hitting many established security providers and security-conscious companies, but new entrant Dell SecureWorks is confident it can thrive as it today throws its white hat into the ANZ security-services ring.

Australian ISPs and universities are sending more than 10,000 emails a day to warn customers their systems appear to be infected by malware – but as few as one in five is ever read by its recipient, statistics from the Australian Communications and Media Authority’s (ACMA’s) Australian Internet Security Initiative (AISI) show.

The combination of bring your own device (BYOD) plans and social media are creating a “fantastic avenue” for undermining corporate security, a Frost & Sullivan analyst warned at the Evolve 2013 security conference in Sydney.

Remote-access success story LogMeIn is staking its claim on the evolving Internet of Things (IoT) market by launching an IoT-enabling platform that uses LogMeIn’s cloud-based connectivity platform to link and secure nearly any kind of device.

It may have started out as a way of simplifying an increasingly complicated IT environment, but Brisbane law firm Cooper Grace Ward (CGW) has found its virtual desktop infrastructure (VDI) investment is also delivering improved remote-access security, data protection and integrity of sensitive information.

Months on from the government’s bold PR initiative in which it said it would spend $1.46 billion on IT security, the release of the 2013-14 federal budget has shown little additional financial support for this and other cyber security initiatives.

Cloud, mobility and bring-your-own-device (BYOD) computing are providing so many new potential ingress points to your network that it’s getting near impossible to keep up. The solution, as David Braue finds, lies in reconsidering your exposure, revisiting your IAM strategy – and picking your battles carefully.